diff --git a/doc/src/sgml/filelist.sgml b/doc/src/sgml/filelist.sgml index f010cd4c3b..c34e64bdc4 100644 --- a/doc/src/sgml/filelist.sgml +++ b/doc/src/sgml/filelist.sgml @@ -167,21 +167,6 @@ - - - - - - - - - - - - - - - diff --git a/doc/src/sgml/release-10.sgml b/doc/src/sgml/release-10.sgml deleted file mode 100644 index 9deab950ce..0000000000 --- a/doc/src/sgml/release-10.sgml +++ /dev/null @@ -1,9330 +0,0 @@ - - - - - Release 10.6 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 10.5. - For information about new features in major release 10, see - . - - - - Migration to Version 10.6 - - - A dump/restore is not required for those running 10.X. - - - - However, if you use the pg_stat_statements extension, - see the changelog entry below about that. - - - - Also, if you are upgrading from a version earlier than 10.4, - see . - - - - - Changes - - - - - - Ensure proper quoting of transition table names - when pg_dump emits CREATE TRIGGER - ... REFERENCING commands (Tom Lane) - - - - This oversight could be exploited by an unprivileged user to gain - superuser privileges during the next dump/reload - or pg_upgrade run. (CVE-2018-16850) - - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - - Fix pg_get_partition_constraintdef() to return - NULL rather than fail when passed an invalid relation OID (Tom Lane) - - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - - Fix parsing of standard multi-character operators that are immediately - followed by a comment or + or - - (Andrew Gierth) - - - - This oversight could lead to parse errors, or to incorrect assignment - of precedence. - - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Prevent creation of a partition in a trigger attached to its parent - table (Amit Langote) - - - - Ideally we'd allow that, but for the moment it has to be blocked to - avoid crashes. - - - - - - Fix problems with applying ON COMMIT DELETE ROWS to - a partitioned temporary table (Amit Langote) - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - - Disallow pushing sub-SELECTs containing window - functions, LIMIT, or OFFSET to - parallel workers (Amit Kapila) - - - - Such cases could result in inconsistent behavior due to different - workers getting different answers, as a result of indeterminacy - due to row-ordering variations. - - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Ensure that the server will process - already-received NOTIFY - and SIGTERM interrupts before waiting for client - input (Jeff Janes, Tom Lane) - - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - - Avoid query-lifetime memory leak in XMLTABLE - (Andrew Gierth) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - - Ensure that ApplyLogicalMappingFile() closes the - mapping file when done with it (Tomas Vondra) - - - - Previously, the file descriptor was leaked, eventually resulting in - failures during logical decoding. - - - - - - - Fix logical decoding to handle cases where a mapped catalog table is - repeatedly rewritten, e.g. by VACUUM FULL - (Andres Freund) - - - - - - Prevent starting the server with wal_level set - to too low a value to support an existing replication slot (Andres - Freund) - - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - - Fix event triggers to handle nested ALTER TABLE - commands (Michael Paquier, Álvaro Herrera) - - - - - - - Propagate parent process's transaction and statement start timestamps - to parallel workers (Konstantin Knizhnik) - - - - This prevents misbehavior of functions such - as transaction_timestamp() when executed in a - worker. - - - - - - - Fix transfer of expanded datums to parallel workers so that alignment - is preserved, preventing crashes on alignment-picky platforms - (Tom Lane, Amit Kapila) - - - - - - - Fix WAL file recycling logic to work correctly on standby servers - (Michael Paquier) - - - - Depending on the setting of archive_mode, a standby - might fail to remove some WAL files that could be removed. - - - - - - - Fix handling of commit-timestamp tracking during recovery - (Masahiko Sawada, Michael Paquier) - - - - If commit timestamp tracking has been turned on or off, recovery might - fail due to trying to fetch the commit timestamp for a transaction - that did not record it. - - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - - Fix possible shared-memory corruption in DSA logic (Thomas Munro) - - - - - - - Allow DSM allocation to be interrupted (Chris Travers) - - - - - - - Avoid failure in a parallel worker when loading an extension that - tries to access system caches within its init function (Thomas Munro) - - - - We don't consider that to be good extension coding practice, but it - mostly worked before parallel query, so continue to support it for - now. - - - - - - - Properly handle turning full_page_writes on - dynamically (Kyotaro Horiguchi) - - - - - - - Fix possible crash due to double free() during - SP-GiST rescan (Andrew Gierth) - - - - - - - Prevent mis-linking of src/port and src/common functions on ELF-based - BSD platforms, as well as HP-UX and Solaris (Andrew Gierth, Tom Lane) - - - - Shared libraries loaded into a backend's address space could use the - backend's versions of these functions, rather than their own copies as - intended. Since the behavior of the two sets of functions isn't - quite the same, this led to failures. - - - - - - - Avoid possible buffer overrun when replaying GIN page recompression - from WAL (Alexander Korotkov, Sivasubramanian Ramasubramanian) - - - - - - - Avoid overrun of a hash index's metapage - when BLCKSZ is smaller than default (Dilip Kumar) - - - - - - - Fix missed page checksum updates in hash indexes (Amit Kapila) - - - - - - - Fix missed fsync of a replication slot's directory (Konstantin - Knizhnik, Michael Paquier) - - - - - - - Fix unexpected timeouts when - using wal_sender_timeout on a slow server - (Noah Misch) - - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - - Ensure background workers are stopped properly when the postmaster - receives a fast-shutdown request before completing database startup - (Alexander Kukushkin) - - - - - - - Update the free space map during WAL replay of page all-visible/frozen - flag changes (Álvaro Herrera) - - - - Previously we were not careful about this, reasoning that the FSM is - not critical data anyway. However, if it's sufficiently out of date, - that can result in significant performance degradation after a standby - has been promoted to primary. The FSM will eventually be healed by - updates, but we'd like it to be good sooner, so work harder at - maintaining it during WAL replay. - - - - - - - Avoid premature release of parallel-query resources when query end or - tuple count limit is reached (Amit Kapila) - - - - It's only okay to shut down the executor at this point if the caller - cannot demand backwards scan afterwards. - - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - - When libpq is given multiple target host - names, do the DNS lookups one at a time, not all at once (Tom Lane) - - - - This prevents unnecessary failures or slow connections when a - connection is successfully made to one of the earlier servers in the - list. - - - - - - - Fix libpq's handling of connection timeouts - so that they are properly applied per host name or IP address (Tom Lane) - - - - Previously, some code paths failed to restart the timer when switching - to a new target host, possibly resulting in premature timeout. - - - - - - Fix psql, as well as documentation - examples, to call PQconsumeInput() before - each PQnotifies() call (Tom Lane) - - - - This fixes cases in which psql would not - report receipt of a NOTIFY message until after the - next command. - - - - - - - Fix pg_dump's - option to also ignore publication - tables (Gilles Darold) - - - - - - - In pg_dump, exclude identity sequences when - their parent table is excluded from the dump (David Rowley) - - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - In contrib/pg_stat_statements, disallow - the pg_read_all_stats role from - executing pg_stat_statements_reset() - (Haribabu Kommi) - - - - pg_read_all_stats is only meant to grant permission - to read statistics, not to change them, so this grant was incorrect. - - - - To cause this change to take effect, run ALTER EXTENSION - pg_stat_statements UPDATE in each database - where pg_stat_statements has been installed. - - - - - - - In contrib/postgres_fdw, don't try to ship a - variable-free ORDER BY clause to the remote server - (Andrew Gierth) - - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - On Windows, allow the regression tests to be run by an Administrator - account (Andrew Dunstan) - - - - To do this safely, pg_regress now gives up - any such privileges at startup. - - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 10.5 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 10.4. - For information about new features in major release 10, see - . - - - - Migration to Version 10.5 - - - A dump/restore is not required for those running 10.X. - - - - However, if you are upgrading from a version earlier than 10.4, - see . - - - - - Changes - - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - - Fix INSERT ... ON CONFLICT UPDATE through a view - that isn't just SELECT * FROM ... - (Dean Rasheed, Amit Langote) - - - - Erroneous expansion of an updatable view could lead to crashes - or attribute ... has the wrong type errors, if the - view's SELECT list doesn't match one-to-one with - the underlying table's columns. - Furthermore, this bug could be leveraged to allow updates of columns - that an attacking user lacks UPDATE privilege for, - if that user has INSERT and UPDATE - privileges for some other column(s) of the table. - Any user could also use it for disclosure of server memory. - (CVE-2018-10925) - - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - - During WAL replay, guard against corrupted record lengths exceeding - 1GB (Michael Paquier) - - - - Treat such a case as corrupt data. Previously, the code would try to - allocate space and get a hard error, making recovery impossible. - - - - - - - When ending recovery, delay writing the timeline history file as long - as possible (Heikki Linnakangas) - - - - This avoids some situations where a failure during recovery cleanup - (such as a problem with a two-phase state file) led to inconsistent - timeline state on-disk. - - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - - Make logical WAL senders report streaming state correctly (Simon - Riggs, Sawada Masahiko) - - - - The code previously mis-detected whether or not it had caught up with - the upstream server. - - - - - - - Ensure that a snapshot is provided when executing data type input - functions in logical replication subscribers (Minh-Quan Tran, - Álvaro Herrera) - - - - This omission led to failures in some cases, such as domains with - constraints using SQL-language functions. - - - - - - - Fix bugs in snapshot handling during logical decoding, allowing wrong - decoding results in rare cases (Arseny Sher, Álvaro Herrera) - - - - - - - Add subtransaction handling in logical-replication table - synchronization workers (Amit Khandekar, Robert Haas) - - - - Previously, table synchronization could misbehave if any - subtransactions were aborted after modifying a table being - synchronized. - - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - - Fix mishandling of empty uncompressed posting list pages in GIN - indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov) - - - - This could result in an assertion failure after pg_upgrade of a - pre-9.4 GIN index (9.4 and later will not create such pages). - - - - - - - Pad arrays of unnamed POSIX semaphores to reduce cache line sharing - (Thomas Munro) - - - - This reduces contention on many-CPU systems, fixing a performance - regression (compared to previous releases) on Linux and FreeBSD. - - - - - - - Ensure that a process doing a parallel index scan will respond to - signals (Amit Kapila) - - - - Previously, parallel workers could get stuck waiting for a lock on an - index page, and not notice requests to abort the query. - - - - - - - Ensure that VACUUM will respond to signals - within btree page deletion loops (Andres Freund) - - - - Corrupted btree indexes could result in an infinite loop here, and - that previously wasn't interruptible without forcing a crash. - - - - - - - Fix hash-join costing mistake introduced with inner_unique - optimization (David Rowley) - - - - This could lead to bad plan choices in situations where that - optimization was applicable. - - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - - Fix planner to avoid ORDER/GROUP BY expression not found in - targetlist errors in some queries with set-returning functions - (Tom Lane) - - - - - - - Fix handling of partition keys whose data type uses a polymorphic - btree operator class, such as arrays (Amit Langote, Álvaro - Herrera) - - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - - Remove undocumented restriction against duplicate partition key - columns (Yugo Nagata) - - - - - - - Disallow temporary tables from being partitions of non-temporary - tables (Amit Langote, Michael Paquier) - - - - While previously allowed, this case didn't work reliably. - - - - - - - Fix EXPLAIN's accounting for resource usage, - particularly buffer accesses, in parallel workers - (Amit Kapila, Robert Haas) - - - - - - - Fix SHOW ALL to show all settings to roles that are - members of pg_read_all_settings, and also allow - such roles to see source filename and line number in - the pg_settings view (Laurenz Albe, - Álvaro Herrera) - - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription - and getObjectIdentity output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, text search objects, publication - relations, and extended statistics objects were not schema-qualified - when they should be. - - - - - - - Fix CREATE AGGREGATE type checking so that - parallelism support functions can be attached to variadic aggregates - (Alexey Bashtanov) - - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - - Allow replication slots to be dropped in single-user mode - (Álvaro Herrera) - - - - This use-case was accidentally broken in release 10.0. - - - - - - - Fix incorrect results from variance(int4) and - related aggregates when run in parallel aggregation mode - (David Rowley) - - - - - - - Process TEXT and CDATA nodes - correctly in xmltable() column expressions - (Markus Winand) - - - - - - - Cope with possible failure of OpenSSL's - RAND_bytes() function - (Dean Rasheed, Michael Paquier) - - - - Under rare circumstances, this oversight could result in could - not generate random cancel key failures that could only be - resolved by restarting the postmaster. - - - - - - - Fix libpq's handling of some cases - where hostaddr is specified - (Hari Babu, Tom Lane, Robert Haas) - - - - PQhost() gave misleading or incorrect results - in some cases. Now, it uniformly returns the host name if specified, - or the host address if only that is specified, or the default host - name (typically /tmp - or localhost) if both parameters are omitted. - - - - Also, the wrong value might be compared to the server name when - verifying an SSL certificate. - - - - Also, the wrong value might be compared to the host name field in - ~/.pgpass. Now, that field is compared to the - host name if specified, or the host address if only that is specified, - or localhost if both parameters are omitted. - - - - Also, an incorrect error message was reported for an unparseable - hostaddr value. - - - - Also, when the host, hostaddr, - or port parameters contain comma-separated - lists, libpq is now more careful to treat - empty elements of a list as selecting the default behavior. - - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - - Fix pg_dump's failure to - dump REPLICA IDENTITY properties for constraint - indexes (Tom Lane) - - - - Manually created unique indexes were properly marked, but not those - created by declaring UNIQUE or PRIMARY - KEY constraints. - - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - - Fix contrib/hstore_plperl to look through Perl - scalar references, and to not crash if it doesn't find a hash - reference where it expects one (Tom Lane) - - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 10.4 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 10.3. - For information about new features in major release 10, see - . - - - - Migration to Version 10.4 - - - A dump/restore is not required for those running 10.X. - - - - However, if you use the adminpack extension, - you should update it as per the first changelog entry below. - - - - Also, if the function marking mistakes mentioned in the second and - third changelog entries below affect you, you will want to take steps - to correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 10.3, - see . - - - - - Changes - - - - - - - Remove public execute privilege - from contrib/adminpack's - pg_logfile_rotate() function (Stephen Frost) - - - - pg_logfile_rotate() is a deprecated wrapper - for the core function pg_rotate_logfile(). - When that function was changed to rely on SQL privileges for access - control rather than a hard-coded superuser - check, pg_logfile_rotate() should have been - updated as well, but the need for this was missed. Hence, - if adminpack is installed, any user could - request a logfile rotation, creating a minor security issue. - - - - After installing this update, administrators should - update adminpack by performing - ALTER EXTENSION adminpack UPDATE in each - database in which adminpack is installed. - (CVE-2018-1115) - - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - - Fix incorrect parallel-safety markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - brin_summarize_new_values, - brin_summarize_range, - brin_desummarize_range, - gin_clean_pending_list, - cursor_to_xml, - cursor_to_xmlschema, - ts_rewrite, - ts_stat, - binary_upgrade_create_empty_extension, and - pg_import_system_collations - should be marked parallel-unsafe; some because they perform database - modifications directly, and others because they execute user-supplied - queries that might do so. They were marked parallel-restricted - instead, leading to a risk of unexpected query errors. This has been - repaired for new installations by correcting the initial catalog - data, but existing installations will continue to contain the - incorrect markings. Practical use of these functions seems to pose - little hazard unless force_parallel_mode is turned - on. In case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.brin_summarize_new_values(regclass) - PARALLEL UNSAFE. (Note that that will need to be done in - each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - - Correctly enforce any CHECK constraints on - individual partitions during COPY to a partitioned - table (Etsuro Fujita) - - - - Previously, only constraints declared for the partitioned table as a - whole were checked. - - - - - - - Accept TRUE and FALSE as - partition bound values (Amit Langote) - - - - Previously, only string-literal values were accepted for a boolean - partitioning column. But then pg_dump - would print such values as TRUE - or FALSE, leading to dump/reload failures. - - - - - - - Fix memory management for partition key comparison functions - (Álvaro Herrera, Amit Langote) - - - - This error could lead to crashes when using user-defined operator - classes for partition keys. - - - - - - - Fix possible crash when a query inserts tuples in several partitions - of a partitioned table, and those partitions don't have identical row - types (Etsuro Fujita, Amit Langote) - - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - - Include extended-statistics objects in the set of table properties - duplicated by CREATE TABLE ... LIKE ... INCLUDING - ALL (David Rowley) - - - - Also add an INCLUDING STATISTICS option, to allow - finer-grained control over whether this happens. - - - - - - - Fix CREATE TABLE ... LIKE with bigint - identity columns (Peter Eisentraut) - - - - On platforms where long is 32 bits (which includes - 64-bit Windows as well as most 32-bit machines), copied sequence - parameters would be truncated to 32 bits. - - - - - - - Avoid deadlocks in concurrent CREATE INDEX - CONCURRENTLY commands that are run - under SERIALIZABLE or REPEATABLE - READ transaction isolation (Tom Lane) - - - - - - - Fix possible slow execution of REFRESH MATERIALIZED VIEW - CONCURRENTLY (Thomas Munro) - - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - - Fix possibly incorrect generation of an index-only-scan plan when the - same table column appears in multiple index columns, and only some of - those index columns use operator classes that can return the column - value (Kyotaro Horiguchi) - - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - - Prevent planner crash when a query has multiple GROUPING - SETS, none of which can be implemented by sorting (Andrew - Gierth) - - - - - - - Fix executor crash due to double free in some GROUPING - SETS usages (Peter Geoghegan) - - - - - - - Fix misexecution of self-joins on transition tables (Thomas Munro) - - - - - - - Avoid crash if a table rewrite event trigger is added concurrently - with a command that could call such a trigger (Álvaro Herrera, - Andrew Gierth, Tom Lane) - - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - - Fix possible leak or double free of visibility map buffer pins - (Amit Kapila) - - - - - - - Avoid spuriously marking pages as all-visible (Dan Wood, - Pavan Deolasee, Álvaro Herrera) - - - - This could happen if some tuples were locked (but not deleted). While - queries would still function correctly, vacuum would normally ignore - such pages, with the long-term effect that the tuples were never - frozen. In recent releases this would eventually result in errors - such as found multixact nnnnn from - before relminmxid nnnnn. - - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - - Handle pg_stat_activity information for - auxiliary processes correctly (Edmund Horner) - - - - The application_name, - client_hostname, - and query fields might show incorrect - data for such processes. - - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - - Prevent query-lifespan memory leakage with SP-GiST operator classes - that use traversal values (Anton Dignös) - - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - - Fix a corner case where a streaming standby gets stuck at a WAL - continuation record (Kyotaro Horiguchi) - - - - - - - In logical decoding, avoid possible double processing of WAL data - when a walsender restarts (Craig Ringer) - - - - - - - Fix logical replication to not assume that type OIDs match between - the local and remote servers (Masahiko Sawada) - - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - - Fix pg_recvlogical to not fail against - pre-v10 PostgreSQL servers - (Michael Paquier) - - - - A previous fix caused pg_recvlogical to - issue a command regardless of server version, but it should only be - issued to v10 and later servers. - - - - - - - Ensure that pg_rewind deletes files on the - target server if they are deleted from the source server during the - run (Takayuki Tsunakawa) - - - - Failure to do this could result in data inconsistency on the target, - particularly if the file in question is a WAL segment. - - - - - - - Fix pg_rewind to handle tables in - non-default tablespaces correctly (Takayuki Tsunakawa) - - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - - Fix errors in initial build of contrib/bloom - indexes (Tomas Vondra, Tom Lane) - - - - Fix possible omission of the table's last tuple from the index. - Count the number of index tuples correctly, in case it is a partial - index. - - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 10.3 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 10.2. - For information about new features in major release 10, see - . - - - - Migration to Version 10.3 - - - A dump/restore is not required for those running 10.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 10.2, - see . - - - - - Changes - - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - - Prevent logical replication from trying to ship changes for - unpublishable relations (Peter Eisentraut) - - - - A publication marked FOR ALL TABLES would - incorrectly ship changes in materialized views - and information_schema tables, which are - supposed to be omitted from the change stream. - - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - - Fix incorrect pg_dump output for some - non-default sequence limit values (Alexey Bashtanov) - - - - - - - Fix pg_dump's mishandling - of STATISTICS objects (Tom Lane) - - - - An extended statistics object's schema was mislabeled in the dump's - table of contents, possibly leading to the wrong results in a - schema-selective restore. Its ownership was not correctly restored, - either. Also, change the logic so that statistics objects are - dumped/restored, or not, as independent objects rather than tying - them to the dump/restore decision for the table they are on. The - original definition could not scale to the planned future extension to - cross-table statistics. - - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - - Mark assorted GUC variables as PGDLLIMPORT, to - ease porting extension modules to Windows (Metin Doslu) - - - - - - - - - - Release 10.2 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 10.1. - For information about new features in major release 10, see - . - - - - Migration to Version 10.2 - - - A dump/restore is not required for those running 10.X. - - - - However, - if you use contrib/cube's ~> - operator, see the entry below about that. - - - - Also, if you are upgrading from a version earlier than 10.1, - see . - - - - - Changes - - - - - - - Fix processing of partition keys containing multiple expressions - (Álvaro Herrera, David Rowley) - - - - This error led to crashes or, with carefully crafted input, disclosure - of arbitrary backend memory. - (CVE-2018-1052) - - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - - Fix failure to mark a hash index's metapage dirty after - adding a new overflow page, potentially leading to index corruption - (Lixian Zou, Amit Kapila) - - - - - - - Ensure that vacuum will always clean up the pending-insertions list of - a GIN index (Masahiko Sawada) - - - - This is necessary to ensure that dead index entries get removed. - The old code got it backwards, allowing vacuum to skip the cleanup if - some other process were running cleanup concurrently, thus risking - invalid entries being left behind in the index. - - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - - Fix incorrect query results from cases involving flattening of - subqueries whose outputs are used in GROUPING SETS - (Heikki Linnakangas) - - - - - - - Fix handling of list partitioning constraints for partition keys of - boolean or array types (Amit Langote) - - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - - Fix spurious deadlock failures when multiple sessions are - running CREATE INDEX CONCURRENTLY (Jeff Janes) - - - - - - - During VACUUM FULL, update the table's size fields - in pg_class sooner (Amit Kapila) - - - - This prevents poor behavior when rebuilding hash indexes on the - table, since those use the pg_class - statistics to govern the initial hash size. - - - - - - - Fix - UNION/INTERSECT/EXCEPT - over zero columns (Tom Lane) - - - - - - - Disallow identity columns on typed tables and partitions - (Michael Paquier) - - - - These cases will be treated as unsupported features for now. - - - - - - - Fix assorted failures to apply the correct default value when - inserting into an identity column (Michael Paquier, Peter Eisentraut) - - - - In several contexts, notably COPY - and ALTER TABLE ADD COLUMN, the expected default - value was not applied and instead a null value was inserted. - - - - - - - Fix failures when an inheritance tree contains foreign child tables - (Etsuro Fujita) - - - - A mix of regular and foreign tables in an inheritance tree resulted in - creation of incorrect plans for UPDATE - and DELETE queries. This led to visible failures in - some cases, notably when there are row-level triggers on a foreign - child table. - - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - - Allow functional dependency statistics to be used for boolean columns - (Tom Lane) - - - - Previously, although extended statistics could be declared and - collected on boolean columns, the planner failed to apply them. - - - - - - - Avoid underestimating the number of groups emitted by subqueries - containing set-returning functions in their grouping columns (Tom Lane) - - - - Cases similar to SELECT DISTINCT unnest(foo) got a - lower output rowcount estimate in 10.0 than they did in earlier - releases, possibly resulting in unfavorable plan choices. Restore the - prior estimation behavior. - - - - - - - Fix use of triggers in logical replication workers (Petr Jelinek) - - - - - - - Fix logical decoding to correctly clean up disk files for crashed - transactions (Atsushi Torikoshi) - - - - Logical decoding may spill WAL records to disk for transactions - generating many WAL records. Normally these files are cleaned up - after the transaction's commit or abort record arrives; but if - no such record is ever seen, the removal code misbehaved. - - - - - - - Fix walsender timeout failure and failure to respond to interrupts - when processing a large transaction (Petr Jelinek) - - - - - - - Fix race condition during replication origin drop that could allow the - dropping process to wait indefinitely (Tom Lane) - - - - - - - Allow members of the pg_read_all_stats role to see - walsender statistics in the pg_stat_replication - view (Feike Steenbergen) - - - - - - - Show walsenders that are sending base backups as active in - the pg_stat_activity view (Magnus Hagander) - - - - - - - Fix reporting of scram-sha-256 authentication - method in the pg_hba_file_rules view - (Michael Paquier) - - - - Previously this was printed as scram-sha256, - possibly confusing users as to the correct spelling. - - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - - Allow a client that supports SCRAM channel binding (such as v11 or - later libpq) to connect to a v10 server - (Michael Paquier) - - - - v10 does not have this feature, and the connection-time negotiation - about whether to use it was done incorrectly. - - - - - - - Avoid live-lock in ConditionVariableBroadcast() - (Tom Lane, Thomas Munro) - - - - Given repeatedly-unlucky timing, a process attempting to awaken all - waiters for a condition variable could loop indefinitely. Due to the - limited usage of condition variables in v10, this affects only - parallel index scans and some operations on replication slots. - - - - - - - Clean up waits for condition variables correctly during subtransaction - abort (Robert Haas) - - - - - - - Ensure that child processes that are waiting for a condition variable - will exit promptly if the postmaster process dies (Tom Lane) - - - - - - - Fix crashes in parallel queries using more than one Gather node - (Thomas Munro) - - - - - - - Fix hang in parallel index scan when processing a deleted or half-dead - index page (Amit Kapila) - - - - - - - Avoid crash if parallel bitmap heap scan is unable to allocate a - shared memory segment (Robert Haas) - - - - - - - Cope with failure to start a parallel worker process - (Amit Kapila, Robert Haas) - - - - Parallel query previously tended to hang indefinitely if a worker - could not be started, as the result of fork() - failure or other low-probability problems. - - - - - - - Avoid unnecessary failure when no parallel workers can be obtained - during parallel query startup (Robert Haas) - - - - - - - Fix collection of EXPLAIN statistics from parallel - workers (Amit Kapila, Thomas Munro) - - - - - - - Ensure that query strings passed to parallel workers are correctly - null-terminated (Thomas Munro) - - - - This prevents emitting garbage in postmaster log output from such - workers. - - - - - - - Avoid unsafe alignment assumptions when working - with __int128 (Tom Lane) - - - - Typically, compilers assume that __int128 variables are - aligned on 16-byte boundaries, but our memory allocation - infrastructure isn't prepared to guarantee that, and increasing the - setting of MAXALIGN seems infeasible for multiple reasons. Adjust the - code to allow use of __int128 only when we can tell the - compiler to assume lesser alignment. The only known symptom of this - problem so far is crashes in some parallel aggregation queries. - - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - - Avoid crash during an EvalPlanQual recheck of an indexscan that is the - inner child of a merge join (Tom Lane) - - - - This could only happen during an update or SELECT FOR - UPDATE of a join, when there is a concurrent update of some - selected row. - - - - - - - Fix crash in autovacuum when extended statistics are defined - for a table but can't be computed (Álvaro Herrera) - - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - - Prevent out-of-memory failures due to excessive growth of simple hash - tables (Tomas Vondra, Andres Freund) - - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - - Rename pg_rewind's - copy_file_range function to avoid conflict - with new Linux system call of that name (Andres Freund) - - - - This change prevents build failures with newer glibc versions. - - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - - Change the behavior of contrib/cube's - cube ~> int - operator to make it compatible with KNN search (Alexander Korotkov) - - - - The meaning of the second argument (the dimension selector) has been - changed to make it predictable which value is selected even when - dealing with cubes of varying dimensionalities. - - - - This is an incompatible change, but since the point of the operator - was to be used in KNN searches, it seems rather useless as-is. - After installing this update, any expression indexes or materialized - views using this operator will need to be reindexed/refreshed. - - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - - Fix incorrect display of tuples' null bitmaps - in contrib/pageinspect (Maksim Milyutin) - - - - - - - Fix incorrect output from contrib/pageinspect's - hash_page_items() function (Masahiko Sawada) - - - - - - - In contrib/postgres_fdw, avoid - outer pathkeys do not match mergeclauses - planner error when constructing a plan involving a remote join - (Robert Haas) - - - - - - - In contrib/postgres_fdw, avoid planner failure - when there are duplicate GROUP BY entries - (Jeevan Chalke) - - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 10.1 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 10.0. - For information about new features in major release 10, see - . - - - - Migration to Version 10.1 - - - A dump/restore is not required for those running 10.X. - - - - However, if you use BRIN indexes, see the fourth changelog entry below. - - - - - Changes - - - - - - - Ensure that INSERT ... ON CONFLICT DO UPDATE checks - table permissions and RLS policies in all cases (Dean Rasheed) - - - - The update path of INSERT ... ON CONFLICT DO UPDATE - requires SELECT permission on the columns of the - arbiter index, but it failed to check for that in the case of an - arbiter specified by constraint name. - In addition, for a table with row level security enabled, it failed to - check updated rows against the table's SELECT - policies (regardless of how the arbiter index was specified). - (CVE-2017-15099) - - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - - Fix BRIN index summarization to handle concurrent table extension - correctly (Álvaro Herrera) - - - - Previously, a race condition allowed some table rows to be omitted from - the index. It may be necessary to reindex existing BRIN indexes to - recover from past occurrences of this problem. - - - - - - - Fix possible failures during concurrent updates of a BRIN index - (Tom Lane) - - - - These race conditions could result in errors like invalid index - offnum or inconsistent range map. - - - - - - - Prevent logical replication from setting non-replicated columns to - nulls when replicating an UPDATE (Petr Jelinek) - - - - - - - Fix logical replication to fire BEFORE ROW DELETE - triggers when expected (Masahiko Sawada) - - - - Previously, that failed to happen unless the table also had - a BEFORE ROW UPDATE trigger. - - - - - - - Fix crash when logical decoding is invoked from a SPI-using function, - in particular any function written in a PL language - (Tom Lane) - - - - - - - Ignore CTEs when looking up the target table for - INSERT/UPDATE/DELETE, - and prevent matching schema-qualified target table names to trigger - transition table names (Thomas Munro) - - - - This restores the pre-v10 behavior for CTEs attached to DML commands. - - - - - - - Avoid evaluating an aggregate function's argument expression(s) at rows - where its FILTER test fails (Tom Lane) - - - - This restores the pre-v10 (and SQL-standard) behavior. - - - - - - - Fix incorrect query results when multiple GROUPING - SETS columns contain the same simple variable (Tom Lane) - - - - - - - Fix query-lifespan memory leakage while evaluating a set-returning - function in a SELECT's target list (Tom Lane) - - - - - - - Allow parallel execution of prepared statements with generic plans - (Amit Kapila, Kuntal Ghosh) - - - - - - - Fix incorrect parallelization decisions for nested queries - (Amit Kapila, Kuntal Ghosh) - - - - - - - Fix parallel query handling to not fail when a recently-used role is - dropped (Amit Kapila) - - - - - - - Fix crash in parallel execution of a bitmap scan having a BitmapAnd - plan node below a BitmapOr node (Dilip Kumar) - - - - - - - Fix json_build_array(), - json_build_object(), and their jsonb - equivalents to handle explicit VARIADIC arguments - correctly (Michael Paquier) - - - - - - - Fix autovacuum's work item logic to prevent possible - crashes and silent loss of work items (Álvaro Herrera) - - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - - Correctly ignore RelabelType expression nodes - when examining functional-dependency statistics (David Rowley) - - - - This allows, e.g., extended statistics on varchar columns - to be used properly. - - - - - - - Prevent sharing transition states between ordered-set aggregates - (David Rowley) - - - - This causes a crash with the built-in ordered-set aggregates, and - probably with user-written ones as well. v11 and later will include - provisions for dealing with such cases safely, but in released - branches, just disable the optimization. - - - - - - - Prevent idle_in_transaction_session_timeout from - being ignored when a statement_timeout occurred - earlier (Lukas Fittl) - - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - - Reduce the frequency of data flush requests during bulk file copies to - avoid performance problems on macOS, particularly with its new APFS - file system (Tom Lane) - - - - - - - Allow COPY's FREEZE option to - work when the transaction isolation level is REPEATABLE - READ or higher (Noah Misch) - - - - This case was unintentionally broken by a previous bug fix. - - - - - - - Fix AggGetAggref() to return the - correct Aggref nodes to aggregate final - functions whose transition calculations have been merged (Tom Lane) - - - - - - - Fix insufficient schema-qualification in some new queries - in pg_dump - and psql - (Vitaly Burovoy, Tom Lane, Noah Misch) - - - - - - - Avoid use of @> operator - in psql's queries for \d - (Tom Lane) - - - - This prevents problems when the parray_gin - extension is installed, since that defines a conflicting operator. - - - - - - - Fix pg_basebackup's matching of tablespace - paths to canonicalize both paths before comparing (Michael Paquier) - - - - This is particularly helpful on Windows. - - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - - In ecpglib, correctly handle backslashes in string literals depending - on whether standard_conforming_strings is set - (Tsunakawa Takayuki) - - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - - Fix missing temp-install prerequisites - for check-like Make targets (Noah Misch) - - - - Some non-default test procedures that are meant to work - like make check failed to ensure that the temporary - installation was up to date. - - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - In the documentation, restore HTML anchors to being upper-case strings - (Peter Eisentraut) - - - - Due to a toolchain change, the 10.0 user manual had lower-case strings - for intrapage anchors, thus breaking some external links into our - website documentation. Return to our previous convention of using - upper-case strings. - - - - - - - - - - Release 10 - - - Release date: - 2017-10-05 - - - - Overview - - - Major enhancements in PostgreSQL 10 include: - - - - - - - Logical replication using publish/subscribe - Declarative table partitioning - Improved query parallelism - Significant general performance improvements - Stronger password authentication based on SCRAM-SHA-256 - Improved monitoring and control - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 10 - - - A dump/restore using , or use of , is required for those wishing to migrate data - from any previous release. - - - - Version 10 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - - - - - Hash indexes must be rebuilt after pg_upgrade-ing - from any previous major PostgreSQL version (Mithun - Cy, Robert Haas, Amit Kapila) - - - - Major hash index improvements necessitated this requirement. - pg_upgrade will create a script to assist with this. - - - - - - - Rename write-ahead log directory pg_xlog - to pg_wal, and rename transaction - status directory pg_clog to pg_xact - (Michael Paquier) - - - - Users have occasionally thought that these directories contained only - inessential log files, and proceeded to remove write-ahead log files - or transaction status files manually, causing irrecoverable data - loss. These name changes are intended to discourage such errors in - future. - - - - - - - Rename SQL functions, tools, and options that reference - xlog to wal (Robert Haas) - - - - For example, pg_switch_xlog() becomes - pg_switch_wal(), pg_receivexlog - becomes pg_receivewal, and - becomes . This is for consistency with the - change of the pg_xlog directory name; in general, - the xlog terminology is no longer used in any user-facing - places. - - - - - - - Rename WAL-related functions and views to use lsn - instead of location (David Rowley) - - - - There was previously an inconsistent mixture of the two terminologies. - - - - - - - Change the implementation of set-returning functions appearing in - a query's SELECT list (Andres Freund) - - - - Set-returning functions are now evaluated before evaluation of scalar - expressions in the SELECT list, much as though they had - been placed in a LATERAL FROM-clause item. This allows - saner semantics for cases where multiple set-returning functions are - present. If they return different numbers of rows, the shorter results - are extended to match the longest result by adding nulls. Previously - the results were cycled until they all terminated at the same time, - producing a number of rows equal to the least common multiple of the - functions' periods. In addition, set-returning functions are now - disallowed within CASE and COALESCE constructs. - For more information - see . - - - - - - - Use standard row constructor syntax in UPDATE ... SET - (column_list) = row_constructor - (Tom Lane) - - - - The row_constructor can now begin with the - keyword ROW; previously that had to be omitted. - If just one column name appears in - the column_list, then - the row_constructor now must use - the ROW keyword, since otherwise it is not a valid - row constructor but just a parenthesized expression. - Also, an occurrence - of table_name.* within - the row_constructor is now expanded into - multiple columns, as occurs in other uses - of row_constructors. - - - - - - - When ALTER TABLE ... ADD PRIMARY KEY marks - columns NOT NULL, that change now propagates to - inheritance child tables as well (Michael Paquier) - - - - - - - Prevent statement-level triggers from firing more than once per - statement (Tom Lane) - - - - Cases involving writable CTEs updating the same table updated by the - containing statement, or by another writable CTE, fired BEFORE - STATEMENT or AFTER STATEMENT triggers more than once. - Also, if there were statement-level triggers on a table affected by a - foreign key enforcement action (such as ON DELETE CASCADE), - they could fire more than once per outer SQL statement. This is - contrary to the SQL standard, so change it. - - - - - - - Move sequences' metadata fields into a new pg_sequence - system catalog (Peter Eisentraut) - - - - A sequence relation now stores only the fields that can be modified - by nextval(), that - is last_value, log_cnt, - and is_called. Other sequence properties, such as - the starting value and increment, are kept in a corresponding row of - the pg_sequence catalog. - ALTER SEQUENCE updates are now fully transactional, - implying that the sequence is locked until commit. - The nextval() and setval() functions - remain nontransactional. - - - - The main incompatibility introduced by this change is that selecting - from a sequence relation now returns only the three fields named - above. To obtain the sequence's other properties, applications must - look into pg_sequence. The new system - view pg_sequences - can also be used for this purpose; it provides column names that are - more compatible with existing code. - - - - Also, sequences created for SERIAL columns now generate - positive 32-bit wide values, whereas previous versions generated 64-bit - wide values. This has no visible effect if the values are only stored in - a column. - - - - The output of psql's \d command for a - sequence has been redesigned, too. - - - - - - - Make stream the - WAL needed to restore the backup by default (Magnus - Hagander) - - - - This changes pg_basebackup's - / default to stream. - An option value none has been added to reproduce the old - behavior. The pg_basebackup option - has been removed (instead, use -X fetch). - - - - - - - Change how logical replication - uses pg_hba.conf - (Peter Eisentraut) - - - - In previous releases, a logical replication connection required - the replication keyword in the database column. As - of this release, logical replication matches a normal entry with a - database name or keywords such as all. Physical - replication continues to use the replication keyword. - Since built-in logical replication is new in this release, this - change only affects users of third-party logical replication plugins. - - - - - - - Make all actions wait - for completion by default (Peter Eisentraut) - - - - Previously some pg_ctl actions didn't wait for - completion, and required the use of to do so. - - - - - - - Change the default value of the - server parameter from pg_log to log - (Andreas Karlsson) - - - - - - - Add configuration option to - specify file name for custom OpenSSL DH parameters (Heikki Linnakangas) - - - - This replaces the hardcoded, undocumented file - name dh1024.pem. Note that dh1024.pem is - no longer examined by default; you must set this option if you want - to use custom DH parameters. - - - - - - - Increase the size of the default DH parameters used for OpenSSL - ephemeral DH ciphers to 2048 bits (Heikki Linnakangas) - - - - The size of the compiled-in DH parameters has been increased from - 1024 to 2048 bits, making DH key exchange more resistant to - brute-force attacks. However, some old SSL implementations, notably - some revisions of Java Runtime Environment version 6, will not accept - DH parameters longer than 1024 bits, and hence will not be able to - connect over SSL. If it's necessary to support such old clients, you - can use custom 1024-bit DH parameters instead of the compiled-in - defaults. See . - - - - - - - Remove the ability to store unencrypted passwords on the server - (Heikki Linnakangas) - - - - The server parameter - no longer supports off or plain. - The UNENCRYPTED option is no longer supported in - CREATE/ALTER USER ... PASSWORD. Similarly, the - option has been removed - from createuser. Unencrypted passwords migrated from - older versions will be stored encrypted in this release. The default - setting for password_encryption is still - md5. - - - - - - - Add - and server - parameters to control parallel queries (Amit Kapila, Robert Haas) - - - - These replace min_parallel_relation_size, which was - found to be too generic. - - - - - - - Don't downcase unquoted text - within and related - server parameters (QL Zhuo) - - - - These settings are really lists of file names, but they were - previously treated as lists of SQL identifiers, which have different - parsing rules. - - - - - - - Remove sql_inheritance server parameter (Robert Haas) - - - - Changing this setting from the default value caused queries referencing - parent tables to not include child tables. The SQL - standard requires them to be included, however, and this has been the - default since PostgreSQL 7.1. - - - - - - - Allow multi-dimensional arrays to be passed into PL/Python functions, - and returned as nested Python lists (Alexey Grishchenko, Dave Cramer, - Heikki Linnakangas) - - - - This feature requires a backwards-incompatible change to the handling - of arrays of composite types in PL/Python. Previously, you could - return an array of composite values by writing, e.g., [[col1, - col2], [col1, col2]]; but now that is interpreted as a - two-dimensional array. Composite types in arrays must now be written - as Python tuples, not lists, to resolve the ambiguity; that is, - write [(col1, col2), (col1, col2)] instead. - - - - - - - Remove PL/Tcl's module auto-loading facility (Tom Lane) - - - - This functionality has been replaced by new server - parameters - and , which are easier to use - and more similar to features available in other PLs. - - - - - - - Remove pg_dump/pg_dumpall support - for dumping from pre-8.0 servers (Tom Lane) - - - - Users needing to dump from pre-8.0 servers will need to use dump - programs from PostgreSQL 9.6 or earlier. The - resulting output should still load successfully into newer servers. - - - - - - - Remove support for floating-point timestamps and intervals (Tom Lane) - - - - This removes configure's - option. Floating-point timestamps have few advantages and have not - been the default since PostgreSQL 8.3. - - - - - - - Remove server support for client/server protocol version 1.0 (Tom Lane) - - - - This protocol hasn't had client support - since PostgreSQL 6.3. - - - - - - - Remove contrib/tsearch2 module (Robert Haas) - - - - This module provided compatibility with the version of full text - search that shipped in pre-8.3 PostgreSQL releases. - - - - - - - Remove createlang and droplang - command-line applications (Peter Eisentraut) - - - - These had been deprecated since PostgreSQL 9.1. - Instead, use CREATE EXTENSION and DROP - EXTENSION directly. - - - - - - - Remove support for version-0 function calling conventions (Andres - Freund) - - - - Extensions providing C-coded functions must now conform to version 1 - calling conventions. Version 0 has been deprecated since 2001. - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 10 and the previous major - release. - - - - Server - - - Parallel Queries - - - - - - - Support parallel B-tree index scans (Rahila Syed, Amit Kapila, - Robert Haas, Rafia Sabih) - - - - This change allows B-tree index pages to be searched by separate - parallel workers. - - - - - - - Support parallel bitmap heap scans (Dilip Kumar) - - - - This allows a single index scan to dispatch parallel workers to - process different areas of the heap. - - - - - - - Allow merge joins to be performed in parallel (Dilip Kumar) - - - - - - - Allow non-correlated subqueries to be run in parallel (Amit Kapila) - - - - - - - Improve ability of parallel workers to return pre-sorted data - (Rushabh Lathia) - - - - - - - Increase parallel query usage in procedural language functions - (Robert Haas, Rafia Sabih) - - - - - - - Add server parameter - to limit the number of worker processes that can be used for - query parallelism (Julien Rouhaud) - - - - This parameter can be set lower than to reserve worker processes - for purposes other than parallel queries. - - - - - - - Enable parallelism by default by changing the default setting - of to - 2. - - - - - - - - - Indexes - - - - - - - Add write-ahead logging support to hash indexes (Amit Kapila) - - - - This makes hash indexes crash-safe and replicatable. - The former warning message about their use is removed. - - - - - - - Improve hash index performance (Amit Kapila, Mithun Cy, Ashutosh - Sharma) - - - - - - - Add SP-GiST index support for INET and - CIDR data types (Emre Hasegeli) - - - - - - - Add option to allow BRIN index summarization to happen - more aggressively (Álvaro Herrera) - - - - A new CREATE - INDEX option enables auto-summarization of the - previous BRIN page range when a new page - range is created. - - - - - - - Add functions to remove and re-add BRIN - summarization for BRIN index ranges (Álvaro - Herrera) - - - - The new SQL function brin_summarize_range() - updates BRIN index summarization for a specified - range and brin_desummarize_range() removes it. - This is helpful to update summarization of a range that is now - smaller due to UPDATEs and DELETEs. - - - - - - - Improve accuracy in determining if a BRIN index scan - is beneficial (David Rowley, Emre Hasegeli) - - - - - - - Allow faster GiST inserts and updates by reusing - index space more efficiently (Andrey Borodin) - - - - - - - Reduce page locking during vacuuming of GIN indexes - (Andrey Borodin) - - - - - - - - - - Locking - - - - - - - Reduce locking required to change table parameters (Simon Riggs, - Fabrízio Mello) - - - - For example, changing a table's setting can now be done - with a more lightweight lock. - - - - - - - Allow tuning of predicate lock promotion thresholds (Dagfinn - Ilmari Mannsåker) - - - - Lock promotion can now be controlled through two new server - parameters, and - . - - - - - - - - - Optimizer - - - - - - - Add multi-column optimizer statistics to compute the correlation - ratio and number of distinct values (Tomas Vondra, David Rowley, - Álvaro Herrera) - - - - New commands are CREATE STATISTICS, - ALTER STATISTICS, and - DROP STATISTICS. - This feature is helpful in estimating query memory usage and when - combining the statistics from individual columns. - - - - - - - Improve performance of queries affected by row-level security - restrictions (Tom Lane) - - - - The optimizer now has more knowledge about where it can place RLS - filter conditions, allowing better plans to be generated while still - enforcing the RLS conditions safely. - - - - - - - - - General Performance - - - - - - - Speed up aggregate functions that calculate a running sum - using numeric-type arithmetic, including some variants - of SUM(), AVG(), - and STDDEV() (Heikki Linnakangas) - - - - - - - Improve performance of character encoding conversions by - using radix trees (Kyotaro Horiguchi, Heikki Linnakangas) - - - - - - - Reduce expression evaluation overhead during query execution, - as well as plan node calling overhead (Andres Freund) - - - - This is particularly helpful for queries that process many rows. - - - - - - - Allow hashed aggregation to be used with grouping sets (Andrew - Gierth) - - - - - - - Use uniqueness guarantees to optimize certain join types (David - Rowley) - - - - - - - Improve sort performance of the macaddr data type (Brandur Leach) - - - - - - - Reduce statistics tracking overhead in sessions that reference - many thousands of relations (Aleksander Alekseev) - - - - - - - - - Monitoring - - - - - - - Allow explicit control - over EXPLAIN's display - of planning and execution time (Ashutosh Bapat) - - - - By default planning and execution time are displayed by - EXPLAIN ANALYZE and are not displayed in other cases. - The new EXPLAIN option SUMMARY allows - explicit control of this. - - - - - - - Add default monitoring roles (Dave Page) - - - - New roles pg_monitor, pg_read_all_settings, - pg_read_all_stats, and pg_stat_scan_tables - allow simplified permission configuration. - - - - - - - Properly update the statistics collector during REFRESH MATERIALIZED - VIEW (Jim Mlodgenski) - - - - - - - Logging - - - - - - - Change the default value of - to include current timestamp (with milliseconds) and the process ID - in each line of postmaster log output (Christoph Berg) - - - - The previous default was an empty prefix. - - - - - - - Add functions to return the log and WAL directory - contents (Dave Page) - - - - The new functions - are pg_ls_logdir() - and pg_ls_waldir() - and can be executed by non-superusers with the proper - permissions. - - - - - - - Add function pg_current_logfile() - to read logging collector's current stderr and csvlog output file names - (Gilles Darold) - - - - - - - Report the address and port number of each listening socket - in the server log during postmaster startup (Tom Lane) - - - - Also, when logging failure to bind a listening socket, include - the specific address we attempted to bind to. - - - - - - - Reduce log chatter about the starting and stopping of launcher - subprocesses (Tom Lane) - - - - These are now DEBUG1-level messages. - - - - - - - Reduce message verbosity of lower-numbered debug levels - controlled by - (Robert Haas) - - - - This also changes the verbosity of debug levels. - - - - - - - - - <link linkend="pg-stat-activity-view"><structname>pg_stat_activity</structname></link> - - - - - - - Add pg_stat_activity reporting of low-level wait - states (Michael Paquier, Robert Haas, Rushabh Lathia) - - - - This change enables reporting of numerous low-level wait conditions, - including latch waits, file reads/writes/fsyncs, client reads/writes, - and synchronous replication. - - - - - - - Show auxiliary processes, background workers, and walsender - processes in pg_stat_activity (Kuntal Ghosh, - Michael Paquier) - - - - This simplifies monitoring. A new - column backend_type identifies the process type. - - - - - - - Allow pg_stat_activity to show the SQL query - being executed by parallel workers (Rafia Sabih) - - - - - - - Rename - pg_stat_activity.wait_event_type - values LWLockTranche and - LWLockNamed to LWLock (Robert Haas) - - - - This makes the output more consistent. - - - - - - - - - - <acronym>Authentication</acronym> - - - - - - - Add SCRAM-SHA-256 - support for password negotiation and storage (Michael Paquier, - Heikki Linnakangas) - - - - This provides better security than the existing md5 - negotiation and storage method. - - - - - - - Change the server parameter - from boolean to enum (Michael Paquier) - - - - This was necessary to support additional password hashing options. - - - - - - - Add view pg_hba_file_rules - to display the contents of pg_hba.conf (Haribabu - Kommi) - - - - This shows the file contents, not the currently active settings. - - - - - - - Support multiple RADIUS servers (Magnus Hagander) - - - - All the RADIUS related parameters are now plural and - support a comma-separated list of servers. - - - - - - - - - Server Configuration - - - - - - - Allow SSL configuration to be updated during - configuration reload (Andreas Karlsson, Tom Lane) - - - - This allows SSL to be reconfigured without a server - restart, by using pg_ctl reload, SELECT - pg_reload_conf(), or sending a SIGHUP signal. - However, reloading the SSL configuration does not work - if the server's SSL key requires a passphrase, as there - is no way to re-prompt for the passphrase. The original - configuration will apply for the life of the postmaster in that - case. - - - - - - - Make the maximum value of effectively unlimited - (Jim Nasby) - - - - - - - - - Reliability - - - - - - - After creating or unlinking files, perform an fsync on their parent - directory (Michael Paquier) - - - - This reduces the risk of data loss after a power failure. - - - - - - - <link linkend="wal">Write-Ahead Log</link> (<acronym>WAL</acronym>) - - - - - - - Prevent unnecessary checkpoints and WAL archiving on - otherwise-idle systems (Michael Paquier) - - - - - - - Add server parameter - to add details to WAL that can be sanity-checked on - the standby (Kuntal Ghosh, Robert Haas) - - - - Any sanity-check failure generates a fatal error on the standby. - - - - - - - Increase the maximum configurable WAL segment size - to one gigabyte (Beena Emerson) - - - - A larger WAL segment size allows for fewer - invocations and fewer - WAL files to manage. - - - - - - - - - - - - - Replication and Recovery - - - - - - - Add the ability to logically - replicate tables to standby servers (Petr Jelinek) - - - - Logical replication allows more flexibility than physical - replication does, including replication between different major - versions of PostgreSQL and selective - replication. - - - - - - - Allow waiting for commit acknowledgment from standby - servers irrespective of the order they appear in (Masahiko Sawada) - - - - Previously the server always waited for the active standbys that - appeared first in synchronous_standby_names. The new - synchronous_standby_names keyword ANY allows - waiting for any number of standbys irrespective of their ordering. - This is known as quorum commit. - - - - - - - Reduce configuration changes necessary to perform streaming backup - and replication (Magnus Hagander, Dang Minh Huong) - - - - Specifically, the defaults were changed for , , - , and to make them suitable for these usages - out-of-the-box. - - - - - - - Enable replication from localhost connections by default in - pg_hba.conf - (Michael Paquier) - - - - Previously pg_hba.conf's replication connection - lines were commented out by default. This is particularly useful for - . - - - - - - - Add columns to pg_stat_replication - to report replication delay times (Thomas Munro) - - - - The new columns are write_lag, - flush_lag, and replay_lag. - - - - - - - Allow specification of the recovery stopping point by Log Sequence - Number (LSN) in - recovery.conf - (Michael Paquier) - - - - Previously the stopping point could only be selected by timestamp or - XID. - - - - - - - Allow users to disable pg_stop_backup()'s - waiting for all WAL to be archived (David Steele) - - - - An optional second argument to pg_stop_backup() - controls that behavior. - - - - - - - Allow creation of temporary replication slots - (Petr Jelinek) - - - - Temporary slots are automatically removed on session exit or error. - - - - - - - Improve performance of hot standby replay with better tracking of - Access Exclusive locks (Simon Riggs, David Rowley) - - - - - - - Speed up two-phase commit recovery performance (Stas Kelvich, - Nikhil Sontakke, Michael Paquier) - - - - - - - - - Queries - - - - - - - Add XMLTABLE - function that converts XML-formatted data into a row set - (Pavel Stehule, Álvaro Herrera) - - - - - - - Fix regular expressions' character class handling for large character - codes, particularly Unicode characters above U+7FF - (Tom Lane) - - - - Previously, such characters were never recognized as belonging to - locale-dependent character classes such as [[:alpha:]]. - - - - - - - - - Utility Commands - - - - - - - Add table partitioning - syntax that automatically creates partition constraints and - handles routing of tuple insertions and updates (Amit Langote) - - - - The syntax supports range and list partitioning. - - - - - - - Add AFTER trigger - transition tables to record changed rows (Kevin Grittner, Thomas - Munro) - - - - Transition tables are accessible from triggers written in - server-side languages. - - - - - - - Allow restrictive row-level - security policies (Stephen Frost) - - - - Previously all security policies were permissive, meaning that any - matching policy allowed access. A restrictive policy must - match for access to be granted. These policy types can be combined. - - - - - - - When creating a foreign-key constraint, check - for REFERENCES permission on only the referenced table - (Tom Lane) - - - - Previously REFERENCES permission on the referencing - table was also required. This appears to have stemmed from a - misreading of the SQL standard. Since creating a foreign key (or - any other type of) constraint requires ownership privilege on the - constrained table, additionally requiring REFERENCES - permission seems rather pointless. - - - - - - - Allow default - permissions on schemas (Matheus Oliveira) - - - - This is done using the ALTER DEFAULT PRIVILEGES command. - - - - - - - Add CREATE SEQUENCE - AS command to create a sequence matching an integer data type - (Peter Eisentraut) - - - - This simplifies the creation of sequences matching the range of - base columns. - - - - - - - Allow COPY view - FROM source on views with INSTEAD - INSERT triggers (Haribabu Kommi) - - - - The triggers are fed the data rows read by COPY. - - - - - - - Allow the specification of a function name without arguments in - DDL commands, if it is unique (Peter Eisentraut) - - - - For example, allow DROP - FUNCTION on a function name without arguments if there - is only one function with that name. This behavior is required by the - SQL standard. - - - - - - - Allow multiple functions, operators, and aggregates to be dropped - with a single DROP command (Peter Eisentraut) - - - - - - - Support IF NOT EXISTS - in CREATE SERVER, - CREATE USER MAPPING, - and CREATE COLLATION - (Anastasia Lubennikova, Peter Eisentraut) - - - - - - - Make VACUUM VERBOSE report - the number of skipped frozen pages and oldest xmin (Masahiko - Sawada, Simon Riggs) - - - - This information is also included in output. - - - - - - - Improve speed of VACUUM's removal of trailing empty - heap pages (Claudio Freire, Álvaro Herrera) - - - - - - - - - Data Types - - - - - - - Add full text search support for JSON and JSONB - (Dmitry Dolgov) - - - - The functions ts_headline() and - to_tsvector() can now be used on these data types. - - - - - - - Add support for EUI-64 MAC addresses, as a - new data type macaddr8 - (Haribabu Kommi) - - - - This complements the existing support - for EUI-48 MAC addresses - (type macaddr). - - - - - - - Add identity columns for - assigning a numeric value to columns on insert (Peter Eisentraut) - - - - These are similar to SERIAL columns, but are - SQL standard compliant. - - - - - - - Allow ENUM values to be - renamed (Dagfinn Ilmari Mannsåker) - - - - This uses the syntax ALTER - TYPE ... RENAME VALUE. - - - - - - - Properly treat array pseudotypes - (anyarray) as arrays in to_json() - and to_jsonb() (Andrew Dunstan) - - - - Previously columns declared as anyarray (particularly those - in the pg_stats view) were converted to JSON - strings rather than arrays. - - - - - - - Add operators for multiplication and division - of money values - with int8 values (Peter Eisentraut) - - - - Previously such cases would result in converting the int8 - values to float8 and then using - the money-and-float8 operators. The new behavior - avoids possible precision loss. But note that division - of money by int8 now truncates the quotient, like - other integer-division cases, while the previous behavior would have - rounded. - - - - - - - Check for overflow in the money type's input function - (Peter Eisentraut) - - - - - - - - - Functions - - - - - - - Add simplified regexp_match() - function (Emre Hasegeli) - - - - This is similar to regexp_matches(), but it only - returns results from the first match so it does not need to return a - set, making it easier to use for simple cases. - - - - - - - Add a version of jsonb's delete operator that takes - an array of keys to delete (Magnus Hagander) - - - - - - - Make json_populate_record() - and related functions process JSON arrays and objects recursively - (Nikita Glukhov) - - - - With this change, array-type fields in the destination SQL type are - properly converted from JSON arrays, and composite-type fields are - properly converted from JSON objects. Previously, such cases would - fail because the text representation of the JSON value would be fed - to array_in() or record_in(), and its - syntax would not match what those input functions expect. - - - - - - - Add function txid_current_if_assigned() - to return the current transaction ID or NULL if no - transaction ID has been assigned (Craig Ringer) - - - - This is different from txid_current(), - which always returns a transaction ID, assigning one if necessary. - Unlike that function, this function can be run on standby servers. - - - - - - - Add function txid_status() - to check if a transaction was committed (Craig Ringer) - - - - This is useful for checking after an abrupt disconnection whether - your previous transaction committed and you just didn't receive - the acknowledgment. - - - - - - - Allow make_date() - to interpret negative years as BC years (Álvaro - Herrera) - - - - - - - Make to_timestamp() - and to_date() reject - out-of-range input fields (Artur Zakirov) - - - - For example, - previously to_date('2009-06-40','YYYY-MM-DD') was - accepted and returned 2009-07-10. It will now generate - an error. - - - - - - - - - Server-Side Languages - - - - - - - Allow PL/Python's cursor() and execute() - functions to be called as methods of their plan-object arguments - (Peter Eisentraut) - - - - This allows a more object-oriented programming style. - - - - - - - Allow PL/pgSQL's GET DIAGNOSTICS statement to retrieve - values into array elements (Tom Lane) - - - - Previously, a syntactic restriction prevented the target variable - from being an array element. - - - - - - - <link linkend="pltcl">PL/Tcl</link> - - - - - - - Allow PL/Tcl functions to return composite types and sets - (Karl Lehenbauer) - - - - - - - Add a subtransaction command to PL/Tcl (Victor Wagner) - - - - This allows PL/Tcl queries to fail without aborting the entire - function. - - - - - - - Add server parameters - and , to allow initialization - functions to be called on PL/Tcl startup (Tom Lane) - - - - - - - - - - Client Interfaces - - - - - - - Allow specification of multiple - host names or addresses in libpq connection strings and URIs - (Robert Haas, Heikki Linnakangas) - - - - libpq will connect to the first responsive server in the list. - - - - - - - Allow libpq connection strings and URIs to request a read/write host, - that is a master server rather than a standby server - (Victor Wagner, Mithun Cy) - - - - This is useful when multiple host names are - specified. It is controlled by libpq connection parameter - . - - - - - - - Allow the password file name - to be specified as a libpq connection parameter (Julian Markwort) - - - - Previously this could only be specified via an environment variable. - - - - - - - Add function PQencryptPasswordConn() - to allow creation of more types of encrypted passwords on the - client side (Michael Paquier, Heikki Linnakangas) - - - - Previously only MD5-encrypted passwords could be created - using PQencryptPassword(). - This new function can also create SCRAM-SHA-256-encrypted - passwords. - - - - - - - Change ecpg preprocessor version from 4.12 to 10 - (Tom Lane) - - - - Henceforth the ecpg version will match - the PostgreSQL distribution version number. - - - - - - - - - Client Applications - - - <xref linkend="app-psql"/> - - - - - - - Add conditional branch support to psql (Corey - Huinker) - - - - This feature adds psql - meta-commands \if, \elif, \else, - and \endif. This is primarily helpful for scripting. - - - - - - - Add psql \gx meta-command to execute - (\g) a query in expanded mode (\x) - (Christoph Berg) - - - - - - - Expand psql variable references in - backtick-executed strings (Tom Lane) - - - - This is particularly useful in the new psql - conditional branch commands. - - - - - - - Prevent psql's special variables from being set to - invalid values (Daniel Vérité, Tom Lane) - - - - Previously, setting one of psql's special variables - to an invalid value silently resulted in the default behavior. - \set on a special variable now fails if the proposed - new value is invalid. As a special exception, \set - with an empty or omitted new value, on a boolean-valued special - variable, still has the effect of setting the variable - to on; but now it actually acquires that value rather - than an empty string. \unset on a special variable now - explicitly sets the variable to its default value, which is also - the value it acquires at startup. In sum, a control variable now - always has a displayable value that reflects - what psql is actually doing. - - - - - - - Add variables showing server version and psql version - (Fabien Coelho) - - - - - - - Improve psql's \d (display relation) - and \dD (display domain) commands to show collation, - nullable, and default properties in separate columns (Peter - Eisentraut) - - - - Previously they were shown in a single Modifiers column. - - - - - - - Make the various \d commands handle no-matching-object - cases more consistently (Daniel Gustafsson) - - - - They now all print the message about that to stderr, not stdout, - and the message wording is more consistent. - - - - - - - Improve psql's tab completion (Jeff Janes, - Ian Barwick, Andreas Karlsson, Sehrope Sarkuni, Thomas Munro, - Kevin Grittner, Dagfinn Ilmari Mannsåker) - - - - - - - - - <xref linkend="pgbench"/> - - - - - - - Add pgbench option to - control the log file prefix (Masahiko Sawada) - - - - - - - Allow pgbench's meta-commands to span multiple - lines (Fabien Coelho) - - - - A meta-command can now be continued onto the next line by writing - backslash-return. - - - - - - - Remove restriction on placement of option relative to - other command line options (Tom Lane) - - - - - - - - - - - Server Applications - - - - - - - Add pg_receivewal - option / to specify compression - (Michael Paquier) - - - - - - - Add pg_recvlogical option - to specify the ending position (Craig Ringer) - - - - This complements the existing option. - - - - - - - Rename initdb - options and to be spelled - and (Vik Fearing, - Peter Eisentraut) - - - - The old spellings are still supported. - - - - - - - <link linkend="app-pgdump"><application>pg_dump</application></link>, - <link linkend="app-pg-dumpall"><application>pg_dumpall</application></link>, - <link linkend="app-pgrestore"><application>pg_restore</application></link> - - - - - - - Allow pg_restore to exclude schemas (Michael Banck) - - - - This adds a new / option. - - - - - - - Add option to - pg_dump (Guillaume Lelarge) - - - - This suppresses dumping of large objects. - - - - - - - Add pg_dumpall option - to omit role passwords - (Robins Tharakan, Simon Riggs) - - - - This allows use of pg_dumpall by non-superusers; - without this option, it fails due to inability to read passwords. - - - - - - - Support using synchronized snapshots when dumping from a standby - server (Petr Jelinek) - - - - - - - Issue fsync() on the output files generated by - pg_dump and - pg_dumpall (Michael Paquier) - - - - This provides more security that the output is safely stored on - disk before the program exits. This can be disabled with - the new option. - - - - - - - - - - <xref linkend="app-pgbasebackup"/> - - - - - - - Allow pg_basebackup to stream write-ahead log in - tar mode (Magnus Hagander) - - - - The WAL will be stored in a separate tar file from - the base backup. - - - - - - - Make pg_basebackup use temporary replication slots - (Magnus Hagander) - - - - Temporary replication slots will be used by default when - pg_basebackup uses WAL streaming with default - options. - - - - - - - Be more careful about fsync'ing in all required places - in pg_basebackup and - pg_receivewal (Michael Paquier) - - - - - - - Add pg_basebackup option to - disable fsync (Michael Paquier) - - - - - - - Improve pg_basebackup's handling of which - directories to skip (David Steele) - - - - - - - - - <application><xref linkend="app-pg-ctl"/></application> - - - - - - - Add wait option for 's - promote operation (Peter Eisentraut) - - - - - - - Add long options for pg_ctl wait () - and no-wait () (Vik Fearing) - - - - - - - Add long option for pg_ctl server options - () (Peter Eisentraut) - - - - - - - Make pg_ctl start --wait detect server-ready by - watching postmaster.pid, not by attempting connections - (Tom Lane) - - - - The postmaster has been changed to report its ready-for-connections - status in postmaster.pid, and pg_ctl - now examines that file to detect whether startup is complete. - This is more efficient and reliable than the old method, and it - eliminates postmaster log entries about rejected connection - attempts during startup. - - - - - - - Reduce pg_ctl's reaction time when waiting for - postmaster start/stop (Tom Lane) - - - - pg_ctl now probes ten times per second when waiting - for a postmaster state change, rather than once per second. - - - - - - - Ensure that pg_ctl exits with nonzero status if an - operation being waited for does not complete within the timeout - (Peter Eisentraut) - - - - The start and promote operations now return - exit status 1, not 0, in such cases. The stop operation - has always done that. - - - - - - - - - - Source Code - - - - - - - Change to two-part release version numbering (Peter Eisentraut, Tom - Lane) - - - - Release numbers will now have two parts (e.g., 10.1) - rather than three (e.g., 9.6.3). - Major versions will now increase just the first number, and minor - releases will increase just the second number. - Release branches will be referred to by single numbers - (e.g., 10 rather than 9.6). - This change is intended to reduce user confusion about what is a - major or minor release of PostgreSQL. - - - - - - - Improve behavior of pgindent - (Piotr Stefaniak, Tom Lane) - - - - We have switched to a new version of pg_bsd_indent - based on recent improvements made by the FreeBSD project. This - fixes numerous small bugs that led to odd C code formatting - decisions. Most notably, lines within parentheses (such as in a - multi-line function call) are now uniformly indented to match the - opening paren, even if that would result in code extending past the - right margin. - - - - - - - Allow the ICU library to - optionally be used for collation support (Peter Eisentraut) - - - - The ICU library has versioning that allows detection - of collation changes between versions. It is enabled via configure - option . The default still uses the operating - system's native collation library. - - - - - - - Automatically mark all PG_FUNCTION_INFO_V1 functions - as DLLEXPORT-ed on - Windows (Laurenz Albe) - - - - If third-party code is using extern function - declarations, they should also add DLLEXPORT markers - to those declarations. - - - - - - - Remove SPI functions SPI_push(), - SPI_pop(), SPI_push_conditional(), - SPI_pop_conditional(), - and SPI_restore_connection() as unnecessary (Tom Lane) - - - - Their functionality now happens automatically. There are now no-op - macros by these names so that external modules don't need to be - updated immediately, but eventually such calls should be removed. - - - - A side effect of this change is that SPI_palloc() and - allied functions now require an active SPI connection; they do not - degenerate to simple palloc() if there is none. That - previous behavior was not very useful and posed risks of unexpected - memory leaks. - - - - - - - Allow shared memory to be dynamically allocated (Thomas Munro, - Robert Haas) - - - - - - - Add slab-like memory allocator for efficient fixed-size allocations - (Tomas Vondra) - - - - - - - Use POSIX semaphores rather than SysV semaphores - on Linux and FreeBSD (Tom Lane) - - - - This avoids platform-specific limits on SysV semaphore usage. - - - - - - - Improve support for 64-bit atomics (Andres Freund) - - - - - - - Enable 64-bit atomic operations on ARM64 (Roman - Shaposhnik) - - - - - - - Switch to using clock_gettime(), if available, for - duration measurements (Tom Lane) - - - - gettimeofday() is still used - if clock_gettime() is not available. - - - - - - - Add more robust random number generators to be used for - cryptographically secure uses (Magnus Hagander, Michael Paquier, - Heikki Linnakangas) - - - - If no strong random number generator can be - found, configure will fail unless - the option is used. However, with - this option, pgcrypto - functions requiring a strong random number generator will be disabled. - - - - - - - Allow WaitLatchOrSocket() to wait for socket - connection on Windows (Andres Freund) - - - - - - - tupconvert.c functions no longer convert tuples just to - embed a different composite-type OID in them (Ashutosh Bapat, Tom Lane) - - - - The majority of callers don't care about the composite-type OID; - but if the result tuple is to be used as a composite Datum, steps - should be taken to make sure the correct OID is inserted in it. - - - - - - - Remove SCO and Unixware ports (Tom Lane) - - - - - - - Overhaul documentation build - process (Alexander Lakhin) - - - - - - - Use XSLT to build the PostgreSQL - documentation (Peter Eisentraut) - - - - Previously Jade, DSSSL, and - JadeTex were used. - - - - - - - Build HTML documentation using XSLT - stylesheets by default (Peter Eisentraut) - - - - - - - - - Additional Modules - - - - - - - Allow file_fdw to read - from program output as well as files (Corey Huinker, Adam Gomaa) - - - - - - - In postgres_fdw, - push aggregate functions to the remote server, when possible - (Jeevan Chalke, Ashutosh Bapat) - - - - This reduces the amount of data that must be passed from the remote - server, and offloads aggregate computation from the requesting server. - - - - - - - In postgres_fdw, push joins to the remote server in - more cases (David Rowley, Ashutosh Bapat, Etsuro Fujita) - - - - - - - Properly support OID columns in - postgres_fdw tables (Etsuro Fujita) - - - - Previously OID columns always returned zeros. - - - - - - - Allow btree_gist - and btree_gin to - index enum types (Andrew Dunstan) - - - - This allows enums to be used in exclusion constraints. - - - - - - - Add indexing support to btree_gist for the - UUID data type (Paul Jungwirth) - - - - - - - Add amcheck which can - check the validity of B-tree indexes (Peter Geoghegan) - - - - - - - Show ignored constants as $N rather than ? - in - pg_stat_statements - (Lukas Fittl) - - - - - - - Improve cube's handling - of zero-dimensional cubes (Tom Lane) - - - - This also improves handling of infinite and - NaN values. - - - - - - - Allow pg_buffercache to run - with fewer locks (Ivan Kartyshov) - - - - This makes it less disruptive when run on production systems. - - - - - - - Add pgstattuple - function pgstathashindex() to view hash index - statistics (Ashutosh Sharma) - - - - - - - Use GRANT permissions to - control pgstattuple function usage (Stephen Frost) - - - - This allows DBAs to allow non-superusers to run these functions. - - - - - - - Reduce locking when pgstattuple examines hash - indexes (Amit Kapila) - - - - - - - Add pageinspect - function page_checksum() to show a page's checksum - (Tomas Vondra) - - - - - - - Add pageinspect - function bt_page_items() to print page items from a - page image (Tomas Vondra) - - - - - - - Add hash index support to pageinspect (Jesper - Pedersen, Ashutosh Sharma) - - - - - - - - - - - Acknowledgments - - - The following individuals (in alphabetical order) have contributed to this - release as patch authors, committers, reviewers, testers, or reporters of - issues. - - - - Adam Brightwell - Adam Brusselback - Adam Gomaa - Adam Sah - Adrian Klaver - Aidan Van Dyk - Aleksander Alekseev - Alexander Korotkov - Alexander Lakhin - Alexander Sosna - Alexey Bashtanov - Alexey Grishchenko - Alexey Isayko - Álvaro Hernández Tortosa - Álvaro Herrera - Amit Kapila - Amit Khandekar - Amit Langote - Amul Sul - Anastasia Lubennikova - Andreas Joseph Krogh - Andreas Karlsson - Andreas Scherbaum - Andreas Seltenreich - Andres Freund - Andrew Dunstan - Andrew Gierth - Andrew Wheelwright - Andrey Borodin - Andrey Lizenko - Andy Abelisto - Antonin Houska - Ants Aasma - Arjen Nienhuis - Arseny Sher - Artur Zakirov - Ashutosh Bapat - Ashutosh Sharma - Ashwin Agrawal - Atsushi Torikoshi - Ayumi Ishii - Basil Bourque - Beena Emerson - Ben de Graaff - Benedikt Grundmann - Bernd Helmle - Brad DeJong - Brandur Leach - Breen Hagan - Bruce Momjian - Bruno Wolff III - Catalin Iacob - Chapman Flack - Chen Huajun - Choi Doo-Won - Chris Bandy - Chris Richards - Chris Ruprecht - Christian Ullrich - Christoph Berg - Chuanting Wang - Claudio Freire - Clinton Adams - Const Zhang - Constantin Pan - Corey Huinker - Craig Ringer - Cynthia Shang - Dagfinn Ilmari Mannsåker - Daisuke Higuchi - Damian Quiroga - Dan Wood - Dang Minh Huong - Daniel Gustafsson - Daniel Vérité - Daniel Westermann - Daniele Varrazzo - Danylo Hlynskyi - Darko Prelec - Dave Cramer - Dave Page - David Christensen - David Fetter - David Johnston - David Rader - David Rowley - David Steele - Dean Rasheed - Denis Smirnov - Denish Patel - Dennis Björklund - Devrim Gündüz - Dilip Kumar - Dilyan Palauzov - Dima Pavlov - Dimitry Ivanov - Dmitriy Sarafannikov - Dmitry Dolgov - Dmitry Fedin - Don Morrison - Egor Rogov - Eiji Seki - Emil Iggland - Emre Hasegeli - Enrique Meneses - Erik Nordström - Erik Rijkers - Erwin Brandstetter - Etsuro Fujita - Eugen Konkov - Eugene Kazakov - Euler Taveira - Fabien Coelho - Fabrízio de Royes Mello - Feike Steenbergen - Felix Gerzaguet - Filip Jirsák - Fujii Masao - Gabriele Bartolini - Gabrielle Roth - Gao Zengqi - Gerdan Santos - Gianni Ciolli - Gilles Darold - Giuseppe Broccolo - Graham Dutton - Greg Atkins - Greg Burek - Grigory Smolkin - Guillaume Lelarge - Hans Buschmann - Haribabu Kommi - Heikki Linnakangas - Henry Boehlert - Huan Ruan - Ian Barwick - Igor Korot - Ildus Kurbangaliev - Ivan Kartyshov - Jaime Casanova - Jakob Egger - James Parks - Jarred Ward - Jason Li - Jason O'Donnell - Jason Petersen - Jeevan Chalke - Jeevan Ladhe - Jeff Dafoe - Jeff Davis - Jeff Janes - Jelte Fennema - Jeremy Finzel - Jeremy Schneider - Jeroen van der Ham - Jesper Pedersen - Jim Mlodgenski - Jim Nasby - Jinyu Zhang - Joe Conway - Joel Jacobson - John Harvey - Jon Nelson - Jordan Gigov - Josh Berkus - Josh Soref - Julian Markwort - Julien Rouhaud - Junseok Yang - Justin Muise - Justin Pryzby - Kacper Zuk - KaiGai Kohei - Karen Huddleston - Karl Lehenbauer - Karl O. Pinc - Keith Fiske - Kevin Grittner - Kim Rose Carlsen - Konstantin Evteev - Konstantin Knizhnik - Kuntal Ghosh - Kurt Kartaltepe - Kyle Conroy - Kyotaro Horiguchi - Laurenz Albe - Leonardo Cecchi - Ludovic Vaugeois-Pepin - Lukas Fittl - Magnus Hagander - Maksim Milyutin - Maksym Sobolyev - Marc Rassbach - Marc-Olaf Jaschke - Marcos Castedo - Marek Cvoren - Mark Dilger - Mark Kirkwood - Mark Pether - Marko Tiikkaja - Markus Winand - Marllius Ribeiro - Marti Raudsepp - Martín Marqués - Masahiko Sawada - Matheus Oliveira - Mathieu Fenniak - Merlin Moncure - Michael Banck - Michael Day - Michael Meskes - Michael Overmeyer - Michael Paquier - Mike Palmiotto - Milos Urbanek - Mithun Cy - Moshe Jacobson - Murtuza Zabuawala - Naoki Okano - Nathan Bossart - Nathan Wagner - Neha Khatri - Neha Sharma - Neil Anderson - Nicolas Baccelli - Nicolas Guini - Nicolas Thauvin - Nikhil Sontakke - Nikita Glukhov - Nikolaus Thiel - Nikolay Nikitin - Nikolay Shaplov - Noah Misch - Noriyoshi Shinoda - Olaf Gawenda - Oleg Bartunov - Oskari Saarenmaa - Otar Shavadze - Paresh More - Paul Jungwirth - Paul Ramsey - Pavan Deolasee - Pavel Golub - Pavel Hanák - Pavel Raiskup - Pavel Stehule - Peng Sun - Peter Eisentraut - Peter Geoghegan - Petr Jelínek - Philippe Beaudoin - Pierre-Emmanuel André - Piotr Stefaniak - Prabhat Sahu - QL Zhuo - Radek Slupik - Rafa de la Torre - Rafia Sabih - Ragnar Ouchterlony - Rahila Syed - Rajkumar Raghuwanshi - Regina Obe - Richard Pistole - Robert Haas - Robins Tharakan - Rod Taylor - Roman Shaposhnik - Rushabh Lathia - Ryan Murphy - Sandeep Thakkar - Scott Milliken - Sean Farrell - Sebastian Luque - Sehrope Sarkuni - Sergey Burladyan - Sergey Koposov - Shay Rojansky - Shinichi Matsuda - Sho Kato - Simon Riggs - Simone Gotti - Spencer Thomason - Stas Kelvich - Stepan Pesternikov - Stephen Frost - Steve Randall - Steve Singer - Steven Fackler - Steven Winfield - Suraj Kharage - Sveinn Sveinsson - Sven R. Kunze - Tahir Fakhroutdinov - Taiki Kondo - Takayuki Tsunakawa - Takeshi Ideriha - Tatsuo Ishii - Tatsuro Yamada - Teodor Sigaev - Thom Brown - Thomas Kellerer - Thomas Munro - Tim Goodaire - Tobias Bussmann - Tom Dunstan - Tom Lane - Tom van Tilburg - Tomas Vondra - Tomonari Katsumata - Tushar Ahuja - Vaishnavi Prabakaran - Venkata Balaji Nagothi - Vicky Vergara - Victor Wagner - Vik Fearing - Vinayak Pokale - Viren Negi - Vitaly Burovoy - Vladimir Kunshchikov - Vladimir Rusinov - Yi Wen Wong - Yugo Nagata - Zhen Ming Yang - Zhou Digoal - - - - diff --git a/doc/src/sgml/release-7.4.sgml b/doc/src/sgml/release-7.4.sgml deleted file mode 100644 index a67945a42b..0000000000 --- a/doc/src/sgml/release-7.4.sgml +++ /dev/null @@ -1,4622 +0,0 @@ - - - - - Release 7.4.30 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 7.4.29. - For information about new features in the 7.4 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 7.4.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 7.4.30 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - - - - - Release 7.4.29 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 7.4.28. - For information about new features in the 7.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 7.4.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 7.4.29 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update PL/Perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in PL/Python (Andreas Freund, Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including macOS. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - - - - - Release 7.4.28 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 7.4.27. - For information about new features in the 7.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 7.4.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 7.4.28 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - - - - - Release 7.4.27 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 7.4.26. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.27 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - - - - - Release 7.4.26 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 7.4.25. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.26 - - - A dump/restore is not required for those running 7.4.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 7.4.26. - Also, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - - - - - Release 7.4.25 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 7.4.24. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.25 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 7.4.24 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 7.4.23. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.24 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix uninitialized variables in contrib/tsearch2's - get_covers() function (Teodor) - - - - - - Fix bug in to_char()'s handling of TH - format codes (Andreas Scherbaum) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - - - - - Release 7.4.23 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 7.4.22. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.23 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - build (Ron Mayer) - - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE USER (Michael) - - - - - - - - - - Release 7.4.22 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 7.4.21. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.22 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - - - - - Release 7.4.21 - - - Release date: - 2008-06-12 - - - - This release contains one serious bug fix over 7.4.20. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.21 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - - - - - Release 7.4.20 - - - Release date: - never released - - - - This release contains a variety of fixes from 7.4.19. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.20 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix a few datatype input functions - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 7.4.19 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 7.4.18, - including fixes for significant security issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.19 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 7.4.18 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 7.4.18 - - - Release date: - 2007-09-17 - - - - This release contains fixes from 7.4.17. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.18 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Prevent CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 7.4.17 - - - Release date: - 2007-04-23 - - - - This release contains fixes from 7.4.16, - including a security fix. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.17 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Fix PANIC during enlargement of a hash index (bug introduced in 7.4.15) - (Tom) - - - - - - - - - - Release 7.4.16 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 7.4.15, including - a security fix. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.16 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Remove security vulnerability that allowed connected users - to read backend memory (Tom) - - - The vulnerability involves suppressing the normal check that a SQL - function returns the data type it's declared to, or changing the - data type of a table column used in a SQL function (CVE-2007-0555). - This error can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - - - - - Release 7.4.15 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 7.4.14. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.15 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Improve handling of getaddrinfo() on AIX (Tom) - - - - This fixes a problem with starting the statistics collector, - among other things. - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Fix error when constructing an ARRAY[] made up of multiple - empty elements (Tom) - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - - - - - Release 7.4.14 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 7.4.13. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.14 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - -Fix core dump when an untyped literal is taken as -ANYARRAY -Fix string_to_array() to handle overlapping - matches for the separator string -For example, string_to_array('123xx456xxx789', 'xx'). - -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Fix backslash escaping in /contrib/dbmirror -Adjust regression tests for recent changes in US DST laws - - - - - - - - Release 7.4.13 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 7.4.12, - including patches for extremely serious security issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.13 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations and -standard_conforming_strings -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs -them against the planned changeover to SQL-standard string literal syntax. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, alt_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Fix bug that sometimes caused OR'd index scans to -miss rows they should have returned - -Fix WAL replay for case where a btree index has been -truncated - -Fix SIMILAR TO for patterns involving -| (Tom) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Fix for Bonjour on Intel Macs (Ashley Clark) - -Fix various minor memory leaks - - - - - - - Release 7.4.12 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 7.4.11. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.12 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - Changes - - - -Fix potential crash in SET -SESSION AUTHORIZATION (CVE-2006-0553) -An unprivileged user could crash the server process, resulting in -momentary denial of service to other users, if the server has been compiled -with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 7.4.9 and 7.3.11 releases. - - -Fix race condition that could lead to file already -exists errors during pg_clog file creation -(Tom) - -Properly check DOMAIN constraints for -UNKNOWN parameters in prepared statements -(Neil) - -Fix to allow restoring dumps that have cross-schema -references to custom operators (Tom) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - - - - - - - - Release 7.4.11 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 7.4.10. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.11 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.8, - see . - Also, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix for protocol-level Describe messages issued -outside a transaction or in a failed transaction (Tom) - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 7.4.10 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 7.4.9. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.10 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.8, - see . - - - - - Changes - - - -Fix race condition in transaction log management -There was a narrow window in which an I/O operation could be initiated -for the wrong page, leading to an Assert failure or data -corruption. - - -Prevent failure if client sends Bind protocol message -when current transaction is already aborted - -/contrib/ltree fixes (Teodor) - -AIX and HPUX compile fixes (Tom) - -Fix longstanding planning error for outer joins -This bug sometimes caused a bogus error RIGHT JOIN is -only supported with merge-joinable join conditions. - -Prevent core dump in pg_autovacuum when a -table has been dropped - - - - - - - Release 7.4.9 - - - Release date: - 2005-10-04 - - - - This release contains a variety of fixes from 7.4.8. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.9 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.8, - see . - - - - - Changes - - -Fix error that allowed VACUUM to remove -ctid chains too soon, and add more checking in code that follows -ctid links -This fixes a long-standing problem that could cause crashes in very rare -circumstances. -Fix CHAR() to properly pad spaces to the specified -length when using a multiple-byte character set (Yoshiyuki Asaba) -In prior releases, the padding of CHAR() was incorrect -because it only padded to the specified number of bytes without -considering how many characters were stored. -Fix the sense of the test for read-only transaction -in COPY -The code formerly prohibited COPY TO, where it should -prohibit COPY FROM. - -Fix planning problem with outer-join ON clauses that reference -only the inner-side relation -Further fixes for x FULL JOIN y ON true corner -cases -Make array_in and array_recv more -paranoid about validating their OID parameter -Fix missing rows in queries like UPDATE a=... WHERE -a... with GiST index on column a -Improve robustness of datetime parsing -Improve checking for partially-written WAL -pages -Improve robustness of signal handling when SSL is -enabled -Don't try to open more than max_files_per_process -files during postmaster startup -Various memory leakage fixes -Various portability improvements -Fix PL/pgSQL to handle var := var correctly when -the variable is of pass-by-reference type -Update contrib/tsearch2 to use current Snowball -code - - - - - - - Release 7.4.8 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 7.4.7, including several - security-related issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.8 - - - A dump/restore is not required for those running 7.4.X. However, - it is one possible way of handling two significant security problems - that have been found in the initial contents of 7.4.X system - catalogs. A dump/initdb/reload sequence using 7.4.8's initdb will - automatically correct these problems. - - - - The larger security problem is that the built-in character set encoding - conversion functions can be invoked from SQL commands by unprivileged - users, but the functions were not designed for such use and are not - secure against malicious choices of arguments. The fix involves changing - the declared parameter list of these functions so that they can no longer - be invoked from SQL commands. (This does not affect their normal use - by the encoding conversion machinery.) - - - - The lesser problem is that the contrib/tsearch2 module - creates several functions that are misdeclared to return - internal when they do not accept internal arguments. - This breaks type safety for all functions using internal - arguments. - - - - It is strongly recommended that all installations repair these errors, - either by initdb or by following the manual repair procedures given - below. The errors at least allow unprivileged database users to crash - their server process, and might allow unprivileged users to gain the - privileges of a database superuser. - - - - If you wish not to do an initdb, perform the following procedures instead. - As the database superuser, do: - - -BEGIN; -UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype -WHERE pronamespace = 11 AND pronargs = 5 - AND proargtypes[2] = 'cstring'::regtype; --- The command should report having updated 90 rows; --- if not, rollback and investigate instead of committing! -COMMIT; - - - Next, if you have installed contrib/tsearch2, do: - - -BEGIN; -UPDATE pg_proc SET proargtypes[0] = 'internal'::regtype -WHERE oid IN ( - 'dex_init(text)'::regprocedure, - 'snb_en_init(text)'::regprocedure, - 'snb_ru_init(text)'::regprocedure, - 'spell_init(text)'::regprocedure, - 'syn_init(text)'::regprocedure -); --- The command should report having updated 5 rows; --- if not, rollback and investigate instead of committing! -COMMIT; - - - If this command fails with a message like function - "dex_init(text)" does not exist, then either tsearch2 - is not installed in this database, or you already did the update. - - - - The above procedures must be carried out in each database - of an installation, including template1, and ideally - including template0 as well. If you do not fix the - template databases then any subsequently created databases will contain - the same errors. template1 can be fixed in the same way - as any other database, but fixing template0 requires - additional steps. First, from any database issue: - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; - - Next connect to template0 and perform the above repair - procedures. Finally, do: - --- re-freeze template0: -VACUUM FREEZE; --- and protect it against future alterations: -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - Changes - - -Change encoding function signature to prevent -misuse -Change contrib/tsearch2 to avoid unsafe use of -INTERNAL function results -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix comparisons of TIME WITH TIME ZONE values - -The comparison code was wrong in the case where the ---enable-integer-datetimes configuration switch had been used. -NOTE: if you have an index on a TIME WITH TIME ZONE column, -it will need to be REINDEXed after installing this update, because -the fix corrects the sort order of column values. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Fix mis-display of negative fractional seconds in -INTERVAL values - -This error only occurred when the ---enable-integer-datetimes configuration switch had been used. - -Ensure operations done during backend shutdown are counted by -statistics collector - -This is expected to resolve reports of pg_autovacuum -not vacuuming the system catalogs often enough — it was not being -told about catalog deletions caused by temporary table removal during -backend exit. - -Additional buffer overrun checks in plpgsql -(Neil) -Fix pg_dump to dump trigger names containing % -correctly (Neil) -Fix contrib/pgcrypto for newer OpenSSL builds -(Marko Kreen) -Still more 64-bit fixes for -contrib/intagg -Prevent incorrect optimization of functions returning -RECORD -Prevent to_char(interval) from dumping core for -month-related formats -Prevent crash on COALESCE(NULL,NULL) -Fix array_map to call PL functions correctly -Fix permission checking in ALTER DATABASE RENAME -Fix ALTER LANGUAGE RENAME -Make RemoveFromWaitQueue clean up after itself - -This fixes a lock management error that would only be visible if a transaction -was kicked out of a wait for a lock (typically by query cancel) and then the -holder of the lock released it within a very narrow window. - -Fix problem with untyped parameter appearing in -INSERT ... SELECT -Fix CLUSTER failure after -ALTER TABLE SET WITHOUT OIDS - - - - - - - Release 7.4.7 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 7.4.6, including several - security-related issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.7 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Check that creator of an aggregate function has the right to -execute the specified transition functions - -This oversight made it possible to bypass denial of EXECUTE -permission on a function. -Fix security and 64-bit issues in -contrib/intagg -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Fix plperl for quote marks in tuple fields -Fix display of negative intervals in SQL and GERMAN -datestyles -Make age(timestamptz) do calculation in local timezone not -GMT - - - - - - - Release 7.4.6 - - - Release date: - 2004-10-22 - - - - This release contains a variety of fixes from 7.4.5. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.6 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Repair possible failure to update hint bits on disk - -Under rare circumstances this oversight could lead to -could not access transaction status failures, which qualifies -it as a potential-data-loss bug. - -Ensure that hashed outer join does not miss tuples - -Very large left joins using a hash join plan could fail to output unmatched -left-side rows given just the right data distribution. - -Disallow running pg_ctl as root - -This is to guard against any possible security issues. - -Avoid using temp files in /tmp in make_oidjoins_check - -This has been reported as a security issue, though it's hardly worthy of -concern since there is no reason for non-developers to use this script anyway. - -Prevent forced backend shutdown from re-emitting prior command -result - -In rare cases, a client might think that its last command had succeeded when -it really had been aborted by forced database shutdown. - -Repair bug in pg_stat_get_backend_idset - -This could lead to misbehavior in some of the system-statistics views. - -Fix small memory leak in postmaster -Fix expected both swapped tables to have TOAST -tables bug - -This could arise in cases such as CLUSTER after ALTER TABLE DROP COLUMN. - -Prevent pg_ctl restart from adding -D multiple times -Fix problem with NULL values in GiST indexes -:: is no longer interpreted as a variable in an -ECPG prepare statement - - - - - - - Release 7.4.5 - - - Release date: - 2004-08-18 - - - - This release contains one serious bug fix over 7.4.4. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.5 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Repair possible crash during concurrent B-tree index insertions - -This patch fixes a rare case in which concurrent insertions into a B-tree index -could result in a server panic. No permanent damage would result, but it's -still worth a re-release. The bug does not exist in pre-7.4 releases. - - - - - - - - Release 7.4.4 - - - Release date: - 2004-08-16 - - - - This release contains a variety of fixes from 7.4.3. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.4 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Prevent possible loss of committed transactions during crash - -Due to insufficient interlocking between transaction commit and checkpointing, -it was possible for transactions committed just before the most recent -checkpoint to be lost, in whole or in part, following a database crash and -restart. This is a serious bug that has existed -since PostgreSQL 7.1. - -Check HAVING restriction before evaluating result list of an -aggregate plan -Avoid crash when session's current user ID is deleted -Fix hashed crosstab for zero-rows case (Joe) -Force cache update after renaming a column in a foreign key -Pretty-print UNION queries correctly -Make psql handle \r\n newlines properly in COPY IN -pg_dump handled ACLs with grant options incorrectly -Fix thread support for macOS and Solaris -Updated JDBC driver (build 215) with various fixes -ECPG fixes -Translation updates (various contributors) - - - - - - - Release 7.4.3 - - - Release date: - 2004-06-14 - - - - This release contains a variety of fixes from 7.4.2. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.3 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Fix temporary memory leak when using non-hashed aggregates (Tom) -ECPG fixes, including some for Informix compatibility (Michael) -Fixes for compiling with thread-safety, particularly Solaris (Bruce) -Fix error in COPY IN termination when using the old network protocol (ljb) -Several important fixes in pg_autovacuum, including fixes for -large tables, unsigned oids, stability, temp tables, and debug mode -(Matthew T. O'Connor) -Fix problem with reading tar-format dumps on NetBSD and BSD/OS (Bruce) -Several JDBC fixes -Fix ALTER SEQUENCE RESTART where last_value equals the restart value (Tom) -Repair failure to recalculate nested sub-selects (Tom) -Fix problems with non-constant expressions in LIMIT/OFFSET -Support FULL JOIN with no join clause, such as X FULL JOIN Y ON TRUE (Tom) -Fix another zero-column table bug (Tom) -Improve handling of non-qualified identifiers in GROUP BY clauses in sub-selects (Tom) - -Select-list aliases within the sub-select will now take precedence over -names from outer query levels. - -Do not generate NATURAL CROSS JOIN when decompiling rules (Tom) -Add checks for invalid field length in binary COPY (Tom) - - This fixes a difficult-to-exploit security hole. - -Avoid locking conflict between ANALYZE and LISTEN/NOTIFY -Numerous translation updates (various contributors) - - - - - - - Release 7.4.2 - - - Release date: - 2004-03-08 - - - - This release contains a variety of fixes from 7.4.1. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.2 - - - A dump/restore is not required for those running 7.4.X. However, - it might be advisable as the easiest method of incorporating fixes for - two errors that have been found in the initial contents of 7.4.X system - catalogs. A dump/initdb/reload sequence using 7.4.2's initdb will - automatically correct these problems. - - - - The more severe of the two errors is that data type anyarray - has the wrong alignment label; this is a problem because the - pg_statistic system catalog uses anyarray - columns. The mislabeling can cause planner misestimations and even - crashes when planning queries that involve WHERE clauses on - double-aligned columns (such as float8 and timestamp). - It is strongly recommended that all installations repair this error, - either by initdb or by following the manual repair procedure given - below. - - - - The lesser error is that the system view pg_settings - ought to be marked as having public update access, to allow - UPDATE pg_settings to be used as a substitute for - SET. This can also be fixed either by initdb or manually, - but it is not necessary to fix unless you want to use UPDATE - pg_settings. - - - - If you wish not to do an initdb, the following procedure will work - for fixing pg_statistic. As the database superuser, - do: - - --- clear out old data in pg_statistic: -DELETE FROM pg_statistic; -VACUUM pg_statistic; --- this should update 1 row: -UPDATE pg_type SET typalign = 'd' WHERE oid = 2277; --- this should update 6 rows: -UPDATE pg_attribute SET attalign = 'd' WHERE atttypid = 2277; --- --- At this point you MUST start a fresh backend to avoid a crash! --- --- repopulate pg_statistic: -ANALYZE; - - - This can be done in a live database, but beware that all backends - running in the altered database must be restarted before it is safe to - repopulate pg_statistic. - - - - To repair the pg_settings error, simply do: - -GRANT SELECT, UPDATE ON pg_settings TO PUBLIC; - - - - - The above procedures must be carried out in each database - of an installation, including template1, and ideally - including template0 as well. If you do not fix the - template databases then any subsequently created databases will contain - the same errors. template1 can be fixed in the same way - as any other database, but fixing template0 requires - additional steps. First, from any database issue: - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; - - Next connect to template0 and perform the above repair - procedures. Finally, do: - --- re-freeze template0: -VACUUM FREEZE; --- and protect it against future alterations: -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - Changes - - - Release 7.4.2 incorporates all the fixes included in release 7.3.6, - plus the following fixes: - - - -Fix pg_statistic alignment bug that could crash optimizer -See above for details about this problem. -Allow non-super users to update pg_settings -Fix several optimizer bugs, most of which led to -variable not found in subplan target lists errors -Avoid out-of-memory failure during startup of large multiple -index scan -Fix multibyte problem that could lead to out of -memory error during COPY IN -Fix problems with SELECT INTO / CREATE -TABLE AS from tables without OIDs -Fix problems with alter_table regression test -during parallel testing -Fix problems with hitting open file limit, especially on macOS (Tom) -Partial fix for Turkish-locale issues -initdb will succeed now in Turkish locale, but there are still some -inconveniences associated with the i/I problem. -Make pg_dump set client encoding on restore -Other minor pg_dump fixes -Allow ecpg to again use C keywords as column names (Michael) -Added ecpg WHENEVER NOT_FOUND to -SELECT/INSERT/UPDATE/DELETE (Michael) -Fix ecpg crash for queries calling set-returning functions (Michael) -Various other ecpg fixes (Michael) -Fixes for Borland compiler -Thread build improvements (Bruce) -Various other build fixes -Various JDBC fixes - - - - - - - Release 7.4.1 - - - Release date: - 2003-12-22 - - - - This release contains a variety of fixes from 7.4. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.1 - - - A dump/restore is not required for those - running 7.4. - - - - If you want to install the fixes in the information schema - you need to reload it into the database. - This is either accomplished by initializing a new cluster - by running initdb, or by running the following - sequence of SQL commands in each database (ideally including - template1) as a superuser in - psql, after installing the new release: - -DROP SCHEMA information_schema CASCADE; -\i /usr/local/pgsql/share/information_schema.sql - - Substitute your installation path in the second command. - - - - - - Changes - - -Fixed bug in CREATE SCHEMA parsing in ECPG (Michael) -Fix compile error when and are used together (Peter) -Fix for subqueries that used hash joins (Tom) - - Certain subqueries that used hash joins would crash because of - improperly shared structures. - -Fix free space map compaction bug (Tom) - - This fixes a bug where compaction of the free space map could lead - to a database server shutdown. - - -Fix for Borland compiler build of libpq (Bruce) -Fix netmask() and hostmask() to return the maximum-length masklen (Tom) - - Fix these functions to return values consistent with pre-7.4 - releases. - - -Several contrib/pg_autovacuum fixes - - Fixes include improper variable initialization, missing vacuum after - TRUNCATE, and duration computation overflow for long vacuums. - - -Allow compile of contrib/cube under Cygwin (Jason Tishler) -Fix Solaris use of password file when no passwords are defined (Tom) - - Fix crash on Solaris caused by use of any type of password - authentication when no passwords were defined. - - -JDBC fix for thread problems, other fixes -Fix for bytea index lookups (Joe) -Fix information schema for bit data types (Peter) -Force zero_damaged_pages to be on during recovery from WAL -Prevent some obscure cases of variable not in subplan target lists -Make PQescapeBytea and byteaout consistent with each other (Joe) -Escape bytea output for bytes > 0x7e(Joe) - - If different client encodings are used for bytea output and input, it - is possible for bytea values to be corrupted by the differing - encodings. This fix escapes all bytes that might be affected. - - -Added missing SPI_finish() calls to dblink's get_tuple_of_interest() (Joe) -New Czech FAQ -Fix information schema view constraint_column_usage for foreign keys (Peter) -ECPG fixes (Michael) -Fix bug with multiple IN subqueries and joins in the subqueries (Tom) -Allow COUNT('x') to work (Tom) -Install ECPG include files for Informix compatibility into separate directory (Peter) - - Some names of ECPG include files for Informix compatibility conflicted with operating system include files. - By installing them in their own directory, name conflicts have been reduced. - - -Fix SSL memory leak (Neil) - - This release fixes a bug in 7.4 where SSL didn't free all memory it allocated. - - -Prevent pg_service.conf from using service name as default dbname (Bruce) -Fix local ident authentication on FreeBSD (Tom) - - - - - - - Release 7.4 - - - Release date: - 2003-11-17 - - - - Overview - - - Major changes in this release: - - - - - - IN / NOT IN subqueries are - now much more efficient - - - - - In previous releases, IN/NOT - IN subqueries were joined to the upper query by - sequentially scanning the subquery looking for a match. The - 7.4 code uses the same sophisticated techniques used by - ordinary joins and so is much faster. An - IN will now usually be as fast as or faster - than an equivalent EXISTS subquery; this - reverses the conventional wisdom that applied to previous - releases. - - - - - - - Improved GROUP BY processing by using hash buckets - - - - - In previous releases, rows to be grouped had to be sorted - first. The 7.4 code can do GROUP BY - without sorting, by accumulating results into a hash table - with one entry per group. It will still use the sort - technique, however, if the hash table is estimated to be too - large to fit in sort_mem. - - - - - - - New multikey hash join capability - - - - - In previous releases, hash joins could only occur on single - keys. This release allows multicolumn hash joins. - - - - - - - Queries using the explicit JOIN syntax are - now better optimized - - - - - Prior releases evaluated queries using the explicit - JOIN syntax only in the order implied by - the syntax. 7.4 allows full optimization of these queries, - meaning the optimizer considers all possible join orderings - and chooses the most efficient. Outer joins, however, must - still follow the declared ordering. - - - - - - - Faster and more powerful regular expression code - - - - - The entire regular expression module has been replaced with a - new version by Henry Spencer, originally written for Tcl. The - code greatly improves performance and supports several flavors - of regular expressions. - - - - - - - Function-inlining for simple SQL functions - - - - - Simple SQL functions can now be inlined by including their SQL - in the main query. This improves performance by eliminating - per-call overhead. That means simple SQL functions now - behave like macros. - - - - - - - Full support for IPv6 connections and IPv6 address data types - - - - - Previous releases allowed only IPv4 connections, and the IP - data types only supported IPv4 addresses. This release adds - full IPv6 support in both of these areas. - - - - - - - Major improvements in SSL performance and reliability - - - - - Several people very familiar with the SSL API have overhauled - our SSL code to improve SSL key negotiation and error - recovery. - - - - - - - Make free space map efficiently reuse empty index pages, - and other free space management improvements - - - - - In previous releases, B-tree index pages that were left empty - because of deleted rows could only be reused by rows with - index values similar to the rows originally indexed on that - page. In 7.4, VACUUM records empty index - pages and allows them to be reused for any future index rows. - - - - - - - SQL-standard information schema - - - - - The information schema provides a standardized and stable way - to access information about the schema objects defined in a - database. - - - - - - - Cursors conform more closely to the SQL standard - - - - - The commands FETCH and - MOVE have been overhauled to conform more - closely to the SQL standard. - - - - - - - Cursors can exist outside transactions - - - - - These cursors are also called holdable cursors. - - - - - - - New client-to-server protocol - - - - - The new protocol adds error codes, more status information, - faster startup, better support for binary data transmission, - parameter values separated from SQL commands, prepared - statements available at the protocol level, and cleaner - recovery from COPY failures. The older - protocol is still supported by both server and clients. - - - - - - - libpq and - ECPG applications are now fully - thread-safe - - - - - While previous libpq releases - already supported threads, this release improves thread safety - by fixing some non-thread-safe code that was used during - database connection startup. The configure - option must be used to - enable this feature. - - - - - - - New version of full-text indexing - - - - - A new full-text indexing suite is available in - contrib/tsearch2. - - - - - - - New autovacuum tool - - - - - The new autovacuum tool in - contrib/autovacuum monitors the database - statistics tables for - INSERT/UPDATE/DELETE - activity and automatically vacuums tables when needed. - - - - - - - Array handling has been improved and moved into the server core - - - - - Many array limitations have been removed, and arrays behave - more like fully-supported data types. - - - - - - - - - Migration to Version 7.4 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - - - The server-side autocommit setting was removed and - reimplemented in client applications and languages. - Server-side autocommit was causing too many problems with - languages and applications that wanted to control their own - autocommit behavior, so autocommit was removed from the server - and added to individual client APIs as appropriate. - - - - - - Error message wording has changed substantially in this - release. Significant effort was invested to make the messages - more consistent and user-oriented. If your applications try to - detect different error conditions by parsing the error message, - you are strongly encouraged to use the new error code facility instead. - - - - - - Inner joins using the explicit JOIN syntax - might behave differently because they are now better - optimized. - - - - - - A number of server configuration parameters have been renamed - for clarity, primarily those related to - logging. - - - - - - FETCH 0 or MOVE 0 now - does nothing. In prior releases, FETCH 0 - would fetch all remaining rows, and MOVE 0 - would move to the end of the cursor. - - - - - - FETCH and MOVE now return - the actual number of rows fetched/moved, or zero if at the - beginning/end of the cursor. Prior releases would return the - row count passed to the command, not the number of rows - actually fetched or moved. - - - - - - COPY now can process files that use - carriage-return or carriage-return/line-feed end-of-line - sequences. Literal carriage-returns and line-feeds are no - longer accepted in data values; use \r and - \n instead. - - - - - - Trailing spaces are now trimmed when converting from type - char(n) to - varchar(n) or text. - This is what most people always expected to happen anyway. - - - - - - The data type float(p) now - measures p in binary digits, not decimal - digits. The new behavior follows the SQL standard. - - - - - - Ambiguous date values now must match the ordering specified by - the datestyle setting. In prior releases, a - date specification of 10/20/03 was interpreted as a - date in October even if datestyle specified that - the day should be first. 7.4 will throw an error if a date - specification is invalid for the current setting of - datestyle. - - - - - - The functions oidrand, - oidsrand, and - userfntest have been removed. These - functions were determined to be no longer useful. - - - - - - String literals specifying time-varying date/time values, such - as 'now' or 'today' will - no longer work as expected in column default expressions; they - now cause the time of the table creation to be the default, not - the time of the insertion. Functions such as - now(), current_timestamp, or - current_date should be used instead. - - - - In previous releases, there was special code so that strings - such as 'now' were interpreted at - INSERT time and not at table creation time, but - this work around didn't cover all cases. Release 7.4 now - requires that defaults be defined properly using functions such - as now() or current_timestamp. These - will work in all situations. - - - - - - The dollar sign ($) is no longer allowed in - operator names. It can instead be a non-first character in - identifiers. This was done to improve compatibility with other - database systems, and to avoid syntax problems when parameter - placeholders ($n) are written - adjacent to operators. - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - release 7.4 and the previous major release. - - - - Server Operation Changes - - - - - Allow IPv6 server connections (Nigel Kukard, Johan Jordaan, - Bruce, Tom, Kurt Roeckx, Andrew Dunstan) - - - - - - Fix SSL to handle errors cleanly (Nathan Mueller) - - - In prior releases, certain SSL API error reports were not - handled correctly. This release fixes those problems. - - - - - - SSL protocol security and performance improvements (Sean Chittenden) - - - SSL key renegotiation was happening too frequently, causing poor - SSL performance. Also, initial key handling was improved. - - - - - - Print lock information when a deadlock is detected (Tom) - - - This allows easier debugging of deadlock situations. - - - - - - Update /tmp socket modification times - regularly to avoid their removal (Tom) - - - This should help prevent /tmp directory - cleaner administration scripts from removing server socket - files. - - - - Enable PAM for macOS (Aaron Hillegass) - - - Make B-tree indexes fully WAL-safe (Tom) - - In prior releases, under certain rare cases, a server crash - could cause B-tree indexes to become corrupt. This release - removes those last few rare cases. - - - - Allow B-tree index compaction and empty page reuse (Tom) - - - - Fix inconsistent index lookups during split of first root page (Tom) - - - In prior releases, when a single-page index split into two - pages, there was a brief period when another database session - could miss seeing an index entry. This release fixes that rare - failure case. - - - - Improve free space map allocation logic (Tom) - - - Preserve free space information between server restarts (Tom) - - In prior releases, the free space map was not saved when the - postmaster was stopped, so newly started servers had no free - space information. This release saves the free space map, and - reloads it when the server is restarted. - - - - Add start time to pg_stat_activity (Neil) - New code to detect corrupt disk pages; erase with zero_damaged_pages (Tom) - New client/server protocol: faster, no username length limit, allow clean exit from COPY (Tom) - Add transaction status, table ID, column ID to client/server protocol (Tom) - Add binary I/O to client/server protocol (Tom) - Remove autocommit server setting; move to client applications (Tom) - New error message wording, error codes, and three levels of error detail (Tom, Joe, Peter) - - - - - Performance Improvements - - - Add hashing for GROUP BY aggregates (Tom) - Make nested-loop joins be smarter about multicolumn indexes (Tom) - Allow multikey hash joins (Tom) - Improve constant folding (Tom) - Add ability to inline simple SQL functions (Tom) - - - Reduce memory usage for queries using complex functions (Tom) - - In prior releases, functions returning allocated memory would - not free it until the query completed. This release allows the - freeing of function-allocated memory when the function call - completes, reducing the total memory used by functions. - - - - - Improve GEQO optimizer performance (Tom) - - This release fixes several inefficiencies in the way the GEQO optimizer - manages potential query paths. - - - - - - Allow IN/NOT IN to be handled via hash - tables (Tom) - - - - - - Improve NOT IN (subquery) - performance (Tom) - - - - - - Allow most IN subqueries to be processed as - joins (Tom) - - - - - - Pattern matching operations can use indexes regardless of - locale (Peter) - - - There is no way for non-ASCII locales to use the standard - indexes for LIKE comparisons. This release - adds a way to create a special index for - LIKE. - - - - - Allow the postmaster to preload libraries using preload_libraries (Joe) - - For shared libraries that require a long time to load, this - option is available so the library can be preloaded in the - postmaster and inherited by all database sessions. - - - - - - Improve optimizer cost computations, particularly for subqueries (Tom) - - - - - - Avoid sort when subquery ORDER BY matches upper query (Tom) - - - - - - Deduce that WHERE a.x = b.y AND b.y = 42 also - means a.x = 42 (Tom) - - - - - - Allow hash/merge joins on complex joins (Tom) - - - - - - Allow hash joins for more data types (Tom) - - - - - - Allow join optimization of explicit inner joins, disable with - join_collapse_limit (Tom) - - - - - - Add parameter from_collapse_limit to control - conversion of subqueries to joins (Tom) - - - - - - Use faster and more powerful regular expression code from Tcl - (Henry Spencer, Tom) - - - - - - Use bit-mapped relation sets in the optimizer (Tom) - - - - - Improve connection startup time (Tom) - - The new client/server protocol requires fewer network packets to - start a database session. - - - - - - Improve trigger/constraint performance (Stephan) - - - - - - Improve speed of col IN (const, const, const, ...) (Tom) - - - - - - Fix hash indexes which were broken in rare cases (Tom) - - - - Improve hash index concurrency and speed (Tom) - - Prior releases suffered from poor hash index performance, - particularly for high concurrency situations. This release fixes - that, and the development group is interested in reports - comparing B-tree and hash index performance. - - - - - Align shared buffers on 32-byte boundary for copy speed improvement (Manfred Spraul) - - Certain CPU's perform faster data copies when addresses are - 32-byte aligned. - - - - - Data type numeric reimplemented for better performance (Tom) - - numeric used to be stored in base 100. The new code - uses base 10000, for significantly better performance. - - - - - - - Server Configuration Changes - - - - Rename server parameter server_min_messages to log_min_messages (Bruce) - - This was done so most parameters that control the server logs - begin with log_. - - - - Rename show_*_stats to log_*_stats (Bruce) - Rename show_source_port to log_source_port (Bruce) - Rename hostname_lookup to log_hostname (Bruce) - - - Add checkpoint_warning to warn of excessive checkpointing (Bruce) - - In prior releases, it was difficult to determine if checkpoint - was happening too frequently. This feature adds a warning to the - server logs when excessive checkpointing happens. - - - - New read-only server parameters for localization (Tom) - - - - Change debug server log messages to output as DEBUG - rather than LOG (Bruce) - - - - - Prevent server log variables from being turned off by non-superusers (Bruce) - - This is a security feature so non-superusers cannot disable - logging that was enabled by the administrator. - - - - - - log_min_messages/client_min_messages now - controls debug_* output (Bruce) - - - This centralizes client debug information so all debug output - can be sent to either the client or server logs. - - - - - Add macOS Rendezvous server support (Chris Campbell) - - This allows macOS hosts to query the network for available - PostgreSQL servers. - - - - - - Add ability to print only slow statements using - log_min_duration_statement - (Christopher) - - - This is an often requested debugging feature that allows - administrators to see only slow queries in their server logs. - - - - - Allow pg_hba.conf to accept netmasks in CIDR format (Andrew Dunstan) - - This allows administrators to merge the host IP address and - netmask fields into a single CIDR field in pg_hba.conf. - - - - New read-only parameter is_superuser (Tom) - - - New parameter log_error_verbosity to control error detail (Tom) - - This works with the new error reporting feature to supply - additional error information like hints, file names and line - numbers. - - - - - postgres --describe-config now dumps server config variables (Aizaz Ahmed, Peter) - - This option is useful for administration tools that need to know - the configuration variable names and their minimums, maximums, - defaults, and descriptions. - - - - - - Add new columns in pg_settings: - context, type, source, - min_val, max_val (Joe) - - - - - - Make default shared_buffers 1000 and - max_connections 100, if possible (Tom) - - - Prior versions defaulted to 64 shared buffers so PostgreSQL - would start on even very old systems. This release tests the - amount of shared memory allowed by the platform and selects more - reasonable default values if possible. Of course, users are - still encouraged to evaluate their resource load and size - shared_buffers accordingly. - - - - - - New pg_hba.conf record type - hostnossl to prevent SSL connections (Jon - Jensen) - - - In prior releases, there was no way to prevent SSL connections - if both the client and server supported SSL. This option allows - that capability. - - - - - - Remove parameter geqo_random_seed - (Tom) - - - - - - Add server parameter regex_flavor to control regular expression processing (Tom) - - - - - - Make pg_ctl better handle nonstandard ports (Greg) - - - - - - - Query Changes - - - New SQL-standard information schema (Peter) - Add read-only transactions (Peter) - Print key name and value in foreign-key violation messages (Dmitry Tkach) - - - Allow users to see their own queries in pg_stat_activity (Kevin Brown) - - In prior releases, only the superuser could see query strings - using pg_stat_activity. Now ordinary users - can see their own query strings. - - - - - Fix aggregates in subqueries to match SQL standard (Tom) - - The SQL standard says that an aggregate function appearing - within a nested subquery belongs to the outer query if its - argument contains only outer-query variables. Prior - PostgreSQL releases did not handle - this fine point correctly. - - - - - Add option to prevent auto-addition of tables referenced in query (Nigel J. Andrews) - - By default, tables mentioned in the query are automatically - added to the FROM clause if they are not already - there. This is compatible with historic - POSTGRES behavior but is contrary to - the SQL standard. This option allows selecting - standard-compatible behavior. - - - - - Allow UPDATE ... SET col = DEFAULT (Rod) - - This allows UPDATE to set a column to its - declared default value. - - - - - Allow expressions to be used in LIMIT/OFFSET (Tom) - - In prior releases, LIMIT/OFFSET could - only use constants, not expressions. - - - - - Implement CREATE TABLE AS EXECUTE (Neil, Peter) - - - - - - Object Manipulation Changes - - - - Make CREATE SEQUENCE grammar more conforming to SQL:2003 (Neil) - - - - Add statement-level triggers (Neil) - - While this allows a trigger to fire at the end of a statement, - it does not allow the trigger to access all rows modified by the - statement. This capability is planned for a future release. - - - - - Add check constraints for domains (Rod) - - This greatly increases the usefulness of domains by allowing - them to use check constraints. - - - - - Add ALTER DOMAIN (Rod) - - This allows manipulation of existing domains. - - - - - Fix several zero-column table bugs (Tom) - - PostgreSQL supports zero-column tables. This fixes various bugs - that occur when using such tables. - - - - - Have ALTER TABLE ... ADD PRIMARY KEY add not-null constraint (Rod) - - In prior releases, ALTER TABLE ... ADD - PRIMARY would add a unique index, but not a not-null - constraint. That is fixed in this release. - - - - Add ALTER TABLE ... WITHOUT OIDS (Rod) - - This allows control over whether new and updated rows will have - an OID column. This is most useful for saving storage space. - - - - - - Add ALTER SEQUENCE to modify minimum, maximum, - increment, cache, cycle values (Rod) - - - - - Add ALTER TABLE ... CLUSTER ON (Alvaro Herrera) - - This command is used by pg_dump to record the - cluster column for each table previously clustered. This - information is used by database-wide cluster to cluster all - previously clustered tables. - - - - Improve automatic type casting for domains (Rod, Tom) - Allow dollar signs in identifiers, except as first character (Tom) - Disallow dollar signs in operator names, so x=$1 works (Tom) - - - - Allow copying table schema using LIKE - subtable, also SQL:2003 - feature INCLUDING DEFAULTS (Rod) - - - - - - Add WITH GRANT OPTION clause to - GRANT (Peter) - - - This enabled GRANT to give other users the - ability to grant privileges on an object. - - - - - - - Utility Command Changes - - - - Add ON COMMIT clause to CREATE TABLE for temporary tables (Gavin) - - This adds the ability for a table to be dropped or all rows - deleted on transaction commit. - - - - - Allow cursors outside transactions using WITH HOLD (Neil) - - In previous releases, cursors were removed at the end of the - transaction that created them. Cursors can now be created with - the WITH HOLD option, which allows them to - continue to be accessed after the creating transaction has - committed. - - - - - FETCH 0 and MOVE 0 now do nothing (Bruce) - - In previous releases, FETCH 0 fetched all - remaining rows, and MOVE 0 moved to the end - of the cursor. - - - - - - Cause FETCH and MOVE to - return the number of rows fetched/moved, or zero if at the - beginning/end of cursor, per SQL standard (Bruce) - - - In prior releases, the row count returned by - FETCH and MOVE did not - accurately reflect the number of rows processed. - - - - - Properly handle SCROLL with cursors, or - report an error (Neil) - - Allowing random access (both forward and backward scrolling) to - some kinds of queries cannot be done without some additional - work. If SCROLL is specified when the cursor - is created, this additional work will be performed. Furthermore, - if the cursor has been created with NO SCROLL, - no random access is allowed. - - - - - - Implement SQL-compatible options FIRST, - LAST, ABSOLUTE n, - RELATIVE n for - FETCH and MOVE (Tom) - - - - - Allow EXPLAIN on DECLARE CURSOR (Tom) - - - - Allow CLUSTER to use index marked as pre-clustered by default (Alvaro Herrera) - - - - Allow CLUSTER to cluster all tables (Alvaro Herrera) - - This allows all previously clustered tables in a database to be - reclustered with a single command. - - - - Prevent CLUSTER on partial indexes (Tom) - - Allow DOS and Mac line-endings in COPY files (Bruce) - - - - Disallow literal carriage return as a data value, - backslash-carriage-return and \r are still allowed - (Bruce) - - - - - COPY changes (binary, \.) (Tom) - - - - Recover from COPY failure cleanly (Tom) - - - - Prevent possible memory leaks in COPY (Tom) - - - - Make TRUNCATE transaction-safe (Rod) - - TRUNCATE can now be used inside a - transaction. If the transaction aborts, the changes made by the - TRUNCATE are automatically rolled back. - - - - - - Allow prepare/bind of utility commands like - FETCH and EXPLAIN (Tom) - - - - - Add EXPLAIN EXECUTE (Neil) - - - - Improve VACUUM performance on indexes by reducing WAL traffic (Tom) - - - - Functional indexes have been generalized into indexes on expressions (Tom) - - In prior releases, functional indexes only supported a simple - function applied to one or more column names. This release - allows any type of scalar expression. - - - - - - Have SHOW TRANSACTION ISOLATION match input - to SET TRANSACTION ISOLATION - (Tom) - - - - - - Have COMMENT ON DATABASE on nonlocal - database generate a warning, rather than an error (Rod) - - - - Database comments are stored in database-local tables so - comments on a database have to be stored in each database. - - - - - - Improve reliability of LISTEN/NOTIFY (Tom) - - - - - Allow REINDEX to reliably reindex nonshared system catalog indexes (Tom) - - This allows system tables to be reindexed without the - requirement of a standalone session, which was necessary in - previous releases. The only tables that now require a standalone - session for reindexing are the global system tables - pg_database, pg_shadow, and - pg_group. - - - - - - - Data Type and Function Changes - - - - - New server parameter extra_float_digits to - control precision display of floating-point numbers (Pedro - Ferreira, Tom) - - - This controls output precision which was causing regression - testing problems. - - - - Allow +1300 as a numeric time-zone specifier, for FJST (Tom) - - - - Remove rarely used functions oidrand, - oidsrand, and userfntest functions - (Neil) - - - - - Add md5() function to main server, already in contrib/pgcrypto (Joe) - - An MD5 function was frequently requested. For more complex - encryption capabilities, use - contrib/pgcrypto. - - - - Increase date range of timestamp (John Cochran) - - - - Change EXTRACT(EPOCH FROM timestamp) so - timestamp without time zone is assumed to be in - local time, not GMT (Tom) - - - - Trap division by zero in case the operating system doesn't prevent it (Tom) - Change the numeric data type internally to base 10000 (Tom) - New hostmask() function (Greg Wickham) - Fixes for to_char() and to_timestamp() (Karel) - - - - Allow functions that can take any argument data type and return - any data type, using anyelement and - anyarray (Joe) - - - This allows the creation of functions that can work with any - data type. - - - - - - Arrays can now be specified as ARRAY[1,2,3], - ARRAY[['a','b'],['c','d']], or - ARRAY[ARRAY[ARRAY[2]]] (Joe) - - - - - - Allow proper comparisons for arrays, including ORDER - BY and DISTINCT support - (Joe) - - - - Allow indexes on array columns (Joe) - Allow array concatenation with || (Joe) - - - - Allow WHERE qualification - expr op ANY/SOME/ALL - (array_expr) (Joe) - - - This allows arrays to behave like a list of values, for purposes - like SELECT * FROM tab WHERE col IN - (array_val). - - - - - - New array functions array_append, - array_cat, array_lower, - array_prepend, array_to_string, - array_upper, string_to_array (Joe) - - - - Allow user defined aggregates to use polymorphic functions (Joe) - Allow assignments to empty arrays (Joe) - - - - Allow 60 in seconds fields of time, - timestamp, and interval input values - (Tom) - - - Sixty-second values are needed for leap seconds. - - - - Allow cidr data type to be cast to text (Tom) - - Disallow invalid time zone names in SET TIMEZONE - - - - Trim trailing spaces when char is cast to - varchar or text (Tom) - - - - - - Make float(p) measure the precision - p in binary digits, not decimal digits - (Tom) - - - - - Add IPv6 support to the inet and cidr data types (Michael Graff) - - - - Add family() function to report whether address is IPv4 or IPv6 (Michael Graff) - - - - - Have SHOW datestyle generate output similar - to that used by SET datestyle (Tom) - - - - - - Make EXTRACT(TIMEZONE) and SET/SHOW - TIME ZONE follow the SQL convention for the sign of - time zone offsets, i.e., positive is east from UTC (Tom) - - - - - Fix date_trunc('quarter', ...) (Böjthe Zoltán) - - Prior releases returned an incorrect value for this function call. - - - - - Make initcap() more compatible with Oracle (Mike Nolan) - - initcap() now uppercases a letter appearing - after any non-alphanumeric character, rather than only after - whitespace. - - - - - Allow only datestyle field order for date values not in ISO-8601 format (Greg) - - - - - Add new datestyle values MDY, - DMY, and YMD to set input field order; - honor US and European for backward - compatibility (Tom) - - - - - - String literals like 'now' or - 'today' will no longer work as a column - default. Use functions such as now(), - current_timestamp instead. (change - required for prepared statements) (Tom) - - - - - Treat NaN as larger than any other value in min()/max() (Tom) - - NaN was already sorted after ordinary numeric values for most - purposes, but min() and max() didn't - get this right. - - - - - Prevent interval from suppressing :00 - seconds display - - - - - New functions pg_get_triggerdef(prettyprint) - and pg_conversion_is_visible() (Christopher) - - - - - Allow time to be specified as 040506 or 0405 (Tom) - - - - - Input date order must now be YYYY-MM-DD (with 4-digit year) or - match datestyle - - - - - - Make pg_get_constraintdef support - unique, primary-key, and check constraints (Christopher) - - - - - - - Server-Side Language Changes - - - - - Prevent PL/pgSQL crash when RETURN NEXT is - used on a zero-row record variable (Tom) - - - - - - Make PL/Python's spi_execute interface - handle null values properly (Andrew Bosma) - - - - - Allow PL/pgSQL to declare variables of composite types without %ROWTYPE (Tom) - - - - Fix PL/Python's _quote() function to handle big integers - - - - Make PL/Python an untrusted language, now called plpythonu (Kevin Jacobs, Tom) - - The Python language no longer supports a restricted execution - environment, so the trusted version of PL/Python was removed. If - this situation changes, a version of PL/Python that can be used - by non-superusers will be readded. - - - - - Allow polymorphic PL/pgSQL functions (Joe, Tom) - - - - Allow polymorphic SQL functions (Joe) - - - - - Improved compiled function caching mechanism in PL/pgSQL with - full support for polymorphism (Joe) - - - - - - Add new parameter $0 in PL/pgSQL representing the - function's actual return type (Joe) - - - - - - Allow PL/Tcl and PL/Python to use the same trigger on multiple tables (Tom) - - - - - - Fixed PL/Tcl's spi_prepare to accept fully - qualified type names in the parameter type list - (Jan) - - - - - - - psql Changes - - - - Add \pset pager always to always use pager (Greg) - - This forces the pager to be used even if the number of rows is - less than the screen height. This is valuable for rows that - wrap across several screen rows. - - - - Improve tab completion (Rod, Ross Reedstrom, Ian Barwick) - Reorder \? help into groupings (Harald Armin Massa, Bruce) - Add backslash commands for listing schemas, casts, and conversions (Christopher) - - - - \encoding now changes based on the server parameter - client_encoding (Tom) - - - In previous versions, \encoding was not aware - of encoding changes made using SET - client_encoding. - - - - - Save editor buffer into readline history (Ross) - - When \e is used to edit a query, the result is saved - in the readline history for retrieval using the up arrow. - - - - Improve \d display (Christopher) - Enhance HTML mode to be more standards-conforming (Greg) - - - New \set AUTOCOMMIT off capability (Tom) - - This takes the place of the removed server parameter autocommit. - - - - - New \set VERBOSITY to control error detail (Tom) - - This controls the new error reporting details. - - - - New prompt escape sequence %x to show transaction status (Tom) - Long options for psql are now available on all platforms - - - - - pg_dump Changes - - - Multiple pg_dump fixes, including tar format and large objects - Allow pg_dump to dump specific schemas (Neil) - - - Make pg_dump preserve column storage characteristics (Christopher) - - This preserves ALTER TABLE ... SET STORAGE information. - - - - Make pg_dump preserve CLUSTER characteristics (Christopher) - - - - Have pg_dumpall use GRANT/REVOKE to dump database-level privileges (Tom) - - - - - - Allow pg_dumpall to support the options , - , of pg_dump (Tom) - - - - Prevent pg_dump from lowercasing identifiers specified on the command line (Tom) - - - - pg_dump options - and now do nothing, all dumps - use SET SESSION AUTHORIZATION - - - pg_dump no longer reconnects to switch users, but instead always - uses SET SESSION AUTHORIZATION. This will - reduce password prompting during restores. - - - - - Long options for pg_dump are now available on all platforms - - PostgreSQL now includes its own - long-option processing routines. - - - - - - - libpq Changes - - - - - Add function PQfreemem for freeing memory on - Windows, suggested for NOTIFY (Bruce) - - - Windows requires that memory allocated in a library be freed by - a function in the same library, hence - free() doesn't work for freeing memory - allocated by libpq. PQfreemem is the proper - way to free libpq memory, especially on Windows, and is - recommended for other platforms as well. - - - - - Document service capability, and add sample file (Bruce) - - This allows clients to look up connection information in a - central file on the client machine. - - - - - - Make PQsetdbLogin have the same defaults as - PQconnectdb (Tom) - - - - Allow libpq to cleanly fail when result sets are too large (Tom) - - - - Improve performance of function PQunescapeBytea (Ben Lamb) - - - - - - Allow thread-safe libpq with configure - option (Lee Kindness, - Philip Yarra) - - - - - - Allow function pqInternalNotice to accept a - format string and arguments instead of just a preformatted - message (Tom, Sean Chittenden) - - - - - - Control SSL negotiation with sslmode values - disable, allow, - prefer, and require (Jon - Jensen) - - - - - Allow new error codes and levels of text (Tom) - - - - Allow access to the underlying table and column of a query result (Tom) - - This is helpful for query-builder applications that want to know - the underlying table and column names associated with a specific - result set. - - - - Allow access to the current transaction status (Tom) - Add ability to pass binary data directly to the server (Tom) - - - - Add function PQexecPrepared and - PQsendQueryPrepared functions which perform - bind/execute of previously prepared statements (Tom) - - - - - - - JDBC Changes - - - Allow setNull on updateable result sets - Allow executeBatch on a prepared statement (Barry) - Support SSL connections (Barry) - Handle schema names in result sets (Paul Sorenson) - Add refcursor support (Nic Ferrier) - - - - - Miscellaneous Interface Changes - - - - Prevent possible memory leak or core dump during libpgtcl shutdown (Tom) - - - Add Informix compatibility to ECPG (Michael) - - This allows ECPG to process embedded C programs that were - written using certain Informix extensions. - - - - - Add type decimal to ECPG that is fixed length, for Informix (Michael) - - - - - Allow thread-safe embedded SQL programs with - configure option - (Lee Kindness, Bruce) - - - This allows multiple threads to access the database at the same - time. - - - - - Moved Python client PyGreSQL to (Marc) - - - - - - Source Code Changes - - - Prevent need for separate platform geometry regression result files (Tom) - Improved PPC locking primitive (Reinhard Max) - New function palloc0 to allocate and clear memory (Bruce) - Fix locking code for s390x CPU (64-bit) (Tom) - Allow OpenBSD to use local ident credentials (William Ahern) - Make query plan trees read-only to executor (Tom) - Add macOS startup scripts (David Wheeler) - Allow libpq to compile with Borland C++ compiler (Lester Godwin, Karl Waclawek) - Use our own version of getopt_long() if needed (Peter) - Convert administration scripts to C (Peter) - Bison >= 1.85 is now required to build the PostgreSQL grammar, if building from CVS - Merge documentation into one book (Peter) - Add Windows compatibility functions (Bruce) - Allow client interfaces to compile under MinGW (Bruce) - New ereport() function for error reporting (Tom) - Support Intel compiler on Linux (Peter) - Improve Linux startup scripts (Slawomir Sudnik, Darko Prenosil) - Add support for AMD Opteron and Itanium (Jeffrey W. Baker, Bruce) - - Remove option from configure - - This was no longer needed now that we have CREATE CONVERSION. - - - - Generate a compile error if spinlock code is not found (Bruce) - - Platforms without spinlock code will now fail to compile, rather - than silently using semaphores. This failure can be disabled - with a new configure option. - - - - - - - Contrib Changes - - - Change dbmirror license to BSD - Improve earthdistance (Bruno Wolff III) - Portability improvements to pgcrypto (Marko Kreen) - Prevent crash in xml (John Gray, Michael Richards) - Update oracle - Update mysql - Update cube (Bruno Wolff III) - Update earthdistance to use cube (Bruno Wolff III) - Update btree_gist (Oleg) - New tsearch2 full-text search module (Oleg, Teodor) - Add hash-based crosstab function to tablefuncs (Joe) - Add serial column to order connectby() siblings in tablefuncs (Nabil Sayegh,Joe) - Add named persistent connections to dblink (Shridhar Daithanka) - New pg_autovacuum allows automatic VACUUM (Matthew T. O'Connor) - Make pgbench honor environment variables PGHOST, PGPORT, PGUSER (Tatsuo) - Improve intarray (Teodor Sigaev) - Improve pgstattuple (Rod) - Fix bug in metaphone() in fuzzystrmatch - Improve adddepend (Rod) - Update spi/timetravel (Böjthe Zoltán) - Fix dbase option and improve non-ASCII handling (Thomas Behr, Márcio Smiderle) - Remove array module because features now included by default (Joe) - - - - diff --git a/doc/src/sgml/release-8.0.sgml b/doc/src/sgml/release-8.0.sgml deleted file mode 100644 index 6171e0d1ee..0000000000 --- a/doc/src/sgml/release-8.0.sgml +++ /dev/null @@ -1,5421 +0,0 @@ - - - - - Release 8.0.26 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.0.25. - For information about new features in the 8.0 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.0.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.0.26 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - - - - - Release 8.0.25 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.0.24. - For information about new features in the 8.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.0.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.0.25 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update PL/Perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in PL/Python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including macOS. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - - - - - - - Release 8.0.24 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.0.23. - For information about new features in the 8.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.0.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.0.24 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.0.23 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.0.22. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.23 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.0.22 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.0.21. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.22 - - - A dump/restore is not required for those running 8.0.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.0.22. - Also, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.0.21 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.0.20. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.21 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.0.20 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.0.19. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.20 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix uninitialized variables in contrib/tsearch2's - get_covers() function (Teodor) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.0.19 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.0.18. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.19 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - build (Ron Mayer) - - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE USER (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.0.18 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.0.17. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.18 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - ALTER COLUMN TYPE, followed by re-use of a previously - cached plan, could produce this type of situation. The check protects - against data corruption and/or crashes that could ensue. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - Fix PL/Python to work with Python 2.5 - - - - This is a back-port of fixes made during the 8.2 development cycle. - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.0.17 - - - Release date: - 2008-06-12 - - - - This release contains one serious bug fix over 8.0.16. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.17 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - - - - - Release 8.0.16 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.0.15. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.16 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix a few datatype input functions - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, - Argentina/San_Luis, and Chile) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS (Tom) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use to defend against possible misoptimization - in recent gcc versions (Tom) - - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 8.0.15 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 8.0.14, - including fixes for significant security issues. - For information about new features in the 8.0 major release, see - . - - - - This is the last 8.0.X release for which the PostgreSQL - community will produce binary packages for Windows. - Windows users are encouraged to move to 8.2.X or later, - since there are Windows-specific fixes in 8.2.X that - are impractical to back-port. 8.0.X will continue to - be supported on other platforms. - - - - Migration to Version 8.0.15 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 8.0.14 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Update time zone data files to tzdata release 2007k - (in particular, recent Argentina changes) (Tom) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Preserve the tablespace of indexes that are - rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) - - - - - - Make archive recovery always start a new WAL timeline, rather than only - when a recovery stop time was used (Simon) - - - - This avoids a corner-case risk of trying to overwrite an existing - archived copy of the last WAL segment, and seems simpler and cleaner - than the original definition. - - - - - - Make VACUUM not use all of maintenance_work_mem - when the table is too small for it to be useful (Alvaro) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Fix PL/Perl to cope when platform's Perl defines type bool - as int rather than char (Tom) - - - - While this could theoretically happen anywhere, no standard build of - Perl did things this way ... until macOS 10.5. - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - Fix pg_dump to correctly handle inheritance child tables - that have default expressions different from their parent's (Tom) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 8.0.14 - - - Release date: - 2007-09-17 - - - - This release contains a variety of fixes from 8.0.13. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.14 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix logging so that log messages are never interleaved when using - the syslogger process (Andrew) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Fix incorrect handling of some foreign-key corner cases (Tom) - - - - - - Prevent CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) - - - - - - Windows socket improvements (Magnus) - - - - - - Suppress timezone name (%Z) in log timestamps on Windows - because of possible encoding mismatches (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 8.0.13 - - - Release date: - 2007-04-23 - - - - This release contains a variety of fixes from 8.0.12, - including a security fix. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.13 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Fix PANIC during enlargement of a hash index (bug introduced in 8.0.10) - (Tom) - - - - - - Fix POSIX-style timezone specs to follow new USA DST rules (Tom) - - - - - - - - - - Release 8.0.12 - - - Release date: - 2007-02-07 - - - - This release contains one fix from 8.0.11. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.12 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Remove overly-restrictive check for type length in constraints and - functional indexes(Tom) - - - - - - - - - - Release 8.0.11 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 8.0.10, including - a security fix. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.11 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Remove security vulnerabilities that allowed connected users - to read backend memory (Tom) - - - The vulnerabilities involve suppressing the normal check that a SQL - function returns the data type it's declared to, and changing the - data type of a table column (CVE-2007-0555, CVE-2007-0556). These - errors can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - - - - - Release 8.0.10 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 8.0.9. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.10 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Improve handling of getaddrinfo() on AIX (Tom) - - - - This fixes a problem with starting the statistics collector, - among other things. - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Fix race condition for truncation of a large relation across a - gigabyte boundary by VACUUM (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Fix possible deadlock in Windows signal handling (Teodor) - - - - - - Fix error when constructing an ARRAY[] made up of multiple - empty elements (Tom) - - - - - - Fix ecpg memory leak during connection (Michael) - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - Update timezone database - - - - This affects Australian and Canadian daylight-savings rules in - particular. - - - - - - - - - - Release 8.0.9 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 8.0.8. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.9 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - -Fix crash when referencing NEW row -values in rule WHERE expressions (Tom) -Fix core dump when an untyped literal is taken as -ANYARRAY -Fix mishandling of AFTER triggers when query contains a SQL -function returning multiple rows (Tom) -Fix ALTER TABLE ... TYPE to recheck -NOT NULL for USING clause (Tom) -Fix string_to_array() to handle overlapping - matches for the separator string -For example, string_to_array('123xx456xxx789', 'xx'). - -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Numerous robustness fixes in ecpg (Joachim -Wieland) -Fix backslash escaping in /contrib/dbmirror -Fix instability of statistics collection on Win32 (Tom, Andrew) -Fixes for AIX and -Intel compilers (Tom) - - - - - - - Release 8.0.8 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 8.0.7, - including patches for extremely serious security issues. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.8 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations and -standard_conforming_strings -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs -them against the planned changeover to SQL-standard string literal syntax. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, alt_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Fix bug that sometimes caused OR'd index scans to -miss rows they should have returned - -Fix WAL replay for case where a btree index has been -truncated - -Fix SIMILAR TO for patterns involving -| (Tom) - -Fix SELECT INTO and CREATE TABLE AS to -create tables in the default tablespace, not the base directory (Kris -Jurka) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Fix for Bonjour on Intel Macs (Ashley Clark) - -Fix various minor memory leaks - -Fix problem with password prompting on some Win32 systems -(Robert Kinberg) - - - - - - - Release 8.0.7 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 8.0.6. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.7 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - Changes - - - -Fix potential crash in SET -SESSION AUTHORIZATION (CVE-2006-0553) -An unprivileged user could crash the server process, resulting in -momentary denial of service to other users, if the server has been compiled -with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 8.0.4, 7.4.9, and 7.3.11 releases. - - -Fix race condition that could lead to file already -exists errors during pg_clog and pg_subtrans file creation -(Tom) - -Fix cases that could lead to crashes if a cache-invalidation -message arrives at just the wrong time (Tom) - -Properly check DOMAIN constraints for -UNKNOWN parameters in prepared statements -(Neil) - -Ensure ALTER COLUMN TYPE will process -FOREIGN KEY, UNIQUE, and PRIMARY KEY -constraints in the proper order (Nakano Yoshihisa) - -Fixes to allow restoring dumps that have cross-schema -references to custom operators or operator classes (Tom) - -Allow pg_restore to continue properly after a -COPY failure; formerly it tried to treat the remaining -COPY data as SQL commands (Stephen Frost) - -Fix pg_ctl unregister crash -when the data directory is not specified (Magnus) - -Fix ecpg crash on AMD64 and PPC -(Neil) - -Recover properly if error occurs during argument passing -in PL/Python (Neil) - -Fix PL/Perl's handling of locales on -Win32 to match the backend (Andrew) - -Fix crash when log_min_messages is set to -DEBUG3 or above in postgresql.conf on Win32 -(Bruce) - -Fix pgxs -L library path -specification for Win32, Cygwin, macOS, AIX (Bruce) - -Check that SID is enabled while checking for Win32 admin -privileges (Magnus) - -Properly reject out-of-range date inputs (Kris -Jurka) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - - - - - - - - Release 8.0.6 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 8.0.5. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.6 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.3, - see . - Also, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix Windows code so that postmaster will continue rather -than exit if there is no more room in ShmemBackendArray (Magnus) -The previous behavior could lead to a denial-of-service situation if too -many connection requests arrive close together. This applies -only to the Windows port. - -Fix bug introduced in 8.0 that could allow ReadBuffer -to return an already-used page as new, potentially causing loss of -recently-committed data (Tom) - -Fix for protocol-level Describe messages issued -outside a transaction or in a failed transaction (Tom) - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Allow more flexible relocation of installation -directories (Tom) -Previous releases supported relocation only if all installation -directory paths were the same except for the last component. - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Various fixes for functions returning RECORDs -(Tom) - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 8.0.5 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 8.0.4. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.5 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.3, - see . - - - - - Changes - - - -Fix race condition in transaction log management -There was a narrow window in which an I/O operation could be initiated -for the wrong page, leading to an Assert failure or data -corruption. - - -Fix bgwriter problems after recovering from errors -(Tom) - -The background writer was found to leak buffer pins after write errors. -While not fatal in itself, this might lead to mysterious blockages of -later VACUUM commands. - - - -Prevent failure if client sends Bind protocol message -when current transaction is already aborted - -/contrib/ltree fixes (Teodor) - -AIX and HPUX compile fixes (Tom) - -Retry file reads and writes after Windows -NO_SYSTEM_RESOURCES error (Qingqing Zhou) - -Fix intermittent failure when log_line_prefix -includes %i - -Fix psql performance issue with long scripts -on Windows (Merlin Moncure) - -Fix missing updates of pg_group flat -file - -Fix longstanding planning error for outer joins -This bug sometimes caused a bogus error RIGHT JOIN is -only supported with merge-joinable join conditions. - -Postpone timezone initialization until after -postmaster.pid is created -This avoids confusing startup scripts that expect the pid file to appear -quickly. - -Prevent core dump in pg_autovacuum when a -table has been dropped - -Fix problems with whole-row references (foo.*) -to subquery results - - - - - - - Release 8.0.4 - - - Release date: - 2005-10-04 - - - - This release contains a variety of fixes from 8.0.3. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.4 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.3, - see . - - - - - Changes - - -Fix error that allowed VACUUM to remove -ctid chains too soon, and add more checking in code that follows -ctid links -This fixes a long-standing problem that could cause crashes in very rare -circumstances. -Fix CHAR() to properly pad spaces to the specified -length when using a multiple-byte character set (Yoshiyuki Asaba) -In prior releases, the padding of CHAR() was incorrect -because it only padded to the specified number of bytes without -considering how many characters were stored. -Force a checkpoint before committing CREATE -DATABASE -This should fix recent reports of index is not a btree -failures when a crash occurs shortly after CREATE -DATABASE. -Fix the sense of the test for read-only transaction -in COPY -The code formerly prohibited COPY TO, where it should -prohibit COPY FROM. - -Handle consecutive embedded newlines in COPY -CSV-mode input -Fix date_trunc(week) for dates near year -end -Fix planning problem with outer-join ON clauses that reference -only the inner-side relation -Further fixes for x FULL JOIN y ON true corner -cases -Fix overenthusiastic optimization of x IN (SELECT -DISTINCT ...) and related cases -Fix mis-planning of queries with small LIMIT -values due to poorly thought out fuzzy cost -comparison -Make array_in and array_recv more -paranoid about validating their OID parameter -Fix missing rows in queries like UPDATE a=... WHERE -a... with GiST index on column a -Improve robustness of datetime parsing -Improve checking for partially-written WAL -pages -Improve robustness of signal handling when SSL is -enabled -Improve MIPS and M68K spinlock code -Don't try to open more than max_files_per_process -files during postmaster startup -Various memory leakage fixes -Various portability improvements -Update timezone data files -Improve handling of DLL load failures on Windows -Improve random-number generation on Windows -Make psql -f filename return a nonzero exit code -when opening the file fails -Change pg_dump to handle inherited check -constraints more reliably -Fix password prompting in pg_restore on -Windows -Fix PL/pgSQL to handle var := var correctly when -the variable is of pass-by-reference type -Fix PL/Perl %_SHARED so it's actually -shared -Fix contrib/pg_autovacuum to allow sleep -intervals over 2000 sec -Update contrib/tsearch2 to use current Snowball -code - - - - - - - Release 8.0.3 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 8.0.2, including several - security-related issues. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.3 - - - A dump/restore is not required for those running 8.0.X. However, - it is one possible way of handling two significant security problems - that have been found in the initial contents of 8.0.X system - catalogs. A dump/initdb/reload sequence using 8.0.3's initdb will - automatically correct these problems. - - - - The larger security problem is that the built-in character set encoding - conversion functions can be invoked from SQL commands by unprivileged - users, but the functions were not designed for such use and are not - secure against malicious choices of arguments. The fix involves changing - the declared parameter list of these functions so that they can no longer - be invoked from SQL commands. (This does not affect their normal use - by the encoding conversion machinery.) - - - - The lesser problem is that the contrib/tsearch2 module - creates several functions that are improperly declared to return - internal when they do not accept internal arguments. - This breaks type safety for all functions using internal - arguments. - - - - It is strongly recommended that all installations repair these errors, - either by initdb or by following the manual repair procedure given - below. The errors at least allow unprivileged database users to crash - their server process, and might allow unprivileged users to gain the - privileges of a database superuser. - - - - If you wish not to do an initdb, perform the same manual repair - procedures shown in the 7.4.8 release - notes. - - - - - Changes - - -Change encoding function signature to prevent -misuse -Change contrib/tsearch2 to avoid unsafe use of -INTERNAL function results -Guard against incorrect second parameter to -record_out -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix comparisons of TIME WITH TIME ZONE values - -The comparison code was wrong in the case where the ---enable-integer-datetimes configuration switch had been used. -NOTE: if you have an index on a TIME WITH TIME ZONE column, -it will need to be REINDEXed after installing this update, because -the fix corrects the sort order of column values. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Fix mis-display of negative fractional seconds in -INTERVAL values - -This error only occurred when the ---enable-integer-datetimes configuration switch had been used. - -Fix pg_dump to dump trigger names containing % -correctly (Neil) -Still more 64-bit fixes for -contrib/intagg -Prevent incorrect optimization of functions returning -RECORD -Prevent crash on COALESCE(NULL,NULL) -Fix Borland makefile for libpq -Fix contrib/btree_gist for timetz type -(Teodor) -Make pg_ctl check the PID found in -postmaster.pid to see if it is still a live -process -Fix pg_dump/pg_restore problems caused -by addition of dump timestamps -Fix interaction between materializing holdable cursors and -firing deferred triggers during transaction commit -Fix memory leak in SQL functions returning pass-by-reference -data types - - - - - - - Release 8.0.2 - - - Release date: - 2005-04-07 - - - - This release contains a variety of fixes from 8.0.1. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.2 - - - A dump/restore is not required for those running 8.0.*. - This release updates the major version number of the - PostgreSQL libraries, so it might be - necessary to re-link some user applications if they cannot - find the properly-numbered shared library. - - - - - Changes - - -Increment the major version number of all interface -libraries (Bruce) - -This should have been done in 8.0.0. It is required so 7.4.X versions -of PostgreSQL client applications, like psql, -can be used on the same machine as 8.0.X applications. This might require -re-linking user applications that use these libraries. - -Add Windows-only wal_sync_method setting of - (Magnus, Bruce) - -This setting causes PostgreSQL to write through -any disk-drive write cache when writing to WAL. -This behavior was formerly called , but was -renamed because it acts quite differently from on other -platforms. - - -Enable the wal_sync_method setting of - on Windows, and make it the default for that - platform (Magnus, Bruce) - -Because the default is no longer , -data loss is possible during a power failure if the disk drive has -write caching enabled. To turn off the write cache on Windows, -from the Device Manager, choose the drive properties, -then Policies. - - -New cache management algorithm 2Q replaces -ARC (Tom) - -This was done to avoid a pending US patent on ARC. The -2Q code might be a few percentage points slower than -ARC for some work loads. A better cache management algorithm -will appear in 8.1. - -Planner adjustments to improve behavior on freshly-created -tables (Tom) -Allow plpgsql to assign to an element of an array that is -initially NULL (Tom) - -Formerly the array would remain NULL, but now it becomes a -single-element array. The main SQL engine was changed to handle -UPDATE of a null array value this way in 8.0, but the similar -case in plpgsql was overlooked. - - -Convert \r\n and \r to \n -in plpython function bodies (Michael Fuhr) - - This prevents syntax errors when plpython code is written on a Windows or - Mac client. - - -Allow SPI cursors to handle utility commands that return rows, -such as EXPLAIN (Tom) -Fix CLUSTER failure after ALTER TABLE -SET WITHOUT OIDS (Tom) -Reduce memory usage of ALTER TABLE ADD COLUMN -(Neil) -Fix ALTER LANGUAGE RENAME (Tom) -Document the Windows-only register and -unregister options of pg_ctl (Magnus) -Ensure operations done during backend shutdown are counted by -statistics collector - -This is expected to resolve reports of pg_autovacuum -not vacuuming the system catalogs often enough — it was not being -told about catalog deletions caused by temporary table removal during -backend exit. - -Change the Windows default for configuration parameter -log_destination to (Magnus) - -By default, a server running on Windows will now send log output to the -Windows event logger rather than standard error. - -Make Kerberos authentication work on Windows (Magnus) -Allow ALTER DATABASE RENAME by superusers -who aren't flagged as having CREATEDB privilege (Tom) -Modify WAL log entries for CREATE and -DROP DATABASE to not specify absolute paths (Tom) -This allows point-in-time recovery on a different machine with possibly -different database location. Note that CREATE TABLESPACE still -poses a hazard in such situations. - -Fix crash from a backend exiting with an open transaction -that created a table and opened a cursor on it (Tom) -Fix array_map() so it can call PL functions -(Tom) -Several contrib/tsearch2 and -contrib/btree_gist fixes (Teodor) - -Fix crash of some contrib/pgcrypto -functions on some platforms (Marko Kreen) -Fix contrib/intagg for 64-bit platforms -(Tom) -Fix ecpg bugs in parsing of CREATE statement -(Michael) -Work around gcc bug on powerpc and amd64 causing problems in -ecpg (Christof Petig) -Do not use locale-aware versions of upper(), -lower(), and initcap() when the locale is -C (Bruce) - - This allows these functions to work on platforms that generate errors - for non-7-bit data when the locale is C. - -Fix quote_ident() to quote names that match keywords (Tom) -Fix to_date() to behave reasonably when -CC and YY fields are both used (Karel) -Prevent to_char(interval) from failing -when given a zero-month interval (Tom) -Fix wrong week returned by date_trunc('week') -(Bruce) - -date_trunc('week') -returned the wrong year for the first few days of January in some years. - -Use the correct default mask length for class D -addresses in INET data types (Tom) - - - - - - - Release 8.0.1 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 8.0.0, including several - security-related issues. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.1 - - - A dump/restore is not required for those running 8.0.0. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Check that creator of an aggregate function has the right to -execute the specified transition functions - -This oversight made it possible to bypass denial of EXECUTE -permission on a function. -Fix security and 64-bit issues in -contrib/intagg -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Make ALTER TABLE ADD COLUMN enforce domain -constraints in all cases -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Improve planning of grouped aggregate queries -ROLLBACK TO savepoint -closes cursors created since the savepoint -Fix inadequate backend stack size on Windows -Avoid SHGetSpecialFolderPath() on Windows -(Magnus) -Fix some problems in running pg_autovacuum as a Windows -service (Dave Page) -Multiple minor bug fixes in -pg_dump/pg_restore -Fix ecpg segfault with named structs used in -typedefs (Michael) - - - - - - - Release 8.0 - - - Release date: - 2005-01-19 - - - - Overview - - - Major changes in this release: - - - - - - Microsoft Windows Native Server - - - - - This is the first PostgreSQL release - to run natively on Microsoft Windows as - a server. It can run as a Windows service. This - release supports NT-based Windows releases like - Windows 2000 SP4, Windows XP, and - Windows 2003. Older releases like - Windows 95, Windows 98, and - Windows ME are not supported because these operating - systems do not have the infrastructure to support - PostgreSQL. A separate installer - project has been created to ease installation on - Windows — see . - - - - Although tested throughout our release cycle, the Windows port - does not have the benefit of years of use in production - environments that PostgreSQL has on - Unix platforms. Therefore it should be treated with the same - level of caution as you would a new product. - - - - Previous releases required the Unix emulation toolkit - Cygwin in order to run the server on Windows - operating systems. PostgreSQL has - supported native clients on Windows for many years. - - - - - - - Savepoints - - - - - Savepoints allow specific parts of a transaction to be aborted - without affecting the remainder of the transaction. Prior - releases had no such capability; there was no way to recover - from a statement failure within a transaction except by - aborting the whole transaction. This feature is valuable for - application writers who require error recovery within a - complex transaction. - - - - - - - Point-In-Time Recovery - - - - - In previous releases there was no way to recover from disk - drive failure except to restore from a previous backup or use - a standby replication server. Point-in-time recovery allows - continuous backup of the server. You can recover either to - the point of failure or to some transaction in the past. - - - - - - - Tablespaces - - - - - Tablespaces allow administrators to select different file systems - for storage of individual tables, indexes, and databases. - This improves performance and control over disk space - usage. Prior releases used initlocation and - manual symlink management for such tasks. - - - - - - - Improved Buffer Management, CHECKPOINT, - VACUUM - - - - - This release has a more intelligent buffer replacement strategy, - which will make better use of available shared buffers and - improve performance. The performance impact of vacuum and - checkpoints is also lessened. - - - - - - - Change Column Types - - - - - A column's data type can now be changed with ALTER - TABLE. - - - - - - - New Perl Server-Side Language - - - - - A new version of the plperl server-side language now - supports a persistent shared storage area, triggers, returning records - and arrays of records, and SPI calls to access the database. - - - - - - - Comma-separated-value (CSV) support in COPY - - - - - COPY can now read and write - comma-separated-value files. It has the flexibility to - interpret nonstandard quoting and separation characters too. - - - - - - - - - Migration to Version 8.0 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - - - - In serialization mode, volatile functions - now see the results of concurrent transactions committed up to the - beginning of each statement within the function, rather than up to the - beginning of the interactive command that called the function. - - - - - - Functions declared or always - use the snapshot of the calling query, and therefore do not see the - effects of actions taken after the calling query starts, whether in - their own transaction or other transactions. Such a function must be - read-only, too, meaning that it cannot use any SQL commands other than - SELECT. - - - - - - Nondeferred triggers are now fired immediately - after completion of the triggering query, rather than upon - finishing the current interactive command. This makes a - difference when the triggering query occurred within a function: - the trigger is invoked before the function proceeds to its next - operation. - - - - - - Server configuration parameters virtual_host and - tcpip_socket have been replaced with a more general - parameter listen_addresses. Also, the server now listens on - localhost by default, which eliminates the need for the - -i postmaster switch in many scenarios. - - - - - - Server configuration parameters SortMem and - VacuumMem have been renamed to work_mem - and maintenance_work_mem to better reflect their - use. The original names are still supported in - SET and SHOW. - - - - - - Server configuration parameters log_pid, - log_timestamp, and log_source_port have been - replaced with a more general parameter log_line_prefix. - - - - - - Server configuration parameter syslog has been - replaced with a more logical log_destination variable to - control the log output destination. - - - - - - Server configuration parameter log_statement has been - changed so it can selectively log just database modification or - data definition statements. Server configuration parameter - log_duration now prints only when log_statement - prints the query. - - - - - - Server configuration parameter max_expr_depth parameter has - been replaced with max_stack_depth which measures the - physical stack size rather than the expression nesting depth. This - helps prevent session termination due to stack overflow caused by - recursive functions. - - - - - - The length() function no longer counts trailing spaces in - CHAR(n) values. - - - - - - Casting an integer to BIT(N) selects the rightmost N bits of the - integer, not the leftmost N bits as before. - - - - - - Updating an element or slice of a NULL array value now produces - a nonnull array result, namely an array containing - just the assigned-to positions. - - - - - - Syntax checking of array input values has been tightened up - considerably. Junk that was previously allowed in odd places with - odd results now causes an error. Empty-string element values - must now be written as "", rather than writing nothing. - Also changed behavior with respect to whitespace surrounding - array elements: trailing whitespace is now ignored, for symmetry - with leading whitespace (which has always been ignored). - - - - - - Overflow in integer arithmetic operations is now detected and - reported as an error. - - - - - - The arithmetic operators associated with the single-byte - "char" data type have been removed. - - - - - - The extract() function (also called - date_part) now returns the proper year for BC dates. - It previously returned one less than the correct year. The - function now also returns the proper values for millennium and - century. - - - - - - CIDR values now must have their nonmasked bits be zero. - For example, we no longer allow - 204.248.199.1/31 as a CIDR value. Such - values should never have been accepted by - PostgreSQL and will now be rejected. - - - - - - EXECUTE now returns a completion tag that - matches the executed statement. - - - - - - psql's \copy command now reads or - writes to the query's stdin/stdout, rather than - psql's stdin/stdout. The previous - behavior can be accessed via new - / parameters. - - - - - - The JDBC client interface has been removed from the core - distribution, and is now hosted at . - - - - - - The Tcl client interface has also been removed. There are several - Tcl interfaces now hosted at . - - - - - - The server now uses its own time zone database, rather than the - one supplied by the operating system. This will provide consistent - behavior across all platforms. In most cases, there should be - little noticeable difference in time zone behavior, except that - the time zone names used by SET/SHOW - TimeZone might be different from what your platform provides. - - - - - - Configure's threading option no longer requires - users to run tests or edit configuration files; threading options - are now detected automatically. - - - - - - Now that tablespaces have been implemented, - initlocation has been removed. - - - - - - The API for user-defined GiST indexes has been changed. The - Union and PickSplit methods are now passed a pointer to a - special GistEntryVector structure, - rather than a bytea. - - - - - - - - Deprecated Features - - - Some aspects of PostgreSQL's behavior - have been determined to be suboptimal. For the sake of backward - compatibility these have not been removed in 8.0, but they are - considered deprecated and will be removed in the next major - release. - - - - - - The 8.1 release will remove the to_char() function - for intervals. - - - - - - The server now warns of empty strings passed to - oid/float4/float8 data - types, but continues to interpret them as zeroes as before. - In the next major release, empty strings will be considered - invalid input for these data types. - - - - - - By default, tables in PostgreSQL 8.0 - and earlier are created with OIDs. In the next release, - this will not be the case: to create a table - that contains OIDs, the clause must - be specified or the default_with_oids - configuration parameter must be set. Users are encouraged to - explicitly specify if their tables - require OIDs for compatibility with future releases of - PostgreSQL. - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - release 8.0 and the previous major release. - - - - Performance Improvements - - - - - Support cross-data-type index usage (Tom) - - - Before this change, many queries would not use an index if the data - types did not match exactly. This improvement makes index usage more - intuitive and consistent. - - - - - - New buffer replacement strategy that improves caching (Jan) - - - Prior releases used a least-recently-used (LRU) cache to keep - recently referenced pages in memory. The LRU algorithm - did not consider the number of times a specific cache entry was - accessed, so large table scans could force out useful cache pages. - The new cache algorithm uses four separate lists to track most - recently used and most frequently used cache pages and dynamically - optimize their replacement based on the work load. This should - lead to much more efficient use of the shared buffer cache. - Administrators who have tested shared buffer sizes in the past - should retest with this new cache replacement policy. - - - - - - Add subprocess to write dirty buffers periodically to reduce - checkpoint writes (Jan) - - - In previous releases, the checkpoint process, which runs every few - minutes, would write all dirty buffers to the operating system's - buffer cache then flush all dirty operating system buffers to - disk. This resulted in a periodic spike in disk usage that often - hurt performance. The new code uses a background writer to trickle - disk writes at a steady pace so checkpoints have far fewer dirty - pages to write to disk. Also, the new code does not issue a global - sync() call, but instead fsync()s just - the files written since the last checkpoint. This should improve - performance and minimize degradation during checkpoints. - - - - - - Add ability to prolong vacuum to reduce performance impact (Jan) - - - On busy systems, VACUUM performs many I/O - requests which can hurt performance for other users. This - release allows you to slow down VACUUM to - reduce its impact on other users, though this increases the - total duration of VACUUM. - - - - - - Improve B-tree index performance for duplicate keys (Dmitry Tkach, Tom) - - - This improves the way indexes are scanned when many duplicate - values exist in the index. - - - - - - Use dynamically-generated table size estimates while planning (Tom) - - - Formerly the planner estimated table sizes using the values seen - by the last VACUUM or ANALYZE, - both as to physical table size (number of pages) and number of rows. - Now, the current physical table size is obtained from the kernel, - and the number of rows is estimated by multiplying the table size - by the row density (rows per page) seen by the last - VACUUM or ANALYZE. This should - produce more reliable estimates in cases where the table size has - changed significantly since the last housekeeping command. - - - - - - Improved index usage with OR clauses (Tom) - - - This allows the optimizer to use indexes in statements with many OR - clauses that would not have been indexed in the past. It can also use - multi-column indexes where the first column is specified and the second - column is part of an OR clause. - - - - - - Improve matching of partial index clauses (Tom) - - - The server is now smarter about using partial indexes in queries - involving complex clauses. - - - - - - Improve performance of the GEQO optimizer (Tom) - - - The GEQO optimizer is used to plan queries involving many tables (by - default, twelve or more). This release speeds up the way queries are - analyzed to decrease time spent in optimization. - - - - - - Miscellaneous optimizer improvements - - - There is not room here to list all the minor improvements made, but - numerous special cases work better than in prior releases. - - - - - - Improve lookup speed for C functions (Tom) - - - This release uses a hash table to lookup information for dynamically - loaded C functions. This improves their speed so they perform nearly as - quickly as functions that are built into the server executable. - - - - - - Add type-specific ANALYZE statistics - capability (Mark Cave-Ayland) - - - This feature allows more flexibility in generating statistics - for nonstandard data types. - - - - - - ANALYZE now collects statistics for - expression indexes (Tom) - - - Expression indexes (also called functional indexes) allow users to - index not just columns but the results of expressions and function - calls. With this release, the optimizer can gather and use statistics - about the contents of expression indexes. This will greatly improve - the quality of planning for queries in which an expression index is - relevant. - - - - - - New two-stage sampling method for ANALYZE - (Manfred Koizar) - - - This gives better statistics when the density of valid rows is very - different in different regions of a table. - - - - - - Speed up TRUNCATE (Tom) - - - This buys back some of the performance loss observed in 7.4, while still - keeping TRUNCATE transaction-safe. - - - - - - - - - Server Changes - - - - - Add WAL file archiving and point-in-time recovery (Simon Riggs) - - - - - - Add tablespaces so admins can control disk layout (Gavin) - - - - - - Add a built-in log rotation program (Andreas Pflug) - - - It is now possible to log server messages conveniently without - relying on either syslog or an external log - rotation program. - - - - - - Add new read-only server configuration parameters to show server - compile-time settings: block_size, - integer_datetimes, max_function_args, - max_identifier_length, max_index_keys (Joe) - - - - - - Make quoting of sameuser, samegroup, and - all remove special meaning of these terms in - pg_hba.conf (Andrew) - - - - - - Use clearer IPv6 name ::1/128 for - localhost in default pg_hba.conf (Andrew) - - - - - - Use CIDR format in pg_hba.conf examples (Andrew) - - - - - - Rename server configuration parameters SortMem and - VacuumMem to work_mem and - maintenance_work_mem (Old names still supported) (Tom) - - - This change was made to clarify that bulk operations such as index and - foreign key creation use maintenance_work_mem, while - work_mem is for workspaces used during query execution. - - - - - - Allow logging of session disconnections using server configuration - log_disconnections (Andrew) - - - - - - Add new server configuration parameter log_line_prefix to - allow control of information emitted in each log line (Andrew) - - - Available information includes user name, database name, remote IP - address, and session start time. - - - - - - Remove server configuration parameters log_pid, - log_timestamp, log_source_port; functionality - superseded by log_line_prefix (Andrew) - - - - - - Replace the virtual_host and tcpip_socket - parameters with a unified listen_addresses parameter - (Andrew, Tom) - - - virtual_host could only specify a single IP address to - listen on. listen_addresses allows multiple addresses - to be specified. - - - - - - Listen on localhost by default, which eliminates the need for the - postmaster switch in many scenarios (Andrew) - - - Listening on localhost (127.0.0.1) opens no new - security holes but allows configurations like Windows and JDBC, - which do not support local sockets, to work without special - adjustments. - - - - - - Remove syslog server configuration parameter, and add more - logical log_destination variable to control log output - location (Magnus) - - - - - - Change server configuration parameter log_statement to take - values all, mod, ddl, or - none to select which queries are logged (Bruce) - - - This allows administrators to log only data definition changes or - only data modification statements. - - - - - - Some logging-related configuration parameters could formerly be adjusted - by ordinary users, but only in the more verbose direction. - They are now treated more strictly: only superusers can set them. - However, a superuser can use ALTER USER to provide per-user - settings of these values for non-superusers. Also, it is now possible - for superusers to set values of superuser-only configuration parameters - via PGOPTIONS. - - - - - - Allow configuration files to be placed outside the data directory (mlw) - - - By default, configuration files are kept in the cluster's top directory. - With this addition, configuration files can be placed outside the - data directory, easing administration. - - - - - - Plan prepared queries only when first executed so constants can be - used for statistics (Oliver Jowett) - - - Prepared statements plan queries once and execute them many - times. While prepared queries avoid the overhead of re-planning - on each use, the quality of the plan suffers from not knowing the exact - parameters to be used in the query. In this release, planning of - unnamed prepared statements is delayed until the first execution, - and the actual parameter values of that execution are used as - optimization hints. This allows use of out-of-line parameter passing - without incurring a performance penalty. - - - - - - Allow DECLARE CURSOR to take parameters - (Oliver Jowett) - - - It is now useful to issue DECLARE CURSOR in a - Parse message with parameters. The parameter values - sent at Bind time will be substituted into the - execution of the cursor's query. - - - - - - Fix hash joins and aggregates of inet and - cidr data types (Tom) - - - Release 7.4 handled hashing of mixed inet and - cidr values incorrectly. (This bug did not exist - in prior releases because they wouldn't try to hash either - data type.) - - - - - - Make log_duration print only when log_statement - prints the query (Ed L.) - - - - - - - - - Query Changes - - - - - Add savepoints (nested transactions) (Alvaro) - - - - - - Unsupported isolation levels are now accepted and promoted to the - nearest supported level (Peter) - - - The SQL specification states that if a database doesn't support a - specific isolation level, it should use the next more restrictive level. - This change complies with that recommendation. - - - - - - Allow BEGIN WORK to specify transaction - isolation levels like START TRANSACTION does - (Bruce) - - - - - - Fix table permission checking for cases in which rules generate - a query type different from the originally submitted query (Tom) - - - - - - Implement dollar quoting to simplify single-quote usage (Andrew, Tom, - David Fetter) - - - In previous releases, because single quotes had to be used to - quote a function's body, the use of single quotes inside the - function text required use of two single quotes or other error-prone - notations. With this release we add the ability to use "dollar - quoting" to quote a block of text. The ability to use different - quoting delimiters at different nesting levels greatly simplifies - the task of quoting correctly, especially in complex functions. - Dollar quoting can be used anywhere quoted text is needed. - - - - - - Make CASE val WHEN compval1 THEN ... evaluate val only once (Tom) - - - no longer evaluates the tested expression multiple - times. This has benefits when the expression is complex or is - volatile. - - - - - - Test before computing target list of an - aggregate query (Tom) - - - Fixes improper failure of cases such as SELECT SUM(win)/SUM(lose) - ... GROUP BY ... HAVING SUM(lose) > 0. This should work but formerly - could fail with divide-by-zero. - - - - - - Replace max_expr_depth parameter with - max_stack_depth parameter, measured in kilobytes of stack - size (Tom) - - - This gives us a fairly bulletproof defense against crashing due to - runaway recursive functions. Instead of measuring the depth of expression - nesting, we now directly measure the size of the execution stack. - - - - - - Allow arbitrary row expressions (Tom) - - - This release allows SQL expressions to contain arbitrary composite - types, that is, row values. It also allows functions to more easily - take rows as arguments and return row values. - - - - - - Allow / to be used as the operator - in row and subselect comparisons (Fabien Coelho) - - - - - - Avoid locale-specific case conversion of basic ASCII letters in - identifiers and keywords (Tom) - - - This solves the Turkish problem with mangling of words - containing I and i. Folding of characters - outside the 7-bit-ASCII set is still locale-aware. - - - - - - Improve syntax error reporting (Fabien, Tom) - - - Syntax error reports are more useful than before. - - - - - - Change EXECUTE to return a completion tag - matching the executed statement (Kris Jurka) - - - Previous releases return an EXECUTE tag for - any EXECUTE call. In this release, the tag - returned will reflect the command executed. - - - - - - Avoid emitting in rule listings (Tom) - - - Such a clause makes no logical sense, but in some cases the rule - decompiler formerly produced this syntax. - - - - - - - - - Object Manipulation Changes - - - - - Add COMMENT ON for casts, conversions, languages, - operator classes, and large objects (Christopher) - - - - - - Add new server configuration parameter default_with_oids to - control whether tables are created with OIDs by default (Neil) - - - This allows administrators to control whether CREATE - TABLE commands create tables with or without OID - columns by default. (Note: the current factory default setting for - default_with_oids is TRUE, but the default - will become FALSE in future releases.) - - - - - - Add / clause to - CREATE TABLE AS (Neil) - - - - - - Allow ALTER TABLE DROP COLUMN to drop an OID - column (ALTER TABLE SET WITHOUT OIDS still works) - (Tom) - - - - - - Allow composite types as table columns (Tom) - - - - - - Allow ALTER ... ADD COLUMN with defaults and - constraints; works per SQL spec (Rod) - - - It is now possible for to create a column - that is not initially filled with NULLs, but with a specified - default value. - - - - - - Add ALTER COLUMN TYPE to change column's type (Rod) - - - It is now possible to alter a column's data type without dropping - and re-adding the column. - - - - - - Allow multiple ALTER actions in a single ALTER - TABLE command (Rod) - - - This is particularly useful for ALTER commands that - rewrite the table (which include and - with a default). By grouping - ALTER commands together, the table need be rewritten - only once. - - - - - - Allow ALTER TABLE to add SERIAL - columns (Tom) - - - This falls out from the new capability of specifying defaults for new - columns. - - - - - - Allow changing the owners of aggregates, conversions, databases, - functions, operators, operator classes, schemas, types, and tablespaces - (Christopher, Euler Taveira de Oliveira) - - - Previously this required modifying the system tables directly. - - - - - - Allow temporary object creation to be limited to functions (Sean Chittenden) - - - - - - Add (Christopher) - - - Prior to this release, there was no way to clear an auto-cluster - specification except to modify the system tables. - - - - - - Constraint/Index/SERIAL names are now - table_column_type - with numbers appended to guarantee uniqueness within the schema - (Tom) - - - The SQL specification states that such names should be unique - within a schema. - - - - - - Add pg_get_serial_sequence() to return a - SERIAL column's sequence name (Christopher) - - - This allows automated scripts to reliably find the SERIAL - sequence name. - - - - - - Warn when primary/foreign key data type mismatch requires costly lookup - - - - - - New ALTER INDEX command to allow moving of indexes - between tablespaces (Gavin) - - - - - - Make ALTER TABLE OWNER change dependent sequence - ownership too (Alvaro) - - - - - - - - - - Utility Command Changes - - - - - Allow CREATE SCHEMA to create triggers, - indexes, and sequences (Neil) - - - - - - Add keyword to CREATE RULE (Fabien - Coelho) - - - This allows to be added to rule creation to contrast it with - rules. - - - - - - Add option to LOCK (Tatsuo) - - - This allows the LOCK command to fail if it - would have to wait for the requested lock. - - - - - - Allow COPY to read and write - comma-separated-value (CSV) files (Andrew, Bruce) - - - - - - Generate error if the COPY delimiter and NULL - string conflict (Bruce) - - - - - - GRANT/REVOKE behavior - follows the SQL spec more closely - - - - - - Avoid locking conflict between CREATE INDEX - and CHECKPOINT (Tom) - - - In 7.3 and 7.4, a long-running B-tree index build could block concurrent - CHECKPOINTs from completing, thereby causing WAL bloat because the - WAL log could not be recycled. - - - - - - Database-wide ANALYZE does not hold locks - across tables (Tom) - - - This reduces the potential for deadlocks against other backends - that want exclusive locks on tables. To get the benefit of this - change, do not execute database-wide ANALYZE - inside a transaction block (BEGIN block); it - must be able to commit and start a new transaction for each - table. - - - - - - REINDEX does not exclusively lock the index's - parent table anymore - - - The index itself is still exclusively locked, but readers of the - table can continue if they are not using the particular index - being rebuilt. - - - - - - Erase MD5 user passwords when a user is renamed (Bruce) - - - PostgreSQL uses the user name as salt - when encrypting passwords via MD5. When a user's name is changed, - the salt will no longer match the stored MD5 password, so the - stored password becomes useless. In this release a notice is - generated and the password is cleared. A new password must then - be assigned if the user is to be able to log in with a password. - - - - - - New pg_ctl option for Windows (Andrew) - - - Windows does not have a kill command to send signals to - backends so this capability was added to pg_ctl. - - - - - - Information schema improvements - - - - - - Add option to - initdb so the initial password can be - set by GUI tools (Magnus) - - - - - - Detect locale/encoding mismatch in - initdb (Peter) - - - - - - Add command to pg_ctl to - register Windows operating system service (Dave Page) - - - - - - - - - Data Type and Function Changes - - - - - More complete support for composite types (row types) (Tom) - - - Composite values can be used in many places where only scalar values - worked before. - - - - - - Reject nonrectangular array values as erroneous (Joe) - - - Formerly, array_in would silently build a - surprising result. - - - - - - Overflow in integer arithmetic operations is now detected (Tom) - - - - - - The arithmetic operators associated with the single-byte - "char" data type have been removed. - - - Formerly, the parser would select these operators in many situations - where an unable to select an operator error would be more - appropriate, such as null * null. If you actually want - to do arithmetic on a "char" column, you can cast it to - integer explicitly. - - - - - - Syntax checking of array input values considerably tightened up (Joe) - - - Junk that was previously allowed in odd places with odd results - now causes an ERROR, for example, non-whitespace - after the closing right brace. - - - - - - Empty-string array element values must now be written as - "", rather than writing nothing (Joe) - - - Formerly, both ways of writing an empty-string element value were - allowed, but now a quoted empty string is required. The case where - nothing at all appears will probably be considered to be a NULL - element value in some future release. - - - - - - Array element trailing whitespace is now ignored (Joe) - - - Formerly leading whitespace was ignored, but trailing whitespace - between an element value and the delimiter or right brace was - significant. Now trailing whitespace is also ignored. - - - - - - Emit array values with explicit array bounds when lower bound is not one - (Joe) - - - - - - Accept YYYY-monthname-DD as a date string (Tom) - - - - - - Make netmask and hostmask functions - return maximum-length mask length (Tom) - - - - - - Change factorial function to return numeric (Gavin) - - - Returning numeric allows the factorial function to - work for a wider range of input values. - - - - - - to_char/to_date() date conversion - improvements (Kurt Roeckx, Fabien Coelho) - - - - - - Make length() disregard trailing spaces in - CHAR(n) (Gavin) - - - This change was made to improve consistency: trailing spaces are - semantically insignificant in CHAR(n) data, so they - should not be counted by length(). - - - - - - Warn about empty string being passed to - OID/float4/float8 data types (Neil) - - - 8.1 will throw an error instead. - - - - - - Allow leading or trailing whitespace in - int2/int4/int8/float4/float8 - input routines - (Neil) - - - - - - Better support for IEEE Infinity and NaN - values in float4/float8 (Neil) - - - These should now work on all platforms that support IEEE-compliant - floating point arithmetic. - - - - - - Add option to date_trunc() (Robert Creager) - - - - - - Fix to_char for 1 BC - (previously it returned 1 AD) (Bruce) - - - - - - Fix date_part(year) for BC dates (previously it - returned one less than the correct year) (Bruce) - - - - - - Fix date_part() to return the proper millennium and - century (Fabien Coelho) - - - In previous versions, the century and millennium results had a wrong - number and started in the wrong year, as compared to standard - reckoning of such things. - - - - - - Add ceiling() as an alias for ceil(), - and power() as an alias for pow() for - standards compliance (Neil) - - - - - - Change ln(), log(), - power(), and sqrt() to emit the correct - SQLSTATE error codes for certain error conditions, as - specified by SQL:2003 (Neil) - - - - - - Add width_bucket() function as defined by SQL:2003 (Neil) - - - - - - Add generate_series() functions to simplify working - with numeric sets (Joe) - - - - - - Fix upper/lower/initcap() functions to work with - multibyte encodings (Tom) - - - - - - Add boolean and bitwise integer / - aggregates (Fabien Coelho) - - - - - - New session information functions to return network addresses for client - and server (Sean Chittenden) - - - - - - Add function to determine the area of a closed path (Sean Chittenden) - - - - - - Add function to send cancel request to other backends (Magnus) - - - - - - Add interval plus datetime operators (Tom) - - - The reverse ordering, datetime plus interval, - was already supported, but both are required by the SQL standard. - - - - - - Casting an integer to BIT(N) selects the rightmost N bits - of the integer - (Tom) - - - In prior releases, the leftmost N bits were selected, but this was - deemed unhelpful, not to mention inconsistent with casting from bit - to int. - - - - - - Require CIDR values to have all nonmasked bits be zero - (Kevin Brintnall) - - - - - - - - - Server-Side Language Changes - - - - - In READ COMMITTED serialization mode, volatile functions - now see the results of concurrent transactions committed up to the - beginning of each statement within the function, rather than up to the - beginning of the interactive command that called the function. - - - - - - Functions declared STABLE or IMMUTABLE always - use the snapshot of the calling query, and therefore do not see the - effects of actions taken after the calling query starts, whether in - their own transaction or other transactions. Such a function must be - read-only, too, meaning that it cannot use any SQL commands other than - SELECT. There is a considerable performance gain from - declaring a function STABLE or IMMUTABLE - rather than VOLATILE. - - - - - - Nondeferred triggers are now fired immediately - after completion of the triggering query, rather than upon - finishing the current interactive command. This makes a difference - when the triggering query occurred within a function: the trigger - is invoked before the function proceeds to its next operation. For - example, if a function inserts a new row into a table, any - nondeferred foreign key checks occur before proceeding with the - function. - - - - - - Allow function parameters to be declared with names (Dennis Björklund) - - - This allows better documentation of functions. Whether the names - actually do anything depends on the specific function language - being used. - - - - - - Allow PL/pgSQL parameter names to be referenced in the function (Dennis Björklund) - - - This basically creates an automatic alias for each named parameter. - - - - - - Do minimal syntax checking of PL/pgSQL functions at creation time (Tom) - - - This allows us to catch simple syntax errors sooner. - - - - - - More support for composite types (row and record variables) in PL/pgSQL - - - For example, it now works to pass a rowtype variable to another function - as a single variable. - - - - - - Default values for PL/pgSQL variables can now reference previously - declared variables - - - - - - Improve parsing of PL/pgSQL FOR loops (Tom) - - - Parsing is now driven by presence of ".." rather than - data type of variable. This makes no difference for - correct functions, but should result in more understandable error - messages when a mistake is made. - - - - - - Major overhaul of PL/Perl server-side language (Command Prompt, Andrew Dunstan) - - - - - - In PL/Tcl, SPI commands are now run in subtransactions. If an error - occurs, the subtransaction is cleaned up and the error is reported - as an ordinary Tcl error, which can be trapped with catch. - Formerly, it was not possible to catch such errors. - - - - - - Accept ELSEIF in PL/pgSQL (Neil) - - - Previously PL/pgSQL only allowed ELSIF, but many people - are accustomed to spelling this keyword ELSEIF. - - - - - - - - - <application>psql</application> Changes - - - - - Improve psql information display about database - objects (Christopher) - - - - - - Allow psql to display group membership in - \du and \dg (Markus Bertheau) - - - - - - Prevent psql \dn from showing - temporary schemas (Bruce) - - - - - - Allow psql to handle tilde user expansion for file - names (Zach Irmen) - - - - - - Allow psql to display fancy prompts, including - color, via readline (Reece Hart, Chet Ramey) - - - - - - Make psql \copy match COPY command syntax - fully (Tom) - - - - - - Show the location of syntax errors (Fabien Coelho, Tom) - - - - - - Add CLUSTER information to psql - \d display - (Bruce) - - - - - - Change psql \copy stdin/stdout to read - from command input/output (Bruce) - - - - - - Add / to read from - psql's stdin/stdout (Mark - Feit) - - - - - - Add global psql configuration file, psqlrc.sample - (Bruce) - - - This allows a central file where global psql startup commands can - be stored. - - - - - - Have psql \d+ indicate if the table - has an OID column (Neil) - - - - - - On Windows, use binary mode in psql when reading files so control-Z - is not seen as end-of-file - - - - - - Have \dn+ show permissions and description for schemas (Dennis - Björklund) - - - - - - Improve tab completion support (Stefan Kaltenbrunn, Greg Sabino Mullane) - - - - - - Allow boolean settings to be set using upper or lower case (Michael Paesold) - - - - - - - - - <application>pg_dump</application> Changes - - - - - Use dependency information to improve the reliability of - pg_dump (Tom) - - - This should solve the longstanding problems with related objects - sometimes being dumped in the wrong order. - - - - - - Have pg_dump output objects in alphabetical order if possible (Tom) - - - This should make it easier to identify changes between - dump files. - - - - - - Allow pg_restore to ignore some SQL errors (Fabien Coelho) - - - This makes pg_restore's behavior similar to the - results of feeding a pg_dump output script to - psql. In most cases, ignoring errors and plowing - ahead is the most useful thing to do. Also added was a pg_restore - option to give the old behavior of exiting on an error. - - - - - - pg_restore display now includes - objects' schema names - - - - - - New begin/end markers in pg_dump text output (Bruce) - - - - - - Add start/stop times for - pg_dump/pg_dumpall in verbose mode - (Bruce) - - - - - - Allow most pg_dump options in - pg_dumpall (Christopher) - - - - - - Have pg_dump use ALTER OWNER rather - than SET SESSION AUTHORIZATION by default - (Christopher) - - - - - - - - - libpq Changes - - - - - Make libpq's handling thread-safe (Bruce) - - - - - - Add PQmbdsplen() which returns the display length - of a character (Tatsuo) - - - - - - Add thread locking to SSL and - Kerberos connections (Manfred Spraul) - - - - - - Allow PQoidValue(), PQcmdTuples(), and - PQoidStatus() to work on EXECUTE - commands (Neil) - - - - - - Add PQserverVersion() to provide more convenient - access to the server version number (Greg Sabino Mullane) - - - - - - Add PQprepare/PQsendPrepared() functions to support - preparing statements without necessarily specifying the data types - of their parameters (Abhijit Menon-Sen) - - - - - - Many ECPG improvements, including SET DESCRIPTOR (Michael) - - - - - - - - - Source Code Changes - - - - - Allow the database server to run natively on Windows (Claudio, Magnus, Andrew) - - - - - - Shell script commands converted to C versions for Windows support (Andrew) - - - - - - Create an extension makefile framework (Fabien Coelho, Peter) - - - This simplifies the task of building extensions outside the original - source tree. - - - - - - Support relocatable installations (Bruce) - - - Directory paths for installed files (such as the - /share directory) are now computed relative to the - actual location of the executables, so that an installation tree - can be moved to another place without reconfiguring and - rebuilding. - - - - - - Use to choose installation location of documentation; also - allow (Peter) - - - - - - Add to prevent installation of documentation (Peter) - - - - - - Upgrade to DocBook V4.2 SGML (Peter) - - - - - - New PostgreSQL CVS tag (Marc) - - - This was done to make it easier for organizations to manage their - own copies of the PostgreSQL - CVS repository. File version stamps from the master - repository will not get munged by checking into or out of a copied - repository. - - - - - - Clarify locking code (Manfred Koizar) - - - - - - Buffer manager cleanup (Neil) - - - - - - Decouple platform tests from CPU spinlock code (Bruce, Tom) - - - - - - Add inlined test-and-set code on PA-RISC for gcc - (ViSolve, Tom) - - - - - - Improve i386 spinlock code (Manfred Spraul) - - - - - - Clean up spinlock assembly code to avoid warnings from newer - gcc releases (Tom) - - - - - - Remove JDBC from source tree; now a separate project - - - - - - Remove the libpgtcl client interface; now a separate project - - - - - - More accurately estimate memory and file descriptor usage (Tom) - - - - - - Improvements to the macOS startup scripts (Ray A.) - - - - - - New fsync() test program (Bruce) - - - - - - Major documentation improvements (Neil, Peter) - - - - - - Remove pg_encoding; not needed - anymore - - - - - - Remove pg_id; not needed anymore - - - - - - Remove initlocation; not needed - anymore - - - - - - Auto-detect thread flags (no more manual testing) (Bruce) - - - - - - Use Olson's public domain timezone library (Magnus) - - - - - - With threading enabled, use thread flags on Unixware for - backend executables too (Bruce) - - - Unixware cannot mix threaded and nonthreaded object files in the - same executable, so everything must be compiled as threaded. - - - - - - psql now uses a flex-generated - lexical analyzer to process command strings - - - - - - Reimplement the linked list data structure used throughout the - backend (Neil) - - - This improves performance by allowing list append and length - operations to be more efficient. - - - - - - Allow dynamically loaded modules to create their own server configuration - parameters (Thomas Hallgren) - - - - - - New Brazilian version of FAQ (Euler Taveira de Oliveira) - - - - - - Add French FAQ (Guillaume Lelarge) - - - - - - New pgevent for Windows logging - - - - - - Make libpq and ECPG build as proper shared libraries on macOS (Tom) - - - - - - - - - Contrib Changes - - - - - Overhaul of contrib/dblink (Joe) - - - - - - contrib/dbmirror improvements (Steven Singer) - - - - - - New contrib/xml2 (John Gray, Torchbox) - - - - - - Updated contrib/mysql - - - - - - New version of contrib/btree_gist (Teodor) - - - - - - New contrib/trgm, trigram matching for - PostgreSQL (Teodor) - - - - - - Many contrib/tsearch2 improvements (Teodor) - - - - - - Add double metaphone to contrib/fuzzystrmatch (Andrew) - - - - - - Allow contrib/pg_autovacuum to run as a Windows service (Dave Page) - - - - - - Add functions to contrib/dbsize (Andreas Pflug) - - - - - - Removed contrib/pg_logger: obsoleted by integrated logging - subprocess - - - - - - Removed contrib/rserv: obsoleted by various separate projects - - - - - - - - diff --git a/doc/src/sgml/release-8.1.sgml b/doc/src/sgml/release-8.1.sgml deleted file mode 100644 index 44a30892fd..0000000000 --- a/doc/src/sgml/release-8.1.sgml +++ /dev/null @@ -1,5444 +0,0 @@ - - - - - Release 8.1.23 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.1.22. - For information about new features in the 8.1 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.1.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.1.23 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.1.22 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.1.21. - For information about new features in the 8.1 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.1.X release series in November 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.1.22 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - - - - - Release 8.1.21 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.1.20. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.21 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update PL/Perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in PL/Python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including macOS. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - - - - - - - Release 8.1.20 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.1.19. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.20 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.1.19 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.1.18. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.19 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.1.18 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.1.17. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.18 - - - A dump/restore is not required for those running 8.1.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.1.18. - Also, if you are upgrading from a version earlier than 8.1.15, - see . - - - - - - Changes - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.1.17 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.1.16. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.17 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.15, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Fix decompilation of CASE WHEN with an implicit coercion - (Tom) - - - - This mistake could lead to Assert failures in an Assert-enabled build, - or an unexpected CASE WHEN clause error message in other - cases, when trying to examine or dump a view. - - - - - - Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) - - - - If CLUSTER or a rewriting variant of ALTER TABLE - were executed by someone other than the table owner, the - pg_type entry for the table's TOAST table would end up - marked as owned by that someone. This caused no immediate problems, - since the permissions on the TOAST rowtype aren't examined by any - ordinary database operation. However, it could lead to unexpected - failures if one later tried to drop the role that issued the command - (in 8.1 or 8.2), or owner of data type appears to be invalid - warnings from pg_dump after having done so (in 8.3). - - - - - - Clean up PL/pgSQL error status variables fully at block exit - (Ashesh Vashi and Dave Page) - - - - This is not a problem for PL/pgSQL itself, but the omission could cause - the PL/pgSQL Debugger to crash while examining the state of a function. - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.1.16 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.1.15. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.16 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.15, - see . - - - - - - Changes - - - - - - Fix crash in autovacuum (Alvaro) - - - - The crash occurs only after vacuuming a whole database for - anti-transaction-wraparound purposes, which means that it occurs - infrequently and is hard to track down. - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Ensure that the contents of a holdable cursor don't depend on the - contents of TOAST tables (Tom) - - - - Previously, large field values in a cursor result might be represented - as TOAST pointers, which would fail if the referenced table got dropped - before the cursor is read, or if the large value is deleted and then - vacuumed away. This cannot happen with an ordinary cursor, - but it could with a cursor that is held past its creating transaction. - - - - - - Fix uninitialized variables in contrib/tsearch2's - get_covers() function (Teodor) - - - - - - Fix configure script to properly report failure when - unable to obtain linkage information for PL/Perl (Andrew) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.1.15 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.1.14. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.15 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . Also, if you were running a previous - 8.1.X release, it is recommended to REINDEX all GiST - indexes after the upgrade. - - - - - - Changes - - - - - - Fix GiST index corruption due to marking the wrong index entry - dead after a deletion (Teodor) - - - - This would result in index searches failing to find rows they - should have found. Corrupted indexes can be fixed with - REINDEX. - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Fix mis-expansion of rule queries when a sub-SELECT appears - in a function call in FROM, a multi-row VALUES - list, or a RETURNING list (Tom) - - - - The usual symptom of this problem is an unrecognized node type - error. - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Prevent possible collision of relfilenode numbers - when moving a table to another tablespace with ALTER SET - TABLESPACE (Heikki) - - - - The command tried to re-use the existing filename, instead of - picking one that is known unused in the destination directory. - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - build (Ron Mayer) - - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE ROLE (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.1.14 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.1.13. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.14 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Fix possible duplicate output of tuples during a GiST index scan (Teodor) - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - ALTER COLUMN TYPE, followed by re-use of a previously - cached plan, could produce this type of situation. The check protects - against data corruption and/or crashes that could ensue. - - - - - - Fix AT TIME ZONE to first try to interpret its timezone - argument as a timezone abbreviation, and only try it as a full timezone - name if that fails, rather than the other way around as formerly (Tom) - - - - The timestamp input functions have always resolved ambiguous zone names - in this order. Making AT TIME ZONE do so as well improves - consistency, and fixes a compatibility bug introduced in 8.1: - in ambiguous cases we now behave the same as 8.0 and before did, - since in the older versions AT TIME ZONE accepted - only abbreviations. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner bug with nested sub-select expressions (Tom) - - - - If the outer sub-select has no direct dependency on the parent query, - but the inner one does, the outer value might not get recalculated - for new parent query rows. - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/pgSQL to not fail when a FOR loop's target variable - is a record containing composite-type fields (Tom) - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - Fix PL/Python to work with Python 2.5 - - - - This is a back-port of fixes made during the 8.2 development cycle. - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.1.13 - - - Release date: - 2008-06-12 - - - - This release contains one serious and one minor bug fix over 8.1.12. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.13 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - Make ALTER AGGREGATE ... OWNER TO update - pg_shdepend (Tom) - - - - This oversight could lead to problems if the aggregate was later - involved in a DROP OWNED or REASSIGN OWNED - operation. - - - - - - - - - - Release 8.1.12 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.1.11. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.12 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix a few datatype input functions - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, - Argentina/San_Luis, and Chile) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS (Tom) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Disallow LISTEN and UNLISTEN within a - prepared transaction (Tom) - - - - This was formerly allowed but trying to do it had various unpleasant - consequences, notably that the originating backend could not exit - as long as an UNLISTEN remained uncommitted. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use to defend against possible misoptimization - in recent gcc versions (Tom) - - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 8.1.11 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 8.1.10, - including fixes for significant security issues. - For information about new features in the 8.1 major release, see - . - - - - This is the last 8.1.X release for which the PostgreSQL - community will produce binary packages for Windows. - Windows users are encouraged to move to 8.2.X or later, - since there are Windows-specific fixes in 8.2.X that - are impractical to back-port. 8.1.X will continue to - be supported on other platforms. - - - - Migration to Version 8.1.11 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 8.1.10 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Update time zone data files to tzdata release 2007k - (in particular, recent Argentina changes) (Tom) - - - - - - Improve planner's handling of LIKE/regex estimation in non-C locales - (Tom) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Preserve the tablespace of indexes that are - rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) - - - - - - Make archive recovery always start a new WAL timeline, rather than only - when a recovery stop time was used (Simon) - - - - This avoids a corner-case risk of trying to overwrite an existing - archived copy of the last WAL segment, and seems simpler and cleaner - than the original definition. - - - - - - Make VACUUM not use all of maintenance_work_mem - when the table is too small for it to be useful (Alvaro) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Fix overflow in extract(epoch from interval) for intervals - exceeding 68 years (Tom) - - - - - - Fix PL/Perl to not fail when a UTF-8 regular expression is used - in a trusted function (Andrew) - - - - - - Fix PL/Perl to cope when platform's Perl defines type bool - as int rather than char (Tom) - - - - While this could theoretically happen anywhere, no standard build of - Perl did things this way ... until macOS 10.5. - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - Fix pg_dump to correctly handle inheritance child tables - that have default expressions different from their parent's (Tom) - - - - - - Fix libpq crash when PGPASSFILE refers - to a file that is not a plain file (Martin Pitt) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/pgcrypto defend against - OpenSSL libraries that fail on keys longer than 128 - bits; which is the case at least on some Solaris versions (Marko Kreen) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 8.1.10 - - - Release date: - 2007-09-17 - - - - This release contains a variety of fixes from 8.1.9. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.10 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Allow the interval data type to accept input consisting only of - milliseconds or microseconds (Neil) - - - - - - Speed up rtree index insertion (Teodor) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix logging so that log messages are never interleaved when using - the syslogger process (Andrew) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Fix incorrect handling of some foreign-key corner cases (Tom) - - - - - - Prevent REINDEX and CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) - - - - - - Windows socket improvements (Magnus) - - - - - - Suppress timezone name (%Z) in log timestamps on Windows - because of possible encoding mismatches (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 8.1.9 - - - Release date: - 2007-04-23 - - - - This release contains a variety of fixes from 8.1.8, - including a security fix. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.9 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Require COMMIT PREPARED to be executed in the same - database as the transaction was prepared in (Heikki) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Planner fixes, including improving outer join and bitmap scan - selection logic (Tom) - - - - - - Fix PANIC during enlargement of a hash index (bug introduced in 8.1.6) - (Tom) - - - - - - Fix POSIX-style timezone specs to follow new USA DST rules (Tom) - - - - - - - - - - Release 8.1.8 - - - Release date: - 2007-02-07 - - - - This release contains one fix from 8.1.7. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.8 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Remove overly-restrictive check for type length in constraints and - functional indexes(Tom) - - - - - - - - - - Release 8.1.7 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 8.1.6, including - a security fix. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.7 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Remove security vulnerabilities that allowed connected users - to read backend memory (Tom) - - - The vulnerabilities involve suppressing the normal check that a SQL - function returns the data type it's declared to, and changing the - data type of a table column (CVE-2007-0555, CVE-2007-0556). These - errors can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Improve VACUUM performance for databases with many tables (Tom) - - - - - - Fix autovacuum to avoid leaving non-permanent transaction IDs in - non-connectable databases (Alvaro) - - - - This bug affects the 8.1 branch only. - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - Fix bogus permission denied failures occurring on Windows - due to attempts to fsync already-deleted files (Magnus, Tom) - - - - - - Fix possible crashes when an already-in-use PL/pgSQL function is - updated (Tom) - - - - - - - - - - Release 8.1.6 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 8.1.5. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.6 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Improve handling of getaddrinfo() on AIX (Tom) - - - - This fixes a problem with starting the statistics collector, - among other things. - - - - - - Fix pg_restore to handle a tar-format backup - that contains large objects (blobs) with comments (Tom) - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Clean out pg_internal.init cache files during server - restart (Simon) - - - - This avoids a hazard that the cache files might contain stale - data after PITR recovery. - - - - - - Fix race condition for truncation of a large relation across a - gigabyte boundary by VACUUM (Tom) - - - - - - Fix bug causing needless deadlock errors on row-level locks (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Fix possible deadlock in Windows signal handling (Teodor) - - - - - - Fix error when constructing an ARRAY[] made up of multiple - empty elements (Tom) - - - - - - Fix ecpg memory leak during connection (Michael) - - - - - - Fix for macOS (Darwin) compilation (Tom) - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - Update timezone database - - - - This affects Australian and Canadian daylight-savings rules in - particular. - - - - - - - - - - Release 8.1.5 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 8.1.4. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.5 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - -Disallow aggregate functions in UPDATE -commands, except within sub-SELECTs (Tom) -The behavior of such an aggregate was unpredictable, and in 8.1.X -could cause a crash, so it has been disabled. The SQL standard does not allow -this either. -Fix core dump when an untyped literal is taken as -ANYARRAY -Fix core dump in duration logging for extended query protocol -when a COMMIT or ROLLBACK is -executed -Fix mishandling of AFTER triggers when query contains a SQL -function returning multiple rows (Tom) -Fix ALTER TABLE ... TYPE to recheck -NOT NULL for USING clause (Tom) -Fix string_to_array() to handle overlapping - matches for the separator string -For example, string_to_array('123xx456xxx789', 'xx'). - -Fix to_timestamp() for -AM/PM formats (Bruce) -Fix autovacuum's calculation that decides whether - ANALYZE is needed (Alvaro) -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Numerous robustness fixes in ecpg (Joachim -Wieland) -Fix backslash escaping in /contrib/dbmirror -Minor fixes in /contrib/dblink and /contrib/tsearch2 - -Efficiency improvements in hash tables and bitmap index scans -(Tom) -Fix instability of statistics collection on Windows (Tom, Andrew) -Fix statement_timeout to use the proper -units on Win32 (Bruce) -In previous Win32 8.1.X versions, the delay was off by a factor of -100. -Fixes for MSVC and Borland C++ -compilers (Hiroshi Saito) -Fixes for AIX and -Intel compilers (Tom) -Fix rare bug in continuous archiving (Tom) - - - - - - - Release 8.1.4 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 8.1.3, - including patches for extremely serious security issues. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.4 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations and -standard_conforming_strings -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs -them against the planned changeover to SQL-standard string literal syntax. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix weak key selection in pgcrypto (Marko Kreen) -Errors in fortuna PRNG reseeding logic could cause a predictable -session key to be selected by pgp_sym_encrypt() in some cases. -This only affects non-OpenSSL-using builds. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, win866_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Make autovacuum visible in pg_stat_activity -(Alvaro) - -Disable full_page_writes (Tom) -In certain cases, having full_page_writes off would cause -crash recovery to fail. A proper fix will appear in 8.2; for now it's just -disabled. - - -Various planner fixes, particularly for bitmap index scans and -MIN/MAX optimization (Tom) - -Fix incorrect optimization in merge join (Tom) -Outer joins could sometimes emit multiple copies of unmatched rows. - - -Fix crash from using and modifying a plpgsql function in the -same transaction - -Fix WAL replay for case where a B-Tree index has been -truncated - -Fix SIMILAR TO for patterns involving -| (Tom) - -Fix SELECT INTO and CREATE TABLE AS to -create tables in the default tablespace, not the base directory (Kris -Jurka) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Improve qsort performance (Dann Corbit) -Currently this code is only used on Solaris. - - -Fix for OS/X Bonjour on x86 systems (Ashley Clark) - -Fix various minor memory leaks - -Fix problem with password prompting on some Win32 systems -(Robert Kinberg) - -Improve pg_dump's handling of default values -for domains - -Fix pg_dumpall to handle identically-named -users and groups reasonably (only possible when dumping from a pre-8.1 server) -(Tom) -The user and group will be merged into a single role with -LOGIN permission. Formerly the merged role wouldn't have -LOGIN permission, making it unusable as a user. - - -Fix pg_restore -n to work as -documented (Tom) - - - - - - - Release 8.1.3 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 8.1.2, - including one very serious security issue. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.3 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - Changes - - - -Fix bug that allowed any logged-in user to SET -ROLE to any other database user id (CVE-2006-0553) -Due to inadequate validity checking, a user could exploit the special -case that SET ROLE normally uses to restore the previous role -setting after an error. This allowed ordinary users to acquire superuser -status, for example. -The escalation-of-privilege risk exists only in 8.1.0-8.1.2. -However, in all releases back to 7.3 there is a related bug in SET -SESSION AUTHORIZATION that allows unprivileged users to crash the server, -if it has been compiled with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 8.0.4, 7.4.9, and 7.3.11 releases. - - -Fix race condition that could lead to file already -exists errors during pg_clog and pg_subtrans file creation -(Tom) - -Fix cases that could lead to crashes if a cache-invalidation -message arrives at just the wrong time (Tom) - -Properly check DOMAIN constraints for -UNKNOWN parameters in prepared statements -(Neil) - -Ensure ALTER COLUMN TYPE will process -FOREIGN KEY, UNIQUE, and PRIMARY KEY -constraints in the proper order (Nakano Yoshihisa) - -Fixes to allow restoring dumps that have cross-schema -references to custom operators or operator classes (Tom) - -Allow pg_restore to continue properly after a -COPY failure; formerly it tried to treat the remaining -COPY data as SQL commands (Stephen Frost) - -Fix pg_ctl unregister crash -when the data directory is not specified (Magnus) - -Fix libpq PQprint HTML tags -(Christoph Zwerschke) - -Fix ecpg crash on AMD64 and PPC -(Neil) - -Allow SETOF and %TYPE to be used -together in function result type declarations - -Recover properly if error occurs during argument passing -in PL/Python (Neil) - -Fix memory leak in plperl_return_next -(Neil) - -Fix PL/Perl's handling of locales on -Win32 to match the backend (Andrew) - -Various optimizer fixes (Tom) - -Fix crash when log_min_messages is set to -DEBUG3 or above in postgresql.conf on Win32 -(Bruce) - -Fix pgxs -L library path -specification for Win32, Cygwin, macOS, AIX (Bruce) - -Check that SID is enabled while checking for Win32 admin -privileges (Magnus) - -Properly reject out-of-range date inputs (Kris -Jurka) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - -Improve speed of COPY IN via libpq, by -avoiding a kernel call per data line (Alon Goldshuv) - -Improve speed of /contrib/tsearch2 index -creation (Tom) - - - - - - - - Release 8.1.2 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 8.1.1. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.2 - - - A dump/restore is not required for those running 8.1.X. - However, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix Windows code so that postmaster will continue rather -than exit if there is no more room in ShmemBackendArray (Magnus) -The previous behavior could lead to a denial-of-service situation if too -many connection requests arrive close together. This applies -only to the Windows port. - -Fix bug introduced in 8.0 that could allow ReadBuffer -to return an already-used page as new, potentially causing loss of -recently-committed data (Tom) - -Fix for protocol-level Describe messages issued -outside a transaction or in a failed transaction (Tom) - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Allow more flexible relocation of installation -directories (Tom) -Previous releases supported relocation only if all installation -directory paths were the same except for the last component. - -Prevent crashes caused by the use of -ISO-8859-5 and ISO-8859-9 encodings -(Tatsuo) - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Fix bug where COPY CSV mode considered any -\. to terminate the copy data The new code -requires \. to appear alone on a line, as per -documentation. - -Make COPY CSV mode quote a literal data value of -\. to ensure it cannot be interpreted as the -end-of-data marker (Bruce) - -Various fixes for functions returning RECORDs -(Tom) - -Fix processing of postgresql.conf so a -final line with no newline is processed properly (Tom) - - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix autovacuum crash when processing expression indexes - - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 8.1.1 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 8.1.0. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.1 - - - A dump/restore is not required for those running 8.1.X. - - - - - Changes - - -Fix incorrect optimizations of outer-join conditions -(Tom) - -Fix problems with wrong reported column names in cases -involving sub-selects flattened by the optimizer (Tom) - -Fix update failures in scenarios involving CHECK constraints, -toasted columns, and indexes (Tom) - -Fix bgwriter problems after recovering from errors -(Tom) - -The background writer was found to leak buffer pins after write errors. -While not fatal in itself, this might lead to mysterious blockages of -later VACUUM commands. - - - -Prevent failure if client sends Bind protocol message -when current transaction is already aborted - -/contrib/tsearch2 and /contrib/ltree -fixes (Teodor) - -Fix problems with translated error messages in -languages that require word reordering, such as Turkish; also problems with -unexpected truncation of output strings and wrong display of the smallest -possible bigint value (Andrew, Tom) - -These problems only appeared on platforms that were using our -port/snprintf.c code, which includes BSD variants if ---enable-nls was given, and perhaps others. In addition, -a different form of the translated-error-message problem could appear -on Windows depending on which version of libintl was used. - - -Re-allow AM/PM, HH, -HH12, and D format specifiers for -to_char(time) and to_char(interval). -(to_char(interval) should probably use -HH24.) (Bruce) - -AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi -Saito) - -Optimizer improvements (Tom) - -Retry file reads and writes after Windows -NO_SYSTEM_RESOURCES error (Qingqing Zhou) - -Prevent autovacuum from crashing during -ANALYZE of expression index (Alvaro) - -Fix problems with ON COMMIT DELETE ROWS temp -tables - -Fix problems when a trigger alters the output of a SELECT -DISTINCT query - -Add 8.1.0 release note item on how to migrate invalid -UTF-8 byte sequences (Paul Lindner) - - - - - - - Release 8.1 - - - Release date: - 2005-11-08 - - - - Overview - - - Major changes in this release: - - - - - - - Improve concurrent access to the shared buffer cache (Tom) - - - - - Access to the shared buffer cache was identified as a - significant scalability problem, particularly on multi-CPU - systems. In this release, the way that locking is done in the - buffer manager has been overhauled to reduce lock contention - and improve scalability. The buffer manager has also been - changed to use a clock sweep replacement - policy. - - - - - - - Allow index scans to use an intermediate in-memory bitmap (Tom) - - - - - In previous releases, only a single index could be used to do - lookups on a table. With this feature, if a query has - WHERE tab.col1 = 4 and tab.col2 = 9, and there is - no multicolumn index on col1 and col2, - but there is an index on col1 and another on - col2, it is possible to search both indexes and - combine the results in memory, then do heap fetches for only - the rows matching both the col1 and - col2 restrictions. This is very useful in - environments that have a lot of unstructured queries where it - is impossible to create indexes that match all possible access - conditions. Bitmap scans are useful even with a single index, - as they reduce the amount of random access needed; a bitmap - index scan is efficient for retrieving fairly large fractions - of the complete table, whereas plain index scans are not. - - - - - - - Add two-phase commit (Heikki Linnakangas, Alvaro, Tom) - - - - - Two-phase commit allows transactions to be "prepared" on several - computers, and once all computers have successfully prepared - their transactions (none failed), all transactions can be - committed. Even if a machine crashes after a prepare, the - prepared transaction can be committed after the machine is - restarted. New syntax includes PREPARE TRANSACTION and - COMMIT/ROLLBACK PREPARED. A new system view - pg_prepared_xacts has also been added. - - - - - - - Create a new role system that replaces users and groups - (Stephen Frost) - - - - - Roles are a combination of users and groups. Like users, they - can have login capability, and like groups, a role can have - other roles as members. Roles basically remove the distinction - between users and groups. For example, a role can: - - - - - - - Have login capability (optionally) - - - - - - Own objects - - - - - - Hold access permissions for database objects - - - - - - Inherit permissions from other roles it is a member of - - - - - - Once a user logs into a role, she obtains capabilities of - the login role plus any inherited roles, and can use - SET ROLE to switch to other roles she is a member of. - This feature is a generalization of the SQL standard's concept of - roles. - This change also replaces pg_shadow and - pg_group by new role-capable catalogs - pg_authid and pg_auth_members. The old - tables are redefined as read-only views on the new role tables. - - - - - - - Automatically use indexes for MIN() and - MAX() (Tom) - - - - - In previous releases, the only way to use an index for - MIN() or MAX() was to rewrite the - query as SELECT col FROM tab ORDER BY col LIMIT 1. - Index usage now happens automatically. - - - - - - - Move /contrib/pg_autovacuum into the main server - (Alvaro) - - - - - Integrating autovacuum into the server allows it to be - automatically started and stopped in sync with the database - server, and allows autovacuum to be configured from - postgresql.conf. - - - - - - - Add shared row level locks using SELECT ... FOR SHARE - (Alvaro) - - - - - While PostgreSQL's MVCC locking - allows SELECT to never be blocked by writers and - therefore does not need shared row locks for typical operations, - shared locks are useful for applications that require shared row - locking. In particular this reduces the locking requirements - imposed by referential integrity checks. - - - - - - - Add dependencies on shared objects, specifically roles - (Alvaro) - - - - - This extension of the dependency mechanism prevents roles from - being dropped while there are still database objects they own. - Formerly it was possible to accidentally orphan objects by - deleting their owner. While this could be recovered from, it - was messy and unpleasant. - - - - - - - Improve performance for partitioned tables (Simon) - - - - - The new constraint_exclusion configuration - parameter avoids lookups on child tables where constraints indicate - that no matching rows exist in the child table. - - - This allows for a basic type of table partitioning. If child tables - store separate key ranges and this is enforced using appropriate - CHECK constraints, the optimizer will skip child - table accesses when the constraint guarantees no matching rows - exist in the child table. - - - - - - - - - Migration to Version 8.1 - - - A dump/restore using pg_dump is required - for those wishing to migrate data from any previous release. - - - - The 8.0 release announced that the to_char() function - for intervals would be removed in 8.1. However, since no better API - has been suggested, to_char(interval) has been enhanced in - 8.1 and will remain in the server. - - - - Observe the following incompatibilities: - - - - - - - add_missing_from is now false by default (Neil) - - - By default, we now generate an error if a table is used in a query - without a FROM reference. The old behavior is still - available, but the parameter must be set to 'true' to obtain it. - - - - It might be necessary to set add_missing_from to true - in order to load an existing dump file, if the dump contains any - views or rules created using the implicit-FROM syntax. - This should be a one-time annoyance, because - PostgreSQL 8.1 will convert - such views and rules to standard explicit-FROM syntax. - Subsequent dumps will therefore not have the problem. - - - - - - Cause input of a zero-length string ('') for - float4/float8/oid - to throw an error, rather than treating it as a zero (Neil) - - - This change is consistent with the current handling of - zero-length strings for integers. The schedule for this change - was announced in 8.0. - - - - - - default_with_oids is now false by default (Neil) - - - With this option set to false, user-created tables no longer - have an OID column unless WITH OIDS is specified in - CREATE TABLE. Though OIDs have existed in all - releases of PostgreSQL, their use is limited - because they are only four bytes long and the counter is shared - across all installed databases. The preferred way of uniquely - identifying rows is via sequences and the SERIAL type, - which have been supported since PostgreSQL 6.4. - - - - - - Add E'' syntax so eventually ordinary strings can - treat backslashes literally (Bruce) - - - Currently PostgreSQL processes a - backslash in a string literal as introducing a special escape sequence, - e.g. \n or \010. - While this allows easy entry of special values, it is - nonstandard and makes porting of applications from other - databases more difficult. For this reason, the - PostgreSQL project is planning to - remove the special meaning of backslashes in strings. For - backward compatibility and for users who want special backslash - processing, a new string syntax has been created. This new string - syntax is formed by writing an E immediately preceding the - single quote that starts the string, e.g. E'hi\n'. While - this release does not change the handling of backslashes in strings, it - does add new configuration parameters to help users migrate applications - for future releases: - - - - - - standard_conforming_strings — does this release - treat backslashes literally in ordinary strings? - - - - - - escape_string_warning — warn about backslashes in - ordinary (non-E) strings - - - - - - - The standard_conforming_strings value is read-only. - Applications can retrieve the value to know how backslashes are - processed. (Presence of the parameter can also be taken as an - indication that E'' string syntax is supported.) - In a future release, standard_conforming_strings - will be true, meaning backslashes will be treated literally in - non-E strings. To prepare for this change, use E'' - strings in places that need special backslash processing, and - turn on escape_string_warning to find additional - strings that need to be converted to use E''. - Also, use two single-quotes ('') to embed a literal - single-quote in a string, rather than the - PostgreSQL-supported syntax of - backslash single-quote (\'). The former is - standards-conforming and does not require the use of the - E'' string syntax. You can also use the - $$ string syntax, which does not treat backslashes - specially. - - - - - - Make REINDEX DATABASE reindex all indexes in the - database (Tom) - - - Formerly, REINDEX DATABASE reindexed only - system tables. This new behavior seems more intuitive. A new - command REINDEX SYSTEM provides the old functionality - of reindexing just the system tables. - - - - - - Read-only large object descriptors now obey MVCC snapshot semantics - - - When a large object is opened with INV_READ (and not - INV_WRITE), the data read from the descriptor will now - reflect a snapshot of the large object's state at the - time of the transaction snapshot in use by the query that called - lo_open(). To obtain the old behavior of always - returning the latest committed data, include INV_WRITE - in the mode flags for lo_open(). - - - - - - Add proper dependencies for arguments of sequence functions (Tom) - - - In previous releases, sequence names passed to nextval(), - currval(), and setval() were stored as - simple text strings, meaning that renaming or dropping a - sequence used in a DEFAULT clause made the clause - invalid. This release stores all newly-created sequence function - arguments as internal OIDs, allowing them to track sequence - renaming, and adding dependency information that prevents - improper sequence removal. It also makes such DEFAULT - clauses immune to schema renaming and search path changes. - - - Some applications might rely on the old behavior of - run-time lookup for sequence names. This can still be done by - explicitly casting the argument to text, for example - nextval('myseq'::text). - - - Pre-8.1 database dumps loaded into 8.1 will use the old text-based - representation and therefore will not have the features of - OID-stored arguments. However, it is possible to update a - database containing text-based DEFAULT clauses. - First, save this query into a file, such as fixseq.sql: - -SELECT 'ALTER TABLE ' || - pg_catalog.quote_ident(n.nspname) || '.' || - pg_catalog.quote_ident(c.relname) || - ' ALTER COLUMN ' || pg_catalog.quote_ident(a.attname) || - ' SET DEFAULT ' || - regexp_replace(d.adsrc, - $$val\(\(('[^']*')::text\)::regclass$$, - $$val(\1$$, - 'g') || - ';' -FROM pg_namespace n, pg_class c, pg_attribute a, pg_attrdef d -WHERE n.oid = c.relnamespace AND - c.oid = a.attrelid AND - a.attrelid = d.adrelid AND - a.attnum = d.adnum AND - d.adsrc ~ $$val\(\('[^']*'::text\)::regclass$$; - - Next, run the query against a database to find what - adjustments are required, like this for database db1: - -psql -t -f fixseq.sql db1 - - This will show the ALTER TABLE commands needed to - convert the database to the newer OID-based representation. - If the commands look reasonable, run this to update the database: - -psql -t -f fixseq.sql db1 | psql -e db1 - - This process must be repeated in each database to be updated. - - - - - - In psql, treat unquoted - \{digit}+ sequences as octal (Bruce) - - - In previous releases, \{digit}+ sequences were - treated as decimal, and only \0{digit}+ were treated - as octal. This change was made for consistency. - - - - - - Remove grammar productions for prefix and postfix % - and ^ operators - (Tom) - - - These have never been documented and complicated the use of the - modulus operator (%) with negative numbers. - - - - - - Make &< and &> for polygons - consistent with the box "over" operators (Tom) - - - - - - CREATE LANGUAGE can ignore the provided arguments - in favor of information from pg_pltemplate - (Tom) - - - A new system catalog pg_pltemplate has been defined - to carry information about the preferred definitions of procedural - languages (such as whether they have validator functions). When - an entry exists in this catalog for the language being created, - CREATE LANGUAGE will ignore all its parameters except the - language name and instead use the catalog information. This measure - was taken because of increasing problems with obsolete language - definitions being loaded by old dump files. As of 8.1, - pg_dump will dump procedural language definitions as - just CREATE LANGUAGE name, relying - on a template entry to exist at load time. We expect this will be a - more future-proof representation. - - - - - - Make pg_cancel_backend(int) return a - boolean rather than an integer (Neil) - - - - - - Some users are having problems loading UTF-8 data into 8.1.X. - This is because previous versions allowed invalid UTF-8 byte - sequences to be entered into the database, and this release - properly accepts only valid UTF-8 sequences. One way to correct a - dumpfile is to run the command iconv -c -f UTF-8 -t - UTF-8 -o cleanfile.sql dumpfile.sql. The -c option - removes invalid character sequences. A diff of the two files will - show the sequences that are invalid. iconv reads the - entire input file into memory so it might be necessary to use - split to break up the dump into multiple smaller - files for processing. - - - - - - - - Additional Changes - - - Below you will find a detailed account of the additional changes - between PostgreSQL 8.1 and the - previous major release. - - - - Performance Improvements - - - - - Improve GiST and R-tree index performance (Neil) - - - - - - Improve the optimizer, including auto-resizing of hash joins - (Tom) - - - - - - Overhaul internal API in several areas - - - - - - Change WAL record CRCs from 64-bit to 32-bit (Tom) - - - We determined that the extra cost of computing 64-bit CRCs was - significant, and the gain in reliability too marginal to justify it. - - - - - - Prevent writing large empty gaps in WAL pages (Tom) - - - - - - Improve spinlock behavior on SMP machines, particularly Opterons (Tom) - - - - - - Allow nonconsecutive index columns to be used in a multicolumn - index (Tom) - - - For example, this allows an index on columns a,b,c to be used in - a query with WHERE a = 4 and c = 10. - - - - - - Skip WAL logging for CREATE TABLE AS / - SELECT INTO (Simon) - - - Since a crash during CREATE TABLE AS would cause the - table to be dropped during recovery, there is no reason to WAL - log as the table is loaded. (Logging still happens if WAL - archiving is enabled, however.) - - - - - - Allow concurrent GiST index access (Teodor, Oleg) - - - - - - Add configuration parameter full_page_writes to - control writing full pages to WAL (Bruce) - - - To prevent partial disk writes from corrupting the database, - PostgreSQL writes a complete copy of - each database disk page to WAL the first time it is modified - after a checkpoint. This option turns off that functionality for more - speed. This is safe to use with battery-backed disk caches where - partial page writes cannot happen. - - - - - - Use O_DIRECT if available when using - O_SYNC for wal_sync_method - (Itagaki Takahiro) - - - O_DIRECT causes disk writes to bypass the kernel - cache, and for WAL writes, this improves performance. - - - - - - Improve COPY FROM performance (Alon Goldshuv) - - - This was accomplished by reading COPY input in - larger chunks, rather than character by character. - - - - - - Improve the performance of COUNT(), - SUM, AVG(), - STDDEV(), and - VARIANCE() (Neil, Tom) - - - - - - - Server Changes - - - - - Prevent problems due to transaction ID (XID) wraparound (Tom) - - - The server will now warn when the transaction counter approaches - the wraparound point. If the counter becomes too close to wraparound, - the server will stop accepting queries. This ensures that data is - not lost before needed vacuuming is performed. - - - - - - Fix problems with object IDs (OIDs) conflicting with existing system - objects after the OID counter has wrapped around (Tom) - - - - - - Add warning about the need to increase - max_fsm_relations and max_fsm_pages - during VACUUM (Ron Mayer) - - - - - - Add temp_buffers configuration parameter to allow - users to determine the size of the local buffer area for - temporary table access (Tom) - - - - - - Add session start time and client IP address to - pg_stat_activity (Magnus) - - - - - - Adjust pg_stat views for bitmap scans (Tom) - - - The meanings of some of the fields have changed slightly. - - - - - - Enhance pg_locks view (Tom) - - - - - - Log queries for client-side PREPARE and - EXECUTE (Simon) - - - - - - Allow Kerberos name and user name case sensitivity to be - specified in postgresql.conf (Magnus) - - - - - - Add configuration parameter krb_server_hostname so - that the server host name can be specified as part of service - principal (Todd Kover) - - - If not set, any service principal matching an entry in the - keytab can be used. This is new Kerberos matching behavior in - this release. - - - - - - Add log_line_prefix options for millisecond - timestamps (%m) and remote host (%h) (Ed - L.) - - - - - - Add WAL logging for GiST indexes (Teodor, Oleg) - - - GiST indexes are now safe for crash and point-in-time recovery. - - - - - - Remove old *.backup files when we do - pg_stop_backup() (Bruce) - - - This prevents a large number of *.backup files from - existing in pg_xlog/. - - - - - - Add configuration parameters to control TCP/IP keep-alive - times for idle, interval, and count (Oliver Jowett) - - - - These values can be changed to allow more rapid detection of - lost client connections. - - - - - - Add per-user and per-database connection limits (Petr Jelinek) - - - Using ALTER USER and ALTER DATABASE, - limits can now be enforced on the maximum number of sessions that - can concurrently connect as a specific user or to a specific database. - Setting the limit to zero disables user or database connections. - - - - - - Allow more than two gigabytes of shared memory and per-backend - work memory on 64-bit machines (Koichi Suzuki) - - - - - - New system catalog pg_pltemplate allows overriding - obsolete procedural-language definitions in dump files (Tom) - - - - - - - - - Query Changes - - - - - Add temporary views (Koju Iijima, Neil) - - - - - - Fix HAVING without any aggregate functions or - GROUP BY so that the query returns a single group (Tom) - - - Previously, such a case would treat the HAVING - clause the same as a WHERE clause. This was not per spec. - - - - - - Add USING clause to allow additional tables to be - specified to DELETE (Euler Taveira de Oliveira, Neil) - - - In prior releases, there was no clear method for specifying - additional tables to be used for joins in a DELETE - statement. UPDATE already has a FROM - clause for this purpose. - - - - - - Add support for \x hex escapes in backend and ecpg - strings (Bruce) - - - This is just like the standard C \x escape syntax. - Octal escapes were already supported. - - - - - - Add BETWEEN SYMMETRIC query syntax (Pavel Stehule) - - - This feature allows BETWEEN comparisons without - requiring the first value to be less than the second. For - example, 2 BETWEEN [ASYMMETRIC] 3 AND 1 returns - false, while 2 BETWEEN SYMMETRIC 3 AND 1 returns - true. BETWEEN ASYMMETRIC was already supported. - - - - - - Add NOWAIT option to SELECT ... FOR - UPDATE/SHARE (Hans-Juergen Schoenig) - - - While the statement_timeout configuration - parameter allows a query taking more than a certain amount of - time to be canceled, the NOWAIT option allows a - query to be canceled as soon as a SELECT ... FOR - UPDATE/SHARE command cannot immediately acquire a row lock. - - - - - - - - Object Manipulation Changes - - - - - Track dependencies of shared objects (Alvaro) - - - PostgreSQL allows global tables - (users, databases, tablespaces) to reference information in - multiple databases. This addition adds dependency information - for global tables, so, for example, user ownership can be - tracked across databases, so a user who owns something in any - database can no longer be removed. Dependency tracking already - existed for database-local objects. - - - - - - Allow limited ALTER OWNER commands to be performed - by the object owner (Stephen Frost) - - - Prior releases allowed only superusers to change object owners. - Now, ownership can be transferred if the user executing the command - owns the object and would be able to create it as the new owner - (that is, the user is a member of the new owning role and that role - has the CREATE permission that would be needed to create the object - afresh). - - - - - - Add ALTER object SET SCHEMA capability - for some object types (tables, functions, types) (Bernd Helmle) - - - This allows objects to be moved to different schemas. - - - - - - Add ALTER TABLE ENABLE/DISABLE TRIGGER to - disable triggers (Satoshi Nagayasu) - - - - - - - - - Utility Command Changes - - - - - Allow TRUNCATE to truncate multiple tables in a - single command (Alvaro) - - - Because of referential integrity checks, it is not allowed to - truncate a table that is part of a referential integrity - constraint. Using this new functionality, TRUNCATE - can be used to truncate such tables, if both tables involved in - a referential integrity constraint are truncated in a single - TRUNCATE command. - - - - - - Properly process carriage returns and line feeds in - COPY CSV mode (Andrew) - - - In release 8.0, carriage returns and line feeds in CSV - COPY TO were processed in an inconsistent manner. (This was - documented on the TODO list.) - - - - - - Add COPY WITH CSV HEADER to allow a header line as - the first line in COPY (Andrew) - - - This allows handling of the common CSV usage of - placing the column names on the first line of the data file. For - COPY TO, the first line contains the column names, - and for COPY FROM, the first line is ignored. - - - - - - On Windows, display better sub-second precision in - EXPLAIN ANALYZE (Magnus) - - - - - - Add trigger duration display to EXPLAIN ANALYZE - (Tom) - - - Prior releases included trigger execution time as part of the - total execution time, but did not show it separately. It is now - possible to see how much time is spent in each trigger. - - - - - - Add support for \x hex escapes in COPY - (Sergey Ten) - - - Previous releases only supported octal escapes. - - - - - - Make SHOW ALL include variable descriptions - (Matthias Schmidt) - - - SHOW varname still only displays the variable's - value and does not include the description. - - - - - - Make initdb create a new standard - database called postgres, and convert utilities to - use postgres rather than template1 for - standard lookups (Dave) - - - In prior releases, template1 was used both as a - default connection for utilities like - createuser, and as a template for - new databases. This caused CREATE DATABASE to - sometimes fail, because a new database cannot be created if - anyone else is in the template database. With this change, the - default connection database is now postgres, - meaning it is much less likely someone will be using - template1 during CREATE DATABASE. - - - - - - Create new reindexdb command-line - utility by moving /contrib/reindexdb into the - server (Euler Taveira de Oliveira) - - - - - - - - - Data Type and Function Changes - - - - - Add MAX() and MIN() aggregates for - array types (Koju Iijima) - - - - - - Fix to_date() and to_timestamp() to - behave reasonably when CC and YY fields - are both used (Karel Zak) - - - If the format specification contains CC and a year - specification is YYY or longer, ignore the - CC. If the year specification is YY or - shorter, interpret CC as the previous century. - - - - - - Add md5(bytea) (Abhijit Menon-Sen) - - - md5(text) already existed. - - - - - - Add support for numeric ^ numeric based on - power(numeric, numeric) - - - The function already existed, but there was no operator assigned - to it. - - - - - - Fix NUMERIC modulus by properly truncating the quotient - during computation (Bruce) - - - In previous releases, modulus for large values sometimes - returned negative results due to rounding of the quotient. - - - - - - Add a function lastval() (Dennis Björklund) - - - lastval() is a simplified version of - currval(). It automatically determines the proper - sequence name based on the most recent nextval() or - setval() call performed by the current session. - - - - - - Add to_timestamp(DOUBLE PRECISION) (Michael Glaesemann) - - - Converts Unix seconds since 1970 to a TIMESTAMP WITH - TIMEZONE. - - - - - - Add pg_postmaster_start_time() function (Euler - Taveira de Oliveira, Matthias Schmidt) - - - - - - Allow the full use of time zone names in AT TIME - ZONE, not just the short list previously available (Magnus) - - - Previously, only a predefined list of time zone names were - supported by AT TIME ZONE. Now any supported time - zone name can be used, e.g.: - -SELECT CURRENT_TIMESTAMP AT TIME ZONE 'Europe/London'; - - In the above query, the time zone used is adjusted based on the - daylight saving time rules that were in effect on the supplied - date. - - - - - - Add GREATEST() and LEAST() variadic - functions (Pavel Stehule) - - - These functions take a variable number of arguments and return - the greatest or least value among the arguments. - - - - - - Add pg_column_size() (Mark Kirkwood) - - - This returns storage size of a column, which might be compressed. - - - - - - Add regexp_replace() (Atsushi Ogawa) - - - This allows regular expression replacement, like sed. An optional - flag argument allows selection of global (replace all) and - case-insensitive modes. - - - - - - Fix interval division and multiplication (Bruce) - - - Previous versions sometimes returned unjustified results, like - '4 months'::interval / 5 returning '1 mon - -6 days'. - - - - - - Fix roundoff behavior in timestamp, time, and interval output (Tom) - - - This fixes some cases in which the seconds field would be shown as - 60 instead of incrementing the higher-order fields. - - - - - - Add a separate day field to type interval so a one day - interval can be distinguished from a 24 hour interval (Michael - Glaesemann) - - - Days that contain a daylight saving time adjustment are not 24 - hours long, but typically 23 or 25 hours. This change creates a - conceptual distinction between intervals of so many days - and intervals of so many hours. Adding - 1 day to a timestamp now gives the same local time on - the next day even if a daylight saving time adjustment occurs - between, whereas adding 24 hours will give a different - local time when this happens. For example, under US DST rules: - -'2005-04-03 00:00:00-05' + '1 day' = '2005-04-04 00:00:00-04' -'2005-04-03 00:00:00-05' + '24 hours' = '2005-04-04 01:00:00-04' - - - - - - - Add justify_days() and justify_hours() - (Michael Glaesemann) - - - These functions, respectively, adjust days to an appropriate - number of full months and days, and adjust hours to an - appropriate number of full days and hours. - - - - - - Move /contrib/dbsize into the backend, and rename - some of the functions (Dave Page, Andreas Pflug) - - - - - - - pg_tablespace_size() - - - - - - pg_database_size() - - - - - - pg_relation_size() - - - - - - pg_total_relation_size() - - - - - - pg_size_pretty() - - - - - - - pg_total_relation_size() includes indexes and TOAST - tables. - - - - - - Add functions for read-only file access to the cluster directory - (Dave Page, Andreas Pflug) - - - - - - - pg_stat_file() - - - - - - pg_read_file() - - - - - - pg_ls_dir() - - - - - - - - - - Add pg_reload_conf() to force reloading of the - configuration files (Dave Page, Andreas Pflug) - - - - - - Add pg_rotate_logfile() to force rotation of the - server log file (Dave Page, Andreas Pflug) - - - - - - Change pg_stat_* views to include TOAST tables (Tom) - - - - - - - - - Encoding and Locale Changes - - - - - Rename some encodings to be more consistent and to follow - international standards (Bruce) - - - - - - - UNICODE is now UTF8 - - - - - - ALT is now WIN866 - - - - - - WIN is now WIN1251 - - - - - - TCVN is now WIN1258 - - - - - - - - The original names still work. - - - - - - Add support for WIN1252 encoding (Roland Volkmann) - - - - - - Add support for four-byte UTF8 characters (John - Hansen) - - - Previously only one, two, and three-byte UTF8 characters - were supported. This is particularly important for support for - some Chinese character sets. - - - - - - Allow direct conversion between EUC_JP and - SJIS to improve performance (Atsushi Ogawa) - - - - - - Allow the UTF8 encoding to work on Windows (Magnus) - - - This is done by mapping UTF8 to the Windows-native UTF16 - implementation. - - - - - - - - - General Server-Side Language Changes - - - - - Fix ALTER LANGUAGE RENAME (Sergey Yatskevich) - - - - - - Allow function characteristics, like strictness and volatility, - to be modified via ALTER FUNCTION (Neil) - - - - - - Increase the maximum number of function arguments to 100 (Tom) - - - - - - Allow SQL and PL/pgSQL functions to use OUT and - INOUT parameters (Tom) - - - OUT is an alternate way for a function to return - values. Instead of using RETURN, values can be - returned by assigning to parameters declared as OUT or - INOUT. This is notationally simpler in some cases, - particularly so when multiple values need to be returned. - While returning multiple values from a function - was possible in previous releases, this greatly simplifies the - process. (The feature will be extended to other server-side - languages in future releases.) - - - - - - Move language handler functions into the pg_catalog schema - - - This makes it easier to drop the public schema if desired. - - - - - - Add SPI_getnspname() to SPI (Neil) - - - - - - - - PL/pgSQL Server-Side Language Changes - - - - - Overhaul the memory management of PL/pgSQL functions (Neil) - - - The parsetree of each function is now stored in a separate - memory context. This allows this memory to be easily reclaimed - when it is no longer needed. - - - - - - Check function syntax at CREATE FUNCTION time, - rather than at runtime (Neil) - - - Previously, most syntax errors were reported only when the - function was executed. - - - - - - Allow OPEN to open non-SELECT queries - like EXPLAIN and SHOW (Tom) - - - - - - No longer require functions to issue a RETURN - statement (Tom) - - - This is a byproduct of the newly added OUT and - INOUT functionality. RETURN can - be omitted when it is not needed to provide the function's - return value. - - - - - - Add support for an optional INTO clause to - PL/pgSQL's EXECUTE statement (Pavel Stehule, Neil) - - - - - - Make CREATE TABLE AS set ROW_COUNT (Tom) - - - - - - Define SQLSTATE and SQLERRM to return - the SQLSTATE and error message of the current - exception (Pavel Stehule, Neil) - - - These variables are only defined inside exception blocks. - - - - - - Allow the parameters to the RAISE statement to be - expressions (Pavel Stehule, Neil) - - - - - - Add a loop CONTINUE statement (Pavel Stehule, Neil) - - - - - - Allow block and loop labels (Pavel Stehule) - - - - - - - - - PL/Perl Server-Side Language Changes - - - - - Allow large result sets to be returned efficiently (Abhijit - Menon-Sen) - - - This allows functions to use return_next() to avoid - building the entire result set in memory. - - - - - - Allow one-row-at-a-time retrieval of query results (Abhijit Menon-Sen) - - - This allows functions to use spi_query() and - spi_fetchrow() to avoid accumulating the entire - result set in memory. - - - - - - Force PL/Perl to handle strings as UTF8 if the - server encoding is UTF8 (David Kamholz) - - - - - - Add a validator function for PL/Perl (Andrew) - - - This allows syntax errors to be reported at definition time, - rather than execution time. - - - - - - Allow PL/Perl to return a Perl array when the function returns - an array type (Andrew) - - - This basically maps PostgreSQL arrays - to Perl arrays. - - - - - - Allow Perl nonfatal warnings to generate NOTICE - messages (Andrew) - - - - - - Allow Perl's strict mode to be enabled (Andrew) - - - - - - - - - <application>psql</application> Changes - - - - - Add \set ON_ERROR_ROLLBACK to allow statements in - a transaction to error without affecting the rest of the - transaction (Greg Sabino Mullane) - - - This is basically implemented by wrapping every statement in a - sub-transaction. - - - - - - Add support for \x hex strings in - psql variables (Bruce) - - - Octal escapes were already supported. - - - - - - Add support for troff -ms output format (Roger - Leigh) - - - - - - Allow the history file location to be controlled by - HISTFILE (Andreas Seltenreich) - - - This allows configuration of per-database history storage. - - - - - - Prevent \x (expanded mode) from affecting - the output of \d tablename (Neil) - - - - - - Add option to psql to - log sessions (Lorne Sunley) - - - This option was added because some operating systems do not have - simple command-line activity logging functionality. - - - - - - Make \d show the tablespaces of indexes (Qingqing - Zhou) - - - - - - Allow psql help (\h) to - make a best guess on the proper help information (Greg Sabino - Mullane) - - - This allows the user to just add \h to the front of - the syntax error query and get help on the supported syntax. - Previously any additional query text beyond the command name - had to be removed to use \h. - - - - - - Add \pset numericlocale to allow numbers to be - output in a locale-aware format (Eugen Nedelcu) - - - For example, using C locale 100000 would - be output as 100,000.0 while a European locale might - output this value as 100.000,0. - - - - - - Make startup banner show both server version number and - psql's version number, when they are different (Bruce) - - - Also, a warning will be shown if the server and psql - are from different major releases. - - - - - - - - - <application>pg_dump</application> Changes - - - - - Add / switch to - pg_restore (Richard van den Berg) - - - This allows just the objects in a specified schema to be restored. - - - - - - Allow pg_dump to dump large objects even in - text mode (Tom) - - - With this change, large objects are now always dumped; the former - switch is a no-op. - - - - - - Allow pg_dump to dump a consistent snapshot of - large objects (Tom) - - - - - - Dump comments for large objects (Tom) - - - - - - Add to pg_dump - (Magnus Hagander) - - - This allows a database to be dumped in an encoding that is - different from the server's encoding. This is valuable when - transferring the dump to a machine with a different encoding. - - - - - - Rely on pg_pltemplate for procedural languages (Tom) - - - If the call handler for a procedural language is in the - pg_catalog schema, pg_dump does not - dump the handler. Instead, it dumps the language using just - CREATE LANGUAGE name, - relying on the pg_pltemplate catalog to provide - the language's creation parameters at load time. - - - - - - - - - <application>libpq</application> Changes - - - - - Add a PGPASSFILE environment variable to specify the - password file's filename (Andrew) - - - - - - Add lo_create(), that is similar to - lo_creat() but allows the OID of the large object - to be specified (Tom) - - - - - - Make libpq consistently return an error - to the client application on malloc() - failure (Neil) - - - - - - - - Source Code Changes - - - - - Fix pgxs to support building against a relocated - installation - - - - - - Add spinlock support for the Itanium processor using Intel - compiler (Vikram Kalsi) - - - - - - Add Kerberos 5 support for Windows (Magnus) - - - - - - Add Chinese FAQ (laser@pgsqldb.com) - - - - - - Rename Rendezvous to Bonjour to match OS/X feature renaming - (Bruce) - - - - - - Add support for fsync_writethrough on - macOS (Chris Campbell) - - - - - - Streamline the passing of information within the server, the - optimizer, and the lock system (Tom) - - - - - - Allow pg_config to be compiled using MSVC (Andrew) - - - This is required to build DBD::Pg using MSVC. - - - - - - Remove support for Kerberos V4 (Magnus) - - - Kerberos 4 had security vulnerabilities and is no longer - maintained. - - - - - - Code cleanups (Coverity static analysis performed by - EnterpriseDB) - - - - - - Modify postgresql.conf to use documentation defaults - on/off rather than - true/false (Bruce) - - - - - - Enhance pg_config to be able to report more - build-time values (Tom) - - - - - - Allow libpq to be built thread-safe - on Windows (Dave Page) - - - - - - Allow IPv6 connections to be used on Windows (Andrew) - - - - - - Add Server Administration documentation about I/O subsystem - reliability (Bruce) - - - - - - Move private declarations from gist.h to - gist_private.h (Neil) - - - - In previous releases, gist.h contained both the - public GiST API (intended for use by authors of GiST index - implementations) as well as some private declarations used by - the implementation of GiST itself. The latter have been moved - to a separate file, gist_private.h. Most GiST - index implementations should be unaffected. - - - - - - Overhaul GiST memory management (Neil) - - - - GiST methods are now always invoked in a short-lived memory - context. Therefore, memory allocated via palloc() - will be reclaimed automatically, so GiST index implementations - do not need to manually release allocated memory via - pfree(). - - - - - - - - Contrib Changes - - - - - Add /contrib/pg_buffercache contrib module (Mark - Kirkwood) - - - This displays the contents of the buffer cache, for debugging and - performance tuning purposes. - - - - - - Remove /contrib/array because it is obsolete (Tom) - - - - - - Clean up the /contrib/lo module (Tom) - - - - - - Move /contrib/findoidjoins to - /src/tools (Tom) - - - - - - Remove the <<, >>, - &<, and &> operators from - /contrib/cube - - - These operators were not useful. - - - - - - Improve /contrib/btree_gist (Janko Richter) - - - - - - Improve /contrib/pgbench (Tomoaki Sato, Tatsuo) - - - There is now a facility for testing with SQL command scripts given - by the user, instead of only a hard-wired command sequence. - - - - - - Improve /contrib/pgcrypto (Marko Kreen) - - - - - - - Implementation of OpenPGP symmetric-key and public-key encryption - - - Both RSA and Elgamal public-key algorithms are supported. - - - - - - Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG - - - - - - OpenSSL build: support 3DES, use internal AES with OpenSSL < 0.9.7 - - - - - - Take build parameters (OpenSSL, zlib) from configure result - - - There is no need to edit the Makefile anymore. - - - - - - Remove support for libmhash and libmcrypt - - - - - - - - - - - diff --git a/doc/src/sgml/release-8.2.sgml b/doc/src/sgml/release-8.2.sgml deleted file mode 100644 index d87c5bbd46..0000000000 --- a/doc/src/sgml/release-8.2.sgml +++ /dev/null @@ -1,7077 +0,0 @@ - - - - - Release 8.2.23 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 8.2.22. - For information about new features in the 8.2 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.2.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.2.23 - - - A dump/restore is not required for those running 8.2.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 8.2.22 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 8.2.21. - For information about new features in the 8.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.2.X release series in December 2011. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.2.22 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - (Noah Misch) - - - - This fixes a very-low-probability server crash scenario. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Update configure script's method for probing existence of system - functions (Tom Lane) - - - - The version of autoconf we used in 8.3 and 8.2 could be fooled by - compilers that perform link-time optimization. - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 8.2.21 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 8.2.20. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.21 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 8.2.20 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 8.2.19. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.20 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix pg_restore's text output for large objects (BLOBs) - when standard_conforming_strings is on (Tom Lane) - - - - Although restoring directly to a database worked correctly, string - escaping was incorrect if pg_restore was asked for - SQL text output and standard_conforming_strings had been - enabled in the source database. - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 8.2.19 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.2.18. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.19 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.2.18 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.2.17. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.18 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix Windows shared-memory allocation code - (Tsutomu Yamada, Magnus Hagander) - - - - This bug led to the often-reported could not reattach to shared - memory error message. This is a back-patch of a fix that was - applied to newer branches some time ago. - - - - - - Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on - Windows (Magnus Hagander) - - - - Under high load, Windows processes will sometimes fail at startup with - this error code. Formerly the postmaster treated this as a panic - condition and restarted the whole database, but that seems to be - an overreaction. - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, - and provide additional detail in the resulting error messages - (Tom Lane) - - - - This should improve the system's robustness with corrupted indexes. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Add hstore(text, text) - function to contrib/hstore (Robert Haas) - - - - This function is the recommended substitute for the now-deprecated - => operator. It was back-patched so that future-proofed - code can be used with older server versions. Note that the patch will - be effective only after contrib/hstore is installed or - reinstalled in a particular database. Users might prefer to execute - the CREATE FUNCTION command by hand, instead. - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - Make Windows' N. Central Asia Standard Time timezone map to - Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander) - - - - Microsoft changed the DST behavior of this zone in the timezone update - from KB976098. Asia/Novosibirsk is a better match to its new behavior. - - - - - - - - - - Release 8.2.17 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.2.16. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.17 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Fix possible crash if a cache reset message is received during - rebuild of a relcache entry (Heikki) - - - - This error was introduced in 8.2.16 while fixing a related failure. - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update PL/Perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in PL/Python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Fix psql's \copy to not add spaces around - a dot within \copy (select ...) (Tom) - - - - Addition of spaces around the decimal point in a numeric literal would - result in a syntax error. - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including macOS. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Avoid possible crashes in syslogger process on Windows (Heikki) - - - - - - Deal more robustly with incomplete time zone information in the - Windows registry (Magnus) - - - - - - Update the set of known Windows time zone names (Magnus) - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - Also, add PKST (Pakistan Summer Time) to the default set of - timezone abbreviations. - - - - - - - - - - Release 8.2.16 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.2.15. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.16 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible deadlock during backend startup (Tom) - - - - - - Fix possible crashes due to not handling errors during relcache reload - cleanly (Tom) - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST - index page split (Yoichi Hirai) - - - - This would result in index corruption, or even more likely an error - during WAL replay, if we were unlucky enough to crash during - end-of-recovery cleanup after having completed an incomplete GIST - insertion. - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - Improve constraint exclusion processing of boolean-variable cases, - in particular make it possible to exclude a partition that has a - bool_column = false constraint (Tom) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix possible infinite loop if SSL_read or - SSL_write fails without setting errno (Tom) - - - - This is reportedly possible with some Windows versions of - OpenSSL. - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Make psql return the correct exit status (3) when - ON_ERROR_STOP and --single-transaction are - both specified and an error occurs during the implied COMMIT - (Bruce) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Fix possible failure when calling PL/Perl functions from PL/PerlU - or vice versa (Tim Bunce) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Make building of contrib/xml2 more robust on Windows - (Andrew) - - - - - - Fix race condition in Windows signal handling (Radu Ilie) - - - - One known symptom of this bug is that rows in pg_listener - could be dropped under heavy load. - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.2.15 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.2.14. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.15 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix incorrect logic for GiST index page splits, when the split depends - on a non-first column of the index (Paul Ramsey) - - - - - - Don't error out if recycling or removing an old WAL file fails at the - end of checkpoint (Heikki) - - - - It's better to treat the problem as non-fatal and allow the checkpoint - to complete. Future checkpoints will retry the removal. Such problems - are not expected in normal operation, but have been seen to be - caused by misdesigned Windows anti-virus and backup software. - - - - - - Ensure WAL files aren't repeatedly archived on Windows (Heikki) - - - - This is another symptom that could happen if some other process - interfered with deletion of a no-longer-needed file. - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Fix bug with calling plperl from plperlu or vice - versa (Tom) - - - - An error exit from the inner function could result in crashes due to - failure to re-select the correct Perl interpreter for the outer function. - - - - - - Fix session-lifespan memory leak when a PL/Perl function is redefined - (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update the timezone abbreviation files to match current reality (Joachim - Wieland) - - - - This includes adding IDT and SGT to the default - timezone abbreviation set. - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.2.14 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.2.13. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.14 - - - A dump/restore is not required for those running 8.2.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.2.14. - Also, if you are upgrading from a version earlier than 8.2.11, - see . - - - - - - Changes - - - - - - Force WAL segment switch during pg_start_backup() - (Heikki) - - - - This avoids corner cases that could render a base backup unusable. - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Make LOAD of an already-loaded loadable module - into a no-op (Tom) - - - - Formerly, LOAD would attempt to unload and re-load the - module, but this is unsafe and not all that useful. - - - - - - Disallow empty passwords during LDAP authentication (Magnus) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix bugs associated with fetching a whole-row value from the - output of a Sort or Materialize plan node (Tom) - - - - - - Revert planner change that disabled partial-index and constraint - exclusion optimizations when there were more than 100 clauses in - an AND or OR list (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Avoid performance degradation in bulk inserts into GIN indexes - when the input values are (nearly) in sorted order (Tom) - - - - - - Correctly enforce NOT NULL domain constraints in some contexts in - PL/pgSQL (Tom) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Make contrib/hstore throw an error when a key or - value is too long to fit in its data structure, rather than - silently truncating it (Andrew Gierth) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.2.13 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.2.12. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.13 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.11, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Fix possible failure in contrib/tsearch2 when C locale is - used with a multi-byte encoding (Teodor) - - - - Crashes were possible on platforms where wchar_t is narrower - than int; Windows in particular. - - - - - - Fix extreme inefficiency in contrib/tsearch2 parser's - handling of an email-like string containing multiple @ - characters (Heikki) - - - - - - Fix decompilation of CASE WHEN with an implicit coercion - (Tom) - - - - This mistake could lead to Assert failures in an Assert-enabled build, - or an unexpected CASE WHEN clause error message in other - cases, when trying to examine or dump a view. - - - - - - Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) - - - - If CLUSTER or a rewriting variant of ALTER TABLE - were executed by someone other than the table owner, the - pg_type entry for the table's TOAST table would end up - marked as owned by that someone. This caused no immediate problems, - since the permissions on the TOAST rowtype aren't examined by any - ordinary database operation. However, it could lead to unexpected - failures if one later tried to drop the role that issued the command - (in 8.1 or 8.2), or owner of data type appears to be invalid - warnings from pg_dump after having done so (in 8.3). - - - - - - Fix PL/pgSQL to not treat INTO after INSERT as - an INTO-variables clause anywhere in the string, not only at the start; - in particular, don't fail for INSERT INTO within - CREATE RULE (Tom) - - - - - - Clean up PL/pgSQL error status variables fully at block exit - (Ashesh Vashi and Dave Page) - - - - This is not a problem for PL/pgSQL itself, but the omission could cause - the PL/pgSQL Debugger to crash while examining the state of a function. - - - - - - Retry failed calls to CallNamedPipe() on Windows - (Steve Marshall, Magnus) - - - - It appears that this function can sometimes fail transiently; - we previously treated any failure as a hard error, which could - confuse LISTEN/NOTIFY as well as other - operations. - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.2.12 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.2.11. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.12 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.11, - see . - - - - - - Changes - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Fix possible Assert failure if a statement executed in PL/pgSQL is - rewritten into another kind of statement, for example if an - INSERT is rewritten into an UPDATE (Heikki) - - - - - - Ensure that a snapshot is available to datatype input functions (Tom) - - - - This primarily affects domains that are declared with CHECK - constraints involving user-defined stable or immutable functions. Such - functions typically fail if no snapshot has been set. - - - - - - Make it safer for SPI-using functions to be used within datatype I/O; - in particular, to be used in domain check constraints (Tom) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix a problem that made UPDATE RETURNING tableoid - return zero instead of the correct OID (Tom) - - - - - - Fix planner misestimation of selectivity when transitive equality - is applied to an outer-join clause (Tom) - - - - This could result in bad plans for queries like - ... from a left join b on a.a1 = b.b1 where a.a1 = 42 ... - - - - - - Improve optimizer's handling of long IN lists (Tom) - - - - This change avoids wasting large amounts of time on such lists - when constraint exclusion is enabled. - - - - - - Ensure that the contents of a holdable cursor don't depend on the - contents of TOAST tables (Tom) - - - - Previously, large field values in a cursor result might be represented - as TOAST pointers, which would fail if the referenced table got dropped - before the cursor is read, or if the large value is deleted and then - vacuumed away. This cannot happen with an ordinary cursor, - but it could with a cursor that is held past its creating transaction. - - - - - - Fix memory leak when a set-returning function is terminated without - reading its whole result (Tom) - - - - - - Fix contrib/dblink's - dblink_get_result(text,bool) function (Joe) - - - - - - Fix possible garbage output from contrib/sslinfo functions - (Tom) - - - - - - Fix configure script to properly report failure when - unable to obtain linkage information for PL/Perl (Andrew) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.2.11 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.2.10. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.11 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . Also, if you were running a previous - 8.2.X release, it is recommended to REINDEX all GiST - indexes after the upgrade. - - - - - - Changes - - - - - - Fix GiST index corruption due to marking the wrong index entry - dead after a deletion (Teodor) - - - - This would result in index searches failing to find rows they - should have found. Corrupted indexes can be fixed with - REINDEX. - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Improve optimization of expression IN - (expression-list) queries (Tom, per an idea from Robert - Haas) - - - - Cases in which there are query variables on the right-hand side had been - handled less efficiently in 8.2.x and 8.3.x than in prior versions. - The fix restores 8.1 behavior for such cases. - - - - - - Fix mis-expansion of rule queries when a sub-SELECT appears - in a function call in FROM, a multi-row VALUES - list, or a RETURNING list (Tom) - - - - The usual symptom of this problem is an unrecognized node type - error. - - - - - - Fix memory leak during rescan of a hashed aggregation plan (Neil) - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Prevent possible collision of relfilenode numbers - when moving a table to another tablespace with ALTER SET - TABLESPACE (Heikki) - - - - The command tried to re-use the existing filename, instead of - picking one that is known unused in the destination directory. - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - build (Ron Mayer) - - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE ROLE (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Ensure pg_control is opened in binary mode - (Itagaki Takahiro) - - - - pg_controldata and pg_resetxlog - did this incorrectly, and so could fail on Windows. - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.2.10 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.2.9. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.10 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . - - - - - - Changes - - - - - - Fix bug in btree WAL recovery code (Heikki) - - - - Recovery failed if the WAL ended partway through a page split operation. - - - - - - Fix potential miscalculation of datfrozenxid (Alvaro) - - - - This error may explain some recent reports of failure to remove old - pg_clog data. - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Fix possible duplicate output of tuples during a GiST index scan (Teodor) - - - - - - Fix missed permissions checks when a view contains a simple - UNION ALL construct (Heikki) - - - - Permissions for the referenced tables were checked properly, but not - permissions for the view itself. - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - ALTER COLUMN TYPE, followed by re-use of a previously - cached plan, could produce this type of situation. The check protects - against data corruption and/or crashes that could ensue. - - - - - - Fix possible repeated drops during DROP OWNED (Tom) - - - - This would typically result in strange errors such as cache - lookup failed for relation NNN. - - - - - - Fix AT TIME ZONE to first try to interpret its timezone - argument as a timezone abbreviation, and only try it as a full timezone - name if that fails, rather than the other way around as formerly (Tom) - - - - The timestamp input functions have always resolved ambiguous zone names - in this order. Making AT TIME ZONE do so as well improves - consistency, and fixes a compatibility bug introduced in 8.1: - in ambiguous cases we now behave the same as 8.0 and before did, - since in the older versions AT TIME ZONE accepted - only abbreviations. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Prevent integer overflows during units conversion when displaying a - configuration parameter that has units (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Allow spaces in the suffix part of an LDAP URL in - pg_hba.conf (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner bug with nested sub-select expressions (Tom) - - - - If the outer sub-select has no direct dependency on the parent query, - but the inner one does, the outer value might not get recalculated - for new parent query rows. - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/pgSQL to not fail when a FOR loop's target variable - is a record containing composite-type fields (Tom) - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - On Windows, work around a Microsoft bug by preventing - libpq from trying to send more than 64kB per system call - (Magnus) - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.2.9 - - - Release date: - 2008-06-12 - - - - This release contains one serious and one minor bug fix over 8.2.8. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.9 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - Make ALTER AGGREGATE ... OWNER TO update - pg_shdepend (Tom) - - - - This oversight could lead to problems if the aggregate was later - involved in a DROP OWNED or REASSIGN OWNED - operation. - - - - - - - - - - Release 8.2.8 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.2.7. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.8 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . - - - - - - Changes - - - - - - Fix ERRORDATA_STACK_SIZE exceeded crash that - occurred on Windows when using UTF-8 database encoding and a different - client encoding (Tom) - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix pg_get_ruledef() to show the alias, if any, attached - to the target table of an UPDATE or DELETE - (Tom) - - - - - - Fix GIN bug that could result in a too many LWLocks - taken failure (Teodor) - - - - - - Avoid possible crash when decompressing corrupted data - (Zdenek Kotala) - - - - - - Repair two places where SIGTERM exit of a backend could leave corrupted - state in shared memory (Tom) - - - - Neither case is very important if SIGTERM is used to shut down the - whole database cluster together, but there was a problem if someone - tried to SIGTERM individual backends. - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix several datatype input functions, notably array_in(), - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, and - Argentina/San_Luis) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix broken GiST comparison function for contrib/tsearch2's - tsquery type (Teodor) - - - - - - Fix possible crashes in contrib/cube functions (Tom) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS (Tom) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - - - - - Release 8.2.7 - - - Release date: - 2008-03-17 - - - - This release contains a variety of fixes from 8.2.6. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.7 - - - A dump/restore is not required for those running 8.2.X. - However, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the Windows locale - issue described below. - - - - - - Changes - - - - - - Fix character string comparison for Windows locales that consider - different character combinations as equal (Tom) - - - - This fix applies only on Windows and only when using UTF-8 - database encoding. The same fix was made for all other cases - over two years ago, but Windows with UTF-8 uses a separate code - path that was not updated. If you are using a locale that - considers some non-identical strings as equal, you may need to - REINDEX to fix existing indexes on textual columns. - - - - - - Repair potential deadlock between concurrent VACUUM FULL - operations on different system catalogs (Tom) - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Disallow LISTEN and UNLISTEN within a - prepared transaction (Tom) - - - - This was formerly allowed but trying to do it had various unpleasant - consequences, notably that the originating backend could not exit - as long as an UNLISTEN remained uncommitted. - - - - - - Disallow dropping a temporary table within a - prepared transaction (Heikki) - - - - This was correctly disallowed by 8.1, but the check was inadvertently - broken in 8.2. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix memory leaks in certain usages of set-returning functions (Neil) - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Ensure pg_stat_activity.waiting flag - is cleared when a lock wait is aborted (Tom) - - - - - - Fix handling of process permissions on Windows Vista (Dave, Magnus) - - - - In particular, this fix allows starting the server as the Administrator - user. - - - - - - Update time zone data files to tzdata release 2008a - (in particular, recent Chile changes); adjust timezone abbreviation - VET (Venezuela) to mean UTC-4:30, not UTC-4:00 (Tom) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use to defend against possible misoptimization - in recent gcc versions (Tom) - - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - - Correctly enforce statement_timeout values longer - than INT_MAX microseconds (about 35 minutes) (Tom) - - - - This bug affects only builds with . - - - - - - Fix unexpected PARAM_SUBLINK ID planner error when - constant-folding simplifies a sub-select (Tom) - - - - - - Fix logical errors in constraint-exclusion handling of IS - NULL and NOT expressions (Tom) - - - - The planner would sometimes exclude partitions that should not - have been excluded because of the possibility of NULL results. - - - - - - Fix another cause of failed to build any N-way joins - planner errors (Tom) - - - - This could happen in cases where a clauseless join needed to be - forced before a join clause could be exploited. - - - - - - Fix incorrect constant propagation in outer-join planning (Tom) - - - - The planner could sometimes incorrectly conclude that a variable - could be constrained to be equal to a constant, leading - to wrong query results. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 8.2.6 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 8.2.5, - including fixes for significant security issues. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.6 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 8.2.5 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Fix bugs in WAL replay for GIN indexes (Teodor) - - - - - - Fix GIN index build to work properly when - maintenance_work_mem is 4GB or more (Tom) - - - - - - Update time zone data files to tzdata release 2007k - (in particular, recent Argentina changes) (Tom) - - - - - - Improve planner's handling of LIKE/regex estimation in non-C locales - (Tom) - - - - - - Fix planning-speed problem for deep outer-join nests, as well as - possible poor choice of join order (Tom) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Make CREATE TABLE ... SERIAL and - ALTER SEQUENCE ... OWNED BY not change the - currval() state of the sequence (Tom) - - - - - - Preserve the tablespace and storage parameters of indexes that are - rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) - - - - - - Make archive recovery always start a new WAL timeline, rather than only - when a recovery stop time was used (Simon) - - - - This avoids a corner-case risk of trying to overwrite an existing - archived copy of the last WAL segment, and seems simpler and cleaner - than the original definition. - - - - - - Make VACUUM not use all of maintenance_work_mem - when the table is too small for it to be useful (Alvaro) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Make corr() return the correct result for negative - correlation values (Neil) - - - - - - Fix overflow in extract(epoch from interval) for intervals - exceeding 68 years (Tom) - - - - - - Fix PL/Perl to not fail when a UTF-8 regular expression is used - in a trusted function (Andrew) - - - - - - Fix PL/Perl to cope when platform's Perl defines type bool - as int rather than char (Tom) - - - - While this could theoretically happen anywhere, no standard build of - Perl did things this way ... until macOS 10.5. - - - - - - Fix PL/Python to work correctly with Python 2.5 on 64-bit machines - (Marko Kreen) - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - Fix pg_dump to correctly handle inheritance child tables - that have default expressions different from their parent's (Tom) - - - - - - Fix libpq crash when PGPASSFILE refers - to a file that is not a plain file (Martin Pitt) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/pgcrypto defend against - OpenSSL libraries that fail on keys longer than 128 - bits; which is the case at least on some Solaris versions (Marko Kreen) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - Update gettimeofday configuration check so that - PostgreSQL can be built on newer versions of - MinGW (Magnus) - - - - - - - - - - Release 8.2.5 - - - Release date: - 2007-09-17 - - - - This release contains a variety of fixes from 8.2.4. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.5 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Fix ALTER DOMAIN ADD CONSTRAINT for cases involving - domains over domains (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix some planner problems with outer joins, notably poor - size estimation for t1 LEFT JOIN t2 WHERE t2.col IS NULL - (Tom) - - - - - - Allow the interval data type to accept input consisting only of - milliseconds or microseconds (Neil) - - - - - - Allow timezone name to appear before the year in timestamp input (Tom) - - - - - - Fixes for GIN indexes used by /contrib/tsearch2 (Teodor) - - - - - - Speed up rtree index insertion (Teodor) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix logging so that log messages are never interleaved when using - the syslogger process (Andrew) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Fix incorrect handling of some foreign-key corner cases (Tom) - - - - - - Fix stddev_pop(numeric) and var_pop(numeric) (Tom) - - - - - - Prevent REINDEX and CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) - - - - - - Windows socket and semaphore improvements (Magnus) - - - - - - Make pg_ctl -w work properly in Windows service mode (Dave Page) - - - - - - Fix memory allocation bug when using MIT Kerberos on Windows (Magnus) - - - - - - Suppress timezone name (%Z) in log timestamps on Windows - because of possible encoding mismatches (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - Restrict /contrib/pgstattuple functions to superusers, for security reasons (Tom) - - - - - - Do not let /contrib/intarray try to make its GIN opclass - the default (this caused problems at dump/restore) (Tom) - - - - - - - - - - Release 8.2.4 - - - Release date: - 2007-04-23 - - - - This release contains a variety of fixes from 8.2.3, - including a security fix. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.4 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - Fix shared_preload_libraries for Windows - by forcing reload in each backend (Korry Douglas) - - - - - - Fix to_char() so it properly upper/lower cases localized day or month - names (Pavel Stehule) - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Require COMMIT PREPARED to be executed in the same - database as the transaction was prepared in (Heikki) - - - - - - Allow pg_dump to do binary backups larger than two gigabytes - on Windows (Magnus) - - - - - - New traditional (Taiwan) Chinese FAQ (Zhou Daojing) - - - - - - Prevent the statistics collector from writing to disk too frequently (Tom) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Fix bug in domains that use array types (Tom) - - - - - - Fix pg_dump so it can dump a serial column's sequence - using when not also dumping the owning table - (Tom) - - - - - - Planner fixes, including improving outer join and bitmap scan - selection logic (Tom) - - - - - - Fix possible wrong answers or crash when a PL/pgSQL function tries - to RETURN from within an EXCEPTION block - (Tom) - - - - - - Fix PANIC during enlargement of a hash index (Tom) - - - - - - Fix POSIX-style timezone specs to follow new USA DST rules (Tom) - - - - - - - - - - Release 8.2.3 - - - Release date: - 2007-02-07 - - - - This release contains two fixes from 8.2.2. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.3 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Remove overly-restrictive check for type length in constraints and - functional indexes(Tom) - - - - - - Fix optimization so MIN/MAX in subqueries can again use indexes (Tom) - - - - - - - - - - Release 8.2.2 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 8.2.1, including - a security fix. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.2 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Remove security vulnerabilities that allowed connected users - to read backend memory (Tom) - - - - The vulnerabilities involve suppressing the normal check that a SQL - function returns the data type it's declared to, and changing the - data type of a table column (CVE-2007-0555, CVE-2007-0556). These - errors can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix not-so-rare-anymore bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Fix Borland C compile scripts (L Bayuk) - - - - - - Properly handle to_char('CC') for years ending in - 00 (Tom) - - - - Year 2000 is in the twentieth century, not the twenty-first. - - - - - - /contrib/tsearch2 localization improvements (Tatsuo, Teodor) - - - - - - Fix incorrect permission check in - information_schema.key_column_usage view (Tom) - - - - The symptom is relation with OID nnnnn does not exist errors. - To get this fix without using initdb, use CREATE OR - REPLACE VIEW to install the corrected definition found in - share/information_schema.sql. Note you will need to do - this in each database. - - - - - - Improve VACUUM performance for databases with many tables (Tom) - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Fix potentially incorrect results from index searches using - ROW inequality conditions (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - Fix bogus permission denied failures occurring on Windows - due to attempts to fsync already-deleted files (Magnus, Tom) - - - - - - Fix bug that could cause the statistics collector - to hang on Windows (Magnus) - - - - This would in turn lead to autovacuum not working. - - - - - - Fix possible crashes when an already-in-use PL/pgSQL function is - updated (Tom) - - - - - - Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom) - - - - - - Fix possible errors in processing PL/pgSQL exception blocks (Tom) - - - - - - - - - - Release 8.2.1 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 8.2. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.1 - - - A dump/restore is not required for those running 8.2. - - - - - - Changes - - - - - - Fix crash with SELECT ... LIMIT ALL (also - LIMIT NULL) (Tom) - - - - - - Several /contrib/tsearch2 fixes (Teodor) - - - - - - On Windows, make log messages coming from the operating system use - ASCII encoding (Hiroshi Saito) - - - - This fixes a conversion problem when there is a mismatch between - the encoding of the operating system and database server. - - - - - - Fix Windows linking of pg_dump using - win32.mak - (Hiroshi Saito) - - - - - - Fix planner mistakes for outer join queries (Tom) - - - - - - Fix several problems in queries involving sub-SELECTs (Tom) - - - - - - Fix potential crash in SPI during subtransaction abort (Tom) - - - - This affects all PL functions since they all use SPI. - - - - - - Improve build speed of PDF documentation (Peter) - - - - - - Re-add JST (Japan) timezone abbreviation (Tom) - - - - - - Improve optimization decisions related to index scans (Tom) - - - - - - Have psql print multi-byte combining characters as - before, rather than output as \u (Tom) - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - Make pg_dumpall assume that databases have public - CONNECT privilege, when dumping from a pre-8.2 server (Tom) - - - - This preserves the previous behavior that anyone can connect to a - database if allowed by pg_hba.conf. - - - - - - - - - - Release 8.2 - - - Release date: - 2006-12-05 - - - - Overview - - - This release adds many functionality and performance improvements that - were requested by users, including: - - - - - - Query language enhancements including INSERT/UPDATE/DELETE - RETURNING, multirow VALUES lists, and - optional target-table alias in - UPDATE/DELETE - - - - - - Index creation without blocking concurrent - INSERT/UPDATE/DELETE - operations - - - - - - Many query optimization improvements, including support for - reordering outer joins - - - - - - Improved sorting performance with lower memory usage - - - - - - More efficient locking with better concurrency - - - - - - More efficient vacuuming - - - - - - Easier administration of warm standby servers - - - - - - New FILLFACTOR support for tables and indexes - - - - - - Monitoring, logging, and performance tuning additions - - - - - - More control over creating and dropping objects - - - - - - Table inheritance relationships can be defined - for and removed from pre-existing tables - - - - - - COPY TO can copy the output of an arbitrary - SELECT statement - - - - - - Array improvements, including nulls in arrays - - - - - - Aggregate-function improvements, including multiple-input - aggregates and SQL:2003 statistical functions - - - - - - Many contrib/ improvements - - - - - - - - - - - Migration to Version 8.2 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - - - - Set escape_string_warning - to on by default (Bruce) - - - - This issues a warning if backslash escapes are used in - non-escape (non-E'') - strings. - - - - - - Change the row - constructor syntax (ROW(...)) so that - list elements foo.* will be expanded to a list - of their member fields, rather than creating a nested - row type field as formerly (Tom) - - - - The new behavior is substantially more useful since it - allows, for example, triggers to check for data changes - with IF row(new.*) IS DISTINCT FROM row(old.*). - The old behavior is still available by omitting .*. - - - - - - Make row comparisons - follow SQL standard semantics and allow them - to be used in index scans (Tom) - - - - Previously, row = and <> comparisons followed the - standard but < <= > >= did not. A row comparison - can now be used as an index constraint for a multicolumn - index matching the row value. - - - - - - Make row IS NOT NULL - tests follow SQL standard semantics (Tom) - - - - The former behavior conformed to the standard for simple cases - with IS NULL, but IS NOT NULL would return - true if any row field was non-null, whereas the standard says it - should return true only when all fields are non-null. - - - - - - Make SET - CONSTRAINT affect only one constraint (Kris Jurka) - - - - In previous releases, SET CONSTRAINT modified - all constraints with a matching name. In this release, - the schema search path is used to modify only the first - matching constraint. A schema specification is also - supported. This more nearly conforms to the SQL standard. - - - - - - Remove RULE permission for tables, for security reasons - (Tom) - - - - As of this release, only a table's owner can create or modify - rules for the table. For backwards compatibility, - GRANT/REVOKE RULE is still accepted, - but it does nothing. - - - - - - Array comparison improvements (Tom) - - - - Now array dimensions are also compared. - - - - - - Change array concatenation - to match documented behavior (Tom) - - - - This changes the previous behavior where concatenation - would modify the array lower bound. - - - - - - Make command-line options of postmaster - and postgres - identical (Peter) - - - - This allows the postmaster to pass arguments to each backend - without using -o. Note that some options are now - only available as long-form options, because there were conflicting - single-letter options. - - - - - - Deprecate use of postmaster symbolic link (Peter) - - - - postmaster and postgres - commands now act identically, with the behavior determined - by command-line options. The postmaster symbolic link is - kept for compatibility, but is not really needed. - - - - - - Change log_duration - to output even if the query is not output (Tom) - - - - In prior releases, log_duration only printed if - the query appeared earlier in the log. - - - - - - Make to_char(time) - and to_char(interval) - treat HH and HH12 as 12-hour - intervals - - - - Most applications should use HH24 unless they - want a 12-hour display. - - - - - - Zero unmasked bits in conversion from INET to CIDR (Tom) - - - - This ensures that the converted value is actually valid for - CIDR. - - - - - - Remove australian_timezones configuration variable - (Joachim Wieland) - - - - This variable has been superseded by a more general facility - for configuring timezone abbreviations. - - - - - - Improve cost estimation for nested-loop index scans (Tom) - - - - This might eliminate the need to set unrealistically small - values of random_page_cost. - If you have been using a very small random_page_cost, - please recheck your test cases. - - - - - - Change behavior of pg_dump -n and - -t options. (Greg Sabino Mullane) - - - See the pg_dump manual page for details. - - - - - - Change libpq - PQdsplen() to return a useful value (Martijn - van Oosterhout) - - - - - - Declare libpq - PQgetssl() as returning void *, - rather than SSL * (Martijn van Oosterhout) - - - - This allows applications to use the function without including - the OpenSSL headers. - - - - - - C-language loadable modules must now include a - PG_MODULE_MAGIC - macro call for version compatibility checking - (Martijn van Oosterhout) - - - - - - For security's sake, modules used by a PL/PerlU function are no - longer available to PL/Perl functions (Andrew) - - - - This also implies that data can no longer be shared between a PL/Perl - function and a PL/PerlU function. - Some Perl installations have not been compiled with the correct flags - to allow multiple interpreters to exist within a single process. - In this situation PL/Perl and PL/PerlU cannot both be used in a - single backend. The solution is to get a Perl installation which - supports multiple interpreters. - - - - - - - In contrib/xml2/, rename xml_valid() to - xml_is_well_formed() (Tom) - - - - xml_valid() will remain for backward compatibility, - but its behavior will change to do schema checking in a future - release. - - - - - - Remove contrib/ora2pg/, now at - - - - - - Remove contrib modules that have been migrated to PgFoundry: - adddepend, dbase, dbmirror, - fulltextindex, mac, userlock - - - - - - Remove abandoned contrib modules: - mSQL-interface, tips - - - - - - Remove QNX and BEOS ports (Bruce) - - - - These ports no longer had active maintainers. - - - - - - - - Changes - - - Below you will find a detailed account of the - changes between PostgreSQL 8.2 and - the previous major release. - - - - Performance Improvements - - - - - Allow the planner to reorder outer - joins in some circumstances (Tom) - - - - In previous releases, outer joins would always be evaluated in - the order written in the query. This change allows the - query optimizer to consider reordering outer joins, in cases where - it can determine that the join order can be changed without - altering the meaning of the query. This can make a - considerable performance difference for queries involving - multiple outer joins or mixed inner and outer joins. - - - - - - Improve efficiency of IN - (list-of-expressions) clauses (Tom) - - - - - - Improve sorting speed and reduce memory usage (Simon, Tom) - - - - - - Improve subtransaction performance (Alvaro, Itagaki Takahiro, - Tom) - - - - - - Add FILLFACTOR to table and index creation (ITAGAKI - Takahiro) - - - - This leaves extra free space in each table or index page, - allowing improved performance as the database grows. This - is particularly valuable to maintain clustering. - - - - - - Increase default values for shared_buffers - and max_fsm_pages - (Andrew) - - - - - - Improve locking performance by breaking the lock manager tables into - sections - (Tom) - - - - This allows locking to be more fine-grained, reducing - contention. - - - - - - Reduce locking requirements of sequential scans (Qingqing - Zhou) - - - - - - Reduce locking required for database creation and destruction - (Tom) - - - - - - Improve the optimizer's selectivity estimates for LIKE, ILIKE, and - regular expression - operations (Tom) - - - - - - Improve planning of joins to inherited - tables and UNION - ALL views (Tom) - - - - - - Allow constraint - exclusion to be applied to inherited UPDATE and - DELETE queries (Tom) - - - - SELECT already honored constraint exclusion. - - - - - - Improve planning of constant WHERE clauses, such as - a condition that depends only on variables inherited from an - outer query level (Tom) - - - - - - Protocol-level unnamed prepared statements are re-planned - for each set of BIND values (Tom) - - - - This improves performance because the exact parameter values - can be used in the plan. - - - - - - Speed up vacuuming of B-Tree indexes (Heikki Linnakangas, - Tom) - - - - - - Avoid extra scan of tables without indexes during VACUUM (Greg Stark) - - - - - - Improve multicolumn GiST - indexing (Oleg, Teodor) - - - - - - Remove dead index entries before B-Tree page split (Junji - Teramoto) - - - - - - - - - Server Changes - - - - - Allow a forced switch to a new transaction log file (Simon, Tom) - - - - This is valuable for keeping warm standby slave servers - in sync with the master. Transaction log file switching now also happens - automatically during pg_stop_backup(). - This ensures that all - transaction log files needed for recovery can be archived immediately. - - - - - - Add WAL informational functions (Simon) - - - - Add functions for interrogating the current transaction log insertion - point and determining WAL filenames from the - hex WAL locations displayed by pg_stop_backup() - and related functions. - - - - - - Improve recovery from a crash during WAL replay (Simon) - - - - The server now does periodic checkpoints during WAL - recovery, so if there is a crash, future WAL - recovery is shortened. This also eliminates the need for - warm standby servers to replay the entire log since the - base backup if they crash. - - - - - - Improve reliability of long-term WAL replay - (Heikki, Simon, Tom) - - - - Formerly, trying to roll forward through more than 2 billion - transactions would not work due to XID wraparound. This meant - warm standby servers had to be reloaded - from fresh base backups periodically. - - - - - - Add archive_timeout - to force transaction log file switches at a given interval (Simon) - - - - This enforces a maximum replication delay for warm standby servers. - - - - - - Add native LDAP - authentication (Magnus Hagander) - - - - This is particularly useful for platforms that do not - support PAM, such as Windows. - - - - - - Add GRANT - CONNECT ON DATABASE (Gevik Babakhani) - - - - This gives SQL-level control over database access. It works as - an additional filter on top of the existing - pg_hba.conf - controls. - - - - - - Add support for SSL - Certificate Revocation List (CRL) files - (Libor Hohoš) - - - - The server and libpq both recognize CRL - files now. - - - - - - GiST indexes are - now clusterable (Teodor) - - - - - - Remove routine autovacuum server log entries (Bruce) - - - - pg_stat_activity - now shows autovacuum activity. - - - - - - Track maximum XID age within individual tables, instead of whole databases (Alvaro) - - - - This reduces the overhead involved in preventing transaction - ID wraparound, by avoiding unnecessary VACUUMs. - - - - - - Add last vacuum and analyze timestamp columns to the stats - collector (Larry Rosenman) - - - - These values now appear in the pg_stat_*_tables - system views. - - - - - - Improve performance of statistics monitoring, especially - stats_command_string - (Tom, Bruce) - - - - This release enables stats_command_string by - default, now that its overhead is minimal. This means - pg_stat_activity - will now show all active queries by default. - - - - - - Add a waiting column to pg_stat_activity - (Tom) - - - - This allows pg_stat_activity to show all the - information included in the ps display. - - - - - - Add configuration parameter update_process_title - to control whether the ps display is updated - for every command (Bruce) - - - - On platforms where it is expensive to update the ps - display, it might be worthwhile to turn this off and rely solely on - pg_stat_activity for status information. - - - - - - Allow units to be specified in configuration settings - (Peter) - - - - For example, you can now set shared_buffers - to 32MB rather than mentally converting sizes. - - - - - - Add support for include - directives in postgresql.conf (Joachim - Wieland) - - - - - - Improve logging of protocol-level prepare/bind/execute - messages (Bruce, Tom) - - - - Such logging now shows statement names, bind parameter - values, and the text of the query being executed. Also, - the query text is properly included in logged error messages - when enabled by log_min_error_statement. - - - - - - Prevent max_stack_depth - from being set to unsafe values - - - - On platforms where we can determine the actual kernel stack depth - limit (which is most), make sure that the initial default value of - max_stack_depth is safe, and reject attempts to set it - to unsafely large values. - - - - - - Enable highlighting of error location in query in more - cases (Tom) - - - - The server is now able to report a specific error location for - some semantic errors (such as unrecognized column name), rather - than just for basic syntax errors as before. - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Clean out pg_internal.init cache files during server - restart (Simon) - - - - This avoids a hazard that the cache files might contain stale - data after PITR recovery. - - - - - - Fix race condition for truncation of a large relation across a - gigabyte boundary by VACUUM (Tom) - - - - - - Fix bug causing needless deadlock errors on row-level locks (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Each backend process is now its own process group leader (Tom) - - - - This allows query cancel to abort subprocesses invoked from a - backend or archive/recovery process. - - - - - - - - - Query Changes - - - - - Add INSERT/UPDATE/DELETE - RETURNING (Jonah Harris, Tom) - - - - This allows these commands to return values, such as the - computed serial key for a new row. In the UPDATE - case, values from the updated version of the row are returned. - - - - - - Add support for multiple-row VALUES clauses, - per SQL standard (Joe, Tom) - - - - This allows INSERT to insert multiple rows of - constants, or queries to generate result sets using constants. - For example, INSERT ... VALUES (...), (...), - ...., and SELECT * FROM (VALUES (...), (...), - ....) AS alias(f1, ...). - - - - - - Allow UPDATE - and DELETE - to use an alias for the target table (Atsushi Ogawa) - - - - The SQL standard does not permit an alias in these commands, but - many database systems allow one anyway for notational convenience. - - - - - - Allow UPDATE - to set multiple columns with a list of values (Susanne - Ebrecht) - - - - This is basically a short-hand for assigning the columns - and values in pairs. The syntax is UPDATE tab - SET (column, ...) = (val, ...). - - - - - - Make row comparisons work per standard (Tom) - - - - The forms <, <=, >, >= now compare rows lexicographically, - that is, compare the first elements, if equal compare the second - elements, and so on. Formerly they expanded to an AND condition - across all the elements, which was neither standard nor very useful. - - - - - - Add CASCADE - option to TRUNCATE (Joachim Wieland) - - - - This causes TRUNCATE to automatically include all tables - that reference the specified table(s) via foreign keys. While - convenient, this is a dangerous tool — use with caution! - - - - - - Support FOR UPDATE and FOR SHARE - in the same SELECT - command (Tom) - - - - - - Add IS NOT - DISTINCT FROM (Pavel Stehule) - - - - This operator is similar to equality (=), but - evaluates to true when both left and right operands are - NULL, and to false when just one is, rather than - yielding NULL in these cases. - - - - - - Improve the length output used by UNION/INTERSECT/EXCEPT - (Tom) - - - - When all corresponding columns are of the same defined length, that - length is used for the result, rather than a generic length. - - - - - - Allow ILIKE - to work for multi-byte encodings (Tom) - - - - Internally, ILIKE now calls lower() - and then uses LIKE. Locale-specific regular - expression patterns still do not work in these encodings. - - - - - - Enable standard_conforming_strings - to be turned on (Kevin Grittner) - - - - This allows backslash escaping in strings to be disabled, - making PostgreSQL more - standards-compliant. The default is off for backwards - compatibility, but future releases will default this to on. - - - - - - Do not flatten subqueries that contain volatile - functions in their target lists (Jaime Casanova) - - - - This prevents surprising behavior due to multiple evaluation - of a volatile function (such as random() - or nextval()). It might cause performance - degradation in the presence of functions that are unnecessarily - marked as volatile. - - - - - - Add system views pg_prepared_statements - and pg_cursors - to show prepared statements and open cursors (Joachim Wieland, Neil) - - - - These are very useful in pooled connection setups. - - - - - - Support portal parameters in EXPLAIN and EXECUTE (Tom) - - - - This allows, for example, JDBC ? parameters to - work in these commands. - - - - - - If SQL-level PREPARE parameters - are unspecified, infer their types from the content of the - query (Neil) - - - - Protocol-level PREPARE already did this. - - - - - - Allow LIMIT and OFFSET to exceed - two billion (Dhanaraj M) - - - - - - - - - Object Manipulation Changes - - - - - Add TABLESPACE clause to CREATE TABLE AS - (Neil) - - - - This allows a tablespace to be specified for the new table. - - - - - - Add ON COMMIT clause to CREATE TABLE AS - (Neil) - - - - This allows temporary tables to be truncated or dropped on - transaction commit. The default behavior is for the table - to remain until the session ends. - - - - - - Add INCLUDING CONSTRAINTS to CREATE TABLE LIKE - (Greg Stark) - - - - This allows easy copying of CHECK constraints to a new - table. - - - - - - Allow the creation of placeholder (shell) types (Martijn van Oosterhout) - - - - A shell type declaration creates a type name, without specifying - any of the details of the type. Making a shell type is useful - because it allows cleaner declaration of the type's input/output - functions, which must exist before the type can be defined for - real. The syntax is CREATE TYPE typename. - - - - - - Aggregate functions - now support multiple input parameters (Sergey Koposov, Tom) - - - - - - Add new aggregate creation syntax (Tom) - - - - The new syntax is CREATE AGGREGATE - aggname (input_type) - (parameter_list). This more - naturally supports the new multi-parameter aggregate - functionality. The previous syntax is still supported. - - - - - - Add ALTER ROLE PASSWORD NULL - to remove a previously set role password (Peter) - - - - - - Add DROP object IF EXISTS for many - object types (Andrew) - - - - This allows DROP operations on non-existent - objects without generating an error. - - - - - - Add DROP OWNED - to drop all objects owned by a role (Alvaro) - - - - - - Add REASSIGN - OWNED to reassign ownership of all objects owned - by a role (Alvaro) - - - - This, and DROP OWNED above, facilitate dropping - roles. - - - - - - Add GRANT ON SEQUENCE - syntax (Bruce) - - - - This was added for setting sequence-specific permissions. - GRANT ON TABLE for sequences is still supported - for backward compatibility. - - - - - - Add USAGE - permission for sequences that allows only currval() - and nextval(), not setval() - (Bruce) - - - - USAGE permission allows more fine-grained - control over sequence access. Granting USAGE - allows users to increment - a sequence, but prevents them from setting the sequence to - an arbitrary value using setval(). - - - - - - Add ALTER TABLE - [ NO ] INHERIT (Greg Stark) - - - - This allows inheritance to be adjusted dynamically, rather than - just at table creation and destruction. This is very valuable - when using inheritance to implement table partitioning. - - - - - - Allow comments on global - objects to be stored globally (Kris Jurka) - - - - Previously, comments attached to databases were stored in individual - databases, making them ineffective, and there was no provision - at all for comments on roles or tablespaces. This change adds a new - shared catalog pg_shdescription - and stores comments on databases, roles, and tablespaces therein. - - - - - - - - - Utility Command Changes - - - - - Add option to allow indexes to be created without blocking - concurrent writes to the table (Greg Stark, Tom) - - - - The new syntax is CREATE - INDEX CONCURRENTLY. The default behavior is - still to block table modification while an index is being - created. - - - - - - Provide advisory - locking functionality (Abhijit Menon-Sen, Tom) - - - - This is a new locking API designed to replace what used to be - in /contrib/userlock. The userlock code is now on pgfoundry. - - - - - - Allow COPY to - dump a SELECT query (Zoltan Boszormenyi, Karel - Zak) - - - - This allows COPY to dump arbitrary SQL - queries. The syntax is COPY (SELECT ...) TO. - - - - - - Make the COPY - command return a command tag that includes the number of - rows copied (Volkan YAZICI) - - - - - - Allow VACUUM - to expire rows without being affected by other concurrent - VACUUM operations (Hannu Krossing, Alvaro, Tom) - - - - - - Make initdb - detect the operating system locale and set the default - DateStyle accordingly (Peter) - - - - This makes it more likely that the installed - postgresql.conf DateStyle value will - be as desired. - - - - - - Reduce number of progress messages displayed by initdb (Tom) - - - - - - - - - Date/Time Changes - - - - - Allow full timezone names in timestamp input values - (Joachim Wieland) - - - - For example, '2006-05-24 21:11 - America/New_York'::timestamptz. - - - - - - Support configurable timezone abbreviations (Joachim Wieland) - - - - A desired set of timezone abbreviations can be chosen via the - configuration parameter timezone_abbreviations. - - - - - - Add pg_timezone_abbrevs - and pg_timezone_names - views to show supported timezones (Magnus Hagander) - - - - - - Add clock_timestamp(), - statement_timestamp(), - and transaction_timestamp() - (Bruce) - - - - clock_timestamp() is the current wall-clock time, - statement_timestamp() is the time the current - statement arrived at the server, and - transaction_timestamp() is an alias for - now(). - - - - - - Allow to_char() - to print localized month and day names (Euler Taveira de - Oliveira) - - - - - - Allow to_char(time) - and to_char(interval) - to output AM/PM specifications - (Bruce) - - - - Intervals and times are treated as 24-hour periods, e.g. - 25 hours is considered AM. - - - - - - Add new function justify_interval() - to adjust interval units (Mark Dilger) - - - - - - Allow timezone offsets up to 14:59 away from GMT - - - - Kiribati uses GMT+14, so we'd better accept that. - - - - - - Interval computation improvements (Michael Glaesemann, Bruce) - - - - - - - - - Other Data Type and Function Changes - - - - - Allow arrays to contain NULL elements (Tom) - - - - - - Allow assignment to array elements not contiguous with the existing - entries (Tom) - - - - The intervening array positions will be filled with nulls. - This is per SQL standard. - - - - - - New built-in operators - for array-subset comparisons (@>, - <@, &&) (Teodor, Tom) - - - - These operators can be indexed for many data types using - GiST or GIN indexes. - - - - - - Add convenient arithmetic operations on - INET/CIDR values (Stephen R. van den - Berg) - - - - The new operators are & (and), | - (or), ~ (not), inet + int8, - inet - int8, and - inet - inet. - - - - - - Add new aggregate functions - from SQL:2003 (Neil) - - - - The new functions are var_pop(), - var_samp(), stddev_pop(), and - stddev_samp(). var_samp() and - stddev_samp() are merely renamings of the - existing aggregates variance() and - stddev(). The latter names remain available - for backward compatibility. - - - - - - Add SQL:2003 statistical aggregates - (Sergey Koposov) - - - - New functions: regr_intercept(), - regr_slope(), regr_r2(), - corr(), covar_samp(), - covar_pop(), regr_avgx(), - regr_avgy(), regr_sxy(), - regr_sxx(), regr_syy(), - regr_count(). - - - - - - Allow domains to be - based on other domains (Tom) - - - - - - Properly enforce domain CHECK constraints - everywhere (Neil, Tom) - - - - For example, the result of a user-defined function that is - declared to return a domain type is now checked against the - domain's constraints. This closes a significant hole in the domain - implementation. - - - - - - Fix problems with dumping renamed SERIAL columns - (Tom) - - - - The fix is to dump a SERIAL column by explicitly - specifying its DEFAULT and sequence elements, - and reconstructing the SERIAL column on reload - using a new ALTER - SEQUENCE OWNED BY command. This also allows - dropping a SERIAL column specification. - - - - - - Add a server-side sleep function pg_sleep() - (Joachim Wieland) - - - - - - Add all comparison operators for the tid (tuple id) data - type (Mark Kirkwood, Greg Stark, Tom) - - - - - - - - - PL/pgSQL Server-Side Language Changes - - - - - Add TG_table_name and TG_table_schema to - trigger parameters (Andrew) - - - - TG_relname is now deprecated. Comparable - changes have been made in the trigger parameters for the other - PLs as well. - - - - - - Allow FOR statements to return values to scalars - as well as records and row types (Pavel Stehule) - - - - - - Add a BY clause to the FOR loop, - to control the iteration increment (Jaime Casanova) - - - - - - Add STRICT to SELECT - INTO (Matt Miller) - - - - STRICT mode throws an exception if more or less - than one row is returned by the SELECT, for - Oracle PL/SQL compatibility. - - - - - - - - - PL/Perl Server-Side Language Changes - - - - - Add table_name and table_schema to - trigger parameters (Adam Sjøgren) - - - - - - Add prepared queries (Dmitry Karasik) - - - - - - Make $_TD trigger data a global variable (Andrew) - - - - Previously, it was lexical, which caused unexpected sharing - violations. - - - - - - Run PL/Perl and PL/PerlU in separate interpreters, for security - reasons (Andrew) - - - In consequence, they can no longer share data nor loaded modules. - Also, if Perl has not been compiled with the requisite flags to - allow multiple interpreters, only one of these languages can be used - in any given backend process. - - - - - - - - - PL/Python Server-Side Language Changes - - - - - Named parameters are passed as ordinary variables, as well as in the - args[] array (Sven Suursoho) - - - - - - Add table_name and table_schema to - trigger parameters (Andrew) - - - - - - Allow returning of composite types and result sets (Sven Suursoho) - - - - - - Return result-set as list, iterator, - or generator (Sven Suursoho) - - - - - - Allow functions to return void (Neil) - - - - - - Python 2.5 is now supported (Tom) - - - - - - - - - <link linkend="app-psql"><application>psql</application></link> Changes - - - - - Add new command \password for changing role - password with client-side password encryption (Peter) - - - - - - Allow \c to connect to a new host and port - number (David, Volkan YAZICI) - - - - - - Add tablespace display to \l+ (Philip Yarra) - - - - - - Improve \df slash command to include the argument - names and modes (OUT or INOUT) of - the function (David Fetter) - - - - - - Support binary COPY (Andreas Pflug) - - - - - - Add option to run the entire session in a single transaction - (Simon) - - - - Use option -1 or --single-transaction. - - - - - - Support for automatically retrieving SELECT - results in batches using a cursor (Chris Mair) - - - - This is enabled using \set FETCH_COUNT - n. This - feature allows large result sets to be retrieved in - psql without attempting to buffer the entire - result set in memory. - - - - - - Make multi-line values align in the proper column - (Martijn van Oosterhout) - - - - Field values containing newlines are now displayed in a more - readable fashion. - - - - - - Save multi-line statements as a single entry, rather than - one line at a time (Sergey E. Koposov) - - - - This makes up-arrow recall of queries easier. (This is - not available on Windows, because that platform uses the native - command-line editing present in the operating system.) - - - - - - Make the line counter 64-bit so it can handle files with more - than two billion lines (David Fetter) - - - - - - Report both the returned data and the command status tag - for INSERT/UPDATE/DELETE - RETURNING (Tom) - - - - - - - - - <link linkend="app-pgdump"><application>pg_dump</application></link> Changes - - - - - Allow complex selection of objects to be included or excluded - by pg_dump (Greg Sabino Mullane) - - - - pg_dump now supports multiple -n - (schema) and -t (table) options, and adds - -N and -T options to exclude objects. - Also, the arguments of these switches can now be wild-card expressions - rather than single object names, for example - -t 'foo*', and a schema can be part of - a -t or -T switch, for example - -t schema1.table1. - - - - - - Add pg_restore - --no-data-for-failed-tables option to suppress - loading data if table creation failed (i.e., the table already - exists) (Martin Pitt) - - - - - - Add pg_restore - option to run the entire session in a single transaction - (Simon) - - - - Use option -1 or --single-transaction. - - - - - - - - - <link linkend="libpq"><application>libpq</application></link> Changes - - - - - Add PQencryptPassword() - to encrypt passwords (Tom) - - - - This allows passwords to be sent pre-encrypted for commands - like ALTER ROLE ... - PASSWORD. - - - - - - Add function PQisthreadsafe() - (Bruce) - - - - This allows applications to query the thread-safety status - of the library. - - - - - - Add PQdescribePrepared(), - PQdescribePortal(), - and related functions to return information about previously - prepared statements and open cursors (Volkan YAZICI) - - - - - - Allow LDAP lookups - from pg_service.conf - (Laurenz Albe) - - - - - - Allow a hostname in ~/.pgpass - to match the default socket directory (Bruce) - - - - A blank hostname continues to match any Unix-socket connection, - but this addition allows entries that are specific to one of - several postmasters on the machine. - - - - - - - - - <link linkend="ecpg"><application>ecpg</application></link> Changes - - - - - Allow SHOW to - put its result into a variable (Joachim Wieland) - - - - - - Add COPY TO STDOUT - (Joachim Wieland) - - - - - - Add regression tests (Joachim Wieland, Michael) - - - - - - Major source code cleanups (Joachim Wieland, Michael) - - - - - - - - - <application>Windows</application> Port - - - - - Allow MSVC to compile the PostgreSQL - server (Magnus, Hiroshi Saito) - - - - - - Add MSVC support for utility commands and pg_dump (Hiroshi - Saito) - - - - - - Add support for Windows code pages 1253, - 1254, 1255, and 1257 - (Kris Jurka) - - - - - - Drop privileges on startup, so that the server can be started from - an administrative account (Magnus) - - - - - - Stability fixes (Qingqing Zhou, Magnus) - - - - - - Add native semaphore implementation (Qingqing Zhou) - - - - The previous code mimicked SysV semaphores. - - - - - - - - - Source Code Changes - - - - - Add GIN (Generalized - Inverted iNdex) index access method (Teodor, Oleg) - - - - - - Remove R-tree indexing (Tom) - - - - Rtree has been re-implemented using GiST. Among other - differences, this means that rtree indexes now have support - for crash recovery via write-ahead logging (WAL). - - - - - - Reduce libraries needlessly linked into the backend (Martijn - van Oosterhout, Tom) - - - - - - Add a configure flag to allow libedit to be preferred over - GNU readline (Bruce) - - - - Use configure --with-libedit-preferred. - - - - - - Allow installation into directories containing spaces - (Peter) - - - - - - Improve ability to relocate installation directories (Tom) - - - - - - Add support for Solaris x86_64 using the - Solaris compiler (Pierre Girard, Theo - Schlossnagle, Bruce) - - - - - - Add DTrace support (Robert Lor) - - - - - - Add PG_VERSION_NUM for use by third-party - applications wanting to test the backend version in C using > - and < comparisons (Bruce) - - - - - - Add XLOG_BLCKSZ as independent from BLCKSZ - (Mark Wong) - - - - - - Add LWLOCK_STATS define to report locking - activity (Tom) - - - - - - Emit warnings for unknown configure options - (Martijn van Oosterhout) - - - - - - Add server support for plugin libraries - that can be used for add-on tasks such as debugging and performance - measurement (Korry Douglas) - - - - This consists of two features: a table of rendezvous - variables that allows separately-loaded shared libraries to - communicate, and a new configuration parameter local_preload_libraries - that allows libraries to be loaded into specific sessions without - explicit cooperation from the client application. This allows - external add-ons to implement features such as a PL/pgSQL debugger. - - - - - - Rename existing configuration parameter - preload_libraries to shared_preload_libraries - (Tom) - - - - This was done for clarity in comparison to - local_preload_libraries. - - - - - - Add new configuration parameter server_version_num - (Greg Sabino Mullane) - - - - This is like server_version, but is an - integer, e.g. 80200. This allows applications to - make version checks more easily. - - - - - - Add a configuration parameter seq_page_cost - (Tom) - - - - - - Re-implement the regression test script as a C program - (Magnus, Tom) - - - - - - Allow loadable modules to allocate shared memory and - lightweight locks (Marc Munro) - - - - - - Add automatic initialization and finalization of dynamically - loaded libraries (Ralf Engelschall, Tom) - - - - New functions - _PG_init() and _PG_fini() are - called if the library defines such symbols. Hence we no - longer need to specify an initialization function in - shared_preload_libraries; we can assume that - the library used the _PG_init() convention - instead. - - - - - - Add PG_MODULE_MAGIC - header block to all shared object files (Martijn van - Oosterhout) - - - - The magic block prevents version mismatches between loadable object - files and servers. - - - - - - Add shared library support for AIX (Laurenz Albe) - - - - - - New XML - documentation section (Bruce) - - - - - - - - - Contrib Changes - - - - - Major tsearch2 improvements (Oleg, Teodor) - - - - - - - multibyte encoding support, including UTF8 - - - - - query rewriting support - - - - - improved ranking functions - - - - - thesaurus dictionary support - - - - - Ispell dictionaries now recognize MySpell - format, used by OpenOffice - - - - - GIN support - - - - - - - - - - Add adminpack module containing Pgadmin administration - functions (Dave) - - - - These functions provide additional file system access - routines not present in the default PostgreSQL - server. - - - - - - Add sslinfo module (Victor Wagner) - - - - Reports information about the current connection's SSL - certificate. - - - - - - Add pgrowlocks module (Tatsuo) - - - - This shows row locking information for a specified table. - - - - - - Add hstore module (Oleg, Teodor) - - - - - - Add isn module, replacing isbn_issn (Jeremy Kronuz) - - - - This new implementation supports EAN13, UPC, - ISBN (books), ISMN (music), and - ISSN (serials). - - - - - - Add index information functions to pgstattuple (ITAGAKI Takahiro, - Satoshi Nagayasu) - - - - - - Add pg_freespacemap module to display free space map information - (Mark Kirkwood) - - - - - - pgcrypto now has all planned functionality (Marko Kreen) - - - - - Include iMath library in pgcrypto to have the public-key encryption - functions always available. - - - - - Add SHA224 algorithm that was missing in OpenBSD code. - - - - - Activate builtin code for SHA224/256/384/512 hashes on older - OpenSSL to have those algorithms always available. - - - - - New function gen_random_bytes() that returns cryptographically strong - randomness. Useful for generating encryption keys. - - - - - Remove digest_exists(), hmac_exists() and cipher_exists() functions. - - - - - - - - Improvements to cube module (Joshua Reich) - - - - New functions are cube(float[]), - cube(float[], float[]), and - cube_subset(cube, int4[]). - - - - - - Add async query capability to dblink (Kai Londenberg, - Joe Conway) - - - - - - New operators for array-subset comparisons (@>, - <@, &&) (Tom) - - - - Various contrib packages already had these operators for their - datatypes, but the naming wasn't consistent. We have now added - consistently named array-subset comparison operators to the core code - and all the contrib packages that have such functionality. - (The old names remain available, but are deprecated.) - - - - - - Add uninstall scripts for all contrib packages that have install - scripts (David, Josh Drake) - - - - - - - - - diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml deleted file mode 100644 index 021922966b..0000000000 --- a/doc/src/sgml/release-8.3.sgml +++ /dev/null @@ -1,8549 +0,0 @@ - - - - - Release 8.3.23 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 8.3.22. - For information about new features in the 8.3 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.3.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.3.23 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 8.3.22 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 8.3.21. - For information about new features in the 8.3 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.3.X release series in February 2013. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.3.22 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to the precheck logic for a foreign-key enforcement - trigger. That could result in a crash, or in an incorrect decision - about whether to fire the trigger. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in mode as well as the regular COPY mode. - - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 8.3.21 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 8.3.20. - For information about new features in the 8.3 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.3.X release series in February 2013. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.3.21 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 8.3.20 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 8.3.19. - For information about new features in the 8.3 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.3.X release series in February 2013. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.3.20 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Back-patch 9.1 improvement to compress the fsync request queue - (Robert Haas) - - - - This improves performance during checkpoints. The 9.1 change - has now seen enough field testing to seem safe to back-patch. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 8.3.19 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 8.3.18. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.19 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 8.3.18 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 8.3.17. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.18 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - or options fail when - using pg_restore from a release dated September or - December 2011, as a result of an oversight in a fix for another - problem. The archive file itself is not at fault, and text-mode - output is okay. - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use option when building with - gcc versions that accept it (Andrew Dunstan) - - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - - - - - Release 8.3.17 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 8.3.16. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.17 - - - A dump/restore is not required for those running 8.3.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 8.3.16 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 8.3.15. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.16 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane) - - - - These bugs could result in index corruption after reindexing a system - catalog. They are not believed to affect user indexes. - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Fix possible buffer overrun in tsvector_concat() - (Tom Lane) - - - - The function could underestimate the amount of memory needed for its - result, leading to server crashes. - - - - - - Fix crash in xml_recv when processing a - standalone parameter (Tom Lane) - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - and in SJIS-2004 encoding conversion (Noah Misch) - - - - This fixes some very-low-probability server crash scenarios. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix cases where CLUSTER might attempt to access - already-removed TOAST data (Tom Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari, - Magnus Hagander) - - - - The typical symptom of this problem was The function requested is - not supported errors during SSPI login. - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - In pg_ctl, support silent mode for service registrations - on Windows (MauMau) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Improve libpq's error reporting for SSL failures (Tom - Lane) - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - In ecpglib, be sure LC_NUMERIC setting is - restored after an error (Michael Meskes) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Update configure script's method for probing existence of system - functions (Tom Lane) - - - - The version of autoconf we used in 8.3 and 8.2 could be fooled by - compilers that perform link-time optimization. - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 8.3.15 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 8.3.14. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.15 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Disallow including a composite type in itself (Tom Lane) - - - - This prevents scenarios wherein the server could recurse infinitely - while processing the composite type. While there are some possible - uses for such a structure, they don't seem compelling enough to - justify the effort required to make sure it always works safely. - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Fix version-incompatibility problem with libintl on - Windows (Hiroshi Inoue) - - - - - - Fix usage of xcopy in Windows build scripts to - work correctly under Windows 7 (Andrew Dunstan) - - - - This affects the build scripts only, not installation or usage. - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 8.3.14 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 8.3.13. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.14 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix pg_restore's text output for large objects (BLOBs) - when standard_conforming_strings is on (Tom Lane) - - - - Although restoring directly to a database worked correctly, string - escaping was incorrect if pg_restore was asked for - SQL text output and standard_conforming_strings had been - enabled in the source database. - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 8.3.13 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.3.12. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.13 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Fix persistent slowdown of autovacuum workers when multiple workers - remain active for a long time (Tom Lane) - - - - The effective vacuum_cost_limit for an autovacuum worker - could drop to nearly zero if it processed enough tables, causing it - to run extremely slowly. - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Fix postmaster crash when connection acceptance - (accept() or one of the calls made immediately after it) - fails, and the postmaster was compiled with GSSAPI support (Alexander - Chernikov) - - - - - - Fix missed unlink of temporary files when log_temp_files - is active (Tom Lane) - - - - If an error occurred while attempting to emit the log message, the - unlink was not done, resulting in accumulation of temp files. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.3.12 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.3.11. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.12 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on - Windows (Magnus Hagander) - - - - Under high load, Windows processes will sometimes fail at startup with - this error code. Formerly the postmaster treated this as a panic - condition and restarted the whole database, but that seems to be - an overreaction. - - - - - - Fix incorrect usage of non-strict OR joinclauses in Append indexscans - (Tom Lane) - - - - This is a back-patch of an 8.4 fix that was missed in the 8.3 branch. - This corrects an error introduced in 8.3.8 that could cause incorrect - results for outer joins when the inner relation is an inheritance tree - or UNION ALL subquery. - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Fix failure to mark cached plans as transient (Tom Lane) - - - - If a plan is prepared while CREATE INDEX CONCURRENTLY is - in progress for one of the referenced tables, it is supposed to be - re-planned once the index is ready for use. This was not happening - reliably. - - - - - - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, - and provide additional detail in the resulting error messages - (Tom Lane) - - - - This should improve the system's robustness with corrupted indexes. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Improve merge join's handling of NULLs in the join columns (Tom Lane) - - - - A merge join can now stop entirely upon reaching the first NULL, - if the sort order is such that NULLs sort high. - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Avoid holding open old WAL segments in the walwriter process - (Magnus Hagander, Heikki Linnakangas) - - - - The previous coding would prevent removal of no-longer-needed segments. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - Fix REASSIGN OWNED to handle operator classes and families - (Asko Tiidumaa) - - - - - - Fix possible core dump when comparing two empty tsquery values - (Tom Lane) - - - - - - Fix LIKE's handling of patterns containing % - followed by _ (Tom Lane) - - - - We've fixed this before, but there were still some incorrectly-handled - cases. - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Make psql recognize DISCARD ALL as a command that should - not be encased in a transaction block in autocommit-off mode - (Itagaki Takahiro) - - - - - - Fix ecpg to process data from RETURNING - clauses correctly (Michael Meskes) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Add hstore(text, text) - function to contrib/hstore (Robert Haas) - - - - This function is the recommended substitute for the now-deprecated - => operator. It was back-patched so that future-proofed - code can be used with older server versions. Note that the patch will - be effective only after contrib/hstore is installed or - reinstalled in a particular database. Users might prefer to execute - the CREATE FUNCTION command by hand, instead. - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - Make Windows' N. Central Asia Standard Time timezone map to - Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander) - - - - Microsoft changed the DST behavior of this zone in the timezone update - from KB976098. Asia/Novosibirsk is a better match to its new behavior. - - - - - - - - - - Release 8.3.11 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.3.10. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.11 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Fix possible crash if a cache reset message is received during - rebuild of a relcache entry (Heikki) - - - - This error was introduced in 8.3.10 while fixing a related failure. - - - - - - Apply per-function GUC settings while running the language validator - for the function (Itagaki Takahiro) - - - - This avoids failures if the function's code is invalid without the - setting; an example is that SQL functions may not parse if the - search_path is not correct. - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Ensure the archiver process responds to changes in - archive_command as soon as possible (Tom) - - - - - - Update PL/Perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in PL/Python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Fix psql's \copy to not add spaces around - a dot within \copy (select ...) (Tom) - - - - Addition of spaces around the decimal point in a numeric literal would - result in a syntax error. - - - - - - Fix unnecessary GIN indexes do not support whole-index scans - errors for unsatisfiable queries using contrib/intarray - operators (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including macOS. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Avoid possible crashes in syslogger process on Windows (Heikki) - - - - - - Deal more robustly with incomplete time zone information in the - Windows registry (Magnus) - - - - - - Update the set of known Windows time zone names (Magnus) - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - Also, add PKST (Pakistan Summer Time) to the default set of - timezone abbreviations. - - - - - - - - - - Release 8.3.10 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.3.9. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.10 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible deadlock during backend startup (Tom) - - - - - - Fix possible crashes due to not handling errors during relcache reload - cleanly (Tom) - - - - - - Fix possible crash due to use of dangling pointer to a cached plan - (Tatsuo) - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST - index page split (Yoichi Hirai) - - - - This would result in index corruption, or even more likely an error - during WAL replay, if we were unlucky enough to crash during - end-of-recovery cleanup after having completed an incomplete GIST - insertion. - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix assorted crashes in xml processing caused by sloppy - memory management (Tom) - - - - This is a back-patch of changes first applied in 8.4. The 8.3 code - was known buggy, but the new code was sufficiently different to not - want to back-patch it until it had gotten some field testing. - - - - - - Fix bug with trying to update a field of an element of a - composite-type array column (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - Improve constraint exclusion processing of boolean-variable cases, - in particular make it possible to exclude a partition that has a - bool_column = false constraint (Tom) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix possible infinite loop if SSL_read or - SSL_write fails without setting errno (Tom) - - - - This is reportedly possible with some Windows versions of - OpenSSL. - - - - - - Disallow GSSAPI authentication on local connections, - since it requires a hostname to function correctly (Magnus) - - - - - - Make ecpg report the proper SQLSTATE if the connection - disappears (Michael) - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Make psql return the correct exit status (3) when - ON_ERROR_STOP and --single-transaction are - both specified and an error occurs during the implied COMMIT - (Bruce) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Fix possible failure when calling PL/Perl functions from PL/PerlU - or vice versa (Tim Bunce) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Allow zero-dimensional arrays in contrib/ltree operations - (Tom) - - - - This case was formerly rejected as an error, but it's more convenient to - treat it the same as a zero-element array. In particular this avoids - unnecessary failures when an ltree operation is applied to the - result of ARRAY(SELECT ...) and the sub-select returns no - rows. - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Make building of contrib/xml2 more robust on Windows - (Andrew) - - - - - - Fix race condition in Windows signal handling (Radu Ilie) - - - - One known symptom of this bug is that rows in pg_listener - could be dropped under heavy load. - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.3.9 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.3.8. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.9 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Avoid crash on empty thesaurus dictionary (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix memory leak in syslogger process when rotating to a new CSV logfile - (Tom) - - - - - - Fix Windows permission-downgrade logic (Jesse Morris) - - - - This fixes some cases where the database failed to start on Windows, - often with misleading error messages such as could not locate - matching postgres executable. - - - - - - Fix incorrect logic for GiST index page splits, when the split depends - on a non-first column of the index (Paul Ramsey) - - - - - - Don't error out if recycling or removing an old WAL file fails at the - end of checkpoint (Heikki) - - - - It's better to treat the problem as non-fatal and allow the checkpoint - to complete. Future checkpoints will retry the removal. Such problems - are not expected in normal operation, but have been seen to be - caused by misdesigned Windows anti-virus and backup software. - - - - - - Ensure WAL files aren't repeatedly archived on Windows (Heikki) - - - - This is another symptom that could happen if some other process - interfered with deletion of a no-longer-needed file. - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Raise the maximum authentication token (Kerberos ticket) size in GSSAPI - and SSPI authentication methods (Ian Turner) - - - - While the old 2000-byte limit was more than enough for Unix Kerberos - implementations, tickets issued by Windows Domain Controllers can be - much larger. - - - - - - Re-enable collection of access statistics for sequences (Akira Kurosawa) - - - - This used to work but was broken in 8.3. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Fix incorrect handling of WHERE - x=x conditions (Tom) - - - - In some cases these could get ignored as redundant, but they aren't - — they're equivalent to x IS NOT NULL. - - - - - - Make text search parser accept underscores in XML attributes (Peter) - - - - - - Fix encoding handling in xml binary input (Heikki) - - - - If the XML header doesn't specify an encoding, we now assume UTF-8 by - default; the previous handling was inconsistent. - - - - - - Fix bug with calling plperl from plperlu or vice - versa (Tom) - - - - An error exit from the inner function could result in crashes due to - failure to re-select the correct Perl interpreter for the outer function. - - - - - - Fix session-lifespan memory leak when a PL/Perl function is redefined - (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - In contrib/pg_standby, disable triggering failover with a - signal on Windows (Fujii Masao) - - - - This never did anything useful, because Windows doesn't have Unix-style - signals, but recent changes made it actually crash. - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update the timezone abbreviation files to match current reality (Joachim - Wieland) - - - - This includes adding IDT and SGT to the default - timezone abbreviation set. - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.3.8 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.3.7. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.8 - - - A dump/restore is not required for those running 8.3.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.3.8. - Also, if you are upgrading from a version earlier than 8.3.5, - see . - - - - - - Changes - - - - - - Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus) - - - - This bug led to the often-reported could not reattach - to shared memory error message. - - - - - - Force WAL segment switch during pg_start_backup() - (Heikki) - - - - This avoids corner cases that could render a base backup unusable. - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Make LOAD of an already-loaded loadable module - into a no-op (Tom) - - - - Formerly, LOAD would attempt to unload and re-load the - module, but this is unsafe and not all that useful. - - - - - - Disallow empty passwords during LDAP authentication (Magnus) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix bugs associated with fetching a whole-row value from the - output of a Sort or Materialize plan node (Tom) - - - - - - Prevent synchronize_seqscans from changing the results of - scrollable and WITH HOLD cursors (Tom) - - - - - - Revert planner change that disabled partial-index and constraint - exclusion optimizations when there were more than 100 clauses in - an AND or OR list (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Fix LIKE for case where pattern contains %_ - (Tom) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix memory leaks in XML operations (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Ensure that a fast shutdown request will forcibly terminate - open sessions, even if a smart shutdown was already in progress - (Fujii Masao) - - - - - - Avoid performance degradation in bulk inserts into GIN indexes - when the input values are (nearly) in sorted order (Tom) - - - - - - Correctly enforce NOT NULL domain constraints in some contexts in - PL/pgSQL (Tom) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Improve pg_dump's efficiency when there are - many large objects (Tamas Vincze) - - - - - - Use SIGUSR1, not SIGQUIT, as the - failover signal for pg_standby (Heikki) - - - - - - Make pg_standby's maxretries option - behave as documented (Fujii Masao) - - - - - - Make contrib/hstore throw an error when a key or - value is too long to fit in its data structure, rather than - silently truncating it (Andrew Gierth) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.3.7 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.3.6. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.7 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.5, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix xpath() to not modify the path expression unless - necessary, and to make a saner attempt at it when necessary (Andrew) - - - - The SQL standard suggests that xpath should work on data - that is a document fragment, but libxml doesn't support - that, and indeed it's not clear that this is sensible according to the - XPath standard. xpath attempted to work around this - mismatch by modifying both the data and the path expression, but the - modification was buggy and could cause valid searches to fail. Now, - xpath checks whether the data is in fact a well-formed - document, and if so invokes libxml with no change to the - data or path expression. Otherwise, a different modification method - that is somewhat less likely to fail is used. - - - - - The new modification method is still not 100% satisfactory, and it - seems likely that no real solution is possible. This patch should - therefore be viewed as a band-aid to keep from breaking existing - applications unnecessarily. It is likely that - PostgreSQL 8.4 will simply reject use of - xpath on data that is not a well-formed document. - - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Fix possible failure in text search when C locale is used with - a multi-byte encoding (Teodor) - - - - Crashes were possible on platforms where wchar_t is narrower - than int; Windows in particular. - - - - - - Fix extreme inefficiency in text search parser's handling of an - email-like string containing multiple @ characters (Heikki) - - - - - - Fix planner problem with sub-SELECT in the output list - of a larger subquery (Tom) - - - - The known symptom of this bug is a failed to locate grouping - columns error that is dependent on the datatype involved; - but there could be other issues as well. - - - - - - Fix decompilation of CASE WHEN with an implicit coercion - (Tom) - - - - This mistake could lead to Assert failures in an Assert-enabled build, - or an unexpected CASE WHEN clause error message in other - cases, when trying to examine or dump a view. - - - - - - Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) - - - - If CLUSTER or a rewriting variant of ALTER TABLE - were executed by someone other than the table owner, the - pg_type entry for the table's TOAST table would end up - marked as owned by that someone. This caused no immediate problems, - since the permissions on the TOAST rowtype aren't examined by any - ordinary database operation. However, it could lead to unexpected - failures if one later tried to drop the role that issued the command - (in 8.1 or 8.2), or owner of data type appears to be invalid - warnings from pg_dump after having done so (in 8.3). - - - - - - Change UNLISTEN to exit quickly if the current session has - never executed any LISTEN command (Tom) - - - - Most of the time this is not a particularly useful optimization, but - since DISCARD ALL invokes UNLISTEN, the previous - coding caused a substantial performance problem for applications that - made heavy use of DISCARD ALL. - - - - - - Fix PL/pgSQL to not treat INTO after INSERT as - an INTO-variables clause anywhere in the string, not only at the start; - in particular, don't fail for INSERT INTO within - CREATE RULE (Tom) - - - - - - Clean up PL/pgSQL error status variables fully at block exit - (Ashesh Vashi and Dave Page) - - - - This is not a problem for PL/pgSQL itself, but the omission could cause - the PL/pgSQL Debugger to crash while examining the state of a function. - - - - - - Retry failed calls to CallNamedPipe() on Windows - (Steve Marshall, Magnus) - - - - It appears that this function can sometimes fail transiently; - we previously treated any failure as a hard error, which could - confuse LISTEN/NOTIFY as well as other - operations. - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.3.6 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.3.5. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.6 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.5, - see . - - - - - - Changes - - - - - - Make DISCARD ALL release advisory locks, in addition - to everything it already did (Tom) - - - - This was decided to be the most appropriate behavior. This could - affect existing applications, however. - - - - - - Fix whole-index GiST scans to work correctly (Teodor) - - - - This error could cause rows to be lost if a table is clustered - on a GiST index. - - - - - - Fix crash of xmlconcat(NULL) (Peter) - - - - - - Fix possible crash in ispell dictionary if high-bit-set - characters are used as flags (Teodor) - - - - This is known to be done by one widely available Norwegian dictionary, - and the same condition may exist in others. - - - - - - Fix misordering of pg_dump output for composite types - (Tom) - - - - The most likely problem was for user-defined operator classes to - be dumped after indexes or views that needed them. - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Fix possible Assert failure if a statement executed in PL/pgSQL is - rewritten into another kind of statement, for example if an - INSERT is rewritten into an UPDATE (Heikki) - - - - - - Ensure that a snapshot is available to datatype input functions (Tom) - - - - This primarily affects domains that are declared with CHECK - constraints involving user-defined stable or immutable functions. Such - functions typically fail if no snapshot has been set. - - - - - - Make it safer for SPI-using functions to be used within datatype I/O; - in particular, to be used in domain check constraints (Tom) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix a problem that sometimes kept ALTER TABLE ENABLE/DISABLE - RULE from being recognized by active sessions (Tom) - - - - - - Fix a problem that made UPDATE RETURNING tableoid - return zero instead of the correct OID (Tom) - - - - - - Allow functions declared as taking ANYARRAY to work on - the pg_statistic columns of that type (Tom) - - - - This used to work, but was unintentionally broken in 8.3. - - - - - - Fix planner misestimation of selectivity when transitive equality - is applied to an outer-join clause (Tom) - - - - This could result in bad plans for queries like - ... from a left join b on a.a1 = b.b1 where a.a1 = 42 ... - - - - - - Improve optimizer's handling of long IN lists (Tom) - - - - This change avoids wasting large amounts of time on such lists - when constraint exclusion is enabled. - - - - - - Prevent synchronous scan during GIN index build (Tom) - - - - Because GIN is optimized for inserting tuples in increasing TID order, - choosing to use a synchronous scan could slow the build by a factor of - three or more. - - - - - - Ensure that the contents of a holdable cursor don't depend on the - contents of TOAST tables (Tom) - - - - Previously, large field values in a cursor result might be represented - as TOAST pointers, which would fail if the referenced table got dropped - before the cursor is read, or if the large value is deleted and then - vacuumed away. This cannot happen with an ordinary cursor, - but it could with a cursor that is held past its creating transaction. - - - - - - Fix memory leak when a set-returning function is terminated without - reading its whole result (Tom) - - - - - - Fix encoding conversion problems in XML functions when the database - encoding isn't UTF-8 (Tom) - - - - - - Fix contrib/dblink's - dblink_get_result(text,bool) function (Joe) - - - - - - Fix possible garbage output from contrib/sslinfo functions - (Tom) - - - - - - Fix incorrect behavior of contrib/tsearch2 compatibility - trigger when it's fired more than once in a command (Teodor) - - - - - - Fix possible mis-signaling in autovacuum (Heikki) - - - - - - Support running as a service on Windows 7 beta (Dave and Magnus) - - - - - - Fix ecpg's handling of varchar structs (Michael) - - - - - - Fix configure script to properly report failure when - unable to obtain linkage information for PL/Perl (Andrew) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.3.5 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.3.4. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.5 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . Also, if you were running a previous - 8.3.X release, it is recommended to REINDEX all GiST - indexes after the upgrade. - - - - - - Changes - - - - - - Fix GiST index corruption due to marking the wrong index entry - dead after a deletion (Teodor) - - - - This would result in index searches failing to find rows they - should have found. Corrupted indexes can be fixed with - REINDEX. - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash in bytea-to-XML mapping (Michael McMaster) - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Improve optimization of expression IN - (expression-list) queries (Tom, per an idea from Robert - Haas) - - - - Cases in which there are query variables on the right-hand side had been - handled less efficiently in 8.2.x and 8.3.x than in prior versions. - The fix restores 8.1 behavior for such cases. - - - - - - Fix mis-expansion of rule queries when a sub-SELECT appears - in a function call in FROM, a multi-row VALUES - list, or a RETURNING list (Tom) - - - - The usual symptom of this problem is an unrecognized node type - error. - - - - - - Fix Assert failure during rescan of an IS NULL - search of a GiST index (Teodor) - - - - - - Fix memory leak during rescan of a hashed aggregation plan (Neil) - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Force a checkpoint before CREATE DATABASE starts to copy - files (Heikki) - - - - This prevents a possible failure if files had recently been deleted - in the source database. - - - - - - Prevent possible collision of relfilenode numbers - when moving a table to another tablespace with ALTER SET - TABLESPACE (Heikki) - - - - The command tried to re-use the existing filename, instead of - picking one that is known unused in the destination directory. - - - - - - Fix incorrect text search headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - build (Ron Mayer) - - - - - - Make ILIKE compare characters case-insensitively - even when they're escaped (Andrew) - - - - - - Ensure DISCARD is handled properly by statement logging (Tom) - - - - - - Fix incorrect logging of last-completed-transaction time during - PITR recovery (Tom) - - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Mark SessionReplicationRole as PGDLLIMPORT - so it can be used by Slony on Windows (Magnus) - - - - - - Fix small memory leak when using libpq's - gsslib parameter (Magnus) - - - - The space used by the parameter string was not freed at connection - close. - - - - - - Ensure libgssapi is linked into libpq - if needed (Markus Schaaf) - - - - - - Fix ecpg's parsing of CREATE ROLE (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Ensure pg_control is opened in binary mode - (Itagaki Takahiro) - - - - pg_controldata and pg_resetxlog - did this incorrectly, and so could fail on Windows. - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.3.4 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.3.3. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.4 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . - - - - - - Changes - - - - - - Fix bug in btree WAL recovery code (Heikki) - - - - Recovery failed if the WAL ended partway through a page split operation. - - - - - - Fix potential use of wrong cutoff XID for HOT page pruning (Alvaro) - - - - This error created a risk of corruption in system - catalogs that are consulted by VACUUM: dead tuple versions - might be removed too soon. The impact of this on actual database - operations would be minimal, since the system doesn't follow MVCC - rules while examining catalogs, but it might result in transiently - wrong output from pg_dump or other client programs. - - - - - - Fix potential miscalculation of datfrozenxid (Alvaro) - - - - This error may explain some recent reports of failure to remove old - pg_clog data. - - - - - - Fix incorrect HOT updates after pg_class is reindexed - (Tom) - - - - Corruption of pg_class could occur if REINDEX - TABLE pg_class was followed in the same session by an ALTER - TABLE RENAME or ALTER TABLE SET SCHEMA command. - - - - - - Fix missed combo cid case (Karl Schnaitter) - - - - This error made rows incorrectly invisible to a transaction in which they - had been deleted by multiple subtransactions that all aborted. - - - - - - Prevent autovacuum from crashing if the table it's currently - checking is deleted at just the wrong time (Alvaro) - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Fix possible duplicate output of tuples during a GiST index scan (Teodor) - - - - - - Regenerate foreign key checking queries from scratch when either - table is modified (Tom) - - - - Previously, 8.3 would attempt to replan the query, but would work from - previously generated query text. This led to failures if a - table or column was renamed. - - - - - - Fix missed permissions checks when a view contains a simple - UNION ALL construct (Heikki) - - - - Permissions for the referenced tables were checked properly, but not - permissions for the view itself. - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - This situation is believed to be impossible in 8.3, but it can happen in - prior releases, so a check seems prudent. - - - - - - Fix possible repeated drops during DROP OWNED (Tom) - - - - This would typically result in strange errors such as cache - lookup failed for relation NNN. - - - - - - Fix several memory leaks in XML operations (Kris Jurka, Tom) - - - - - - Fix xmlserialize() to raise error properly for - unacceptable target data type (Tom) - - - - - - Fix a couple of places that mis-handled multibyte characters in text - search configuration file parsing (Tom) - - - - Certain characters occurring in configuration files would always cause - invalid byte sequence for encoding failures. - - - - - - Provide file name and line number location for all errors reported - in text search configuration files (Tom) - - - - - - Fix AT TIME ZONE to first try to interpret its timezone - argument as a timezone abbreviation, and only try it as a full timezone - name if that fails, rather than the other way around as formerly (Tom) - - - - The timestamp input functions have always resolved ambiguous zone names - in this order. Making AT TIME ZONE do so as well improves - consistency, and fixes a compatibility bug introduced in 8.1: - in ambiguous cases we now behave the same as 8.0 and before did, - since in the older versions AT TIME ZONE accepted - only abbreviations. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Prevent integer overflows during units conversion when displaying a - configuration parameter that has units (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Allow spaces in the suffix part of an LDAP URL in - pg_hba.conf (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner bug that could improperly push down IS NULL - tests below an outer join (Tom) - - - - This was triggered by occurrence of IS NULL tests for - the same relation in all arms of an upper OR clause. - - - - - - Fix planner bug with nested sub-select expressions (Tom) - - - - If the outer sub-select has no direct dependency on the parent query, - but the inner one does, the outer value might not get recalculated - for new parent query rows. - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/pgSQL to not fail when a FOR loop's target variable - is a record containing composite-type fields (Tom) - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - Improve performance of PQescapeBytea() (Rudolf Leitgeb) - - - - - - On Windows, work around a Microsoft bug by preventing - libpq from trying to send more than 64kB per system call - (Magnus) - - - - - - Fix ecpg to handle variables properly in SET - commands (Michael) - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Fix erroneous WAL file cutoff point calculation in - pg_standby (Simon) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.3.3 - - - Release date: - 2008-06-12 - - - - This release contains one serious and one minor bug fix over 8.3.2. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.3 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - Make ALTER AGGREGATE ... OWNER TO update - pg_shdepend (Tom) - - - - This oversight could lead to problems if the aggregate was later - involved in a DROP OWNED or REASSIGN OWNED - operation. - - - - - - - - - - Release 8.3.2 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.3.1. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.2 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . - - - - - - Changes - - - - - - Fix ERRORDATA_STACK_SIZE exceeded crash that - occurred on Windows when using UTF-8 database encoding and a different - client encoding (Tom) - - - - - - Fix incorrect archive truncation point calculation for the - %r macro in restore_command parameters - (Simon) - - - - This could lead to data loss if a warm-standby script relied on - %r to decide when to throw away WAL segment files. - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix REASSIGN OWNED so that it works on procedural - languages too (Alvaro) - - - - - - Fix problems with SELECT FOR UPDATE/SHARE occurring as a - subquery in a query with a non-SELECT top-level operation - (Tom) - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix pg_get_ruledef() to show the alias, if any, attached - to the target table of an UPDATE or DELETE - (Tom) - - - - - - Restore the pre-8.3 behavior that an out-of-range block number in a - TID being used in a TidScan plan results in silently not matching any - rows (Tom) - - - - 8.3.0 and 8.3.1 threw an error instead. - - - - - - Fix GIN bug that could result in a too many LWLocks - taken failure (Teodor) - - - - - - Fix broken GiST comparison function for tsquery (Teodor) - - - - - - Fix tsvector_update_trigger() and ts_stat() - to accept domains over the types they expect to work with (Tom) - - - - - - Fix failure to support enum data types as foreign keys (Tom) - - - - - - Avoid possible crash when decompressing corrupted data - (Zdenek Kotala) - - - - - - Fix race conditions between delayed unlinks and DROP - DATABASE (Heikki) - - - - In the worst case this could result in deleting a newly created table - in a new database that happened to get the same OID as the - recently-dropped one; but of course that is an extremely - low-probability scenario. - - - - - - Repair two places where SIGTERM exit of a backend could leave corrupted - state in shared memory (Tom) - - - - Neither case is very important if SIGTERM is used to shut down the - whole database cluster together, but there was a problem if someone - tried to SIGTERM individual backends. - - - - - - Fix possible crash due to incorrect plan generated for an - x IN (SELECT y - FROM ...) clause when x and y - have different data types; and make sure the behavior is semantically - correct when the conversion from y's type to - x's type is lossy (Tom) - - - - - - Fix oversight that prevented the planner from substituting known Param - values as if they were constants (Tom) - - - - This mistake partially disabled optimization of unnamed - extended-Query statements in 8.3.0 and 8.3.1: in particular the - LIKE-to-indexscan optimization would never be applied if the LIKE - pattern was passed as a parameter, and constraint exclusion - depending on a parameter value didn't work either. - - - - - - Fix planner failure when an indexable MIN or - MAX aggregate is used with DISTINCT or - ORDER BY (Tom) - - - - - - Fix planner to ensure it never uses a physical tlist for a - plan node that is feeding a Sort node (Tom) - - - - This led to the sort having to push around more data than it really - needed to, since unused column values were included in the sorted - data. - - - - - - Avoid unnecessary copying of query strings (Tom) - - - - This fixes a performance problem introduced in 8.3.0 when a very large - number of commands are submitted as a single query string. - - - - - - Make TransactionIdIsCurrentTransactionId() use binary - search instead of linear search when checking child-transaction XIDs - (Heikki) - - - - This fixes some cases in which 8.3.0 was significantly - slower than earlier releases. - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix several datatype input functions, notably array_in(), - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Prevent cancellation of an auto-vacuum that was launched to prevent - XID wraparound (Alvaro) - - - - - - Improve ANALYZE's handling of in-doubt tuples (those - inserted or deleted by a not-yet-committed transaction) so that the - counts it reports to the stats collector are more likely to be correct - (Pavan Deolasee) - - - - - - Fix initdb to reject a relative path for its - --xlogdir (-X) option (Tom) - - - - - - Make psql print tab characters as an appropriate - number of spaces, rather than \x09 as was done in - 8.3.0 and 8.3.1 (Bruce) - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, and - Argentina/San_Luis) - - - - - - Add ECPGget_PGconn() function to - ecpglib (Michael) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix handling of continuation line markers in ecpg - (Michael) - - - - - - Fix possible crashes in contrib/cube functions (Tom) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS, and make it auto-configure properly for - libxslt present or not (Tom) - - - - - - - - - - Release 8.3.1 - - - Release date: - 2008-03-17 - - - - This release contains a variety of fixes from 8.3.0. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.1 - - - A dump/restore is not required for those running 8.3.X. - However, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the Windows locale - issue described below. - - - - - - Changes - - - - - - Fix character string comparison for Windows locales that consider - different character combinations as equal (Tom) - - - - This fix applies only on Windows and only when using UTF-8 - database encoding. The same fix was made for all other cases - over two years ago, but Windows with UTF-8 uses a separate code - path that was not updated. If you are using a locale that - considers some non-identical strings as equal, you may need to - REINDEX to fix existing indexes on textual columns. - - - - - - Repair corner-case bugs in VACUUM FULL (Tom) - - - - A potential deadlock between concurrent VACUUM FULL - operations on different system catalogs was introduced in 8.2. - This has now been corrected. 8.3 made this worse because the - deadlock could occur within a critical code section, making it - a PANIC rather than just ERROR condition. - - - - Also, a VACUUM FULL that failed partway through - vacuuming a system catalog could result in cache corruption in - concurrent database sessions. - - - - Another VACUUM FULL bug introduced in 8.3 could - result in a crash or out-of-memory report when dealing with - pages containing no live tuples. - - - - - - Fix misbehavior of foreign key checks involving character - or bit columns (Tom) - - - - If the referencing column were of a different but compatible type - (for instance varchar), the constraint was enforced incorrectly. - - - - - - Avoid needless deadlock failures in no-op foreign-key checks (Stephan - Szabo, Tom) - - - - - - Fix possible core dump when re-planning a prepared query (Tom) - - - - This bug affected only protocol-level prepare operations, not - SQL PREPARE, and so tended to be seen only with - JDBC, DBI, and other client-side drivers that use prepared - statements heavily. - - - - - - Fix possible failure when re-planning a query that calls an SPI-using - function (Tom) - - - - - - Fix failure in row-wise comparisons involving columns of different - datatypes (Tom) - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Disallow LISTEN and UNLISTEN within a - prepared transaction (Tom) - - - - This was formerly allowed but trying to do it had various unpleasant - consequences, notably that the originating backend could not exit - as long as an UNLISTEN remained uncommitted. - - - - - - Disallow dropping a temporary table within a - prepared transaction (Heikki) - - - - This was correctly disallowed by 8.1, but the check was inadvertently - broken in 8.2 and 8.3. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix incorrect comparison of tsquery values (Teodor) - - - - - - Fix incorrect behavior of LIKE with non-ASCII characters - in single-byte encodings (Rolf Jentsch) - - - - - - Disable xmlvalidate (Tom) - - - - This function should have been removed before 8.3 release, but - was inadvertently left in the source code. It poses a small - security risk since unprivileged users could use it to read the - first few characters of any file accessible to the server. - - - - - - Fix memory leaks in certain usages of set-returning functions (Neil) - - - - - - Make encode(bytea, 'escape') convert all - high-bit-set byte values into \nnn octal - escape sequences (Tom) - - - - This is necessary to avoid encoding problems when the database - encoding is multi-byte. This change could pose compatibility issues - for applications that are expecting specific results from - encode. - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Avoid tablespace permissions errors in CREATE TABLE LIKE - INCLUDING INDEXES (Tom) - - - - - - Ensure pg_stat_activity.waiting flag - is cleared when a lock wait is aborted (Tom) - - - - - - Fix handling of process permissions on Windows Vista (Dave, Magnus) - - - - In particular, this fix allows starting the server as the Administrator - user. - - - - - - Update time zone data files to tzdata release 2008a - (in particular, recent Chile changes); adjust timezone abbreviation - VET (Venezuela) to mean UTC-4:30, not UTC-4:00 (Tom) - - - - - - Fix ecpg problems with arrays (Michael) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use to defend against possible misoptimization - in recent gcc versions (Tom) - - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - Enable building contrib/uuid-ossp with MSVC (Hiroshi Saito) - - - - - - - - - - Release 8.3 - - - Release date: - 2008-02-04 - - - - Overview - - - With significant new functionality and performance enhancements, - this release represents a major leap forward for - PostgreSQL. This was made possible by a growing - community that has dramatically accelerated the pace of - development. This release adds the following major features: - - - - - - - Full text search is integrated into the core database system - - - - - - Support for the SQL/XML standard, including new operators and an - XML data type - - - - - - Enumerated data types (ENUM) - - - - - - Arrays of composite types - - - - - - Universally Unique Identifier (UUID) data type - - - - - - Add control over whether NULLs sort first or last - - - - - - Updatable cursors - - - - - - Server configuration parameters can now be set on a per-function - basis - - - - - - User-defined types can now have type modifiers - - - - - - Automatically re-plan cached queries when table - definitions change or statistics are updated - - - - - - Numerous improvements in logging and statistics collection - - - - - - Support Security Service Provider Interface (SSPI) for - authentication on Windows - - - - - - Support multiple concurrent autovacuum processes, and other - autovacuum improvements - - - - - - Allow the whole PostgreSQL distribution to be compiled - with Microsoft Visual C++ - - - - - - - Major performance improvements are listed below. Most of - these enhancements are automatic and do not require user changes or - tuning: - - - - - - - Asynchronous commit delays writes to WAL during transaction commit - - - - - - Checkpoint writes can be spread over a longer time period to smooth - the I/O spike during each checkpoint - - - - - - Heap-Only Tuples (HOT) accelerate space reuse for - most UPDATEs and DELETEs - - - - - - Just-in-time background writer strategy improves disk write - efficiency - - - - - - Using non-persistent transaction IDs for read-only transactions - reduces overhead and VACUUM requirements - - - - - - Per-field and per-row storage overhead has been reduced - - - - - - Large sequential scans no longer force out frequently used - cached pages - - - - - - Concurrent large sequential scans can now share disk reads - - - - - - ORDER BY ... LIMIT can be done without sorting - - - - - - - The above items are explained in more detail in the sections below. - - - - - - Migration to Version 8.3 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - General - - - - - Non-character data types are no longer automatically cast to - TEXT (Peter, Tom) - - - - Previously, if a non-character value was supplied to an operator or - function that requires text input, it was automatically - cast to text, for most (though not all) built-in data types. - This no longer happens: an explicit cast to text is now - required for all non-character-string types. For example, these - expressions formerly worked: - - -substr(current_date, 1, 4) -23 LIKE '2%' - - - but will now draw function does not exist and operator - does not exist errors respectively. Use an explicit cast instead: - - -substr(current_date::text, 1, 4) -23::text LIKE '2%' - - - (Of course, you can use the more verbose CAST() syntax too.) - The reason for the change is that these automatic casts too often caused - surprising behavior. An example is that in previous releases, this - expression was accepted but did not do what was expected: - - -current_date < 2017-11-17 - - - This is actually comparing a date to an integer, which should be - (and now is) rejected — but in the presence of automatic - casts both sides were cast to text and a textual comparison - was done, because the text < text operator was able - to match the expression when no other < operator could. - - - - Types char(n) and - varchar(n) still cast to text - automatically. Also, automatic casting to text still works for - inputs to the concatenation (||) operator, so long as least - one input is a character-string type. - - - - - - Full text search features from contrib/tsearch2 have - been moved into the core server, with some minor syntax changes - - - - contrib/tsearch2 now contains a compatibility - interface. - - - - - - ARRAY(SELECT ...), where the SELECT - returns no rows, now returns an empty array, rather than NULL - (Tom) - - - - - - The array type name for a base data type is no longer always the base - type's name with an underscore prefix - - - - The old naming convention is still honored when possible, but - application code should no longer depend on it. Instead - use the new pg_type.typarray column to - identify the array data type associated with a given type. - - - - - - ORDER BY ... USING operator must now - use a less-than or greater-than operator that is - defined in a btree operator class - - - - This restriction was added to prevent inconsistent results. - - - - - - SET LOCAL changes now persist until - the end of the outermost transaction, unless rolled back (Tom) - - - - Previously SET LOCAL's effects were lost - after subtransaction commit (RELEASE SAVEPOINT - or exit from a PL/pgSQL exception block). - - - - - - Commands rejected in transaction blocks are now also rejected in - multiple-statement query strings (Tom) - - - - For example, "BEGIN; DROP DATABASE; COMMIT" will now be - rejected even if submitted as a single query message. - - - - - - ROLLBACK outside a transaction block now - issues NOTICE instead of WARNING (Bruce) - - - - - - Prevent NOTIFY/LISTEN/UNLISTEN - from accepting schema-qualified names (Bruce) - - - - Formerly, these commands accepted schema.relation but - ignored the schema part, which was confusing. - - - - - - ALTER SEQUENCE no longer affects the sequence's - currval() state (Tom) - - - - - - Foreign keys now must match indexable conditions for - cross-data-type references (Tom) - - - - This improves semantic consistency and helps avoid - performance problems. - - - - - - Restrict object size functions to users who have reasonable - permissions to view such information (Tom) - - - - For example, pg_database_size() now requires - CONNECT permission, which is granted to everyone by - default. pg_tablespace_size() requires - CREATE permission in the tablespace, or is allowed if - the tablespace is the default tablespace for the database. - - - - - - Remove the undocumented !!= (not in) operator (Tom) - - - - NOT IN (SELECT ...) is the proper way to - perform this operation. - - - - - - Internal hashing functions are now more uniformly-distributed (Tom) - - - - If application code was computing and storing hash values using - internal PostgreSQL hashing functions, the hash - values must be regenerated. - - - - - - C-code conventions for handling variable-length data values - have changed (Greg Stark, Tom) - - - - The new SET_VARSIZE() macro must be used - to set the length of generated varlena values. Also, it - might be necessary to expand (de-TOAST) input values - in more cases. - - - - - - Continuous archiving no longer reports each successful archive - operation to the server logs unless DEBUG level is used - (Simon) - - - - - - - - - Configuration Parameters - - - - - - Numerous changes in administrative server parameters - - - - bgwriter_lru_percent, - bgwriter_all_percent, - bgwriter_all_maxpages, - stats_start_collector, and - stats_reset_on_server_start are removed. - redirect_stderr is renamed to - logging_collector. - stats_command_string is renamed to - track_activities. - stats_block_level and stats_row_level - are merged into track_counts. - A new boolean configuration parameter, archive_mode, - controls archiving. Autovacuum's default settings have changed. - - - - - - Remove stats_start_collector parameter (Tom) - - - - We now always start the collector process, unless UDP - socket creation fails. - - - - - - Remove stats_reset_on_server_start parameter (Tom) - - - - This was removed because pg_stat_reset() - can be used for this purpose. - - - - - - Commenting out a parameter in postgresql.conf now - causes it to revert to its default value (Joachim Wieland) - - - - Previously, commenting out an entry left the parameter's value unchanged - until the next server restart. - - - - - - - - - - Character Encodings - - - - - - Add more checks for invalidly-encoded data (Andrew) - - - - This change plugs some holes that existed in literal backslash - escape string processing and COPY escape - processing. Now the de-escaped string is rechecked to see if the - result created an invalid multi-byte character. - - - - - - Disallow database encodings that are inconsistent with the server's - locale setting (Tom) - - - - On most platforms, C locale is the only locale that - will work with any database encoding. Other locale settings imply - a specific encoding and will misbehave if the database encoding - is something different. (Typical symptoms include bogus textual - sort order and wrong results from upper() or - lower().) The server now rejects attempts to create - databases that have an incompatible encoding. - - - - - - Ensure that chr() cannot create - invalidly-encoded values (Andrew) - - - - In UTF8-encoded databases the argument of chr() is - now treated as a Unicode code point. In other multi-byte encodings - chr()'s argument must designate a 7-bit ASCII - character. Zero is no longer accepted. - ascii() has been adjusted to match. - - - - - - Adjust convert() behavior to ensure encoding - validity (Andrew) - - - - The two argument form of convert() has been - removed. The three argument form now takes a bytea - first argument and returns a bytea. To cover the - loss of functionality, three new functions have been added: - - - - - - convert_from(bytea, name) returns - text — converts the first argument from the named - encoding to the database encoding - - - - - - convert_to(text, name) returns - bytea — converts the first argument from the - database encoding to the named encoding - - - - - - length(bytea, name) returns - integer — gives the length of the first - argument in characters in the named encoding - - - - - - - - Remove convert(argument USING conversion_name) - (Andrew) - - - - Its behavior did not match the SQL standard. - - - - - - Make JOHAB encoding client-only (Tatsuo) - - - - JOHAB is not safe as a server-side encoding. - - - - - - - - - - - Changes - - - Below you will find a detailed account of the - changes between PostgreSQL 8.3 and - the previous major release. - - - - Performance - - - - - Asynchronous commit delays writes to WAL during transaction commit - (Simon) - - - - This feature dramatically increases performance for short data-modifying - transactions. The disadvantage is that because disk writes are delayed, - if the database or operating system crashes before data is written to - the disk, committed data will be lost. This feature is useful for - applications that can accept some data loss. Unlike turning off - fsync, using asynchronous commit does not put - database consistency at risk; the worst case is that after a crash the - last few reportedly-committed transactions might not be committed after - all. - This feature is enabled by turning off synchronous_commit - (which can be done per-session or per-transaction, if some transactions - are critical and others are not). - wal_writer_delay can be adjusted to control the maximum - delay before transactions actually reach disk. - - - - - - Checkpoint writes can be spread over a longer time period to smooth - the I/O spike during each checkpoint (Itagaki Takahiro and Heikki - Linnakangas) - - - - Previously all modified buffers were forced to disk as quickly as - possible during a - checkpoint, causing an I/O spike that decreased server performance. - This new approach spreads out disk writes during checkpoints, - reducing peak I/O usage. (User-requested and shutdown checkpoints - are still written as quickly as possible.) - - - - - - Heap-Only Tuples (HOT) accelerate space reuse for most - UPDATEs and DELETEs (Pavan Deolasee, with - ideas from many others) - - - - UPDATEs and DELETEs leave dead tuples - behind, as do failed INSERTs. Previously only - VACUUM could reclaim space taken by dead tuples. With - HOT dead tuple space can be automatically reclaimed at - the time of INSERT or UPDATE if no changes - are made to indexed columns. This allows for more consistent - performance. Also, HOT avoids adding duplicate index - entries. - - - - - - Just-in-time background writer strategy improves disk write - efficiency (Greg Smith, Itagaki Takahiro) - - - - This greatly reduces the need for manual tuning of the background - writer. - - - - - - Per-field and per-row storage overhead have been reduced - (Greg Stark, Heikki Linnakangas) - - - - Variable-length data types with data values less than 128 bytes long - will see a storage decrease of 3 to 6 bytes. For example, two adjacent - char(1) fields now use 4 bytes instead of 16. Row headers - are also 4 bytes shorter than before. - - - - - - Using non-persistent transaction IDs for read-only transactions - reduces overhead and VACUUM requirements (Florian Pflug) - - - - Non-persistent transaction IDs do not increment the global - transaction counter. Therefore, they reduce the load on - pg_clog and increase the time between forced - vacuums to prevent transaction ID wraparound. - Other performance - improvements were also made that should improve concurrency. - - - - - - Avoid incrementing the command counter after a read-only command (Tom) - - - - There was formerly a hard limit of 232 - (4 billion) commands per transaction. Now only commands that - actually changed the database count, so while this limit still - exists, it should be significantly less annoying. - - - - - - Create a dedicated WAL writer process to off-load - work from backends (Simon) - - - - - - Skip unnecessary WAL writes for CLUSTER and - COPY (Simon) - - - - Unless WAL archiving is enabled, the system now avoids WAL writes - for CLUSTER and just fsync()s the - table at the end of the command. It also does the same for - COPY if the table was created in the same - transaction. - - - - - - Large sequential scans no longer force out frequently used - cached pages (Simon, Heikki, Tom) - - - - - - Concurrent large sequential scans can now share disk reads (Jeff Davis) - - - - This is accomplished by starting the new sequential scan in the - middle of the table (where another sequential scan is already - in-progress) and wrapping around to the beginning to finish. This - can affect the order of returned rows in a query that does not - specify ORDER BY. The synchronize_seqscans - configuration parameter can be used to disable this if necessary. - - - - - - ORDER BY ... LIMIT can be done without sorting - (Greg Stark) - - - - This is done by sequentially scanning the table and tracking just - the top N candidate rows, rather than performing a - full sort of the entire table. This is useful when there is no - matching index and the LIMIT is not large. - - - - - - Put a rate limit on messages sent to the statistics - collector by backends - (Tom) - - - - This reduces overhead for short transactions, but might sometimes - increase the delay before statistics are tallied. - - - - - - Improve hash join performance for cases with many NULLs (Tom) - - - - - - Speed up operator lookup for cases with non-exact datatype matches (Tom) - - - - - - - - - Server - - - - - Autovacuum is now enabled by default (Alvaro) - - - - Several changes were made to eliminate disadvantages of having - autovacuum enabled, thereby justifying the change in default. - Several other autovacuum parameter defaults were also modified. - - - - - - Support multiple concurrent autovacuum processes (Alvaro, Itagaki - Takahiro) - - - - This allows multiple vacuums to run concurrently. This prevents - vacuuming of a large table from delaying vacuuming of smaller tables. - - - - - - Automatically re-plan cached queries when table - definitions change or statistics are updated (Tom) - - - - Previously PL/pgSQL functions that referenced temporary tables - would fail if the temporary table was dropped and recreated - between function invocations, unless EXECUTE was - used. This improvement fixes that problem and many related issues. - - - - - - Add a temp_tablespaces parameter to control - the tablespaces for temporary tables and files (Jaime Casanova, - Albert Cervera, Bernd Helmle) - - - - This parameter defines a list of tablespaces to be used. This - enables spreading the I/O load across multiple tablespaces. A random - tablespace is chosen each time a temporary object is created. - Temporary files are no longer stored in per-database - pgsql_tmp/ directories but in per-tablespace - directories. - - - - - - Place temporary tables' TOAST tables in special schemas named - pg_toast_temp_nnn (Tom) - - - - This allows low-level code to recognize these tables as temporary, - which enables various optimizations such as not WAL-logging changes - and using local rather than shared buffers for access. This also - fixes a bug wherein backends unexpectedly held open file references - to temporary TOAST tables. - - - - - - Fix problem that a constant flow of new connection requests could - indefinitely delay the postmaster from completing a shutdown or - a crash restart (Tom) - - - - - - Guard against a very-low-probability data loss scenario by preventing - re-use of a deleted table's relfilenode until after the next - checkpoint (Heikki) - - - - - - Fix CREATE CONSTRAINT TRIGGER - to convert old-style foreign key trigger definitions into regular - foreign key constraints (Tom) - - - - This will ease porting of foreign key constraints carried forward from - pre-7.3 databases, if they were never converted using - contrib/adddepend. - - - - - - Fix DEFAULT NULL to override inherited defaults (Tom) - - - - DEFAULT NULL was formerly considered a noise phrase, but it - should (and now does) override non-null defaults that would otherwise - be inherited from a parent table or domain. - - - - - - Add new encodings EUC_JIS_2004 and SHIFT_JIS_2004 (Tatsuo) - - - - These new encodings can be converted to and from UTF-8. - - - - - - Change server startup log message from database system is - ready to database system is ready to accept - connections, and adjust its timing - - - - The message now appears only when the postmaster is really ready - to accept connections. - - - - - - - - - Monitoring - - - - - Add log_autovacuum_min_duration parameter to - support configurable logging of autovacuum activity (Simon, Alvaro) - - - - - - Add log_lock_waits parameter to log lock waiting - (Simon) - - - - - - Add log_temp_files parameter to log temporary - file usage (Bill Moran) - - - - - - Add log_checkpoints parameter to improve logging - of checkpoints (Greg Smith, Heikki) - - - - - - log_line_prefix now supports - %s and %c escapes in all - processes (Andrew) - - - - Previously these escapes worked only for user sessions, not for - background database processes. - - - - - - Add log_restartpoints to control logging of - point-in-time recovery restart points (Simon) - - - - - - Last transaction end time is now logged at end of recovery and at - each logged restart point (Simon) - - - - - - Autovacuum now reports its activity start time in - pg_stat_activity (Tom) - - - - - - Allow server log output in comma-separated value (CSV) format (Arul - Shaji, Greg Smith, Andrew Dunstan) - - - - CSV-format log files can easily be loaded into a database table for - subsequent analysis. - - - - - - Use PostgreSQL-supplied timezone support for formatting timestamps - displayed in the server log (Tom) - - - - This avoids Windows-specific problems with localized time zone - names that are in the wrong encoding. There is a new - log_timezone parameter that controls the timezone - used in log messages, independently of the client-visible - timezone parameter. - - - - - - New system view pg_stat_bgwriter displays - statistics about background writer activity (Magnus) - - - - - - Add new columns for database-wide tuple statistics to - pg_stat_database (Magnus) - - - - - - Add an xact_start (transaction start time) column to - pg_stat_activity (Neil) - - - - This makes it easier to identify long-running transactions. - - - - - - Add n_live_tuples and n_dead_tuples columns - to pg_stat_all_tables and related views (Glen - Parker) - - - - - - Merge stats_block_level and stats_row_level - parameters into a single parameter track_counts, which - controls all messages sent to the statistics collector process - (Tom) - - - - - - Rename stats_command_string parameter to - track_activities (Tom) - - - - - - Fix statistical counting of live and dead tuples to recognize that - committed and aborted transactions have different effects (Tom) - - - - - - - - - Authentication - - - - - Support Security Service Provider Interface (SSPI) for - authentication on Windows (Magnus) - - - - - - Support GSSAPI authentication (Henry Hotz, Magnus) - - - - This should be preferred to native Kerberos authentication because - GSSAPI is an industry standard. - - - - - - Support a global SSL configuration file (Victor Wagner) - - - - - - Add ssl_ciphers parameter to control accepted SSL ciphers - (Victor Wagner) - - - - - - Add a Kerberos realm parameter, krb_realm (Magnus) - - - - - - - - - Write-Ahead Log (<acronym>WAL</acronym>) and Continuous Archiving - - - - - Change the timestamps recorded in transaction WAL records from - time_t to TimestampTz representation (Tom) - - - - This provides sub-second resolution in WAL, which can be useful for - point-in-time recovery. - - - - - - Reduce WAL disk space needed by warm standby servers (Simon) - - - - This change allows a warm standby server to pass the name of the earliest - still-needed WAL file to the recovery script, allowing automatic removal - of no-longer-needed WAL files. This is done using %r in - the restore_command parameter of - recovery.conf. - - - - - - New boolean configuration parameter, archive_mode, - controls archiving (Simon) - - - - Previously setting archive_command to an empty string - turned off archiving. Now archive_mode turns archiving - on and off, independently of archive_command. This is - useful for stopping archiving temporarily. - - - - - - - - - Queries - - - - - Full text search is integrated into the core database - system (Teodor, Oleg) - - - - Text search has been improved, moved into the core code, and is now - installed by default. contrib/tsearch2 now contains - a compatibility interface. - - - - - - Add control over whether NULLs sort first or last (Teodor, Tom) - - - - The syntax is ORDER BY ... NULLS FIRST/LAST. - - - - - - Allow per-column ascending/descending (ASC/DESC) - ordering options for indexes (Teodor, Tom) - - - - Previously a query using ORDER BY with mixed - ASC/DESC specifiers could not fully use - an index. Now an index can be fully used in such cases if the - index was created with matching - ASC/DESC specifications. - NULL sort order within an index can be controlled, too. - - - - - - Allow col IS NULL to use an index (Teodor) - - - - - - Updatable cursors (Arul Shaji, Tom) - - - - This eliminates the need to reference a primary key to - UPDATE or DELETE rows returned by a cursor. - The syntax is UPDATE/DELETE WHERE CURRENT OF. - - - - - - Allow FOR UPDATE in cursors (Arul Shaji, Tom) - - - - - - Create a general mechanism that supports casts to and from the - standard string types (TEXT, VARCHAR, - CHAR) for every datatype, by - invoking the datatype's I/O functions (Tom) - - - - Previously, such casts were available only for types that had - specialized function(s) for the purpose. - These new casts are assignment-only in the to-string direction, - explicit-only in the other direction, and therefore should create no - surprising behavior. - - - - - - Allow UNION and related constructs to return a domain - type, when all inputs are of that domain type (Tom) - - - - Formerly, the output would be considered to be of the domain's base - type. - - - - - - Allow limited hashing when using two different data types (Tom) - - - - This allows hash joins, hash indexes, hashed subplans, and hash - aggregation to be used in situations involving cross-data-type - comparisons, if the data types have compatible hash functions. - Currently, cross-data-type hashing support exists for - smallint/integer/bigint, - and for float4/float8. - - - - - - Improve optimizer logic for detecting when variables are equal - in a WHERE clause (Tom) - - - - This allows mergejoins to work with descending sort orders, and - improves recognition of redundant sort columns. - - - - - - Improve performance when planning large inheritance trees in - cases where most tables are excluded by constraints (Tom) - - - - - - - - - Object Manipulation - - - - - - Arrays of composite types (David Fetter, Andrew, Tom) - - - - In addition to arrays of explicitly-declared composite types, - arrays of the rowtypes of regular tables and views are now - supported, except for rowtypes of system catalogs, sequences, and TOAST - tables. - - - - - - - Server configuration parameters can now be set on a per-function - basis (Tom) - - - - For example, functions can now set their own - search_path to prevent unexpected behavior if a - different search_path exists at run-time. Security - definer functions should set search_path to - avoid security loopholes. - - - - - - CREATE/ALTER FUNCTION now supports - COST and ROWS options (Tom) - - - - COST allows specification of the cost of a - function call. ROWS allows specification of - the average number or rows returned by a set-returning function. - These values are used by the optimizer in choosing the best plan. - - - - - - Implement CREATE TABLE LIKE ... INCLUDING - INDEXES (Trevor Hardcastle, Nikhil Sontakke, Neil) - - - - - - Allow CREATE INDEX CONCURRENTLY to ignore - transactions in other databases (Simon) - - - - - - Add ALTER VIEW ... RENAME TO and ALTER - SEQUENCE ... RENAME TO (David Fetter, Neil) - - - - Previously this could only be done via ALTER TABLE ... - RENAME TO. - - - - - - Make CREATE/DROP/RENAME DATABASE wait briefly for - conflicting backends to exit before failing (Tom) - - - - This increases the likelihood that these commands will succeed. - - - - - - Allow triggers and rules to be deactivated in groups using a - configuration parameter, for replication purposes (Jan) - - - - This allows replication systems to disable triggers and rewrite - rules as a group without modifying the system catalogs directly. - The behavior is controlled by ALTER TABLE and a new - parameter session_replication_role. - - - - - - User-defined types can now have type modifiers (Teodor, Tom) - - - - This allows a user-defined type to take a modifier, like - ssnum(7). Previously only built-in - data types could have modifiers. - - - - - - - - - Utility Commands - - - - - Non-superuser database owners now are able to add trusted procedural - languages to their databases by default (Jeremy Drake) - - - - While this is reasonably safe, some administrators might wish to - revoke the privilege. It is controlled by - pg_pltemplate.tmpldbacreate. - - - - - - Allow a session's current parameter setting to be used as the - default for future sessions (Tom) - - - - This is done with SET ... FROM CURRENT in - CREATE/ALTER FUNCTION, ALTER - DATABASE, or ALTER ROLE. - - - - - - Implement new commands DISCARD ALL, - DISCARD PLANS, DISCARD - TEMPORARY, CLOSE ALL, and - DEALLOCATE ALL (Marko Kreen, Neil) - - - - These commands simplify resetting a database session to its initial - state, and are particularly useful for connection-pooling software. - - - - - - Make CLUSTER MVCC-safe (Heikki Linnakangas) - - - - Formerly, CLUSTER would discard all tuples - that were committed dead, even if there were still transactions - that should be able to see them under MVCC visibility rules. - - - - - - Add new CLUSTER syntax: CLUSTER - table USING index - (Holger Schurig) - - - - The old CLUSTER syntax is still supported, but - the new form is considered more logical. - - - - - - Fix EXPLAIN so it can show complex plans - more accurately (Tom) - - - - References to subplan outputs are now always shown correctly, - instead of using ?columnN? - for complicated cases. - - - - - - Limit the amount of information reported when a user is dropped - (Alvaro) - - - - Previously, dropping (or attempting to drop) a user who owned many - objects could result in large NOTICE or - ERROR messages listing all these objects; this - caused problems for some client applications. The length of the - message is now limited, although a full list is still sent to the - server log. - - - - - - - - - Data Types - - - - - Support for the SQL/XML standard, including new operators and an - XML data type (Nikolay Samokhvalov, Pavel Stehule, Peter) - - - - - - Enumerated data types (ENUM) (Tom Dunstan) - - - - This feature provides convenient support for fields that have a - small, fixed set of allowed values. An example of creating an - ENUM type is - CREATE TYPE mood AS ENUM ('sad', 'ok', 'happy'). - - - - - - Universally Unique Identifier (UUID) data type (Gevik - Babakhani, Neil) - - - - This closely matches RFC 4122. - - - - - - Widen the MONEY data type to 64 bits (D'Arcy Cain) - - - - This greatly increases the range of supported MONEY - values. - - - - - - Fix float4/float8 to handle - Infinity and NAN (Not A Number) - consistently (Bruce) - - - - The code formerly was not consistent about distinguishing - Infinity from overflow conditions. - - - - - - Allow leading and trailing whitespace during input of - boolean values (Neil) - - - - - - Prevent COPY from using digits and lowercase letters as - delimiters (Tom) - - - - - - - - - Functions - - - - - Add new regular expression functions - regexp_matches(), - regexp_split_to_array(), and - regexp_split_to_table() (Jeremy Drake, Neil) - - - - These functions provide extraction of regular expression - subexpressions and allow splitting a string using a POSIX regular - expression. - - - - - - Add lo_truncate() for large object truncation - (Kris Jurka) - - - - - - Implement width_bucket() for the float8 - data type (Neil) - - - - - - Add pg_stat_clear_snapshot() to discard - statistics snapshots collected during the current transaction - (Tom) - - - - The first request for statistics in a transaction takes a statistics - snapshot that does not change during the transaction. This function - allows the snapshot to be discarded and a new snapshot loaded during - the next statistics query. This is particularly useful for PL/pgSQL - functions, which are confined to a single transaction. - - - - - - Add isodow option to EXTRACT() and - date_part() (Bruce) - - - - This returns the day of the week, with Sunday as seven. - (dow returns Sunday as zero.) - - - - - - Add ID (ISO day of week) and IDDD (ISO - day of year) format codes for to_char(), - to_date(), and to_timestamp() (Brendan - Jurd) - - - - - - Make to_timestamp() and to_date() - assume TM (trim) option for potentially - variable-width fields (Bruce) - - - - This matches Oracle's behavior. - - - - - - Fix off-by-one conversion error in - to_date()/to_timestamp() - D (non-ISO day of week) fields (Bruce) - - - - - - Make setseed() return void, rather than a - useless integer value (Neil) - - - - - - Add a hash function for NUMERIC (Neil) - - - - This allows hash indexes and hash-based plans to be used with - NUMERIC columns. - - - - - - Improve efficiency of - LIKE/ILIKE, especially for - multi-byte character sets like UTF-8 (Andrew, Itagaki Takahiro) - - - - - - Make currtid() functions require - SELECT privileges on the target table (Tom) - - - - - - Add several txid_*() functions to query - active transaction IDs (Jan) - - - - This is useful for various replication solutions. - - - - - - - - - PL/pgSQL Server-Side Language - - - - - Add scrollable cursor support, including directional control in - FETCH (Pavel Stehule) - - - - - - Allow IN as an alternative to - FROM in PL/pgSQL's FETCH - statement, for consistency with the backend's - FETCH command (Pavel Stehule) - - - - - - Add MOVE to PL/pgSQL (Magnus, Pavel Stehule, - Neil) - - - - - - Implement RETURN QUERY (Pavel Stehule, Neil) - - - - This adds convenient syntax for PL/pgSQL set-returning functions - that want to return the result of a query. RETURN QUERY - is easier and more efficient than a loop - around RETURN NEXT. - - - - - - Allow function parameter names to be qualified with the - function's name (Tom) - - - - For example, myfunc.myvar. This is particularly - useful for specifying variables in a query where the variable - name might match a column name. - - - - - - Make qualification of variables with block labels work properly (Tom) - - - - Formerly, outer-level block labels could unexpectedly interfere with - recognition of inner-level record or row references. - - - - - - Tighten requirements for FOR loop - STEP values (Tom) - - - - Prevent non-positive STEP values, and handle - loop overflows. - - - - - - Improve accuracy when reporting syntax error locations (Tom) - - - - - - - - - Other Server-Side Languages - - - - - Allow type-name arguments to PL/Perl - spi_prepare() to be data type aliases in - addition to names found in pg_type (Andrew) - - - - - - Allow type-name arguments to PL/Python - plpy.prepare() to be data type aliases in - addition to names found in pg_type (Andrew) - - - - - - Allow type-name arguments to PL/Tcl spi_prepare to - be data type aliases in addition to names found in - pg_type (Andrew) - - - - - - Enable PL/PythonU to compile on Python 2.5 (Marko Kreen) - - - - - - Support a true PL/Python boolean type in compatible Python versions - (Python 2.3 and later) (Marko Kreen) - - - - - - Fix PL/Tcl problems with thread-enabled libtcl spawning - multiple threads within the backend (Steve Marshall, Paul Bayer, - Doug Knight) - - - - This caused all sorts of unpleasantness. - - - - - - - - - <link linkend="app-psql"><application>psql</application></link> - - - - - List disabled triggers separately in \d output - (Brendan Jurd) - - - - - - In \d patterns, always match $ - literally (Tom) - - - - - - Show aggregate return types in \da output - (Greg Sabino Mullane) - - - - - - Add the function's volatility status to the output of - \df+ (Neil) - - - - - - Add \prompt capability (Chad Wagner) - - - - - - Allow \pset, \t, and - \x to specify on or off, - rather than just toggling (Chad Wagner) - - - - - - Add \sleep capability (Jan) - - - - - - Enable \timing output for \copy (Andrew) - - - - - - Improve \timing resolution on Windows - (Itagaki Takahiro) - - - - - - Flush \o output after each backslash command (Tom) - - - - - - Correctly detect and report errors while reading a -f - input file (Peter) - - - - - - Remove -u option (this option has long been deprecated) - (Tom) - - - - - - - - - <link linkend="app-pgdump"><application>pg_dump</application></link> - - - - - Add --tablespaces-only and --roles-only - options to pg_dumpall (Dave Page) - - - - - - Add an output file option to - pg_dumpall (Dave Page) - - - - This is primarily useful on Windows, where output redirection of - child pg_dump processes does not work. - - - - - - Allow pg_dumpall to accept an initial-connection - database name rather than the default - template1 (Dave Page) - - - - - - In -n and -t switches, always match - $ literally (Tom) - - - - - - Improve performance when a database has thousands of objects (Tom) - - - - - - Remove -u option (this option has long been deprecated) - (Tom) - - - - - - - - - Other Client Applications - - - - - In initdb, allow the location of the - pg_xlog directory to be specified - (Euler Taveira de Oliveira) - - - - - - Enable server core dump generation in pg_regress - on supported operating systems (Andrew) - - - - - - Add a -t (timeout) parameter to pg_ctl - (Bruce) - - - - This controls how long pg_ctl will wait when waiting - for server startup or shutdown. Formerly the timeout was hard-wired - as 60 seconds. - - - - - - Add a pg_ctl option to control generation - of server core dumps (Andrew) - - - - - - Allow Control-C to cancel clusterdb, - reindexdb, and vacuumdb (Itagaki - Takahiro, Magnus) - - - - - - Suppress command tag output for createdb, - createuser, dropdb, and - dropuser (Peter) - - - - The --quiet option is ignored and will be removed in 8.4. - Progress messages when acting on all databases now go to stdout - instead of stderr because they are not actually errors. - - - - - - - - - <link linkend="libpq"><application>libpq</application></link> - - - - - Interpret the dbName parameter of - PQsetdbLogin() as a conninfo string if - it contains an equals sign (Andrew) - - - - This allows use of conninfo strings in client - programs that still use PQsetdbLogin(). - - - - - - Support a global SSL configuration file (Victor - Wagner) - - - - - - Add environment variable PGSSLKEY to control - SSL hardware keys (Victor Wagner) - - - - - - Add lo_truncate() for large object - truncation (Kris Jurka) - - - - - - Add PQconnectionNeedsPassword() that returns - true if the server required a password but none was supplied - (Joe Conway, Tom) - - - - If this returns true after a failed connection attempt, a client - application should prompt the user for a password. In the past - applications have had to check for a specific error message string to - decide whether a password is needed; that approach is now - deprecated. - - - - - - Add PQconnectionUsedPassword() that returns - true if the supplied password was actually used - (Joe Conway, Tom) - - - - This is useful in some security contexts where it is important - to know whether a user-supplied password is actually valid. - - - - - - - - - <link linkend="ecpg"><application>ecpg</application></link> - - - - - Use V3 frontend/backend protocol (Michael) - - - - This adds support for server-side prepared statements. - - - - - - Use native threads, instead of pthreads, on Windows (Magnus) - - - - - - Improve thread-safety of ecpglib (Itagaki Takahiro) - - - - - - Make the ecpg libraries export only necessary API symbols (Michael) - - - - - - - - - <application>Windows</application> Port - - - - - Allow the whole PostgreSQL distribution to be compiled - with Microsoft Visual C++ (Magnus and others) - - - - This allows Windows-based developers to use familiar development - and debugging tools. - Windows executables made with Visual C++ might also have better - stability and performance than those made with other tool sets. - The client-only Visual C++ build scripts have been removed. - - - - - - Drastically reduce postmaster's memory usage when it has many child - processes (Magnus) - - - - - - Allow regression tests to be started by an administrative - user (Magnus) - - - - - - Add native shared memory implementation (Magnus) - - - - - - - - - Server Programming Interface (<acronym>SPI</acronym>) - - - - - Add cursor-related functionality in SPI (Pavel Stehule) - - - - Allow access to the cursor-related planning options, and add - FETCH/MOVE routines. - - - - - - Allow execution of cursor commands through - SPI_execute (Tom) - - - - The macro SPI_ERROR_CURSOR still exists but will - never be returned. - - - - - - SPI plan pointers are now declared as SPIPlanPtr instead of - void * (Tom) - - - - This does not break application code, but switching is - recommended to help catch simple programming mistakes. - - - - - - - - - Build Options - - - - - Add configure option --enable-profiling - to enable code profiling (works only with gcc) - (Korry Douglas and Nikhil Sontakke) - - - - - - Add configure option --with-system-tzdata - to use the operating system's time zone database (Peter) - - - - - - Fix PGXS so extensions can be built against PostgreSQL - installations whose pg_config program does not - appear first in the PATH (Tom) - - - - - - Support gmake draft when building the - SGML documentation (Bruce) - - - - Unless draft is used, the documentation build will - now be repeated if necessary to ensure the index is up-to-date. - - - - - - - - - Source Code - - - - - Rename macro DLLIMPORT to PGDLLIMPORT to - avoid conflicting with third party includes (like Tcl) that - define DLLIMPORT (Magnus) - - - - - - Create operator families to improve planning of - queries involving cross-data-type comparisons (Tom) - - - - - - Update GIN extractQuery() API to allow signalling - that nothing can satisfy the query (Teodor) - - - - - - Move NAMEDATALEN definition from - postgres_ext.h to pg_config_manual.h - (Peter) - - - - - - Provide strlcpy() and - strlcat() on all platforms, and replace - error-prone uses of strncpy(), - strncat(), etc (Peter) - - - - - - Create hooks to let an external plugin monitor (or even replace) the - planner and create plans for hypothetical situations (Gurjeet - Singh, Tom) - - - - - - Create a function variable join_search_hook to let plugins - override the join search order portion of the planner (Julius - Stroffek) - - - - - - Add tas() support for Renesas' M32R processor - (Kazuhiro Inaoka) - - - - - - quote_identifier() and - pg_dump no longer quote keywords that are - unreserved according to the grammar (Tom) - - - - - - Change the on-disk representation of the NUMERIC - data type so that the sign_dscale word comes - before the weight (Tom) - - - - - - Use SYSV semaphores rather than POSIX on Darwin - >= 6.0, i.e., macOS 10.2 and up (Chris Marcellino) - - - - - - Add acronym and NFS documentation - sections (Bruce) - - - - - - "Postgres" is now documented as an accepted alias for - "PostgreSQL" (Peter) - - - - - - Add documentation about preventing database server spoofing when - the server is down (Bruce) - - - - - - - - - Contrib - - - - - Move contrib README content into the - main PostgreSQL documentation (Albert Cervera i - Areny) - - - - - - Add contrib/pageinspect module for low-level - page inspection (Simon, Heikki) - - - - - - Add contrib/pg_standby module for controlling - warm standby operation (Simon) - - - - - - Add contrib/uuid-ossp module for generating - UUID values using the OSSP UUID library (Peter) - - - - Use configure - --with-ossp-uuid to activate. This takes - advantage of the new UUID builtin type. - - - - - - Add contrib/dict_int, - contrib/dict_xsyn, and - contrib/test_parser modules to provide - sample add-on text search dictionary templates and parsers - (Sergey Karpov) - - - - - - Allow contrib/pgbench to set the fillfactor (Pavan - Deolasee) - - - - - - Add timestamps to contrib/pgbench -l - (Greg Smith) - - - - - - Add usage count statistics to - contrib/pgbuffercache (Greg Smith) - - - - - - Add GIN support for contrib/hstore (Teodor) - - - - - - Add GIN support for contrib/pg_trgm (Guillaume Smet, Teodor) - - - - - - Update OS/X startup scripts in - contrib/start-scripts (Mark Cotner, David - Fetter) - - - - - - Restrict pgrowlocks() and - dblink_get_pkey() to users who have - SELECT privilege on the target table (Tom) - - - - - - Restrict contrib/pgstattuple functions to - superusers (Tom) - - - - - - contrib/xml2 is deprecated and planned for - removal in 8.4 (Peter) - - - - The new XML support in core PostgreSQL supersedes this module. - - - - - - - - diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml deleted file mode 100644 index 934f720387..0000000000 --- a/doc/src/sgml/release-8.4.sgml +++ /dev/null @@ -1,10080 +0,0 @@ - - - - - Release 8.4.22 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 8.4.21. - For information about new features in the 8.4 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.4.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.4.22 - - - A dump/restore is not required for those running 8.4.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 8.4.19, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 8.4.21 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 8.4.20. - For information about new features in the 8.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.4.X release series in July 2014. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.4.21 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.19, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 8.4.20 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 8.4.19. - For information about new features in the 8.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.4.X release series in July 2014. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.4.20 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.19, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 8.4.19 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 8.4.18. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.19 - - - A dump/restore is not required for those running 8.4.X. - - - - However, this release corrects a potential data corruption - issue. See the first changelog entry below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 8.4.17, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. Users - upgrading from release 8.4.8 or earlier are not affected, but all later - versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 8.4.18 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 8.4.17. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.18 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.17, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 8.4.17 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 8.4.16. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.17 - - - A dump/restore is not required for those running 8.4.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump (Michael Paquier) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 8.4.16 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 8.4.15. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.16 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 8.4.15 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 8.4.14. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.15 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to the precheck logic for a foreign-key enforcement - trigger. That could result in a crash, or in an incorrect decision - about whether to fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in mode as well as the regular COPY mode. - - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 8.4.14 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 8.4.13. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.14 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Fix planner's assignment of executor parameters, and fix executor's - rescan logic for CTE plan nodes (Tom Lane) - - - - These errors could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 8.4.13 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 8.4.12. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.13 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Back-patch 9.1 improvement to compress the fsync request queue - (Robert Haas) - - - - This improves performance during checkpoints. The 9.1 change - has now seen enough field testing to seem safe to back-patch. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Fix WITH attached to a nested set operation - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Fix bugs with parsing signed - hh:mm and - hh:mm:ss - fields in interval constants (Amit Kapila, Tom Lane) - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 8.4.12 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 8.4.11. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.12 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Fix planner's handling of outer PlaceHolderVars within subqueries (Tom - Lane) - - - - This bug concerns sub-SELECTs that reference variables coming from the - nullable side of an outer join of the surrounding query. - In 9.1, queries affected by this bug would fail with ERROR: - Upper-level PlaceHolderVar found where not expected. But in 9.0 and - 8.4, you'd silently get possibly-wrong answers, since the value - transmitted into the subquery wouldn't go to null when it should. - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Fix COPY FROM to properly handle null marker strings that - correspond to invalid encoding (Tom Lane) - - - - A null marker string such as E'\\0' should work, and did - work in the past, but the case got broken in 8.4. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix WAL replay logic for GIN indexes to not fail if the index was - subsequently dropped (Tom Lane) - - - - - - Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe - Conway) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Fix potential access off the end of memory in psql's - expanded display (\x) mode (Peter Eisentraut) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Fix contrib/dblink to report the correct connection name in - error messages (Kyotaro Horiguchi) - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 8.4.11 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 8.4.10. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.11 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Remove arbitrary limitation on length of common name in SSL - certificates (Heikki Linnakangas) - - - - Both libpq and the server truncated the common name - extracted from an SSL certificate at 32 bytes. Normally this would - cause nothing worse than an unexpected verification failure, but there - are some rather-implausible scenarios in which it might allow one - certificate holder to impersonate another. The victim would have to - have a common name exactly 32 bytes long, and the attacker would have - to persuade a trusted CA to issue a certificate in which the common - name has that string as a prefix. Impersonating a server would also - require some additional exploit to redirect client connections. - (CVE-2012-0867) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Update per-column permissions, not only per-table permissions, when - changing table owner (Tom Lane) - - - - Failure to do this meant that any previously granted column permissions - were still shown as having been granted by the old owner. This meant - that neither the new owner nor a superuser could revoke the - now-untraceable-to-table-owner permissions. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Avoid crashing when we have problems deleting table files post-commit - (Tom Lane) - - - - Dropping a table should lead to deleting the underlying disk files only - after the transaction commits. In event of failure then (for instance, - because of wrong file permissions) the code is supposed to just emit a - warning message and go on, since it's too late to abort the - transaction. This logic got broken as of release 8.4, causing such - situations to result in a PANIC and an unrestartable database. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Fix dangling pointer after CREATE TABLE AS/SELECT - INTO in a SQL-language function (Tom Lane) - - - - In most cases this only led to an assertion failure in assert-enabled - builds, but worse consequences seem possible. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - or options fail when - using pg_restore from a release dated September or - December 2011, as a result of an oversight in a fix for another - problem. The archive file itself is not at fault, and text-mode - output is okay. - - - - - - Allow AT option in ecpg - DEALLOCATE statements (Michael Meskes) - - - - The infrastructure to support this has been there for awhile, but - through an oversight there was still an error check rejecting the case. - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use option when building with - gcc versions that accept it (Andrew Dunstan) - - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - - - - - Release 8.4.10 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 8.4.9. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.10 - - - A dump/restore is not required for those running 8.4.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 8.4.8, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix incorrect replay of WAL records for GIN index updates - (Tom Lane) - - - - This could result in transiently failing to find index entries after - a crash, or on a hot-standby server. The problem would be repaired - by the next VACUUM of the index, however. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Track dependencies of functions on items used in parameter default - expressions (Tom Lane) - - - - Previously, a referenced object could be dropped without having dropped - or modified the function, leading to misbehavior when the function was - used. Note that merely installing this update will not fix the missing - dependency entries; to do that, you'd need to CREATE OR - REPLACE each such function afterwards. If you have functions whose - defaults depend on non-built-in objects, doing so is recommended. - - - - - - Allow inlining of set-returning SQL functions with multiple OUT - parameters (Tom Lane) - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Preserve configuration file name and line number values when starting - child processes under Windows (Tom Lane) - - - - Formerly, these would not be displayed correctly in the - pg_settings view. - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 8.4.9 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 8.4.8. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.9 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.8, - see . - - - - - - Changes - - - - - - Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane) - - - - These bugs could result in index corruption after reindexing a system - catalog. They are not believed to affect user indexes. - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Fix possible buffer overrun in tsvector_concat() - (Tom Lane) - - - - The function could underestimate the amount of memory needed for its - result, leading to server crashes. - - - - - - Fix crash in xml_recv when processing a - standalone parameter (Tom Lane) - - - - - - Make pg_options_to_table return NULL for an option with no - value (Tom Lane) - - - - Previously such cases would result in a server crash. - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - and in SJIS-2004 encoding conversion (Noah Misch) - - - - This fixes some very-low-probability server crash scenarios. - - - - - - Prevent intermittent hang in interactions of startup process with - bgwriter process (Simon Riggs) - - - - This affected recovery in non-hot-standby cases. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix incorrect memory accounting (leading to possible memory bloat) in - tuplestores supporting holdable cursors and plpgsql's RETURN - NEXT command (Tom Lane) - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix join selectivity estimation for unique columns (Tom Lane) - - - - This fixes an erroneous planner heuristic that could lead to poor - estimates of the result size of a join. - - - - - - Fix nested PlaceHolderVar expressions that appear only in sub-select - target lists (Tom Lane) - - - - This mistake could result in outputs of an outer join incorrectly - appearing as NULL. - - - - - - Allow nested EXISTS queries to be optimized properly (Tom - Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Fix EXPLAIN to handle gating Result nodes within - inner-indexscan subplans (Tom Lane) - - - - The usual symptom of this oversight was bogus varno errors. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Fix VACUUM so that it always updates - pg_class.reltuples/relpages (Tom - Lane) - - - - This fixes some scenarios where autovacuum could make increasingly poor - decisions about when to vacuum tables. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix cases where CLUSTER might attempt to access - already-removed TOAST data (Tom Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari, - Magnus Hagander) - - - - The typical symptom of this problem was The function requested is - not supported errors during SSPI login. - - - - - - Throw an error if pg_hba.conf contains hostssl - but SSL is disabled (Tom Lane) - - - - This was concluded to be more user-friendly than the previous behavior - of silently ignoring such lines. - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - Weaken plpgsql's check for typmod matching in record values (Tom Lane) - - - - An overly enthusiastic check could lead to discarding length modifiers - that should have been kept. - - - - - - Correctly handle quotes in locale names during initdb - (Heikki Linnakangas) - - - - The case can arise with some Windows locales, such as People's - Republic of China. - - - - - - Fix pg_upgrade to preserve toast tables' relfrozenxids - during an upgrade from 8.3 (Bruce Momjian) - - - - Failure to do this could lead to pg_clog files being - removed too soon after the upgrade. - - - - - - In pg_ctl, support silent mode for service registrations - on Windows (MauMau) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Be more user-friendly about unsupported cases for parallel - pg_restore (Tom Lane) - - - - This change ensures that such cases are detected and reported before - any restore actions have been taken. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Improve libpq's error reporting for SSL failures (Tom - Lane) - - - - - - Fix PQsetvalue() to avoid possible crash when adding a new - tuple to a PGresult originally obtained from a server - query (Andrew Chernow) - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - In ecpglib, be sure LC_NUMERIC setting is - restored after an error (Michael Meskes) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Update configure script's method for probing existence of system - functions (Tom Lane) - - - - The version of autoconf we used in 8.3 and 8.2 could be fooled by - compilers that perform link-time optimization. - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 8.4.8 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 8.4.7. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.8 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if your installation was upgraded from a previous major - release by running pg_upgrade, you should take - action to prevent possible data loss due to a now-fixed bug in - pg_upgrade. The recommended solution is to run - VACUUM FREEZE on all TOAST tables. - More information is available at - http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix. - - - - Also, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Fix pg_upgrade's handling of TOAST tables - (Bruce Momjian) - - - - The pg_class.relfrozenxid value for - TOAST tables was not correctly copied into the new installation - during pg_upgrade. This could later result in - pg_clog files being discarded while they were still - needed to validate tuples in the TOAST tables, leading to - could not access status of transaction failures. - - - - This error poses a significant risk of data loss for installations - that have been upgraded with pg_upgrade. This patch - corrects the problem for future uses of pg_upgrade, - but does not in itself cure the issue in installations that have been - processed with a buggy version of pg_upgrade. - - - - - - Suppress incorrect PD_ALL_VISIBLE flag was incorrectly set - warning (Heikki Linnakangas) - - - - VACUUM would sometimes issue this warning in cases that - are actually valid. - - - - - - Disallow including a composite type in itself (Tom Lane) - - - - This prevents scenarios wherein the server could recurse infinitely - while processing the composite type. While there are some possible - uses for such a structure, they don't seem compelling enough to - justify the effort required to make sure it always works safely. - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Prevent crash triggered by constant-false WHERE conditions during - GEQO optimization (Tom Lane) - - - - - - Improve planner's handling of semi-join and anti-join cases - (Tom Lane) - - - - - - Fix selectivity estimation for text search to account for NULLs - (Jesper Krogh) - - - - - - Improve PL/pgSQL's ability to handle row types with dropped columns - (Pavel Stehule) - - - - This is a back-patch of fixes previously made in 9.0. - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Fix version-incompatibility problem with libintl on - Windows (Hiroshi Inoue) - - - - - - Fix usage of xcopy in Windows build scripts to - work correctly under Windows 7 (Andrew Dunstan) - - - - This affects the build scripts only, not installation or usage. - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 8.4.7 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 8.4.6. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.7 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix pg_restore's text output for large objects (BLOBs) - when standard_conforming_strings is on (Tom Lane) - - - - Although restoring directly to a database worked correctly, string - escaping was incorrect if pg_restore was asked for - SQL text output and standard_conforming_strings had been - enabled in the source database. - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 8.4.6 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.4.5. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.6 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Fix persistent slowdown of autovacuum workers when multiple workers - remain active for a long time (Tom Lane) - - - - The effective vacuum_cost_limit for an autovacuum worker - could drop to nearly zero if it processed enough tables, causing it - to run extremely slowly. - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Fix error checking during early connection processing (Tom Lane) - - - - The check for too many child processes was skipped in some cases, - possibly leading to postmaster crash when attempting to add the new - child process to fixed-size arrays. - - - - - - Improve efficiency of window functions (Tom Lane) - - - - Certain cases where a large number of tuples needed to be read in - advance, but work_mem was large enough to allow them all - to be held in memory, were unexpectedly slow. - percent_rank(), cume_dist() and - ntile() in particular were subject to this problem. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Fix postmaster crash when connection acceptance - (accept() or one of the calls made immediately after it) - fails, and the postmaster was compiled with GSSAPI support (Alexander - Chernikov) - - - - - - Fix missed unlink of temporary files when log_temp_files - is active (Tom Lane) - - - - If an error occurred while attempting to emit the log message, the - unlink was not done, resulting in accumulation of temp files. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix incorrect calculation of transaction status in - ecpg (Itagaki Takahiro) - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.4.5 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.4.4. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.5 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on - Windows (Magnus Hagander) - - - - Under high load, Windows processes will sometimes fail at startup with - this error code. Formerly the postmaster treated this as a panic - condition and restarted the whole database, but that seems to be - an overreaction. - - - - - - Fix incorrect placement of placeholder evaluation (Tom Lane) - - - - This bug could result in query outputs being non-null when they - should be null, in cases where the inner side of an outer join - is a sub-select with non-strict expressions in its output list. - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Fix mishandling of whole-row Vars that reference a view or sub-select - and appear within a nested sub-select (Tom Lane) - - - - - - Fix mishandling of cross-type IN comparisons (Tom Lane) - - - - This could result in failures if the planner tried to implement an - IN join with a sort-then-unique-then-plain-join plan. - - - - - - Fix computation of ANALYZE statistics for tsvector - columns (Jan Urbanski) - - - - The original coding could produce incorrect statistics, leading to - poor plan choices later. - - - - - - Improve planner's estimate of memory used by array_agg(), - string_agg(), and similar aggregate functions - (Hitoshi Harada) - - - - The previous drastic underestimate could lead to out-of-memory failures - due to inappropriate choice of a hash-aggregation plan. - - - - - - Fix failure to mark cached plans as transient (Tom Lane) - - - - If a plan is prepared while CREATE INDEX CONCURRENTLY is - in progress for one of the referenced tables, it is supposed to be - re-planned once the index is ready for use. This was not happening - reliably. - - - - - - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, - and provide additional detail in the resulting error messages - (Tom Lane) - - - - This should improve the system's robustness with corrupted indexes. - - - - - - Fix incorrect search logic for partial-match queries with GIN indexes - (Tom Lane) - - - - Cases involving AND/OR combination of several GIN index conditions - didn't always give the right answer, and were sometimes much slower - than necessary. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible corruption of pending trigger event lists during - subtransaction rollback (Tom Lane) - - - - This could lead to a crash or incorrect firing of triggers. - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Improve merge join's handling of NULLs in the join columns (Tom Lane) - - - - A merge join can now stop entirely upon reaching the first NULL, - if the sort order is such that NULLs sort high. - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Avoid holding open old WAL segments in the walwriter process - (Magnus Hagander, Heikki Linnakangas) - - - - The previous coding would prevent removal of no-longer-needed segments. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Prevent misinterpretation of partially-specified relation options - for TOAST tables (Itagaki Takahiro) - - - - In particular, fillfactor would be read as zero if any - other reloption had been set for the table, leading to serious bloat. - - - - - - Fix inheritance count tracking in ALTER TABLE ... ADD - CONSTRAINT (Robert Haas) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - Improve CREATE INDEX's checking of whether proposed index - expressions are immutable (Tom Lane) - - - - - - Fix REASSIGN OWNED to handle operator classes and families - (Asko Tiidumaa) - - - - - - Fix possible core dump when comparing two empty tsquery values - (Tom Lane) - - - - - - Fix LIKE's handling of patterns containing % - followed by _ (Tom Lane) - - - - We've fixed this before, but there were still some incorrectly-handled - cases. - - - - - - Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane) - - - - Input such as 'J100000'::date worked before 8.4, - but was unintentionally broken by added error-checking. - - - - - - Fix PL/pgSQL to throw an error, not crash, if a cursor is closed within - a FOR loop that is iterating over that cursor - (Heikki Linnakangas) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - In libpq, fix full SSL certificate verification for the - case where both host and hostaddr are specified - (Tom Lane) - - - - - - Make psql recognize DISCARD ALL as a command that should - not be encased in a transaction block in autocommit-off mode - (Itagaki Takahiro) - - - - - - Fix some issues in pg_dump's handling of SQL/MED objects - (Tom Lane) - - - - Notably, pg_dump would always fail if run by a - non-superuser, which was not intended. - - - - - - Improve pg_dump and pg_restore's - handling of non-seekable archive files (Tom Lane, Robert Haas) - - - - This is important for proper functioning of parallel restore. - - - - - - Improve parallel pg_restore's ability to cope with selective restore - (-L option) (Tom Lane) - - - - The original code tended to fail if the -L file commanded - a non-default restore ordering. - - - - - - Fix ecpg to process data from RETURNING - clauses correctly (Michael Meskes) - - - - - - Fix some memory leaks in ecpg (Zoltan Boszormenyi) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Add hstore(text, text) - function to contrib/hstore (Robert Haas) - - - - This function is the recommended substitute for the now-deprecated - => operator. It was back-patched so that future-proofed - code can be used with older server versions. Note that the patch will - be effective only after contrib/hstore is installed or - reinstalled in a particular database. Users might prefer to execute - the CREATE FUNCTION command by hand, instead. - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - Make Windows' N. Central Asia Standard Time timezone map to - Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander) - - - - Microsoft changed the DST behavior of this zone in the timezone update - from KB976098. Asia/Novosibirsk is a better match to its new behavior. - - - - - - - - - - Release 8.4.4 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.4.3. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.4 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Fix data corruption during WAL replay of - ALTER ... SET TABLESPACE (Tom) - - - - When archive_mode is on, ALTER ... SET TABLESPACE - generates a WAL record whose replay logic was incorrect. It could write - the data to the wrong place, leading to possibly-unrecoverable data - corruption. Data corruption would be observed on standby slaves, and - could occur on the master as well if a database crash and recovery - occurred after committing the ALTER and before the next - checkpoint. - - - - - - Fix possible crash if a cache reset message is received during - rebuild of a relcache entry (Heikki) - - - - This error was introduced in 8.4.3 while fixing a related failure. - - - - - - Apply per-function GUC settings while running the language validator - for the function (Itagaki Takahiro) - - - - This avoids failures if the function's code is invalid without the - setting; an example is that SQL functions may not parse if the - search_path is not correct. - - - - - - Do constraint exclusion for inherited UPDATE and - DELETE target tables when - constraint_exclusion = partition (Tom) - - - - Due to an oversight, this setting previously only caused constraint - exclusion to be checked in SELECT commands. - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Fix erroneous handling of %r parameter in - recovery_end_command (Heikki) - - - - The value always came out zero. - - - - - - Ensure the archiver process responds to changes in - archive_command as soon as possible (Tom) - - - - - - Fix PL/pgSQL's CASE statement to not fail when the - case expression is a query that returns no rows (Tom) - - - - - - Update PL/Perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in PL/Python (Andreas Freund, Tom) - - - - - - Handle empty-string connect parameters properly in ecpg (Michael) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Fix psql's \copy to not add spaces around - a dot within \copy (select ...) (Tom) - - - - Addition of spaces around the decimal point in a numeric literal would - result in a syntax error. - - - - - - Avoid formatting failure in psql when running in a - locale context that doesn't match the client_encoding - (Tom) - - - - - - Fix unnecessary GIN indexes do not support whole-index scans - errors for unsatisfiable queries using contrib/intarray - operators (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including macOS. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Avoid possible crashes in syslogger process on Windows (Heikki) - - - - - - Deal more robustly with incomplete time zone information in the - Windows registry (Magnus) - - - - - - Update the set of known Windows time zone names (Magnus) - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - Also, add PKST (Pakistan Summer Time) to the default set of - timezone abbreviations. - - - - - - - - - - Release 8.4.3 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.4.2. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.3 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible deadlock during backend startup (Tom) - - - - - - Fix possible crashes due to not handling errors during relcache reload - cleanly (Tom) - - - - - - Fix possible crash due to use of dangling pointer to a cached plan - (Tatsuo) - - - - - - Fix possible crash due to overenthusiastic invalidation of cached - plan for ROLLBACK (Tom) - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST - index page split (Yoichi Hirai) - - - - This would result in index corruption, or even more likely an error - during WAL replay, if we were unlucky enough to crash during - end-of-recovery cleanup after having completed an incomplete GIST - insertion. - - - - - - Fix bug in WAL redo cleanup method for GIN indexes (Heikki) - - - - - - Fix incorrect comparison of scan key in GIN index search (Teodor) - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix bug occurring when trying to inline a SQL function that returns - a set of a composite type that contains dropped columns (Tom) - - - - - - Fix bug with trying to update a field of an element of a - composite-type array column (Tom) - - - - - - Avoid failure when EXPLAIN has to print a FieldStore or - assignment ArrayRef expression (Tom) - - - - These cases can arise now that EXPLAIN VERBOSE tries to - print plan node target lists. - - - - - - Avoid an unnecessary coercion failure in some cases where an undecorated - literal string appears in a subquery within - UNION/INTERSECT/EXCEPT (Tom) - - - - This fixes a regression for some cases that worked before 8.4. - - - - - - Avoid undesirable rowtype compatibility check failures in some cases - where a whole-row Var has a rowtype that contains dropped columns (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Always pass the catalog ID to an option validator function specified in - CREATE FOREIGN DATA WRAPPER (Martin Pihlak) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - Add support for doing FULL JOIN ON FALSE (Tom) - - - - This prevents a regression from pre-8.4 releases for some queries that - can now be simplified to a constant-false join condition. - - - - - - Improve constraint exclusion processing of boolean-variable cases, - in particular make it possible to exclude a partition that has a - bool_column = false constraint (Tom) - - - - - - Prevent treating an INOUT cast as representing binary - compatibility (Heikki) - - - - - - Include column name in the message when warning about inability to - grant or revoke column-level privileges (Stephen Frost) - - - - This is more useful than before and helps to prevent confusion when - a REVOKE generates multiple messages, which formerly - appeared to be duplicates. - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix possible infinite loop if SSL_read or - SSL_write fails without setting errno (Tom) - - - - This is reportedly possible with some Windows versions of - OpenSSL. - - - - - - Disallow GSSAPI authentication on local connections, - since it requires a hostname to function correctly (Magnus) - - - - - - Protect ecpg against applications freeing strings - unexpectedly (Michael) - - - - - - Make ecpg report the proper SQLSTATE if the connection - disappears (Michael) - - - - - - Fix translation of cell contents in psql \d - output (Heikki) - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Fix a small per-query memory leak in psql (Tom) - - - - - - Make psql return the correct exit status (3) when - ON_ERROR_STOP and --single-transaction are - both specified and an error occurs during the implied COMMIT - (Bruce) - - - - - - Fix pg_dump's output of permissions for foreign servers - (Heikki) - - - - - - Fix possible crash in parallel pg_restore due to - out-of-range dependency IDs (Tom) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Fix possible failure when calling PL/Perl functions from PL/PerlU - or vice versa (Tim Bunce) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent ExecutorEnd from being run on portals created - within a failed transaction or subtransaction (Tom) - - - - This is known to cause issues when using - contrib/auto_explain. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Allow zero-dimensional arrays in contrib/ltree operations - (Tom) - - - - This case was formerly rejected as an error, but it's more convenient to - treat it the same as a zero-element array. In particular this avoids - unnecessary failures when an ltree operation is applied to the - result of ARRAY(SELECT ...) and the sub-select returns no - rows. - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Make building of contrib/xml2 more robust on Windows - (Andrew) - - - - - - Fix race condition in Windows signal handling (Radu Ilie) - - - - One known symptom of this bug is that rows in pg_listener - could be dropped under heavy load. - - - - - - Make the configure script report failure if the C compiler does - not provide a working 64-bit integer datatype (Tom) - - - - This case has been broken for some time, and no longer seems worth - supporting, so just reject it at configure time instead. - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.4.2 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.4.1. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.2 - - - A dump/restore is not required for those running 8.4.X. - However, if you have any hash indexes, - you should REINDEX them after updating to 8.4.2, - to repair possible damage. - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix hash index corruption (Tom) - - - - The 8.4 change that made hash indexes keep entries sorted by hash value - failed to update the bucket splitting and compaction routines to - preserve the ordering. So application of either of those operations - could lead to permanent corruption of an index, in the sense that - searches might fail to find entries that are present. To deal with - this, it is recommended to REINDEX any hash indexes you may - have after installing this update. - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Avoid crash on empty thesaurus dictionary (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix crash if a DROP is attempted on an internally-dependent - object (Tom) - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix memory leak in syslogger process when rotating to a new CSV logfile - (Tom) - - - - - - Fix memory leak in postmaster when re-parsing pg_hba.conf - (Tom) - - - - - - Fix Windows permission-downgrade logic (Jesse Morris) - - - - This fixes some cases where the database failed to start on Windows, - often with misleading error messages such as could not locate - matching postgres executable. - - - - - - Make FOR UPDATE/SHARE in the primary query not propagate - into WITH queries (Tom) - - - - For example, in - -WITH w AS (SELECT * FROM foo) SELECT * FROM w, bar ... FOR UPDATE - - the FOR UPDATE will now affect bar but not - foo. This is more useful and consistent than the original - 8.4 behavior, which tried to propagate FOR UPDATE into the - WITH query but always failed due to assorted implementation - restrictions. It also follows the design rule that WITH - queries are executed as if independent of the main query. - - - - - - Fix bug with a WITH RECURSIVE query immediately inside - another one (Tom) - - - - - - Fix concurrency bug in hash indexes (Tom) - - - - Concurrent insertions could cause index scans to transiently report - wrong results. - - - - - - Fix incorrect logic for GiST index page splits, when the split depends - on a non-first column of the index (Paul Ramsey) - - - - - - Fix wrong search results for a multi-column GIN index with - fastupdate enabled (Teodor) - - - - - - Fix bugs in WAL entry creation for GIN indexes (Tom) - - - - These bugs were masked when full_page_writes was on, but - with it off a WAL replay failure was certain if a crash occurred before - the next checkpoint. - - - - - - Don't error out if recycling or removing an old WAL file fails at the - end of checkpoint (Heikki) - - - - It's better to treat the problem as non-fatal and allow the checkpoint - to complete. Future checkpoints will retry the removal. Such problems - are not expected in normal operation, but have been seen to be - caused by misdesigned Windows anti-virus and backup software. - - - - - - Ensure WAL files aren't repeatedly archived on Windows (Heikki) - - - - This is another symptom that could happen if some other process - interfered with deletion of a no-longer-needed file. - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Raise the maximum authentication token (Kerberos ticket) size in GSSAPI - and SSPI authentication methods (Ian Turner) - - - - While the old 2000-byte limit was more than enough for Unix Kerberos - implementations, tickets issued by Windows Domain Controllers can be - much larger. - - - - - - Ensure that domain constraints are enforced in constructs like - ARRAY[...]::domain, where the domain is over an array type - (Heikki) - - - - - - Fix foreign-key logic for some cases involving composite-type columns - as foreign keys (Tom) - - - - - - Ensure that a cursor's snapshot is not modified after it is created - (Alvaro) - - - - This could lead to a cursor delivering wrong results if later operations - in the same transaction modify the data the cursor is supposed to return. - - - - - - Fix CREATE TABLE to properly merge default expressions - coming from different inheritance parent tables (Tom) - - - - This used to work but was broken in 8.4. - - - - - - Re-enable collection of access statistics for sequences (Akira Kurosawa) - - - - This used to work but was broken in 8.3. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Fix incorrect handling of WHERE - x=x conditions (Tom) - - - - In some cases these could get ignored as redundant, but they aren't - — they're equivalent to x IS NOT NULL. - - - - - - Fix incorrect plan construction when using hash aggregation to implement - DISTINCT for textually identical volatile expressions (Tom) - - - - - - Fix Assert failure for a volatile SELECT DISTINCT ON - expression (Tom) - - - - - - Fix ts_stat() to not fail on an empty tsvector - value (Tom) - - - - - - Make text search parser accept underscores in XML attributes (Peter) - - - - - - Fix encoding handling in xml binary input (Heikki) - - - - If the XML header doesn't specify an encoding, we now assume UTF-8 by - default; the previous handling was inconsistent. - - - - - - Fix bug with calling plperl from plperlu or vice - versa (Tom) - - - - An error exit from the inner function could result in crashes due to - failure to re-select the correct Perl interpreter for the outer function. - - - - - - Fix session-lifespan memory leak when a PL/Perl function is redefined - (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Fix ecpg problem with comments in DECLARE - CURSOR statements (Michael) - - - - - - Fix ecpg to not treat recently-added keywords as - reserved words (Tom) - - - - This affected the keywords CALLED, CATALOG, - DEFINER, ENUM, FOLLOWING, - INVOKER, OPTIONS, PARTITION, - PRECEDING, RANGE, SECURITY, - SERVER, UNBOUNDED, and WRAPPER. - - - - - - Re-allow regular expression special characters in psql's - \df function name parameter (Tom) - - - - - - In contrib/fuzzystrmatch, correct the calculation of - levenshtein distances with non-default costs (Marcin Mank) - - - - - - In contrib/pg_standby, disable triggering failover with a - signal on Windows (Fujii Masao) - - - - This never did anything useful, because Windows doesn't have Unix-style - signals, but recent changes made it actually crash. - - - - - - Put FREEZE and VERBOSE options in the right - order in the VACUUM command that - contrib/vacuumdb produces (Heikki) - - - - - - Fix possible leak of connections when contrib/dblink - encounters an error (Tatsuhito Kasahara) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update the timezone abbreviation files to match current reality (Joachim - Wieland) - - - - This includes adding IDT to the default - timezone abbreviation set. - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.4.1 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.4. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.1 - - - A dump/restore is not required for those running 8.4.X. - - - - - - Changes - - - - - - Fix WAL page header initialization at the end of archive recovery - (Heikki) - - - - This could lead to failure to process the WAL in a subsequent - archive recovery. - - - - - - Fix cannot make new WAL entries during recovery error (Tom) - - - - - - Fix problem that could make expired rows visible after a crash (Tom) - - - - This bug involved a page status bit potentially not being set - correctly after a server crash. - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Make LOAD of an already-loaded loadable module - into a no-op (Tom) - - - - Formerly, LOAD would attempt to unload and re-load the - module, but this is unsafe and not all that useful. - - - - - - Make window function PARTITION BY and ORDER BY - items always be interpreted as simple expressions (Tom) - - - - In 8.4.0 these lists were parsed following the rules used for - top-level GROUP BY and ORDER BY lists. - But this was not correct per the SQL standard, and it led to possible - circularity. - - - - - - Fix several errors in planning of semi-joins (Tom) - - - - These led to wrong query results in some cases where IN - or EXISTS was used together with another join. - - - - - - Fix handling of whole-row references to subqueries that are within - an outer join (Tom) - - - - An example is - SELECT COUNT(ss.*) FROM ... LEFT JOIN (SELECT ...) ss ON .... - Here, ss.* would be treated as ROW(NULL,NULL,...) - for null-extended join rows, which is not the same as a simple NULL. - Now it is treated as a simple NULL. - - - - - - Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus) - - - - This bug led to the often-reported could not reattach - to shared memory error message. - - - - - - Fix locale handling with plperl (Heikki) - - - - This bug could cause the server's locale setting to change when a - plperl function is called, leading to data corruption. - - - - - - Fix handling of reloptions to ensure setting one option doesn't - force default values for others (Itagaki Takahiro) - - - - - - Ensure that a fast shutdown request will forcibly terminate - open sessions, even if a smart shutdown was already in progress - (Fujii Masao) - - - - - - Avoid memory leak for array_agg() in GROUP BY - queries (Tom) - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Include the fractional part in the result of - EXTRACT(second) and - EXTRACT(milliseconds) for - time and time with time zone inputs (Tom) - - - - This has always worked for floating-point datetime configurations, - but was broken in the integer datetime code. - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Improve performance when processing toasted values in index scans (Tom) - - - - This is particularly useful for PostGIS. - - - - - - Fix a typo that disabled commit_delay (Jeff Janes) - - - - - - Output early-startup messages to postmaster.log if the - server is started in silent mode (Tom) - - - - Previously such error messages were discarded, leading to - difficulty in debugging. - - - - - - Remove translated FAQs (Peter) - - - - They are now on the wiki. The - main FAQ was moved to the wiki some time ago. - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Fix several errors in pg_dump's - --binary-upgrade mode (Bruce, Tom) - - - - pg_dump --binary-upgrade is used by pg_migrator. - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Work around gcc bug that causes floating-point exception - instead of division by zero on some platforms (Tom) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Mauritius. - - - - - - - - - - Release 8.4 - - - Release date: - 2009-07-01 - - - - Overview - - - After many years of development, PostgreSQL has - become feature-complete in many areas. This release shows a - targeted approach to adding features (e.g., authentication, - monitoring, space reuse), and adds capabilities defined in the - later SQL standards. The major areas of enhancement are: - - - - - - - - - Windowing Functions - - - - - - Common Table Expressions and Recursive Queries - - - - - - Default and variadic parameters for functions - - - - - - Parallel Restore - - - - - - Column Permissions - - - - - - Per-database locale settings - - - - - - Improved hash indexes - - - - - - Improved join performance for EXISTS and NOT EXISTS queries - - - - - - Easier-to-use Warm Standby - - - - - - Automatic sizing of the Free Space Map - - - - - - Visibility Map (greatly reduces vacuum overhead for slowly-changing tables) - - - - - - Version-aware psql (backslash commands work against older servers) - - - - - - Support SSL certificates for user authentication - - - - - - Per-function runtime statistics - - - - - - Easy editing of functions in psql - - - - - - New contrib modules: pg_stat_statements, auto_explain, citext, btree_gin - - - - - - - The above items are explained in more detail in the sections below. - - - - - - Migration to Version 8.4 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - General - - - - - Use 64-bit integer datetimes by default (Neil Conway) - - - - Previously this was selected by configure's - option. To retain - the old behavior, build with . - - - - - - Remove ipcclean utility command (Bruce) - - - - The utility only worked on a few platforms. Users should use - their operating system tools instead. - - - - - - - - - Server Settings - - - - - Change default setting for - log_min_messages to warning (previously - it was notice) to reduce log file volume (Tom) - - - - - - Change default setting for max_prepared_transactions to - zero (previously it was 5) (Tom) - - - - - - Make debug_print_parse, debug_print_rewritten, - and debug_print_plan - output appear at LOG message level, not - DEBUG1 as formerly (Tom) - - - - - - Make debug_pretty_print default to on (Tom) - - - - - - Remove explain_pretty_print parameter (no longer needed) (Tom) - - - - - - Make log_temp_files settable by superusers only, like other - logging options (Simon Riggs) - - - - - - Remove automatic appending of the epoch timestamp when no % - escapes are present in log_filename (Robert Haas) - - - - This change was made because some users wanted a fixed log filename, - for use with an external log rotation tool. - - - - - - Remove log_restartpoints from recovery.conf; - instead use log_checkpoints (Simon) - - - - - - Remove krb_realm and krb_server_hostname; - these are now set in pg_hba.conf instead (Magnus) - - - - - - There are also significant changes in pg_hba.conf, - as described below. - - - - - - - - - Queries - - - - - - Change TRUNCATE and LOCK to - apply to child tables of the specified table(s) (Peter) - - - - These commands now accept an ONLY option that prevents - processing child tables; this option must be used if the old - behavior is needed. - - - - - - SELECT DISTINCT and - UNION/INTERSECT/EXCEPT - no longer always produce sorted output (Tom) - - - - Previously, these types of queries always removed duplicate rows - by means of Sort/Unique processing (i.e., sort then remove adjacent - duplicates). Now they can be implemented by hashing, which will not - produce sorted output. If an application relied on the output being - in sorted order, the recommended fix is to add an ORDER BY - clause. As a short-term workaround, the previous behavior can be - restored by disabling enable_hashagg, but that is a very - performance-expensive fix. SELECT DISTINCT ON never uses - hashing, however, so its behavior is unchanged. - - - - - - Force child tables to inherit CHECK constraints from parents - (Alex Hunsaker, Nikhil Sontakke, Tom) - - - - Formerly it was possible to drop such a constraint from a child - table, allowing rows that violate the constraint to be visible - when scanning the parent table. This was deemed inconsistent, - as well as contrary to SQL standard. - - - - - - Disallow negative LIMIT or OFFSET - values, rather than treating them as zero (Simon) - - - - - - Disallow LOCK TABLE outside a transaction block - (Tom) - - - - Such an operation is useless because the lock would be released - immediately. - - - - - - Sequences now contain an additional start_value column - (Zoltan Boszormenyi) - - - - This supports ALTER SEQUENCE ... RESTART. - - - - - - - - - - Functions and Operators - - - - - - Make numeric zero raised to a fractional power return - 0, rather than throwing an error, and make - numeric zero raised to the zero power return 1, - rather than error (Bruce) - - - - This matches the longstanding float8 behavior. - - - - - - Allow unary minus of floating-point values to produce minus zero (Tom) - - - - The changed behavior is more IEEE-standard - compliant. - - - - - - Throw an error if an escape character is the last character in - a LIKE pattern (i.e., it has nothing to escape) (Tom) - - - - Previously, such an escape character was silently ignored, - thus possibly masking application logic errors. - - - - - - Remove ~=~ and ~<>~ operators - formerly used for LIKE index comparisons (Tom) - - - - Pattern indexes now use the regular equality operator. - - - - - - xpath() now passes its arguments to libxml - without any changes (Andrew) - - - - This means that the XML argument must be a well-formed XML document. - The previous coding attempted to allow XML fragments, but it did not - work well. - - - - - - Make xmlelement() format attribute values just like - content values (Peter) - - - - Previously, attribute values were formatted according to the - normal SQL output behavior, which is sometimes at odds with - XML rules. - - - - - - Rewrite memory management for libxml-using functions - (Tom) - - - - This change should avoid some compatibility problems with use of - libxml in PL/Perl and other add-on code. - - - - - - Adopt a faster algorithm for hash functions (Kenneth Marshall, - based on work of Bob Jenkins) - - - - Many of the built-in hash functions now deliver different results on - little-endian and big-endian platforms. - - - - - - - Temporal Functions and Operators - - - - - - DateStyle no longer controls interval output - formatting; instead there is a new variable IntervalStyle - (Ron Mayer) - - - - - - Improve consistency of handling of fractional seconds in - timestamp and interval output (Ron Mayer) - - - - This may result in displaying a different number of fractional - digits than before, or rounding instead of truncating. - - - - - - Make to_char()'s localized month/day names depend - on LC_TIME, not LC_MESSAGES (Euler - Taveira de Oliveira) - - - - - - Cause to_date() and to_timestamp() - to more consistently report errors for invalid input (Brendan - Jurd) - - - - Previous versions would often ignore or silently misread input - that did not match the format string. Such cases will now - result in an error. - - - - - - Fix to_timestamp() to not require upper/lower case - matching for meridian (AM/PM) and era - (BC/AD) format designations (Brendan - Jurd) - - - - For example, input value ad now matches the format - string AD. - - - - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 8.4 and the previous major - release. - - - - Performance - - - - - Improve optimizer statistics calculations (Jan Urbanski, Tom) - - - - In particular, estimates for full-text-search operators are - greatly improved. - - - - - - Allow SELECT DISTINCT and - UNION/INTERSECT/EXCEPT to - use hashing (Tom) - - - - This means that these types of queries no longer automatically - produce sorted output. - - - - - - Create explicit concepts of semi-joins and anti-joins (Tom) - - - - This work formalizes our previous ad-hoc treatment of IN - (SELECT ...) clauses, and extends it to EXISTS and - NOT EXISTS clauses. It should result in significantly - better planning of EXISTS and NOT EXISTS - queries. In general, logically equivalent IN and - EXISTS clauses should now have similar performance, - whereas previously IN often won. - - - - - - Improve optimization of sub-selects beneath outer joins (Tom) - - - - Formerly, a sub-select or view could not be optimized very well if it - appeared within the nullable side of an outer join and contained - non-strict expressions (for instance, constants) in its result list. - - - - - - Improve the performance of text_position() and - related functions by using Boyer-Moore-Horspool searching (David - Rowley) - - - - This is particularly helpful for long search patterns. - - - - - - Reduce I/O load of writing the statistics collection file - by writing the file only when requested (Martin Pihlak) - - - - - - Improve performance for bulk inserts (Robert Haas, Simon) - - - - - - Increase the default value of default_statistics_target - from 10 to 100 (Greg Sabino Mullane, - Tom) - - - - The maximum value was also increased from 1000 to - 10000. - - - - - - Perform constraint_exclusion checking by default - in queries involving inheritance or UNION ALL (Tom) - - - - A new constraint_exclusion setting, - partition, was added to specify this behavior. - - - - - - Allow I/O read-ahead for bitmap index scans (Greg Stark) - - - - The amount of read-ahead is controlled by - effective_io_concurrency. This feature is available only - if the kernel has posix_fadvise() support. - - - - - - Inline simple set-returning SQL functions in - FROM clauses (Richard Rowell) - - - - - - Improve performance of multi-batch hash joins by providing a special - case for join key values that are especially common in the outer - relation (Bryce Cutt, Ramon Lawrence) - - - - - - Reduce volume of temporary data in multi-batch hash joins - by suppressing physical tlist optimization (Michael - Henderson, Ramon Lawrence) - - - - - - Avoid waiting for idle-in-transaction sessions during - CREATE INDEX CONCURRENTLY (Simon) - - - - - - Improve performance of shared cache invalidation (Tom) - - - - - - - - - Server - - - Settings - - - - - - Convert many postgresql.conf settings to enumerated - values so that pg_settings can display the valid - values (Magnus) - - - - - - Add cursor_tuple_fraction parameter to control the - fraction of a cursor's rows that the planner assumes will be - fetched (Robert Hell) - - - - - - Allow underscores in the names of custom variable - classes in postgresql.conf (Tom) - - - - - - - - - Authentication and security - - - - - Remove support for the (insecure) crypt authentication method - (Magnus) - - - - This effectively obsoletes pre-PostgreSQL 7.2 client - libraries, as there is no longer any non-plaintext password method that - they can use. - - - - - - Support regular expressions in pg_ident.conf - (Magnus) - - - - - - Allow Kerberos/GSSAPI parameters - to be changed without restarting the postmaster (Magnus) - - - - - - Support SSL certificate chains in server certificate - file (Andrew Gierth) - - - - Including the full certificate chain makes the client able - to verify the certificate without having all intermediate CA - certificates present in the local store, which is often the case for - commercial CAs. - - - - - - Report appropriate error message for combination of MD5 - authentication and db_user_namespace enabled (Bruce) - - - - - - - - <filename>pg_hba.conf</filename> - - - - - Change all authentication options to use name=value - syntax (Magnus) - - - - This makes incompatible changes to the ldap, - pam and ident authentication methods. All - pg_hba.conf entries with these methods need to be - rewritten using the new format. - - - - - - Remove the ident sameuser option, instead making that - behavior the default if no usermap is specified (Magnus) - - - - - - Allow a usermap parameter for all external authentication methods - (Magnus) - - - - Previously a usermap was only supported for ident - authentication. - - - - - - Add clientcert option to control requesting of a - client certificate (Magnus) - - - - Previously this was controlled by the presence of a root - certificate file in the server's data directory. - - - - - - Add cert authentication method to allow - user authentication via SSL certificates - (Magnus) - - - - Previously SSL certificates could only verify that - the client had access to a certificate, not authenticate a - user. - - - - - - Allow krb5, gssapi and sspi - realm and krb5 host settings to be specified in - pg_hba.conf (Magnus) - - - - These override the settings in postgresql.conf. - - - - - - Add include_realm parameter for krb5, - gssapi, and sspi methods (Magnus) - - - - This allows identical usernames from different realms to be - authenticated as different database users using usermaps. - - - - - - Parse pg_hba.conf fully when it is loaded, - so that errors are reported immediately (Magnus) - - - - Previously, most errors in the file wouldn't be detected until clients - tried to connect, so an erroneous file could render the system - unusable. With the new behavior, if an error is detected during - reload then the bad file is rejected and the postmaster continues - to use its old copy. - - - - - - Show all parsing errors in pg_hba.conf instead of - aborting after the first one (Selena Deckelmann) - - - - - - Support ident authentication over Unix-domain sockets - on Solaris (Garick Hamlin) - - - - - - - - - Continuous Archiving - - - - - Provide an option to pg_start_backup() to force its - implied checkpoint to finish as quickly as possible (Tom) - - - - The default behavior avoids excess I/O consumption, but that is - pointless if no concurrent query activity is going on. - - - - - - Make pg_stop_backup() wait for modified WAL - files to be archived (Simon) - - - - This guarantees that the backup is valid at the time - pg_stop_backup() completes. - - - - - - When archiving is enabled, rotate the last WAL segment at shutdown - so that all transactions can be archived immediately - (Guillaume Smet, Heikki) - - - - - - Delay smart shutdown while a continuous archiving base backup - is in progress (Laurenz Albe) - - - - - - Cancel a continuous archiving base backup if fast shutdown - is requested (Laurenz Albe) - - - - - - Allow recovery.conf boolean variables to take the - same range of string values as postgresql.conf - boolean variables - (Bruce) - - - - - - - - - Monitoring - - - - - Add pg_conf_load_time() to report when - the PostgreSQL configuration files were last loaded - (George Gensure) - - - - - - Add pg_terminate_backend() to safely terminate a - backend (the SIGTERM signal works also) (Tom, Bruce) - - - - While it's always been possible to SIGTERM a single - backend, this was previously considered unsupported; and testing - of the case found some bugs that are now fixed. - - - - - - Add ability to track user-defined functions' call counts and - runtimes (Martin Pihlak) - - - - Function statistics appear in a new system view, - pg_stat_user_functions. Tracking is controlled - by the new parameter track_functions. - - - - - - Allow specification of the maximum query string size in - pg_stat_activity via new - track_activity_query_size parameter (Thomas Lee) - - - - - - Increase the maximum line length sent to syslog, in - hopes of improving performance (Tom) - - - - - - Add read-only configuration variables segment_size, - wal_block_size, and wal_segment_size - (Bernd Helmle) - - - - - - When reporting a deadlock, report the text of all queries involved - in the deadlock to the server log (Itagaki Takahiro) - - - - - - Add pg_stat_get_activity(pid) function to return - information about a specific process id (Magnus) - - - - - - Allow the location of the server's statistics file to be specified - via stats_temp_directory (Magnus) - - - - This allows the statistics file to be placed in a - RAM-resident directory to reduce I/O requirements. - On startup/shutdown, the file is copied to its traditional location - ($PGDATA/global/) so it is preserved across restarts. - - - - - - - - - - - Queries - - - - - Add support for WINDOW functions (Hitoshi Harada) - - - - - - Add support for WITH clauses (CTEs), including WITH - RECURSIVE (Yoshiyuki Asaba, Tatsuo Ishii, Tom) - - - - - - Add TABLE command (Peter) - - - - TABLE tablename is a SQL standard short-hand for - SELECT * FROM tablename. - - - - - - Allow AS to be optional when specifying a - SELECT (or RETURNING) column output - label (Hiroshi Saito) - - - - This works so long as the column label is not any - PostgreSQL keyword; otherwise AS is still - needed. - - - - - - Support set-returning functions in SELECT result lists - even for functions that return their result via a tuplestore (Tom) - - - - In particular, this means that functions written in PL/pgSQL - and other PL languages can now be called this way. - - - - - - Support set-returning functions in the output of aggregation - and grouping queries (Tom) - - - - - - Allow SELECT FOR UPDATE/SHARE to work - on inheritance trees (Tom) - - - - - - Add infrastructure for SQL/MED (Martin Pihlak, - Peter) - - - - There are no remote or external SQL/MED capabilities - yet, but this change provides a standardized and future-proof - system for managing connection information for modules like - dblink and plproxy. - - - - - - Invalidate cached plans when referenced schemas, functions, operators, - or operator classes are modified (Martin Pihlak, Tom) - - - - This improves the system's ability to respond to on-the-fly - DDL changes. - - - - - Allow comparison of composite types and allow arrays of - anonymous composite types (Tom) - - - - This allows constructs such as - row(1, 1.1) = any (array[row(7, 7.7), row(1, 1.0)]). - This is particularly useful in recursive queries. - - - - - - Add support for Unicode string literal and identifier specifications - using code points, e.g. U&'d\0061t\+000061' - (Peter) - - - - - - Reject \000 in string literals and COPY data - (Tom) - - - - Previously, this was accepted but had the effect of terminating - the string contents. - - - - - - Improve the parser's ability to report error locations (Tom) - - - - An error location is now reported for many semantic errors, - such as mismatched datatypes, that previously could not be localized. - - - - - - - <command>TRUNCATE</command> - - - - - Support statement-level ON TRUNCATE triggers (Simon) - - - - - - Add RESTART/CONTINUE IDENTITY options - for TRUNCATE TABLE - (Zoltan Boszormenyi) - - - - The start value of a sequence can be changed by ALTER - SEQUENCE START WITH. - - - - - - Allow TRUNCATE tab1, tab1 to succeed (Bruce) - - - - - - Add a separate TRUNCATE permission (Robert Haas) - - - - - - - - - <command>EXPLAIN</command> - - - - - Make EXPLAIN VERBOSE show the output columns of each - plan node (Tom) - - - - Previously EXPLAIN VERBOSE output an internal - representation of the query plan. (That behavior is now - available via debug_print_plan.) - - - - - - Make EXPLAIN identify subplans and initplans with - individual labels (Tom) - - - - - - Make EXPLAIN honor debug_print_plan (Tom) - - - - - - Allow EXPLAIN on CREATE TABLE AS (Peter) - - - - - - - - - <literal>LIMIT</literal>/<literal>OFFSET</literal> - - - - - Allow sub-selects in LIMIT and OFFSET (Tom) - - - - - - Add SQL-standard syntax for - LIMIT/OFFSET capabilities (Peter) - - - - To wit, - OFFSET num {ROW|ROWS} FETCH {FIRST|NEXT} [num] {ROW|ROWS} - ONLY. - - - - - - - - - - - Object Manipulation - - - - - Add support for column-level privileges (Stephen Frost, KaiGai - Kohei) - - - - - - Refactor multi-object DROP operations to reduce the - need for CASCADE (Alex Hunsaker) - - - - For example, if table B has a dependency on table - A, the command DROP TABLE A, B no longer - requires the CASCADE option. - - - - - - Fix various problems with concurrent DROP commands - by ensuring that locks are taken before we begin to drop dependencies - of an object (Tom) - - - - - - Improve reporting of dependencies during DROP - commands (Tom) - - - - - - Add WITH [NO] DATA clause to CREATE TABLE - AS, per the SQL standard (Peter, Tom) - - - - - - Add support for user-defined I/O conversion casts (Heikki) - - - - - - Allow CREATE AGGREGATE to use an internal - transition datatype (Tom) - - - - - - Add LIKE clause to CREATE TYPE (Tom) - - - - This simplifies creation of data types that use the same internal - representation as an existing type. - - - - - - Allow specification of the type category and preferred - status for user-defined base types (Tom) - - - - This allows more control over the coercion behavior of user-defined - types. - - - - - - Allow CREATE OR REPLACE VIEW to add columns to the - end of a view (Robert Haas) - - - - - - - <command>ALTER</command> - - - - - Add ALTER TYPE RENAME (Petr Jelinek) - - - - - - Add ALTER SEQUENCE ... RESTART (with no parameter) to - reset a sequence to its initial value (Zoltan Boszormenyi) - - - - - - Modify the ALTER TABLE syntax to allow all reasonable - combinations for tables, indexes, sequences, and views (Tom) - - - - This change allows the following new syntaxes: - - - - - ALTER SEQUENCE OWNER TO - - - - - ALTER VIEW ALTER COLUMN SET/DROP DEFAULT - - - - - ALTER VIEW OWNER TO - - - - - ALTER VIEW SET SCHEMA - - - - - There is no actual new functionality here, but formerly - you had to say ALTER TABLE to do these things, - which was confusing. - - - - - - Add support for the syntax ALTER TABLE ... ALTER COLUMN - ... SET DATA TYPE (Peter) - - - - This is SQL-standard syntax for functionality that - was already supported. - - - - - - Make ALTER TABLE SET WITHOUT OIDS rewrite the table - to physically remove OID values (Tom) - - - - Also, add ALTER TABLE SET WITH OIDS to rewrite the - table to add OIDs. - - - - - - - - - Database Manipulation - - - - - Improve reporting of - CREATE/DROP/RENAME DATABASE - failure when uncommitted prepared transactions are the cause - (Tom) - - - - - - Make LC_COLLATE and LC_CTYPE into - per-database settings (Radek Strnad, Heikki) - - - - This makes collation similar to encoding, which was always - configurable per database. - - - - - - Improve checks that the database encoding, collation - (LC_COLLATE), and character classes - (LC_CTYPE) match (Heikki, Tom) - - - - Note in particular that a new database's encoding and locale - settings can be changed only when copying from template0. - This prevents possibly copying data that doesn't match the settings. - - - - - - Add ALTER DATABASE SET TABLESPACE to move a database - to a new tablespace (Guillaume Lelarge, Bernd Helmle) - - - - - - - - - - - Utility Operations - - - - - - Add a VERBOSE option to the CLUSTER command and - clusterdb (Jim Cox) - - - - - - Decrease memory requirements for recording pending trigger - events (Tom) - - - - - - - Indexes - - - - - Dramatically improve the speed of building and accessing hash - indexes (Tom Raney, Shreya Bhargava) - - - - This allows hash indexes to be sometimes faster than btree - indexes. However, hash indexes are still not crash-safe. - - - - - - Make hash indexes store only the hash code, not the full value of - the indexed column (Xiao Meng) - - - - This greatly reduces the size of hash indexes for long indexed - values, improving performance. - - - - - - Implement fast update option for GIN indexes (Teodor, Oleg) - - - - This option greatly improves update speed at a small penalty in search - speed. - - - - - - xxx_pattern_ops indexes can now be used for simple - equality comparisons, not only for LIKE (Tom) - - - - - - - - - Full Text Indexes - - - - - Remove the requirement to use @@@ when doing - GIN weighted lookups on full text indexes (Tom, Teodor) - - - - The normal @@ text search operator can be used - instead. - - - - - - Add an optimizer selectivity function for @@ text - search operations (Jan Urbanski) - - - - - - Allow prefix matching in full text searches (Teodor Sigaev, - Oleg Bartunov) - - - - - - Support multi-column GIN indexes (Teodor Sigaev) - - - - - - Improve support for Nepali language and Devanagari alphabet (Teodor) - - - - - - - - - <command>VACUUM</command> - - - - - Track free space in separate per-relation fork files (Heikki) - - - - Free space discovered by VACUUM is now recorded in - *_fsm files, rather than in a fixed-sized shared memory - area. The max_fsm_pages and max_fsm_relations - settings have been removed, greatly simplifying administration of - free space management. - - - - - - Add a visibility map to track pages that do not require - vacuuming (Heikki) - - - - This allows VACUUM to avoid scanning all of - a table when only a portion of the table needs vacuuming. - The visibility map is stored in per-relation fork files. - - - - - - Add vacuum_freeze_table_age parameter to control - when VACUUM should ignore the visibility map and - do a full table scan to freeze tuples (Heikki) - - - - - - Track transaction snapshots more carefully (Alvaro) - - - - This improves VACUUM's ability to reclaim space - in the presence of long-running transactions. - - - - - - Add ability to specify per-relation autovacuum and TOAST - parameters in CREATE TABLE (Alvaro, Euler Taveira de - Oliveira) - - - - Autovacuum options used to be stored in a system table. - - - - - - Add --freeze option to vacuumdb - (Bruce) - - - - - - - - - - - Data Types - - - - - Add a CaseSensitive option for text search synonym - dictionaries (Simon) - - - - - - Improve the precision of NUMERIC division (Tom) - - - - - - Add basic arithmetic operators for int2 with int8 - (Tom) - - - - This eliminates the need for explicit casting in some situations. - - - - - - Allow UUID input to accept an optional hyphen after - every fourth digit (Robert Haas) - - - - - - Allow on/off as input for the boolean data type - (Itagaki Takahiro) - - - - - - Allow spaces around NaN in the input string for - type numeric (Sam Mason) - - - - - - - Temporal Data Types - - - - - Reject year 0 BC and years 000 and - 0000 (Tom) - - - - Previously these were interpreted as 1 BC. - (Note: years 0 and 00 are still assumed to be - the year 2000.) - - - - - - Include SGT (Singapore time) in the default list of - known time zone abbreviations (Tom) - - - - - - Support infinity and -infinity as - values of type date (Tom) - - - - - - Make parsing of interval literals more standard-compliant - (Tom, Ron Mayer) - - - - For example, INTERVAL '1' YEAR now does what it's - supposed to. - - - - - - Allow interval fractional-seconds precision to be specified - after the second keyword, for SQL standard - compliance (Tom) - - - - Formerly the precision had to be specified after the keyword - interval. (For backwards compatibility, this syntax is still - supported, though deprecated.) Data type definitions will now be - output using the standard format. - - - - - - Support the IS0 8601 interval syntax (Ron - Mayer, Kevin Grittner) - - - - For example, INTERVAL 'P1Y2M3DT4H5M6.7S' is now - supported. - - - - - - Add IntervalStyle parameter - which controls how interval values are output (Ron Mayer) - - - - Valid values are: postgres, postgres_verbose, - sql_standard, iso_8601. This setting also - controls the handling of negative interval input when only - some fields have positive/negative designations. - - - - - - Improve consistency of handling of fractional seconds in - timestamp and interval output (Ron Mayer) - - - - - - - - - Arrays - - - - - Improve the handling of casts applied to ARRAY[] - constructs, such as ARRAY[...]::integer[] - (Brendan Jurd) - - - - Formerly PostgreSQL attempted to determine a data type - for the ARRAY[] construct without reference to the ensuing - cast. This could fail unnecessarily in many cases, in particular when - the ARRAY[] construct was empty or contained only - ambiguous entries such as NULL. Now the cast is consulted - to determine the type that the array elements must be. - - - - - - Make SQL-syntax ARRAY dimensions optional - to match the SQL standard (Peter) - - - - - - Add array_ndims() to return the number - of dimensions of an array (Robert Haas) - - - - - - Add array_length() to return the length - of an array for a specified dimension (Jim Nasby, Robert - Haas, Peter Eisentraut) - - - - - - Add aggregate function array_agg(), which - returns all aggregated values as a single array (Robert Haas, - Jeff Davis, Peter) - - - - - - Add unnest(), which converts an array to - individual row values (Tom) - - - - This is the opposite of array_agg(). - - - - - - Add array_fill() to create arrays initialized with - a value (Pavel Stehule) - - - - - - Add generate_subscripts() to simplify generating - the range of an array's subscripts (Pavel Stehule) - - - - - - - - - Wide-Value Storage (<acronym>TOAST</acronym>) - - - - - Consider TOAST compression on values as short as - 32 bytes (previously 256 bytes) (Greg Stark) - - - - - - Require 25% minimum space savings before using TOAST - compression (previously 20% for small values and any-savings-at-all - for large values) (Greg) - - - - - - Improve TOAST heuristics for rows that have a mix of large - and small toastable fields, so that we prefer to push large values out - of line and don't compress small values unnecessarily (Greg, Tom) - - - - - - - - - - - Functions - - - - - Document that setseed() allows values from - -1 to 1 (not just 0 to - 1), and enforce the valid range (Kris Jurka) - - - - - - Add server-side function lo_import(filename, oid) - (Tatsuo) - - - - - - Add quote_nullable(), which behaves like - quote_literal() but returns the string NULL for - a null argument (Brendan Jurd) - - - - - - Improve full text search headline() function to - allow extracting several fragments of text (Sushant Sinha) - - - - - - Add suppress_redundant_updates_trigger() trigger - function to avoid overhead for non-data-changing updates (Andrew) - - - - - - Add div(numeric, numeric) to perform numeric - division without rounding (Tom) - - - - - - Add timestamp and timestamptz versions of - generate_series() (Hitoshi Harada) - - - - - - - Object Information Functions - - - - - Implement current_query() for use by functions - that need to know the currently running query (Tomas Doran) - - - - - - Add pg_get_keywords() to return a list of the - parser keywords (Dave Page) - - - - - - Add pg_get_functiondef() to see a function's - definition (Abhijit Menon-Sen) - - - - - - Allow the second argument of pg_get_expr() to be zero - when deparsing an expression that does not contain variables (Tom) - - - - - - Modify pg_relation_size() to use regclass - (Heikki) - - - - pg_relation_size(data_type_name) no longer works. - - - - - - Add boot_val and reset_val columns to - pg_settings output (Greg Smith) - - - - - - Add source file name and line number columns to - pg_settings output for variables set in a configuration - file (Magnus, Alvaro) - - - - For security reasons, these columns are only visible to superusers. - - - - - - Add support for CURRENT_CATALOG, - CURRENT_SCHEMA, SET CATALOG, SET - SCHEMA (Peter) - - - - These provide SQL-standard syntax for existing features. - - - - - - Add pg_typeof() which returns the data type - of any value (Brendan Jurd) - - - - - - Make version() return information about whether - the server is a 32- or 64-bit binary (Bruce) - - - - - - Fix the behavior of information schema columns - is_insertable_into and is_updatable to - be consistent (Peter) - - - - - - Improve the behavior of information schema - datetime_precision columns (Peter) - - - - These columns now show zero for date columns, and 6 - (the default precision) for time, timestamp, and - interval without a declared precision, rather than showing - null as formerly. - - - - - - Convert remaining builtin set-returning functions to use - OUT parameters (Jaime Casanova) - - - - This makes it possible to call these functions without specifying - a column list: pg_show_all_settings(), - pg_lock_status(), pg_prepared_xact(), - pg_prepared_statement(), pg_cursor() - - - - - - Make pg_*_is_visible() and - has_*_privilege() functions return NULL - for invalid OIDs, rather than reporting an error (Tom) - - - - - - Extend has_*_privilege() functions to allow inquiring - about the OR of multiple privileges in one call (Stephen - Frost, Tom) - - - - - - Add has_column_privilege() and - has_any_column_privilege() functions (Stephen - Frost, Tom) - - - - - - - - - Function Creation - - - - - Support variadic functions (functions with a variable number - of arguments) (Pavel Stehule) - - - - Only trailing arguments can be optional, and they all must be - of the same data type. - - - - - - Support default values for function arguments (Pavel Stehule) - - - - - - Add CREATE FUNCTION ... RETURNS TABLE clause (Pavel - Stehule) - - - - - - Allow SQL-language functions to return the output - of an INSERT/UPDATE/DELETE - RETURNING clause (Tom) - - - - - - - - - PL/pgSQL Server-Side Language - - - - - Support EXECUTE USING for easier insertion of data - values into a dynamic query string (Pavel Stehule) - - - - - - Allow looping over the results of a cursor using a FOR - loop (Pavel Stehule) - - - - - - Support RETURN QUERY EXECUTE (Pavel - Stehule) - - - - - - Improve the RAISE command (Pavel Stehule) - - - - - Support DETAIL and HINT fields - - - - - Support specification of the SQLSTATE error code - - - - - Support an exception name parameter - - - - - Allow RAISE without parameters in an exception - block to re-throw the current error - - - - - - - - - Allow specification of SQLSTATE codes - in EXCEPTION lists (Pavel Stehule) - - - - This is useful for handling custom SQLSTATE codes. - - - - - - Support the CASE statement (Pavel Stehule) - - - - - - Make RETURN QUERY set the special FOUND and - GET DIAGNOSTICS ROW_COUNT variables - (Pavel Stehule) - - - - - - Make FETCH and MOVE set the - GET DIAGNOSTICS ROW_COUNT variable - (Andrew Gierth) - - - - - - Make EXIT without a label always exit the innermost - loop (Tom) - - - - Formerly, if there were a BEGIN block more closely nested - than any loop, it would exit that block instead. The new behavior - matches Oracle(TM) and is also what was previously stated by our own - documentation. - - - - - - Make processing of string literals and nested block comments - match the main SQL parser's processing (Tom) - - - - In particular, the format string in RAISE now works - the same as any other string literal, including being subject - to standard_conforming_strings. This change also - fixes other cases in which valid commands would fail when - standard_conforming_strings is on. - - - - - - Avoid memory leakage when the same function is called at varying - exception-block nesting depths (Tom) - - - - - - - - - - - Client Applications - - - - - - Fix pg_ctl restart to preserve command-line arguments - (Bruce) - - - - - - Add -w/--no-password option that - prevents password prompting in all utilities that have a - -W/--password option (Peter) - - - - - - Remove (quiet) option of createdb, - createuser, dropdb, - dropuser (Peter) - - - - These options have had no effect since PostgreSQL - 8.3. - - - - - - - <application>psql</application> - - - - - Remove verbose startup banner; now just suggest help - (Joshua Drake) - - - - - - Make help show common backslash commands (Greg - Sabino Mullane) - - - - - - Add \pset format wrapped mode to wrap output to the - screen width, or file/pipe output too if \pset columns - is set (Bryce Nesbitt) - - - - - - Allow all supported spellings of boolean values in \pset, - rather than just on and off (Bruce) - - - - Formerly, any string other than off was silently taken - to mean true. psql will now complain - about unrecognized spellings (but still take them as true). - - - - - - Use the pager for wide output (Bruce) - - - - - - Require a space between a one-letter backslash command and its first - argument (Bernd Helmle) - - - - This removes a historical source of ambiguity. - - - - - - Improve tab completion support for schema-qualified and - quoted identifiers (Greg Sabino Mullane) - - - - - - Add optional on/off argument for - \timing (David Fetter) - - - - - - Display access control rights on multiple lines (Brendan - Jurd, Andreas Scherbaum) - - - - - - Make \l show database access privileges (Andrew Gilligan) - - - - - - Make \l+ show database sizes, if permissions - allow (Andrew Gilligan) - - - - - - Add the \ef command to edit function definitions - (Abhijit Menon-Sen) - - - - - - - - - <application>psql</application> \d* commands - - - - - - Make \d* commands that do not have a pattern argument - show system objects only if the S modifier is specified - (Greg Sabino Mullane, Bruce) - - - - The former behavior was inconsistent across different variants - of \d, and in most cases it provided no easy way to see - just user objects. - - - - - - Improve \d* commands to work with older - PostgreSQL server versions (back to 7.4), - not only the current server version - (Guillaume Lelarge) - - - - - - Make \d show foreign-key constraints that reference - the selected table (Kenneth D'Souza) - - - - - - Make \d on a sequence show its column values - (Euler Taveira de Oliveira) - - - - - - Add column storage type and other relation options to the - \d+ display (Gregory Stark, Euler Taveira de - Oliveira) - - - - - - Show relation size in \dt+ output (Dickson S. - Guedes) - - - - - - Show the possible values of enum types in \dT+ - (David Fetter) - - - - - - Allow \dC to accept a wildcard pattern, which matches - either datatype involved in the cast (Tom) - - - - - - Add a function type column to \df's output, and add - options to list only selected types of functions (David Fetter) - - - - - - Make \df not hide functions that take or return - type cstring (Tom) - - - - Previously, such functions were hidden because most of them are - datatype I/O functions, which were deemed uninteresting. The new - policy about hiding system functions by default makes this wart - unnecessary. - - - - - - - - - <application>pg_dump</application> - - - - - Add a --no-tablespaces option to - pg_dump/pg_dumpall/pg_restore - so that dumps can be restored to clusters that have non-matching - tablespace layouts (Gavin Roy) - - - - - - Remove and options from - pg_dump and pg_dumpall (Tom) - - - - These options were too frequently confused with the option to - select a database name in other PostgreSQL - client applications. The functionality is still available, - but you must now spell out the long option name - or . - - - - - - Remove / option from - pg_dump and pg_dumpall (Tom) - - - - Use of this option does not throw an error, but it has no - effect. This option was removed because the version checks - are necessary for safety. - - - - - - Disable statement_timeout during dump and restore - (Joshua Drake) - - - - - - Add pg_dump/pg_dumpall option - (David Gould) - - - - This allows dumps to fail if unable to acquire a shared lock - within the specified amount of time. - - - - - - Reorder pg_dump --data-only output - to dump tables referenced by foreign keys before - the referencing tables (Tom) - - - - This allows data loads when foreign keys are already present. - If circular references make a safe ordering impossible, a - NOTICE is issued. - - - - - - Allow pg_dump, pg_dumpall, and - pg_restore to use a specified role (Benedek - László) - - - - - - Allow pg_restore to use multiple concurrent - connections to do the restore (Andrew) - - - - The number of concurrent connections is controlled by the option - --jobs. This is supported only for custom-format archives. - - - - - - - - - - - Programming Tools - - - <application>libpq</application> - - - - - Allow the OID to be specified when importing a large - object, via new function lo_import_with_oid() (Tatsuo) - - - - - - Add events support (Andrew Chernow, Merlin Moncure) - - - - This adds the ability to register callbacks to manage private - data associated with PGconn and PGresult - objects. - - - - - - Improve error handling to allow the return of multiple - error messages as multi-line error reports (Magnus) - - - - - - Make PQexecParams() and related functions return - PGRES_EMPTY_QUERY for an empty query (Tom) - - - - They previously returned PGRES_COMMAND_OK. - - - - - - Document how to avoid the overhead of WSACleanup() - on Windows (Andrew Chernow) - - - - - - Do not rely on Kerberos tickets to determine the default database - username (Magnus) - - - - Previously, a Kerberos-capable build of libpq would use the - principal name from any available Kerberos ticket as default - database username, even if the connection wasn't using Kerberos - authentication. This was deemed inconsistent and confusing. - The default username is now determined the same way with or - without Kerberos. Note however that the database username must still - match the ticket when Kerberos authentication is used. - - - - - - - - <application>libpq</application> <acronym>SSL</acronym> (Secure Sockets Layer) - support - - - - - Fix certificate validation for SSL connections - (Magnus) - - - - libpq now supports verifying both the certificate - and the name of the server when making SSL - connections. If a root certificate is not available to use for - verification, SSL connections will fail. The - sslmode parameter is used to enable certificate - verification and set the level of checking. - The default is still not to do any verification, allowing connections - to SSL-enabled servers without requiring a root certificate on the - client. - - - - - - Support wildcard server certificates (Magnus) - - - - If a certificate CN starts with *, it will - be treated as a wildcard when matching the hostname, allowing the - use of the same certificate for multiple servers. - - - - - - Allow the file locations for client certificates to be specified - (Mark Woodward, Alvaro, Magnus) - - - - - - Add a PQinitOpenSSL function to allow greater control - over OpenSSL/libcrypto initialization (Andrew Chernow) - - - - - - Make libpq unregister its OpenSSL - callbacks when no database connections remain open - (Bruce, Magnus, Russell Smith) - - - - This is required for applications that unload the libpq library, - otherwise invalid OpenSSL callbacks will remain. - - - - - - - - - <application>ecpg</application> - - - - - Add localization support for messages (Euler Taveira de - Oliveira) - - - - - - ecpg parser is now automatically generated from the server - parser (Michael) - - - - Previously the ecpg parser was hand-maintained. - - - - - - - - - Server Programming Interface (<acronym>SPI</acronym>) - - - - - Add support for single-use plans with out-of-line - parameters (Tom) - - - - - - Add new SPI_OK_REWRITTEN return code for - SPI_execute() (Heikki) - - - - This is used when a command is rewritten to another type of - command. - - - - - - Remove unnecessary inclusions from executor/spi.h (Tom) - - - - SPI-using modules might need to add some #include - lines if they were depending on spi.h to include - things for them. - - - - - - - - - - - Build Options - - - - - Update build system to use Autoconf 2.61 (Peter) - - - - - - Require GNU bison for source code builds (Peter) - - - - This has effectively been required for several years, but now there - is no infrastructure claiming to support other parser tools. - - - - - - Add pg_config --htmldir option - (Peter) - - - - - - Pass float4 by value inside the server (Zoltan - Boszormenyi) - - - - Add configure option - --disable-float4-byval to use the old behavior. - External C functions that use old-style (version 0) call convention - and pass or return float4 values will be broken by this - change, so you may need the configure option if you - have such functions and don't want to update them. - - - - - - Pass float8, int8, and related datatypes - by value inside the server on 64-bit platforms (Zoltan Boszormenyi) - - - - Add configure option - --disable-float8-byval to use the old behavior. - As above, this change might break old-style external C functions. - - - - - - Add configure options --with-segsize, - --with-blocksize, --with-wal-blocksize, - --with-wal-segsize (Zdenek Kotala, Tom) - - - - This simplifies build-time control over several constants that - previously could only be changed by editing - pg_config_manual.h. - - - - - - Allow threaded builds on Solaris 2.5 (Bruce) - - - - - - Use the system's getopt_long() on Solaris - (Zdenek Kotala, Tom) - - - - This makes option processing more consistent with what Solaris users - expect. - - - - - - Add support for the Sun Studio compiler on - Linux (Julius Stroffek) - - - - - - Append the major version number to the backend gettext - domain, and the soname major version number to - libraries' gettext domain (Peter) - - - - This simplifies parallel installations of multiple versions. - - - - - - Add support for code coverage testing with gcov - (Michelle Caisse) - - - - - - Allow out-of-tree builds on Mingw and - Cygwin (Richard Evans) - - - - - - Fix the use of Mingw as a cross-compiling source - platform (Peter) - - - - - - - - - Source Code - - - - - Support 64-bit time zone data files (Heikki) - - - - This adds support for daylight saving time (DST) - calculations beyond the year 2038. - - - - - - Deprecate use of platform's time_t data type (Tom) - - - - Some platforms have migrated to 64-bit time_t, some have - not, and Windows can't make up its mind what it's doing. Define - pg_time_t to have the same meaning as time_t, - but always be 64 bits (unless the platform has no 64-bit integer type), - and use that type in all module APIs and on-disk data formats. - - - - - - Fix bug in handling of the time zone database when cross-compiling - (Richard Evans) - - - - - - Link backend object files in one step, rather than in stages - (Peter) - - - - - - Improve gettext support to allow better translation - of plurals (Peter) - - - - - - Add message translation support to the PL languages (Alvaro, Peter) - - - - - - Add more DTrace probes (Robert Lor) - - - - - - Enable DTrace support on macOS - Leopard and other non-Solaris platforms (Robert Lor) - - - - - - Simplify and standardize conversions between C strings and - text datums, by providing common functions for the purpose - (Brendan Jurd, Tom) - - - - - - Clean up the include/catalog/ header files so that - frontend programs can include them without including - postgres.h - (Zdenek Kotala) - - - - - - Make name char-aligned, and suppress zero-padding of - name entries in indexes (Tom) - - - - - - Recover better if dynamically-loaded code executes exit() - (Tom) - - - - - - Add a hook to let plug-ins monitor the executor (Itagaki - Takahiro) - - - - - - Add a hook to allow the planner's statistics lookup behavior to - be overridden (Simon Riggs) - - - - - - Add shmem_startup_hook() for custom shared memory - requirements (Tom) - - - - - - Replace the index access method amgetmulti entry point - with amgetbitmap, and extend the API for - amgettuple to support run-time determination of - operator lossiness (Heikki, Tom, Teodor) - - - - The API for GIN and GiST opclass consistent functions - has been extended as well. - - - - - - Add support for partial-match searches in GIN indexes - (Teodor Sigaev, Oleg Bartunov) - - - - - - Replace pg_class column reltriggers - with boolean relhastriggers (Simon) - - - - Also remove unused pg_class columns - relukeys, relfkeys, and - relrefs. - - - - - - Add a relistemp column to pg_class - to ease identification of temporary tables (Tom) - - - - - - Move platform FAQs into the main documentation - (Peter) - - - - - - Prevent parser input files from being built with any conflicts - (Peter) - - - - - - Add support for the KOI8U (Ukrainian) encoding - (Peter) - - - - - - Add Japanese message translations (Japan PostgreSQL Users Group) - - - - This used to be maintained as a separate project. - - - - - - Fix problem when setting LC_MESSAGES on - MSVC-built systems (Hiroshi Inoue, Hiroshi - Saito, Magnus) - - - - - - - - - Contrib - - - - - - Add contrib/auto_explain to automatically run - EXPLAIN on queries exceeding a specified duration - (Itagaki Takahiro, Tom) - - - - - - Add contrib/btree_gin to allow GIN indexes to - handle more datatypes (Oleg, Teodor) - - - - - - Add contrib/citext to provide a case-insensitive, - multibyte-aware text data type (David Wheeler) - - - - - - Add contrib/pg_stat_statements for server-wide - tracking of statement execution statistics (Itagaki Takahiro) - - - - - - Add duration and query mode options to contrib/pgbench - (Itagaki Takahiro) - - - - - - Make contrib/pgbench use table names - pgbench_accounts, pgbench_branches, - pgbench_history, and pgbench_tellers, - rather than just accounts, branches, - history, and tellers (Tom) - - - - This is to reduce the risk of accidentally destroying real data - by running pgbench. - - - - - - Fix contrib/pgstattuple to handle tables and - indexes with over 2 billion pages (Tatsuhito Kasahara) - - - - - - In contrib/fuzzystrmatch, add a version of the - Levenshtein string-distance function that allows the user to - specify the costs of insertion, deletion, and substitution - (Volkan Yazici) - - - - - - Make contrib/ltree support multibyte encodings - (laser) - - - - - - Enable contrib/dblink to use connection information - stored in the SQL/MED catalogs (Joe Conway) - - - - - - Improve contrib/dblink's reporting of errors from - the remote server (Joe Conway) - - - - - - Make contrib/dblink set client_encoding - to match the local database's encoding (Joe Conway) - - - - This prevents encoding problems when communicating with a remote - database that uses a different encoding. - - - - - - Make sure contrib/dblink uses a password supplied - by the user, and not accidentally taken from the server's - .pgpass file (Joe Conway) - - - - This is a minor security enhancement. - - - - - - Add fsm_page_contents() - to contrib/pageinspect (Heikki) - - - - - - Modify get_raw_page() to support free space map - (*_fsm) files. Also update - contrib/pg_freespacemap. - - - - - - Add support for multibyte encodings to contrib/pg_trgm - (Teodor) - - - - - - Rewrite contrib/intagg to use new - functions array_agg() and unnest() - (Tom) - - - - - - Make contrib/pg_standby recover all available WAL before - failover (Fujii Masao, Simon, Heikki) - - - - To make this work safely, you now need to set the new - recovery_end_command option in recovery.conf - to clean up the trigger file after failover. pg_standby - will no longer remove the trigger file itself. - - - - - - contrib/pg_standby's option is now a no-op, - because it is unsafe to use a symlink (Simon) - - - - - - - - diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml deleted file mode 100644 index 9e90f5a7f3..0000000000 --- a/doc/src/sgml/release-9.0.sgml +++ /dev/null @@ -1,11091 +0,0 @@ - - - - - Release 9.0.23 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.0.22. - For information about new features in the 9.0 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 9.0.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.0.23 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - Use fuzzy path cost tiebreaking rule in all supported branches (Tom Lane) - - - - This change is meant to avoid platform-specific behavior when - alternative plan choices have effectively-identical estimated costs. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.0.22 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.0.21. - For information about new features in the 9.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.0.X release series in September 2015. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.0.22 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - - - Release 9.0.21 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.0.20. - For information about new features in the 9.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.0.X release series in September 2015. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.0.21 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.0.20 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.0.19. - For information about new features in the 9.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.0.X release series in September 2015. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.0.20 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - Avoid cannot GetMultiXactIdMembers() during recovery error - (Álvaro Herrera) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.0.19 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.0.18. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.19 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.0.18 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.0.17. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.18 - - - A dump/restore is not required for those running 9.0.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 9.0.15, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.0.17 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.0.16. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.17 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.15, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.0.16 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.0.15. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.16 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.15, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.0.15 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.0.14. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.15 - - - A dump/restore is not required for those running 9.0.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first two changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.0.13, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. Users - upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but - all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.0.14 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.0.13. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.14 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.13, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix checkpoint memory leak in background writer when wal_level = - hot_standby (Naoya Anzai) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix possible SSL state corruption in threaded libpq applications - (Nick Phillips, Stephen Frost) - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Properly record index comments created using UNIQUE - and PRIMARY KEY syntax (Andres Freund) - - - - This fixes a parallel pg_restore failure. - - - - - - Fix REINDEX TABLE and REINDEX DATABASE - to properly revalidate constraints and mark invalidated indexes as - valid (Noah Misch) - - - - REINDEX INDEX has always worked properly. - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Allow ALTER DEFAULT PRIVILEGES to operate on schemas - without requiring CREATE permission (Tom Lane) - - - - - - Loosen restriction on keywords used in queries (Tom Lane) - - - - Specifically, lessen keyword restrictions for role names, language - names, EXPLAIN and COPY options, and - SET values. This allows COPY ... (FORMAT - BINARY) to work as expected; previously BINARY needed - to be quoted. - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Ensure that VACUUM ANALYZE still runs the ANALYZE phase - if its attempt to truncate the file is cancelled due to lock conflicts - (Kevin Grittner) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 9.0.13 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 9.0.12. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.13 - - - A dump/restore is not required for those running 9.0.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix insecure parsing of server command-line switches (Mitsumasa - Kondo, Kyotaro Horiguchi) - - - - A connection request containing a database name that begins with - - could be crafted to damage or destroy - files within the server's data directory, even if the request is - eventually rejected. (CVE-2013-1899) - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix gist_point_consistent - to handle fuzziness consistently (Alexander Korotkov) - - - - Index scans on GiST indexes on point columns would sometimes - yield results different from a sequential scan, because - gist_point_consistent disagreed with the underlying - operator code about whether to do comparisons exactly or fuzzily. - - - - - - Fix buffer leak in WAL replay (Heikki Linnakangas) - - - - This bug could result in incorrect local pin count errors - during replay, making recovery impossible. - - - - - - Fix race condition in DELETE RETURNING (Tom Lane) - - - - Under the right circumstances, DELETE RETURNING could - attempt to fetch data from a shared buffer that the current process - no longer has any pin on. If some other process changed the buffer - meanwhile, this would lead to garbage RETURNING output, or - even a crash. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Fix logic error when a single transaction does UNLISTEN - then LISTEN (Tom Lane) - - - - The session wound up not listening for notify events at all, though it - surely should listen in this case. - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump and - pg_upgrade (Michael Paquier, Bruce Momjian) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - pg_upgrade now also skips invalid indexes rather than - failing. - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 9.0.12 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 9.0.11. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.12 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix multiple problems in detection of when a consistent database - state has been reached during WAL replay (Fujii Masao, Heikki - Linnakangas, Simon Riggs, Andres Freund) - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs) - - - - The need to cancel conflicting hot-standby queries would sometimes be - missed, allowing those queries to see inconsistent data. - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Fix performance problems with autovacuum truncation in busy workloads - (Jan Wieck) - - - - Truncation of empty pages at the end of a table requires exclusive - lock, but autovacuum was coded to fail (and release the table lock) - when there are conflicting lock requests. Under load, it is easily - possible that truncation would never occur, resulting in table bloat. - Fix by performing a partial truncation, releasing the lock, then - attempting to re-acquire the lock and continue. This fix also greatly - reduces the average time before autovacuum releases the lock after a - conflicting request arrives. - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix pg_upgrade to deal with invalid indexes safely - (Bruce Momjian) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Include our version of isinf() in - libecpg if it's not provided by the system - (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 9.0.11 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 9.0.10. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.11 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Fix buffer locking during WAL replay (Tom Lane) - - - - The WAL replay code was insufficiently careful about locking buffers - when replaying WAL records that affect more than one page. This could - result in hot standby queries transiently seeing inconsistent states, - resulting in wrong answers or unexpected failures. - - - - - - Fix an error in WAL generation logic for GIN indexes (Tom Lane) - - - - This could result in index corruption, if a torn-page failure occurred. - - - - - - Properly remove startup process's virtual XID lock when promoting a - hot standby server to normal running (Simon Riggs) - - - - This oversight could prevent subsequent execution of certain - operations such as CREATE INDEX CONCURRENTLY. - - - - - - Avoid bogus out-of-sequence timeline ID errors in standby - mode (Heikki Linnakangas) - - - - - - Prevent the postmaster from launching new child processes after it's - received a shutdown signal (Tom Lane) - - - - This mistake could result in shutdown taking longer than it should, or - even never completing at all without additional user action. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to the precheck logic for a foreign-key enforcement - trigger. That could result in a crash, or in an incorrect decision - about whether to fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Fix failure to advance XID epoch if XID wraparound happens during a - checkpoint and wal_level is hot_standby - (Tom Lane, Andres Freund) - - - - While this mistake had no particular impact on - PostgreSQL itself, it was bad for - applications that rely on txid_current() and related - functions: the TXID value would appear to go backwards. - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in mode as well as the regular COPY mode. - - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Fix ecpg's ecpg_get_data function to - handle arrays properly (Michael Meskes) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 9.0.10 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 9.0.9. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.10 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix planner's assignment of executor parameters, and fix executor's - rescan logic for CTE plan nodes (Tom Lane) - - - - These errors could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Improve error messages for Hot Standby misconfiguration errors - (Gurjeet Singh) - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Fix pg_upgrade's handling of line endings on Windows - (Andrew Dunstan) - - - - Previously, pg_upgrade might add or remove carriage - returns in places such as function bodies. - - - - - - On Windows, make pg_upgrade use backslash path - separators in the scripts it emits (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 9.0.9 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 9.0.8. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.9 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Fix txid_current() to report the correct epoch when not - in hot standby (Heikki Linnakangas) - - - - This fixes a regression introduced in the previous minor release. - - - - - - Fix bug in startup of Hot Standby when a master transaction has many - subtransactions (Andres Freund) - - - - This mistake led to failures reported as out-of-order XID - insertion in KnownAssignedXids. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Fix timeout handling in walsender processes (Tom Lane) - - - - WAL sender background processes neglected to establish a - SIGALRM handler, meaning they would wait forever in - some corner cases where a timeout ought to happen. - - - - - - Back-patch 9.1 improvement to compress the fsync request queue - (Robert Haas) - - - - This improves performance during checkpoints. The 9.1 change - has now seen enough field testing to seem safe to back-patch. - - - - - - Fix LISTEN/NOTIFY to cope better with I/O - problems, such as out of disk space (Tom Lane) - - - - After a write failure, all subsequent attempts to send more - NOTIFY messages would fail with messages like - Could not read from file "pg_notify/nnnn" at - offset nnnnn: Success. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Fix WITH attached to a nested set operation - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Fix bugs with parsing signed - hh:mm and - hh:mm:ss - fields in interval constants (Amit Kapila, Tom Lane) - - - - - - Use Postgres' encoding conversion functions, not Python's, when - converting a Python Unicode string to the server encoding in - PL/Python (Jan Urbanski) - - - - This avoids some corner-case problems, notably that Python doesn't - support all the encodings Postgres does. A notable functional change - is that if the server encoding is SQL_ASCII, you will get the UTF-8 - representation of the string; formerly, any non-ASCII characters in - the string would result in an error. - - - - - - Fix mapping of PostgreSQL encodings to Python encodings in PL/Python - (Jan Urbanski) - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 9.0.8 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 9.0.7. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.8 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Ensure txid_current() reports the correct epoch when - executed in hot standby (Simon Riggs) - - - - - - Fix planner's handling of outer PlaceHolderVars within subqueries (Tom - Lane) - - - - This bug concerns sub-SELECTs that reference variables coming from the - nullable side of an outer join of the surrounding query. - In 9.1, queries affected by this bug would fail with ERROR: - Upper-level PlaceHolderVar found where not expected. But in 9.0 and - 8.4, you'd silently get possibly-wrong answers, since the value - transmitted into the subquery wouldn't go to null when it should. - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Fix COPY FROM to properly handle null marker strings that - correspond to invalid encoding (Tom Lane) - - - - A null marker string such as E'\\0' should work, and did - work in the past, but the case got broken in 8.4. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix WAL replay logic for GIN indexes to not fail if the index was - subsequently dropped (Tom Lane) - - - - - - Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe - Conway) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Fix potential access off the end of memory in psql's - expanded display (\x) mode (Peter Eisentraut) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix pg_upgrade for the case that a database stored in a - non-default tablespace contains a table in the cluster's default - tablespace (Bruce Momjian) - - - - - - In ecpg, fix rare memory leaks and possible overwrite - of one byte after the sqlca_t structure (Peter Eisentraut) - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Fix contrib/dblink to report the correct connection name in - error messages (Kyotaro Horiguchi) - - - - - - Fix contrib/vacuumlo to use multiple transactions when - dropping many large objects (Tim Lewis, Robert Haas, Tom Lane) - - - - This change avoids exceeding max_locks_per_transaction when - many objects need to be dropped. The behavior can be adjusted with the - new -l (limit) option. - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 9.0.7 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 9.0.6. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.7 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Remove arbitrary limitation on length of common name in SSL - certificates (Heikki Linnakangas) - - - - Both libpq and the server truncated the common name - extracted from an SSL certificate at 32 bytes. Normally this would - cause nothing worse than an unexpected verification failure, but there - are some rather-implausible scenarios in which it might allow one - certificate holder to impersonate another. The victim would have to - have a common name exactly 32 bytes long, and the attacker would have - to persuade a trusted CA to issue a certificate in which the common - name has that string as a prefix. Impersonating a server would also - require some additional exploit to redirect client connections. - (CVE-2012-0867) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Fix transient zeroing of shared buffers during WAL replay (Tom Lane) - - - - The replay logic would sometimes zero and refill a shared buffer, so - that the contents were transiently invalid. In hot standby mode this - can result in a query that's executing in parallel seeing garbage data. - Various symptoms could result from that, but the most common one seems - to be invalid memory alloc request size. - - - - - - Fix postmaster to attempt restart after a hot-standby crash (Tom Lane) - - - - A logic error caused the postmaster to terminate, rather than attempt - to restart the cluster, if any backend process crashed while operating - in hot standby mode. - - - - - - Fix CLUSTER/VACUUM FULL handling of toast - values owned by recently-updated rows (Tom Lane) - - - - This oversight could lead to duplicate key value violates unique - constraint errors being reported against the toast table's index - during one of these commands. - - - - - - Update per-column permissions, not only per-table permissions, when - changing table owner (Tom Lane) - - - - Failure to do this meant that any previously granted column permissions - were still shown as having been granted by the old owner. This meant - that neither the new owner nor a superuser could revoke the - now-untraceable-to-table-owner permissions. - - - - - - Support foreign data wrappers and foreign servers in - REASSIGN OWNED (Alvaro Herrera) - - - - This command failed with unexpected classid errors if - it needed to change the ownership of any such objects. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Avoid crashing when we have problems deleting table files post-commit - (Tom Lane) - - - - Dropping a table should lead to deleting the underlying disk files only - after the transaction commits. In event of failure then (for instance, - because of wrong file permissions) the code is supposed to just emit a - warning message and go on, since it's too late to abort the - transaction. This logic got broken as of release 8.4, causing such - situations to result in a PANIC and an unrestartable database. - - - - - - Recover from errors occurring during WAL replay of DROP - TABLESPACE (Tom Lane) - - - - Replay will attempt to remove the tablespace's directories, but there - are various reasons why this might fail (for example, incorrect - ownership or permissions on those directories). Formerly the replay - code would panic, rendering the database unrestartable without manual - intervention. It seems better to log the problem and continue, since - the only consequence of failure to remove the directories is some - wasted disk space. - - - - - - Fix race condition in logging AccessExclusiveLocks for hot standby - (Simon Riggs) - - - - Sometimes a lock would be logged as being held by transaction - zero. This is at least known to produce assertion failures on - slave servers, and might be the cause of more serious problems. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Prevent emitting misleading consistent recovery state reached - log message at the beginning of crash recovery (Heikki Linnakangas) - - - - - - Fix initial value of - pg_stat_replication.replay_location - (Fujii Masao) - - - - Previously, the value shown would be wrong until at least one WAL - record had been replayed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Fix dangling pointer after CREATE TABLE AS/SELECT - INTO in a SQL-language function (Tom Lane) - - - - In most cases this only led to an assertion failure in assert-enabled - builds, but worse consequences seem possible. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - or options fail when - using pg_restore from a release dated September or - December 2011, as a result of an oversight in a fix for another - problem. The archive file itself is not at fault, and text-mode - output is okay. - - - - - - Allow pg_upgrade to process tables containing - regclass columns (Bruce Momjian) - - - - Since pg_upgrade now takes care to preserve - pg_class OIDs, there was no longer any reason for this - restriction. - - - - - - Make libpq ignore ENOTDIR errors - when looking for an SSL client certificate file - (Magnus Hagander) - - - - This allows SSL connections to be established, though without a - certificate, even when the user's home directory is set to something - like /dev/null. - - - - - - Fix some more field alignment issues in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Allow AT option in ecpg - DEALLOCATE statements (Michael Meskes) - - - - The infrastructure to support this has been there for awhile, but - through an oversight there was still an error check rejecting the case. - - - - - - Do not use the variable name when defining a varchar structure in ecpg - (Michael Meskes) - - - - - - Fix contrib/auto_explain's JSON output mode to produce - valid JSON (Andrew Dunstan) - - - - The output used brackets at the top level, when it should have used - braces. - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use option when building with - gcc versions that accept it (Andrew Dunstan) - - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - - - - - Release 9.0.6 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 9.0.5. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.6 - - - A dump/restore is not required for those running 9.0.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 9.0.4, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix possible crash during UPDATE or DELETE that - joins to the output of a scalar-returning function (Tom Lane) - - - - A crash could only occur if the target row had been concurrently - updated, so this problem surfaced only intermittently. - - - - - - Fix incorrect replay of WAL records for GIN index updates - (Tom Lane) - - - - This could result in transiently failing to find index entries after - a crash, or on a hot-standby server. The problem would be repaired - by the next VACUUM of the index, however. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix possible failures during hot standby startup (Simon Riggs) - - - - - - Start hot standby faster when initial snapshot is incomplete - (Simon Riggs) - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Track dependencies of functions on items used in parameter default - expressions (Tom Lane) - - - - Previously, a referenced object could be dropped without having dropped - or modified the function, leading to misbehavior when the function was - used. Note that merely installing this update will not fix the missing - dependency entries; to do that, you'd need to CREATE OR - REPLACE each such function afterwards. If you have functions whose - defaults depend on non-built-in objects, doing so is recommended. - - - - - - Allow inlining of set-returning SQL functions with multiple OUT - parameters (Tom Lane) - - - - - - Don't trust deferred-unique indexes for join removal (Tom Lane and Marti - Raudsepp) - - - - A deferred uniqueness constraint might not hold intra-transaction, - so assuming that it does could give incorrect query results. - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Preserve configuration file name and line number values when starting - child processes under Windows (Tom Lane) - - - - Formerly, these would not be displayed correctly in the - pg_settings view. - - - - - - Fix incorrect field alignment in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Assorted fixes for pg_upgrade (Bruce Momjian) - - - - Handle exclusion constraints correctly, avoid failures on Windows, - don't complain about mismatched toast table names in 8.4 databases. - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Fix assorted errors in contrib/unaccent's configuration - file parsing (Tom Lane) - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Fix incorrect quoting of log file name in macOS start script - (Sidar Lopez) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 9.0.5 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 9.0.4. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.5 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.4, - see . - - - - - - Changes - - - - - - Fix catalog cache invalidation after a VACUUM FULL or - CLUSTER on a system catalog (Tom Lane) - - - - In some cases the relocation of a system catalog row to another place - would not be recognized by concurrent server processes, allowing catalog - corruption to occur if they then tried to update that row. The - worst-case outcome could be as bad as complete loss of a table. - - - - - - Fix incorrect order of operations during sinval reset processing, - and ensure that TOAST OIDs are preserved in system catalogs (Tom - Lane) - - - - These mistakes could lead to transient failures after a VACUUM - FULL or CLUSTER on a system catalog. - - - - - - Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane) - - - - These bugs could result in index corruption after reindexing a system - catalog. They are not believed to affect user indexes. - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Fix possible buffer overrun in tsvector_concat() - (Tom Lane) - - - - The function could underestimate the amount of memory needed for its - result, leading to server crashes. - - - - - - Fix crash in xml_recv when processing a - standalone parameter (Tom Lane) - - - - - - Make pg_options_to_table return NULL for an option with no - value (Tom Lane) - - - - Previously such cases would result in a server crash. - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - and in SJIS-2004 encoding conversion (Noah Misch) - - - - This fixes some very-low-probability server crash scenarios. - - - - - - Protect pg_stat_reset_shared() against NULL input (Magnus - Hagander) - - - - - - Fix possible failure when a recovery conflict deadlock is detected - within a sub-transaction (Tom Lane) - - - - - - Avoid spurious conflicts while recycling btree index pages during hot - standby (Noah Misch, Simon Riggs) - - - - - - Shut down WAL receiver if it's still running at end of recovery (Heikki - Linnakangas) - - - - The postmaster formerly panicked in this situation, but it's actually a - legitimate case. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix memory leak when encoding conversion has to be done on incoming - command strings and LISTEN is active (Tom Lane) - - - - - - Fix incorrect memory accounting (leading to possible memory bloat) in - tuplestores supporting holdable cursors and plpgsql's RETURN - NEXT command (Tom Lane) - - - - - - Fix trigger WHEN conditions when both BEFORE and - AFTER triggers exist (Tom Lane) - - - - Evaluation of WHEN conditions for AFTER ROW - UPDATE triggers could crash if there had been a BEFORE - ROW trigger fired for the same update. - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix join selectivity estimation for unique columns (Tom Lane) - - - - This fixes an erroneous planner heuristic that could lead to poor - estimates of the result size of a join. - - - - - - Fix nested PlaceHolderVar expressions that appear only in sub-select - target lists (Tom Lane) - - - - This mistake could result in outputs of an outer join incorrectly - appearing as NULL. - - - - - - Allow the planner to assume that empty parent tables really are empty - (Tom Lane) - - - - Normally an empty table is assumed to have a certain minimum size for - planning purposes; but this heuristic seems to do more harm than good - for the parent table of an inheritance hierarchy, which often is - permanently empty. - - - - - - Allow nested EXISTS queries to be optimized properly (Tom - Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Fix EXPLAIN to handle gating Result nodes within - inner-indexscan subplans (Tom Lane) - - - - The usual symptom of this oversight was bogus varno errors. - - - - - - Fix btree preprocessing of indexedcol IS - NULL conditions (Dean Rasheed) - - - - Such a condition is unsatisfiable if combined with any other type of - btree-indexable condition on the same index column. The case was - handled incorrectly in 9.0.0 and later, leading to query output where - there should be none. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Fix VACUUM so that it always updates - pg_class.reltuples/relpages (Tom - Lane) - - - - This fixes some scenarios where autovacuum could make increasingly poor - decisions about when to vacuum tables. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix cases where CLUSTER might attempt to access - already-removed TOAST data (Tom Lane) - - - - - - Fix premature timeout failures during initial authentication transaction - (Tom Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari, - Magnus Hagander) - - - - The typical symptom of this problem was The function requested is - not supported errors during SSPI login. - - - - - - Fix failure when adding a new variable of a custom variable class to - postgresql.conf (Tom Lane) - - - - - - Throw an error if pg_hba.conf contains hostssl - but SSL is disabled (Tom Lane) - - - - This was concluded to be more user-friendly than the previous behavior - of silently ignoring such lines. - - - - - - Fix failure when DROP OWNED BY attempts to remove default - privileges on sequences (Shigeru Hanada) - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - Weaken plpgsql's check for typmod matching in record values (Tom Lane) - - - - An overly enthusiastic check could lead to discarding length modifiers - that should have been kept. - - - - - - Correctly handle quotes in locale names during initdb - (Heikki Linnakangas) - - - - The case can arise with some Windows locales, such as People's - Republic of China. - - - - - - In pg_upgrade, avoid dumping orphaned temporary tables - (Bruce Momjian) - - - - This prevents situations wherein table OID assignments could get out of - sync between old and new installations. - - - - - - Fix pg_upgrade to preserve toast tables' relfrozenxids - during an upgrade from 8.3 (Bruce Momjian) - - - - Failure to do this could lead to pg_clog files being - removed too soon after the upgrade. - - - - - - In pg_upgrade, fix the -l (log) option to - work on Windows (Bruce Momjian) - - - - - - In pg_ctl, support silent mode for service registrations - on Windows (MauMau) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Be more user-friendly about unsupported cases for parallel - pg_restore (Tom Lane) - - - - This change ensures that such cases are detected and reported before - any restore actions have been taken. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Improve libpq's error reporting for SSL failures (Tom - Lane) - - - - - - Fix PQsetvalue() to avoid possible crash when adding a new - tuple to a PGresult originally obtained from a server - query (Andrew Chernow) - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - In ecpglib, be sure LC_NUMERIC setting is - restored after an error (Michael Meskes) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 9.0.4 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 9.0.3. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.4 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if your installation was upgraded from a previous major - release by running pg_upgrade, you should take - action to prevent possible data loss due to a now-fixed bug in - pg_upgrade. The recommended solution is to run - VACUUM FREEZE on all TOAST tables. - More information is available at - http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix. - - - - - - Changes - - - - - - Fix pg_upgrade's handling of TOAST tables - (Bruce Momjian) - - - - The pg_class.relfrozenxid value for - TOAST tables was not correctly copied into the new installation - during pg_upgrade. This could later result in - pg_clog files being discarded while they were still - needed to validate tuples in the TOAST tables, leading to - could not access status of transaction failures. - - - - This error poses a significant risk of data loss for installations - that have been upgraded with pg_upgrade. This patch - corrects the problem for future uses of pg_upgrade, - but does not in itself cure the issue in installations that have been - processed with a buggy version of pg_upgrade. - - - - - - Suppress incorrect PD_ALL_VISIBLE flag was incorrectly set - warning (Heikki Linnakangas) - - - - VACUUM would sometimes issue this warning in cases that - are actually valid. - - - - - - Use better SQLSTATE error codes for hot standby conflict cases - (Tatsuo Ishii and Simon Riggs) - - - - All retryable conflict errors now have an error code that indicates - that a retry is possible. Also, session closure due to the database - being dropped on the master is now reported as - ERRCODE_DATABASE_DROPPED, rather than - ERRCODE_ADMIN_SHUTDOWN, so that connection poolers can - handle the situation correctly. - - - - - - Prevent intermittent hang in interactions of startup process with - bgwriter process (Simon Riggs) - - - - This affected recovery in non-hot-standby cases. - - - - - - Disallow including a composite type in itself (Tom Lane) - - - - This prevents scenarios wherein the server could recurse infinitely - while processing the composite type. While there are some possible - uses for such a structure, they don't seem compelling enough to - justify the effort required to make sure it always works safely. - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Allow replication as a user name in - pg_hba.conf (Andrew Dunstan) - - - - replication is special in the database name column, but it - was mistakenly also treated as special in the user name column. - - - - - - Prevent crash triggered by constant-false WHERE conditions during - GEQO optimization (Tom Lane) - - - - - - Improve planner's handling of semi-join and anti-join cases - (Tom Lane) - - - - - - Fix handling of SELECT FOR UPDATE in a sub-SELECT - (Tom Lane) - - - - This bug typically led to cannot extract system attribute from - virtual tuple errors. - - - - - - Fix selectivity estimation for text search to account for NULLs - (Jesper Krogh) - - - - - - Fix get_actual_variable_range() to support hypothetical indexes - injected by an index adviser plugin (Gurjeet Singh) - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Allow libpq's SSL initialization to succeed when - user's home directory is unavailable (Tom Lane) - - - - If the SSL mode is such that a root certificate file is not required, - there is no need to fail. This change restores the behavior to what - it was in pre-9.0 releases. - - - - - - Fix libpq to return a useful error message for errors - detected in conninfo_array_parse (Joseph Adams) - - - - A typo caused the library to return NULL, rather than the - PGconn structure containing the error message, to the - application. - - - - - - Fix ecpg preprocessor's handling of float constants - (Heikki Linnakangas) - - - - - - Fix parallel pg_restore to handle comments on - POST_DATA items correctly (Arnd Hannemann) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Avoid crash when trying to write to the Windows console very early - in process startup (Rushabh Lathia) - - - - - - Support building with MinGW 64 bit compiler for Windows - (Andrew Dunstan) - - - - - - Fix version-incompatibility problem with libintl on - Windows (Hiroshi Inoue) - - - - - - Fix usage of xcopy in Windows build scripts to - work correctly under Windows 7 (Andrew Dunstan) - - - - This affects the build scripts only, not installation or usage. - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 9.0.3 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 9.0.2. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.3 - - - A dump/restore is not required for those running 9.0.X. - - - - - - Changes - - - - - - Before exiting walreceiver, ensure all the received WAL - is fsync'd to disk (Heikki Linnakangas) - - - - Otherwise the standby server could replay some un-synced WAL, conceivably - leading to data corruption if the system crashes just at that point. - - - - - - Avoid excess fsync activity in walreceiver - (Heikki Linnakangas) - - - - - - Make ALTER TABLE revalidate uniqueness and exclusion - constraints when needed (Noah Misch) - - - - This was broken in 9.0 by a change that was intended to suppress - revalidation during VACUUM FULL and CLUSTER, - but unintentionally affected ALTER TABLE as well. - - - - - - Fix EvalPlanQual for UPDATE of an inheritance tree in which - the tables are not all alike (Tom Lane) - - - - Any variation in the table row types (including dropped columns present - in only some child tables) would confuse the EvalPlanQual code, leading - to misbehavior or even crashes. Since EvalPlanQual is only executed - during concurrent updates to the same row, the problem was only seen - intermittently. - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix PL/Python crash when an array contains null entries (Alex Hunsaker) - - - - - - Remove ecpg's fixed length limit for constants defining - an array dimension (Michael Meskes) - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 9.0.2 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 9.0.1. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.2 - - - A dump/restore is not required for those running 9.0.X. - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix too many KnownAssignedXids error during Hot Standby - replay (Heikki Linnakangas) - - - - - - Fix race condition in lock acquisition during Hot Standby (Simon Riggs) - - - - - - Avoid unnecessary conflicts during Hot Standby (Simon Riggs) - - - - This fixes some cases where replay was considered to conflict with - standby queries (causing delay of replay or possibly cancellation of - the queries), but there was no real conflict. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Fix corner-case bug when streaming replication is enabled immediately - after creating the master database cluster (Heikki Linnakangas) - - - - - - Fix persistent slowdown of autovacuum workers when multiple workers - remain active for a long time (Tom Lane) - - - - The effective vacuum_cost_limit for an autovacuum worker - could drop to nearly zero if it processed enough tables, causing it - to run extremely slowly. - - - - - - Fix long-term memory leak in autovacuum launcher (Alvaro Herrera) - - - - - - Avoid failure when trying to report an impending transaction - wraparound condition from outside a transaction (Tom Lane) - - - - This oversight prevented recovery after transaction wraparound got - too close, because database startup processing would fail. - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Fix error checking during early connection processing (Tom Lane) - - - - The check for too many child processes was skipped in some cases, - possibly leading to postmaster crash when attempting to add the new - child process to fixed-size arrays. - - - - - - Improve efficiency of window functions (Tom Lane) - - - - Certain cases where a large number of tuples needed to be read in - advance, but work_mem was large enough to allow them all - to be held in memory, were unexpectedly slow. - percent_rank(), cume_dist() and - ntile() in particular were subject to this problem. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Add missing support in DROP OWNED BY for removing foreign - data wrapper/server privileges belonging to a user (Heikki Linnakangas) - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Fix crash when inline-ing a set-returning function whose argument list - contains a reference to an inline-able user function (Tom Lane) - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Make the OFF keyword unreserved (Heikki Linnakangas) - - - - This prevents problems with using off as a variable name in - PL/pgSQL. That worked before 9.0, but was now broken - because PL/pgSQL now treats all core reserved words - as reserved. - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Fix could not find pathkey item to sort planner failure - with comparison of whole-row Vars (Tom Lane) - - - - - - Fix postmaster crash when connection acceptance - (accept() or one of the calls made immediately after it) - fails, and the postmaster was compiled with GSSAPI support (Alexander - Chernikov) - - - - - - Retry after receiving an invalid response packet from a RADIUS - authentication server (Magnus Hagander) - - - - This fixes a low-risk potential denial of service condition. - - - - - - Fix missed unlink of temporary files when log_temp_files - is active (Tom Lane) - - - - If an error occurred while attempting to emit the log message, the - unlink was not done, resulting in accumulation of temp files. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix incorrect calculation of transaction status in - ecpg (Itagaki Takahiro) - - - - - - Fix errors in psql's Unicode-escape support (Tom Lane) - - - - - - Speed up parallel pg_restore when the archive - contains many large objects (blobs) (Tom Lane) - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/pgSQL's error reporting for no-such-column - cases (Tom Lane) - - - - As of 9.0, it would sometimes report missing FROM-clause entry - for table foo when record foo has no field bar would be - more appropriate. - - - - - - Fix PL/Python to honor typmod (i.e., length or - precision restrictions) when assigning to tuple fields (Tom Lane) - - - - This fixes a regression from 8.4. - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix buffer overrun in contrib/pg_upgrade (Hernan Gonzalez) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 9.0.1 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 9.0.0. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.1 - - - A dump/restore is not required for those running 9.0.X. - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Improve pg_get_expr() security fix so that the function - can still be used on the output of a sub-select (Tom Lane) - - - - - - Fix incorrect placement of placeholder evaluation (Tom Lane) - - - - This bug could result in query outputs being non-null when they - should be null, in cases where the inner side of an outer join - is a sub-select with non-strict expressions in its output list. - - - - - - Fix join removal's handling of placeholder expressions (Tom Lane) - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Prevent infinite loop in ProcessIncomingNotify() after unlistening - (Jeff Davis) - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane) - - - - Input such as 'J100000'::date worked before 8.4, - but was unintentionally broken by added error-checking. - - - - - - Make psql recognize DISCARD ALL as a command that should - not be encased in a transaction block in autocommit-off mode - (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - - - - - Release 9.0 - - - Release date: - 2010-09-20 - - - - Overview - - - This release of - PostgreSQL adds features that have been requested - for years, such as easy-to-use replication, a mass permission-changing - facility, and anonymous code blocks. While past major releases have - been conservative in their scope, this release shows a - bold new desire to provide facilities that new and existing - users of PostgreSQL will embrace. This has all - been done with few incompatibilities. Major enhancements include: - - - - - - - - - - Built-in replication based on log shipping. This advance consists of - two features: Streaming Replication, allowing continuous archive - (WAL) files to be streamed over a network connection to a - standby server, and Hot Standby, allowing continuous archive standby - servers to execute read-only queries. The net effect is to support a - single master with multiple read-only slave servers. - - - - - - Easier database object permissions management. GRANT/REVOKE IN - SCHEMA supports mass permissions changes on existing objects, - while ALTER DEFAULT - PRIVILEGES allows control of privileges for objects created in - the future. Large objects (BLOBs) now support permissions management as - well. - - - - - - Broadly enhanced stored procedure support. - The DO statement supports - ad-hoc or anonymous code blocks. - Functions can now be called using named parameters. - PL/pgSQL is now installed by default, and - PL/Perl and PL/Python have been enhanced in several ways, - including support for Python3. - - - - - - Full support for 64-bit - Windows. - - - - - - More advanced reporting queries, including additional windowing options - (PRECEDING and FOLLOWING) and the ability to - control the order in which values are fed to aggregate functions. - - - - - - New trigger features, including - SQL-standard-compliant per-column triggers and - conditional trigger execution. - - - - - - Deferrable - unique constraints. Mass updates to unique keys are now possible - without trickery. - - - - - - Exclusion constraints. - These provide a generalized version of unique constraints, allowing - enforcement of complex conditions. - - - - - - New and enhanced security features, including RADIUS authentication, - LDAP authentication improvements, and a new contrib module - passwordcheck - for testing password strength. - - - - - - New high-performance implementation of the - LISTEN/NOTIFY feature. - Pending events are now stored in a memory-based queue rather than - a table. Also, a payload string can be sent with each - event, rather than transmitting just an event name as before. - - - - - - New implementation of - VACUUM FULL. - This command now rewrites the entire table and indexes, rather than - moving individual rows to compact space. It is substantially faster - in most cases, and no longer results in index bloat. - - - - - - New contrib module - pg_upgrade - to support in-place upgrades from 8.3 or 8.4 to 9.0. - - - - - - Multiple performance enhancements for specific types of queries, - including elimination of unnecessary joins. This helps optimize some - automatically-generated queries, such as those produced by - object-relational mappers (ORMs). - - - - - - EXPLAIN enhancements. - The output is now available in JSON, XML, or YAML format, and includes - buffer utilization and other data not previously available. - - - - - - hstore improvements, - including new functions and greater data capacity. - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.0 - - - A dump/restore using pg_dump, - or use of pg_upgrade, is required - for those wishing to migrate data from any previous - release. - - - - Version 9.0 contains a number of changes that selectively break backwards - compatibility in order to support new features and code quality - improvements. In particular, users who make extensive use of PL/pgSQL, - Point-In-Time Recovery (PITR), or Warm Standby should test their - applications because of slight user-visible changes in those areas. - Observe the following incompatibilities: - - - - Server Settings - - - - - - Remove server parameter add_missing_from, which was - defaulted to off for many years (Tom Lane) - - - - - - Remove server parameter regex_flavor, which - was defaulted to advanced - for many years (Tom Lane) - - - - - - archive_mode - now only affects archive_command; - a new setting, wal_level, affects - the contents of the write-ahead log (Heikki Linnakangas) - - - - - - log_temp_files - now uses default file size units of kilobytes (Robert Haas) - - - - - - - - - Queries - - - - - - When querying a parent table, - do not do any separate permission checks on child tables - scanned as part of the query (Peter Eisentraut) - - - - The SQL standard specifies this behavior, and it is also much more - convenient in practice than the former behavior of checking permissions - on each child as well as the parent. - - - - - - - - - Data Types - - - - - - bytea output now - appears in hex format by default (Peter Eisentraut) - - - - The server parameter bytea_output can be - used to select the traditional output format if needed for - compatibility. - - - - - - Array input now considers only plain ASCII whitespace characters - to be potentially ignorable; it will never ignore non-ASCII characters, - even if they are whitespace according to some locales (Tom Lane) - - - - This avoids some corner cases where array values could be interpreted - differently depending on the server's locale settings. - - - - - - Improve standards compliance of SIMILAR TO - patterns and SQL-style substring() patterns (Tom Lane) - - - - This includes treating ? and {...} as - pattern metacharacters, while they were simple literal characters - before; that corresponds to new features added in SQL:2008. - Also, ^ and $ are now treated as simple - literal characters; formerly they were treated as metacharacters, - as if the pattern were following POSIX rather than SQL rules. - Also, in SQL-standard substring(), use of parentheses - for nesting no longer interferes with capturing of a substring. - Also, processing of bracket expressions (character classes) is - now more standards-compliant. - - - - - - Reject negative length values in 3-parameter substring() - for bit strings, per the SQL standard (Tom Lane) - - - - - - Make date_trunc truncate rather than round when reducing - precision of fractional seconds (Tom Lane) - - - - The code always acted this way for integer-based dates/times. - Now float-based dates/times behave similarly. - - - - - - - - - Object Renaming - - - - - - Tighten enforcement of column name consistency during RENAME - when a child table inherits the same column from multiple unrelated - parents (KaiGai Kohei) - - - - - - No longer automatically rename indexes and index columns when the - underlying table columns are renamed (Tom Lane) - - - - Administrators can still rename such indexes and columns manually. - This change will require an update of the JDBC driver, and possibly other - drivers, so that unique indexes are correctly recognized after a rename. - - - - - - CREATE OR REPLACE FUNCTION can no longer change - the declared names of function parameters (Pavel Stehule) - - - - In order to avoid creating ambiguity in named-parameter calls, it is - no longer allowed to change the aliases for input parameters - in the declaration of an existing function (although names can still - be assigned to previously unnamed parameters). You now have to - DROP and recreate the function to do that. - - - - - - - - - PL/pgSQL - - - - - - PL/pgSQL now throws an error if a variable name conflicts with a - column name used in a query (Tom Lane) - - - - The former behavior was to bind ambiguous names to PL/pgSQL variables - in preference to query columns, which often resulted in surprising - misbehavior. Throwing an error allows easy detection of ambiguous - situations. Although it's recommended that functions encountering this - type of error be modified to remove the conflict, the old behavior can - be restored if necessary via the configuration parameter plpgsql.variable_conflict, - or via the per-function option #variable_conflict. - - - - - - PL/pgSQL no longer allows variable names that match certain SQL - reserved words (Tom Lane) - - - - This is a consequence of aligning the PL/pgSQL parser to match the - core SQL parser more closely. If necessary, - variable names can be double-quoted to avoid this restriction. - - - - - - PL/pgSQL now requires columns of composite results to match the - expected type modifier as well as base type (Pavel Stehule, Tom Lane) - - - - For example, if a column of the result type is declared as - NUMERIC(30,2), it is no longer acceptable to return a - NUMERIC of some other precision in that column. Previous - versions neglected to check the type modifier and would thus allow - result rows that didn't actually conform to the declared restrictions. - - - - - - PL/pgSQL now treats selection into composite fields more consistently - (Tom Lane) - - - - Formerly, a statement like - SELECT ... INTO rec.fld FROM ... - was treated as a scalar assignment even if the record field - fld was of composite type. Now it is treated as a - record assignment, the same as when the INTO target is a - regular variable of composite type. So the values to be assigned to the - field's subfields should be written as separate columns of the - SELECT list, not as a ROW(...) construct as in - previous versions. - - - - If you need to do this in a way that will work in both 9.0 and previous - releases, you can write something like - rec.fld := ROW(...) FROM .... - - - - - - Remove PL/pgSQL's RENAME declaration (Tom Lane) - - - - Instead of RENAME, use ALIAS, - which can now create an alias for any variable, not only dollar sign - parameter names (such as $1) as before. - - - - - - - - Other Incompatibilities - - - - - - Deprecate use of => as an operator name (Robert Haas) - - - - Future versions of PostgreSQL will probably reject - this operator name entirely, in order to support the SQL-standard - notation for named function parameters. For the moment, it is - still allowed, but a warning is emitted when such an operator is - defined. - - - - - - Remove support for platforms that don't have a working 64-bit - integer data type (Tom Lane) - - - - It is believed all still-supported platforms have working 64-bit - integer data types. - - - - - - - - - Changes - - Version 9.0 has an unprecedented number of new major features, - and over 200 enhancements, improvements, new commands, - new functions, and other changes. - - - - Server - - - Continuous Archiving and Streaming Replication - - - PostgreSQL's existing standby-server capability has been expanded both to - support read-only queries on standby servers and to greatly reduce - the lag between master and standby servers. For many users, this - will be a useful and low-administration form of replication, either - for high availability or for horizontal scalability. - - - - - - Allow a standby server to accept read-only queries - (Simon Riggs, Heikki Linnakangas) - - - - This feature is called Hot Standby. There are new - postgresql.conf and recovery.conf - settings to control this feature, as well as extensive - documentation. - - - - - - Allow write-ahead log (WAL) data to be streamed to a - standby server (Fujii Masao, Heikki Linnakangas) - - - - This feature is called Streaming Replication. - Previously WAL data could be sent to standby servers only - in units of entire WAL files (normally 16 megabytes each). - Streaming Replication eliminates this inefficiency and allows updates - on the master to be propagated to standby servers with very little - delay. There are new postgresql.conf and - recovery.conf settings to control this feature, as well as - extensive documentation. - - - - - - Add pg_last_xlog_receive_location() - and pg_last_xlog_replay_location(), which - can be used to monitor standby server WAL - activity (Simon Riggs, Fujii Masao, Heikki Linnakangas) - - - - - - - - - Performance - - - - - - Allow per-tablespace values to be set for sequential and random page - cost estimates (seq_page_cost/random_page_cost) - via ALTER TABLESPACE - ... SET/RESET (Robert Haas) - - - - - - Improve performance and reliability of EvalPlanQual rechecks in join - queries (Tom Lane) - - - - UPDATE, DELETE, and SELECT FOR - UPDATE/SHARE queries that involve joins will now behave much better - when encountering freshly-updated rows. - - - - - - Improve performance of TRUNCATE when - the table was created or truncated earlier in the same transaction - (Tom Lane) - - - - - - Improve performance of finding inheritance child tables (Tom Lane) - - - - - - - - - Optimizer - - - - - - Remove unnecessary outer - joins (Robert Haas) - - - - Outer joins where the inner side is unique and not referenced above - the join are unnecessary and are therefore now removed. This will - accelerate many automatically generated queries, such as those created - by object-relational mappers (ORMs). - - - - - - Allow IS NOT NULL restrictions to use indexes (Tom Lane) - - - - This is particularly useful for finding - MAX()/MIN() values in indexes that - contain many null values. - - - - - - Improve the optimizer's choices about when to use materialize nodes, - and when to use sorting versus hashing for DISTINCT - (Tom Lane) - - - - - - Improve the optimizer's equivalence detection for expressions involving - boolean <> operators (Tom Lane) - - - - - - - <link linkend="geqo">GEQO</link> - - - - - - Use the same random seed every time GEQO plans a query (Andres - Freund) - - - - While the Genetic Query Optimizer (GEQO) still selects - random plans, it now always selects the same random plans for identical - queries, thus giving more consistent performance. You can modify geqo_seed to experiment with - alternative plans. - - - - - - Improve GEQO plan selection (Tom Lane) - - - - This avoids the rare error failed to make a valid plan, - and should also improve planning speed. - - - - - - - - - Optimizer Statistics - - - - - - Improve ANALYZE - to support inheritance-tree statistics (Tom Lane) - - - - This is particularly useful for partitioned tables. However, - autovacuum does not yet automatically re-analyze parent tables - when child tables change. - - - - - - Improve autovacuum's - detection of when re-analyze is necessary (Tom Lane) - - - - - - Improve optimizer's estimation for greater/less-than comparisons - (Tom Lane) - - - - When looking up statistics for greater/less-than comparisons, - if the comparison value is in the first or last histogram bucket, - use an index (if available) to fetch the current actual column - minimum or maximum. This greatly improves the accuracy of estimates - for comparison values near the ends of the data range, particularly - if the range is constantly changing due to addition of new data. - - - - - - Allow setting of number-of-distinct-values statistics using ALTER TABLE - (Robert Haas) - - - - This allows users to override the estimated number or percentage of - distinct values for a column. This statistic is normally computed by - ANALYZE, but the estimate can be poor, especially on tables - with very large numbers of rows. - - - - - - - - - Authentication - - - - - - Add support for RADIUS (Remote - Authentication Dial In User Service) authentication - (Magnus Hagander) - - - - - - Allow LDAP - (Lightweight Directory Access Protocol) authentication - to operate in search/bind mode - (Robert Fleming, Magnus Hagander) - - - - This allows the user to be looked up first, then the system uses - the DN (Distinguished Name) returned for that user. - - - - - - Add samehost - and samenet designations to - pg_hba.conf (Stef Walter) - - - - These match the server's IP address and subnet address - respectively. - - - - - - Pass trusted SSL root certificate names to the client so the client - can return an appropriate client certificate (Craig Ringer) - - - - - - - - - Monitoring - - - - - - Add the ability for clients to set an application - name, which is displayed in - pg_stat_activity (Dave Page) - - - - This allows administrators to characterize database traffic - and troubleshoot problems by source application. - - - - - - Add a SQLSTATE option (%e) to log_line_prefix - (Guillaume Smet) - - - - This allows users to compile statistics on errors and messages - by error code number. - - - - - - - Write to the Windows event log in UTF16 encoding - (Itagaki Takahiro) - - - - Now there is true multilingual support for PostgreSQL log messages - on Windows. - - - - - - - - - Statistics Counters - - - - - - Add pg_stat_reset_shared('bgwriter') - to reset the cluster-wide shared statistics for the - background writer (Greg Smith) - - - - - - Add pg_stat_reset_single_table_counters() - and pg_stat_reset_single_function_counters() - to allow resetting the statistics counters for individual - tables and functions (Magnus Hagander) - - - - - - - - - Server Settings - - - - - - Allow setting of configuration parameters based on database/role combinations - (Alvaro Herrera) - - - - Previously only per-database and per-role settings were possible, - not combinations. All role and database settings are now stored - in the new pg_db_role_setting system catalog. A new - psql command \drds shows these settings. - The legacy system views pg_roles, - pg_shadow, and pg_user - do not show combination settings, and therefore no longer - completely represent the configuration for a user or database. - - - - - - Add server parameter bonjour, which - controls whether a Bonjour-enabled server advertises - itself via Bonjour (Tom Lane) - - - - The default is off, meaning it does not advertise. This allows - packagers to distribute Bonjour-enabled builds without worrying - that individual users might not want the feature. - - - - - - Add server parameter enable_material, which - controls the use of materialize nodes in the optimizer - (Robert Haas) - - - - The default is on. When off, the optimizer will not add - materialize nodes purely for performance reasons, though they - will still be used when necessary for correctness. - - - - - - Change server parameter log_temp_files to - use default file size units of kilobytes (Robert Haas) - - - - Previously this setting was interpreted in bytes if no units were - specified. - - - - - - Log changes of parameter values when postgresql.conf is - reloaded (Peter Eisentraut) - - - - This lets administrators and security staff audit changes of database - settings, and is also very convenient for checking the effects of - postgresql.conf edits. - - - - - - Properly enforce superuser permissions for custom server parameters - (Tom Lane) - - - - Non-superusers can no longer issue ALTER - ROLE/DATABASE SET for parameters that are not currently - known to the server. This allows the server to correctly check that - superuser-only parameters are only set by superusers. Previously, - the SET would be allowed and then ignored at session start, - making superuser-only custom parameters much less useful than they - should be. - - - - - - - - - - - Queries - - - - - - Perform SELECT - FOR UPDATE/SHARE processing after - applying LIMIT, so the number of rows returned - is always predictable (Tom Lane) - - - - Previously, changes made by concurrent transactions could cause a - SELECT FOR UPDATE to unexpectedly return fewer rows than - specified by its LIMIT. FOR UPDATE in combination - with ORDER BY can still produce surprising results, but that - can be corrected by placing FOR UPDATE in a subquery. - - - - - - Allow mixing of traditional and SQL-standard LIMIT/OFFSET - syntax (Tom Lane) - - - - - - Extend the supported frame options in window functions (Hitoshi - Harada) - - - - Frames can now start with CURRENT ROW, and the ROWS - n PRECEDING/FOLLOWING options are now - supported. - - - - - - Make SELECT INTO and CREATE TABLE AS return - row counts to the client in their command tags - (Boszormenyi Zoltan) - - - - This can save an entire round-trip to the client, allowing result counts - and pagination to be calculated without an additional - COUNT query. - - - - - - - Unicode Strings - - - - - - Support Unicode surrogate pairs (dual 16-bit representation) in - U& - strings and identifiers (Peter Eisentraut) - - - - - - Support Unicode escapes in E'...' - strings (Marko Kreen) - - - - - - - - - - - Object Manipulation - - - - - - Speed up CREATE - DATABASE by deferring flushes to disk (Andres - Freund, Greg Stark) - - - - - - Allow comments on - columns of tables, views, and composite types only, not other - relation types such as indexes and TOAST tables (Tom Lane) - - - - - - Allow the creation of enumerated types containing - no values (Bruce Momjian) - - - - - - Let values of columns having storage type MAIN remain on - the main heap page unless the row cannot fit on a page (Kevin Grittner) - - - - Previously MAIN values were forced out to TOAST - tables until the row size was less than one-quarter of the page size. - - - - - - - <command>ALTER TABLE</command> - - - - - - Implement IF EXISTS for ALTER TABLE DROP COLUMN - and ALTER TABLE DROP CONSTRAINT (Andres Freund) - - - - - - Allow ALTER TABLE commands that rewrite tables to skip - WAL logging (Itagaki Takahiro) - - - - Such operations either produce a new copy of the table or are rolled - back, so WAL archiving can be skipped, unless running in - continuous archiving mode. This reduces I/O overhead and improves - performance. - - - - - - Fix failure of ALTER TABLE table ADD COLUMN - col serial when done by non-owner of table - (Tom Lane) - - - - - - - - - <link linkend="sql-createtable"><command>CREATE TABLE</command></link> - - - - - - Add support for copying COMMENTS and STORAGE - settings in CREATE TABLE ... LIKE commands - (Itagaki Takahiro) - - - - - - Add a shortcut for copying all properties in CREATE - TABLE ... LIKE commands (Itagaki Takahiro) - - - - - - Add the SQL-standard - CREATE TABLE ... OF type command - (Peter Eisentraut) - - - - This allows creation of a table that matches an existing composite - type. Additional constraints and defaults can be specified in the - command. - - - - - - - - - Constraints - - - - - - Add deferrable - unique constraints (Dean Rasheed) - - - - This allows mass updates, such as - UPDATE tab SET col = col + 1, - to work reliably - on columns that have unique indexes or are marked as primary keys. - If the constraint is specified as DEFERRABLE it will be - checked at the end of the statement, rather than after each row is - updated. The constraint check can also be deferred until the end of the - current transaction, allowing such updates to be spread over multiple - SQL commands. - - - - - - Add - exclusion constraints - (Jeff Davis) - - - - Exclusion constraints generalize uniqueness constraints by allowing - arbitrary comparison operators, not just equality. They are created - with the CREATE - TABLE CONSTRAINT ... EXCLUDE clause. - The most common use of exclusion constraints is to specify that column - entries must not overlap, rather than simply not be equal. This is - useful for time periods and other ranges, as well as arrays. - This feature enhances checking of data integrity for many - calendaring, time-management, and scientific applications. - - - - - - Improve uniqueness-constraint violation error messages to - report the values causing the failure (Itagaki Takahiro) - - - - For example, a uniqueness constraint violation might now report - Key (x)=(2) already exists. - - - - - - - - - Object Permissions - - - - - - Add the ability to make mass permission changes across a whole - schema using the new GRANT/REVOKE - IN SCHEMA clause (Petr Jelinek) - - - - This simplifies management of object permissions - and makes it easier to utilize database roles for application - data security. - - - - - - Add ALTER - DEFAULT PRIVILEGES command to control privileges - of objects created later (Petr Jelinek) - - - - This greatly simplifies the assignment of object privileges in a - complex database application. Default privileges can be set for - tables, views, sequences, and functions. Defaults may be assigned on a - per-schema basis, or database-wide. - - - - - - Add the ability to control large object (BLOB) permissions with - GRANT/REVOKE (KaiGai Kohei) - - - - Formerly, any database user could read or modify any large object. - Read and write permissions can now be granted and revoked per - large object, and the ownership of large objects is tracked. - - - - - - - - - - - Utility Operations - - - - - - Make LISTEN/NOTIFY store pending events - in a memory queue, rather than in a system table (Joachim - Wieland) - - - - This substantially improves performance, while retaining the existing - features of transactional support and guaranteed delivery. - - - - - - Allow NOTIFY - to pass an optional payload string to listeners - (Joachim Wieland) - - - - This greatly improves the usefulness of - LISTEN/NOTIFY as a - general-purpose event queue system. - - - - - - Allow CLUSTER - on all per-database system catalogs (Tom Lane) - - - - Shared catalogs still cannot be clustered. - - - - - - - <link linkend="sql-copy"><command>COPY</command></link> - - - - - - Accept COPY ... CSV FORCE QUOTE * - (Itagaki Takahiro) - - - - Now * can be used as shorthand for all columns - in the FORCE QUOTE clause. - - - - - - Add new COPY syntax that allows options to be - specified inside parentheses (Robert Haas, Emmanuel Cecchet) - - - - This allows greater flexibility for future COPY options. - The old syntax is still supported, but only for pre-existing options. - - - - - - - - - <link linkend="sql-explain"><command>EXPLAIN</command></link> - - - - - - Allow EXPLAIN to output in XML, - JSON, or YAML format (Robert Haas, Greg - Sabino Mullane) - - - - The new output formats are easily machine-readable, supporting the - development of new tools for analysis of EXPLAIN output. - - - - - - Add new BUFFERS option to report query - buffer usage during EXPLAIN ANALYZE (Itagaki Takahiro) - - - - This allows better query profiling for individual queries. - Buffer usage is no longer reported in the output for log_statement_stats - and related settings. - - - - - - Add hash usage information to EXPLAIN output (Robert - Haas) - - - - - - Add new EXPLAIN syntax that allows options to be - specified inside parentheses (Robert Haas) - - - - This allows greater flexibility for future EXPLAIN options. - The old syntax is still supported, but only for pre-existing options. - - - - - - - - - <link linkend="sql-vacuum"><command>VACUUM</command></link> - - - - - - Change VACUUM FULL to rewrite the entire table and - rebuild its indexes, rather than moving individual rows around to - compact space (Itagaki Takahiro, Tom Lane) - - - - The previous method was usually slower and caused index bloat. - Note that the new method will use more disk space transiently - during VACUUM FULL; potentially as much as twice - the space normally occupied by the table and its indexes. - - - - - - - Add new VACUUM syntax that allows options to be - specified inside parentheses (Itagaki Takahiro) - - - - This allows greater flexibility for future VACUUM options. - The old syntax is still supported, but only for pre-existing options. - - - - - - - - - Indexes - - - - - - Allow an index to be named automatically by omitting the index name in - CREATE INDEX - (Tom Lane) - - - - - - By default, multicolumn indexes are now named after all their columns; - and index expression columns are now named based on their expressions - (Tom Lane) - - - - - - Reindexing shared system catalogs is now fully transactional - and crash-safe (Tom Lane) - - - - Formerly, reindexing a shared index was only allowed in standalone - mode, and a crash during the operation could leave the index in - worse condition than it was before. - - - - - - Add point_ops operator class for GiST - (Teodor Sigaev) - - - - This feature permits GiST indexing of point - columns. The index can be used for several types of queries - such as point <@ polygon - (point is in polygon). This should make many - PostGIS queries faster. - - - - - - Use red-black binary trees for GIN index creation - (Teodor Sigaev) - - - - Red-black trees are self-balancing. This avoids slowdowns in - cases where the input is in nonrandom order. - - - - - - - - - - - - Data Types - - - - - - Allow bytea values - to be written in hex notation (Peter Eisentraut) - - - - The server parameter bytea_output controls - whether hex or traditional format is used for bytea - output. Libpq's PQescapeByteaConn() function automatically - uses the hex format when connected to PostgreSQL 9.0 - or newer servers. However, pre-9.0 libpq versions will not - correctly process hex format from newer servers. - - - - The new hex format will be directly compatible with more applications - that use binary data, allowing them to store and retrieve it without - extra conversion. It is also significantly faster to read and write - than the traditional format. - - - - - - Allow server parameter extra_float_digits - to be increased to 3 (Tom Lane) - - - - The previous maximum extra_float_digits setting was - 2. There are cases where 3 digits are needed to dump and - restore float4 values exactly. pg_dump will - now use the setting of 3 when dumping from a server that allows it. - - - - - - Tighten input checking for int2vector values (Caleb - Welton) - - - - - - - <link linkend="textsearch">Full Text Search</link> - - - - - - Add prefix support in synonym dictionaries - (Teodor Sigaev) - - - - - - Add filtering dictionaries (Teodor Sigaev) - - - - Filtering dictionaries allow tokens to be modified then passed to - subsequent dictionaries. - - - - - - Allow underscores in email-address tokens (Teodor Sigaev) - - - - - - Use more standards-compliant rules for parsing URL tokens - (Tom Lane) - - - - - - - - - - - Functions - - - - - - Allow function calls to supply parameter names and match them to named - parameters in the function definition (Pavel Stehule) - - - - For example, if a function is defined to take parameters a - and b, it can be called with func(a := 7, b - := 12) or func(b := 12, a := 7). - - - - - - Support locale-specific regular expression - processing with UTF-8 server encoding (Tom Lane) - - - - Locale-specific regular expression functionality includes - case-insensitive matching and locale-specific character classes. - Previously, these features worked correctly for non-ASCII - characters only if the database used a single-byte server encoding (such - as LATIN1). They will still misbehave in multi-byte encodings other - than UTF-8. - - - - - - Add support for scientific notation in to_char() - (EEEE - specification) - (Pavel Stehule, Brendan Jurd) - - - - - - Make to_char() honor FM - (fill mode) in Y, YY, and - YYY specifications (Bruce Momjian, Tom Lane) - - - - It was already honored by YYYY. - - - - - - Fix to_char() to output localized numeric and monetary - strings in the correct encoding on Windows - (Hiroshi Inoue, Itagaki Takahiro, Bruce Momjian) - - - - - - Correct calculations of overlaps - and contains operations for polygons (Teodor Sigaev) - - - - The polygon && (overlaps) operator formerly just - checked to see if the two polygons' bounding boxes overlapped. It now - does a more correct check. The polygon @> and - <@ (contains/contained by) operators formerly checked - to see if one polygon's vertexes were all contained in the other; - this can wrongly report true for some non-convex polygons. - Now they check that all line segments of one polygon are contained in - the other. - - - - - - - Aggregates - - - - - - Allow aggregate functions to use ORDER BY (Andrew Gierth) - - - - For example, this is now supported: array_agg(a ORDER BY - b). This is useful with aggregates for which the order of input - values is significant, and eliminates the need to use a nonstandard - subquery to determine the ordering. - - - - - - Multi-argument aggregate functions can now use DISTINCT - (Andrew Gierth) - - - - - - Add the string_agg() - aggregate function to combine values into a single - string (Pavel Stehule) - - - - - - Aggregate functions that are called with DISTINCT are - now passed NULL values if the aggregate transition function is - not marked as STRICT (Andrew Gierth) - - - - For example, agg(DISTINCT x) might pass a NULL x - value to agg(). This is more consistent with the behavior - in non-DISTINCT cases. - - - - - - - - - Bit Strings - - - - - - Add get_bit() - and set_bit() functions for bit - strings, mirroring those for bytea (Leonardo - F) - - - - - - Implement OVERLAY() - (replace) for bit strings and bytea - (Leonardo F) - - - - - - - - - Object Information Functions - - - - - - Add pg_table_size() - and pg_indexes_size() to provide a more - user-friendly interface to the pg_relation_size() - function (Bernd Helmle) - - - - - - Add has_sequence_privilege() - for sequence permission checking (Abhijit Menon-Sen) - - - - - - Update the information_schema - views to conform to SQL:2008 - (Peter Eisentraut) - - - - - - Make the information_schema views correctly display maximum - octet lengths for char and varchar columns (Peter - Eisentraut) - - - - - - Speed up information_schema privilege views - (Joachim Wieland) - - - - - - - - - Function and Trigger Creation - - - - - - Support execution of anonymous code blocks using the DO statement - (Petr Jelinek, Joshua Tolley, Hannu Valtonen) - - - - This allows execution of server-side code without the need to create - and delete a temporary function definition. Code can be executed in - any language for which the user has permissions to define a function. - - - - - - Implement SQL-standard-compliant per-column triggers - (Itagaki Takahiro) - - - - Such triggers are fired only when the specified column(s) are affected - by the query, e.g. appear in an UPDATE's SET - list. - - - - - - Add the WHEN clause to CREATE TRIGGER - to allow control over whether a trigger is fired (Itagaki - Takahiro) - - - - While the same type of check can always be performed inside the - trigger, doing it in an external WHEN clause can have - performance benefits. - - - - - - - - - - - Server-Side Languages - - - - - - Add the OR REPLACE clause to CREATE LANGUAGE - (Tom Lane) - - - - This is helpful to optionally install a language if it does not - already exist, and is particularly helpful now that PL/pgSQL is - installed by default. - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side - Language - - - - - - Install PL/pgSQL by default (Bruce Momjian) - - - - The language can still be removed from a particular database if the - administrator has security or performance concerns about making it - available. - - - - - - Improve handling of cases where PL/pgSQL variable names conflict with - identifiers used in queries within a function - (Tom Lane) - - - - The default behavior is now to throw an error when there is a conflict, - so as to avoid surprising behaviors. This can be modified, via the - configuration parameter plpgsql.variable_conflict - or the per-function option #variable_conflict, to allow - either the variable or the query-supplied column to be used. In any - case PL/pgSQL will no longer attempt to substitute variables in places - where they would not be syntactically valid. - - - - - - Make PL/pgSQL use the main lexer, rather than its own version - (Tom Lane) - - - - This ensures accurate tracking of the main system's behavior for details - such as string escaping. Some user-visible details, such as the set - of keywords considered reserved in PL/pgSQL, have changed in - consequence. - - - - - - Avoid throwing an unnecessary error for an invalid record reference - (Tom Lane) - - - - An error is now thrown only if the reference is actually fetched, - rather than whenever the enclosing expression is reached. For - example, many people have tried to do this in triggers: - -if TG_OP = 'INSERT' and NEW.col1 = ... then - - This will now actually work as expected. - - - - - - Improve PL/pgSQL's ability to handle row types with dropped columns - (Pavel Stehule) - - - - - - Allow input parameters to be assigned values within - PL/pgSQL functions (Steve Prentice) - - - - Formerly, input parameters were treated as being declared - CONST, so the function's code could not change their - values. This restriction has been removed to simplify - porting of functions from other DBMSes that do not impose the - equivalent restriction. An input parameter now acts like a local - variable initialized to the passed-in value. - - - - - - Improve error location reporting in PL/pgSQL (Tom Lane) - - - - - - Add count and ALL options to MOVE - FORWARD/BACKWARD in PL/pgSQL (Pavel Stehule) - - - - - - Allow PL/pgSQL's WHERE CURRENT OF to use a cursor - variable (Tom Lane) - - - - - - Allow PL/pgSQL's OPEN cursor FOR EXECUTE to - use parameters (Pavel Stehule, Itagaki Takahiro) - - - - This is accomplished with a new USING clause. - - - - - - - - - <link linkend="plperl">PL/Perl</link> Server-Side Language - - - - - - Add new PL/Perl functions: quote_literal(), - quote_nullable(), quote_ident(), - encode_bytea(), decode_bytea(), - looks_like_number(), - encode_array_literal(), - encode_array_constructor() (Tim Bunce) - - - - - - Add server parameter plperl.on_init to - specify a PL/Perl initialization function (Tim - Bunce) - - - - plperl.on_plperl_init - and plperl.on_plperlu_init - are also available for initialization that is specific to the trusted - or untrusted language respectively. - - - - - - Support END blocks in PL/Perl (Tim Bunce) - - - - END blocks do not currently allow database access. - - - - - - Allow use strict in PL/Perl (Tim Bunce) - - - - Perl strict checks can also be globally enabled with the - new server parameter plperl.use_strict. - - - - - - Allow require in PL/Perl (Tim Bunce) - - - - This basically tests to see if the module is loaded, and if not, - generates an error. It will not allow loading of modules that - the administrator has not preloaded via the initialization parameters. - - - - - - Allow use feature in PL/Perl if Perl version 5.10 or - later is used (Tim Bunce) - - - - - - Verify that PL/Perl return values are valid in the server encoding - (Andrew Dunstan) - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add Unicode support in PL/Python (Peter Eisentraut) - - - - Strings are automatically converted from/to the server encoding as - necessary. - - - - - - Improve bytea support in PL/Python (Caleb Welton) - - - - Bytea values passed into PL/Python are now represented as - binary, rather than the PostgreSQL bytea text format. - Bytea values containing null bytes are now also output - properly from PL/Python. Passing of boolean, integer, and float - values was also improved. - - - - - - Support arrays as parameters and - return values in PL/Python (Peter Eisentraut) - - - - - - Improve mapping of SQL domains to Python types (Peter Eisentraut) - - - - - - Add Python 3 support to PL/Python (Peter Eisentraut) - - - - The new server-side language is called plpython3u. This - cannot be used in the same session with the - Python 2 server-side language. - - - - - - Improve error location and exception reporting in PL/Python (Peter Eisentraut) - - - - - - - - - - - Client Applications - - - - - - Add an option to vacuumdb, to analyze without - vacuuming (Bruce Momjian) - - - - - - - <link linkend="app-psql"><application>psql</application></link> - - - - - - Add support for quoting/escaping the values of psql - variables as SQL strings or - identifiers (Pavel Stehule, Robert Haas) - - - - For example, :'var' will produce the value of - var quoted and properly escaped as a literal string, while - :"var" will produce its value quoted and escaped as an - identifier. - - - - - - Ignore a leading UTF-8-encoded Unicode byte-order marker in - script files read by psql (Itagaki Takahiro) - - - - This is enabled when the client encoding is UTF-8. - It improves compatibility with certain editors, mostly on Windows, - that insist on inserting such markers. - - - - - - Fix psql --file - to properly honor - (Bruce Momjian) - - - - - - Avoid overwriting of psql's command-line history when - two psql sessions are run concurrently (Tom Lane) - - - - - - Improve psql's tab completion support (Itagaki - Takahiro) - - - - - - Show \timing output when it is enabled, regardless of - quiet mode (Peter Eisentraut) - - - - - - - <application>psql</application> Display - - - - - - Improve display of wrapped columns in psql (Roger - Leigh) - - - - This behavior is now the default. - The previous formatting is available by using \pset linestyle - old-ascii. - - - - - - Allow psql to use fancy Unicode line-drawing - characters via \pset linestyle unicode (Roger Leigh) - - - - - - - - - <application>psql</application> <link - linkend="app-psql-meta-commands"><command>\d</command></link> - Commands - - - - - - Make \d show child tables that inherit from the specified - parent (Damien Clochard) - - - - \d shows only the number of child tables, while - \d+ shows the names of all child tables. - - - - - - Show definitions of index columns in \d index_name - (Khee Chin) - - - - The definition is useful for expression indexes. - - - - - - Show a view's defining query only in - \d+, not in \d (Peter Eisentraut) - - - - Always including the query was deemed overly verbose. - - - - - - - - - - <link linkend="app-pgdump"><application>pg_dump</application></link> - - - - - - Make pg_dump/pg_restore - - also remove large objects (Itagaki Takahiro) - - - - - - Fix pg_dump to properly dump large objects when - standard_conforming_strings is enabled (Tom Lane) - - - - The previous coding could fail when dumping to an archive file - and then generating script output from pg_restore. - - - - - - pg_restore now emits large-object data in hex format - when generating script output (Tom Lane) - - - - This could cause compatibility problems if the script is then - loaded into a pre-9.0 server. To work around that, restore - directly to the server, instead. - - - - - - Allow pg_dump to dump comments attached to columns - of composite types (Taro Minowa (Higepon)) - - - - - - Make pg_dump - output the pg_dump and server versions - in text output mode (Jim Cox, Tom Lane) - - - - These were already provided in custom output mode. - - - - - - pg_restore now complains if any command-line arguments - remain after the switches and optional file name (Tom Lane) - - - - Previously, it silently ignored any such arguments. - - - - - - - - - <link - linkend="app-pg-ctl"><application>pg_ctl</application></link> - - - - - - Allow pg_ctl to be used safely to start the - postmaster during a system reboot (Tom Lane) - - - - Previously, pg_ctl's parent process could have been - mistakenly identified as a running postmaster based on - a stale postmaster lock file, resulting in a transient - failure to start the database. - - - - - - Give pg_ctl the ability to initialize the database - (by invoking initdb) (Zdenek Kotala) - - - - - - - - - - - <application>Development Tools</application> - - - <link linkend="libpq"><application>libpq</application></link> - - - - - - Add new libpq functions - PQconnectdbParams() - and PQconnectStartParams() (Guillaume - Lelarge) - - - - These functions are similar to PQconnectdb() and - PQconnectStart() except that they accept a null-terminated - array of connection options, rather than requiring all options to - be provided in a single string. - - - - - - Add libpq functions PQescapeLiteral() - and PQescapeIdentifier() (Robert Haas) - - - - These functions return appropriately quoted and escaped SQL string - literals and identifiers. The caller is not required to pre-allocate - the string result, as is required by PQescapeStringConn(). - - - - - - Add support for a per-user service file (.pg_service.conf), - which is checked before the site-wide service file - (Peter Eisentraut) - - - - - - Properly report an error if the specified libpq service - cannot be found (Peter Eisentraut) - - - - - - Add TCP keepalive settings - in libpq (Tollef Fog Heen, Fujii Masao, Robert Haas) - - - - Keepalive settings were already supported on the server end of - TCP connections. - - - - - - Avoid extra system calls to block and unblock SIGPIPE - in libpq, on platforms that offer alternative methods - (Jeremy Kerr) - - - - - - When a .pgpass-supplied - password fails, mention where the password came from in the error - message (Bruce Momjian) - - - - - - Load all SSL certificates given in the client certificate file - (Tom Lane) - - - - This improves support for indirectly-signed SSL certificates. - - - - - - - - - <link linkend="ecpg"><application>ecpg</application></link> - - - - - - Add SQLDA - (SQL Descriptor Area) support to ecpg - (Boszormenyi Zoltan) - - - - - - Add the DESCRIBE - [ OUTPUT ] statement to ecpg - (Boszormenyi Zoltan) - - - - - - Add an ECPGtransactionStatus - function to return the current transaction status (Bernd Helmle) - - - - - - Add the string data type in ecpg - Informix-compatibility mode (Boszormenyi Zoltan) - - - - - - Allow ecpg to use new and old - variable names without restriction (Michael Meskes) - - - - - - Allow ecpg to use variable names in - free() (Michael Meskes) - - - - - - Make ecpg_dynamic_type() return zero for non-SQL3 data - types (Michael Meskes) - - - - Previously it returned the negative of the data type OID. - This could be confused with valid type OIDs, however. - - - - - - Support long long types on platforms that already have 64-bit - long (Michael Meskes) - - - - - - - <application>ecpg</application> Cursors - - - - - - Add out-of-scope cursor support in ecpg's native mode - (Boszormenyi Zoltan) - - - - This allows DECLARE to use variables that are not in - scope when OPEN is called. This facility already existed - in ecpg's Informix-compatibility mode. - - - - - - Allow dynamic cursor names in ecpg (Boszormenyi Zoltan) - - - - - - Allow ecpg to use noise words FROM and - IN in FETCH and MOVE (Boszormenyi - Zoltan) - - - - - - - - - - - - - Build Options - - - - - - Enable client thread safety by default (Bruce Momjian) - - - - The thread-safety option can be disabled with configure - . - - - - - - Add support for controlling the Linux out-of-memory killer - (Alex Hunsaker, Tom Lane) - - - - Now that /proc/self/oom_adj allows disabling - of the Linux out-of-memory (OOM) - killer, it's recommendable to disable OOM kills for the postmaster. - It may then be desirable to re-enable OOM kills for the postmaster's - child processes. The new compile-time option LINUX_OOM_ADJ - allows the killer to be reactivated for child processes. - - - - - - - Makefiles - - - - - - New Makefile targets world, - install-world, and installcheck-world - (Andrew Dunstan) - - - - These are similar to the existing all, install, - and installcheck targets, but they also build the - HTML documentation, build and test contrib, - and test server-side languages and ecpg. - - - - - - Add data and documentation installation location control to - PGXS Makefiles (Mark Cave-Ayland) - - - - - - Add Makefile rules to build the PostgreSQL documentation - as a single HTML file or as a single plain-text file - (Peter Eisentraut, Bruce Momjian) - - - - - - - - - Windows - - - - - - Support compiling on 64-bit - Windows and running in 64-bit - mode (Tsutomu Yamada, Magnus Hagander) - - - - This allows for large shared memory sizes on Windows. - - - - - - Support server builds using Visual Studio - 2008 (Magnus Hagander) - - - - - - - - - - - Source Code - - - - - - Distribute prebuilt documentation in a subdirectory tree, rather than - as tar archive files inside the distribution tarball - (Peter Eisentraut) - - - - For example, the prebuilt HTML documentation is now in - doc/src/sgml/html/; the manual pages are packaged - similarly. - - - - - - Make the server's lexer reentrant (Tom Lane) - - - - This was needed for use of the lexer by PL/pgSQL. - - - - - - Improve speed of memory allocation (Tom Lane, Greg Stark) - - - - - - User-defined constraint triggers now have entries in - pg_constraint as well as pg_trigger - (Tom Lane) - - - - Because of this change, - pg_constraint.pgconstrname is now - redundant and has been removed. - - - - - - Add system catalog columns - pg_constraint.conindid and - pg_trigger.tgconstrindid - to better document the use of indexes for constraint - enforcement (Tom Lane) - - - - - - Allow multiple conditions to be communicated to backends using a single - operating system signal (Fujii Masao) - - - - This allows new features to be added without a platform-specific - constraint on the number of signal conditions. - - - - - - Improve source code test coverage, including contrib, PL/Python, - and PL/Perl (Peter Eisentraut, Andrew Dunstan) - - - - - - Remove the use of flat files for system table bootstrapping - (Tom Lane, Alvaro Herrera) - - - - This improves performance when using many roles or - databases, and eliminates some possible failure conditions. - - - - - - Automatically generate the initial contents of - pg_attribute for bootstrapped catalogs - (John Naylor) - - - - This greatly simplifies changes to these catalogs. - - - - - - Split the processing of - INSERT/UPDATE/DELETE operations out - of execMain.c (Marko Tiikkaja) - - - - Updates are now executed in a separate ModifyTable node. This change is - necessary infrastructure for future improvements. - - - - - - Simplify translation of psql's SQL help text - (Peter Eisentraut) - - - - - - Reduce the lengths of some file names so that all file paths in the - distribution tarball are less than 100 characters (Tom Lane) - - - - Some decompression programs have problems with longer file paths. - - - - - - Add a new ERRCODE_INVALID_PASSWORD - SQLSTATE error code (Bruce Momjian) - - - - - - With authors' permissions, remove the few remaining personal source code - copyright notices (Bruce Momjian) - - - - The personal copyright notices were insignificant but the community - occasionally had to answer questions about them. - - - - - - Add new documentation section - about running PostgreSQL in non-durable mode - to improve performance (Bruce Momjian) - - - - - - Restructure the HTML documentation - Makefile rules to make their dependency checks work - correctly, avoiding unnecessary rebuilds (Peter Eisentraut) - - - - - - Use DocBook XSL stylesheets for man page - building, rather than Docbook2X (Peter Eisentraut) - - - - This changes the set of tools needed to build the man pages. - - - - - - Improve PL/Perl code structure (Tim Bunce) - - - - - - Improve error context reports in PL/Perl (Alexey Klyukin) - - - - - - - New Build Requirements - - - Note that these requirements do not apply when building from a - distribution tarball, since tarballs include the files that these - programs are used to build. - - - - - - Require Autoconf 2.63 to build - configure (Peter Eisentraut) - - - - - - Require Flex 2.5.31 or later to build - from a CVS checkout (Tom Lane) - - - - - - Require Perl version 5.8 or later to build - from a CVS checkout (John Naylor, Andrew Dunstan) - - - - - - - - - Portability - - - - - - Use a more modern API for Bonjour (Tom Lane) - - - - Bonjour support now requires macOS 10.3 or later. - The older API has been deprecated by Apple. - - - - - - Add spinlock support for the SuperH - architecture (Nobuhiro Iwamatsu) - - - - - - Allow non-GCC compilers to use inline functions if - they support them (Kurt Harriman) - - - - - - Remove support for platforms that don't have a working 64-bit - integer data type (Tom Lane) - - - - - - Restructure use of LDFLAGS to be more consistent - across platforms (Tom Lane) - - - - LDFLAGS is now used for linking both executables and shared - libraries, and we add on LDFLAGS_EX when linking - executables, or LDFLAGS_SL when linking shared libraries. - - - - - - - - - Server Programming - - - - - - Make backend header files safe to include in C++ - (Kurt Harriman, Peter Eisentraut) - - - - These changes remove keyword conflicts that previously made - C++ usage difficult in backend code. However, there - are still other complexities when using C++ for backend - functions. extern "C" { } is still necessary in - appropriate places, and memory management and error handling are - still problematic. - - - - - - Add AggCheckCallContext() - for use in detecting if a C function is - being called as an aggregate (Hitoshi Harada) - - - - - - Change calling convention for SearchSysCache() and related - functions to avoid hard-wiring the maximum number of cache keys - (Robert Haas) - - - - Existing calls will still work for the moment, but can be expected to - break in 9.1 or later if not converted to the new style. - - - - - - Require calls of fastgetattr() and - heap_getattr() backend macros to provide a non-NULL fourth - argument (Robert Haas) - - - - - - Custom typanalyze functions should no longer rely on - VacAttrStats.attr to determine the type - of data they will be passed (Tom Lane) - - - - This was changed to allow collection of statistics on index columns - for which the storage type is different from the underlying column - data type. There are new fields that tell the actual datatype being - analyzed. - - - - - - - - - Server Hooks - - - - - - Add parser hooks for processing ColumnRef and ParamRef nodes - (Tom Lane) - - - - - - Add a ProcessUtility hook so loadable modules can control utility - commands (Itagaki Takahiro) - - - - - - - - - Binary Upgrade Support - - - - - - Add contrib/pg_upgrade - to support in-place upgrades (Bruce Momjian) - - - - This avoids the requirement of dumping/reloading the database when - upgrading to a new major release of PostgreSQL, thus reducing downtime - by orders of magnitude. It supports upgrades to 9.0 - from PostgreSQL 8.3 and 8.4. - - - - - - Add support for preserving relation relfilenode values - during binary upgrades (Bruce Momjian) - - - - - - Add support for preserving pg_type - and pg_enum OIDs during binary upgrades - (Bruce Momjian) - - - - - - Move data files within tablespaces into - PostgreSQL-version-specific subdirectories - (Bruce Momjian) - - - - This simplifies binary upgrades. - - - - - - - - - - - Contrib - - - - - - Add multithreading option () to contrib/pgbench - (Itagaki Takahiro) - - - - This allows multiple CPUs to be used by pgbench, - reducing the risk of pgbench itself becoming the test bottleneck. - - - - - - Add \shell and \setshell meta - commands to contrib/pgbench - (Michael Paquier) - - - - - - New features for contrib/dict_xsyn - (Sergey Karpov) - - - - The new options are matchorig, matchsynonyms, - and keepsynonyms. - - - - - - Add full text dictionary contrib/unaccent - (Teodor Sigaev) - - - - This filtering dictionary removes accents from letters, which - makes full-text searches over multiple languages much easier. - - - - - - Add dblink_get_notify() - to contrib/dblink (Marcus Kempe) - - - - This allows asynchronous notifications in dblink. - - - - - - Improve contrib/dblink's handling of dropped columns - (Tom Lane) - - - - This affects dblink_build_sql_insert() - and related functions. These functions now number columns according - to logical not physical column numbers. - - - - - - Greatly increase contrib/hstore's data - length limit, and add B-tree and hash support so GROUP - BY and DISTINCT operations are possible on - hstore columns (Andrew Gierth) - - - - New functions and operators were also added. These improvements - make hstore a full-function key-value store embedded in - PostgreSQL. - - - - - - Add contrib/passwordcheck - to support site-specific password strength policies (Laurenz - Albe) - - - - The source code of this module should be modified to implement - site-specific password policies. - - - - - - Add contrib/pg_archivecleanup - tool (Simon Riggs) - - - - This is designed to be used in the - archive_cleanup_command - server parameter, to remove no-longer-needed archive files. - - - - - - Add query text to contrib/auto_explain - output (Andrew Dunstan) - - - - - - Add buffer access counters to contrib/pg_stat_statements - (Itagaki Takahiro) - - - - - - Update contrib/start-scripts/linux - to use /proc/self/oom_adj to disable the - Linux - out-of-memory (OOM) killer (Alex - Hunsaker, Tom Lane) - - - - - - - - diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml deleted file mode 100644 index e6ce80032f..0000000000 --- a/doc/src/sgml/release-9.1.sgml +++ /dev/null @@ -1,11761 +0,0 @@ - - - - - Release 9.1.24 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.1.23. - For information about new features in the 9.1 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 9.1.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.1.24 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's and - options work consistently with our other executables (Haribabu Kommi) - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the option - (Daniel Gustafsson) - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.1.23 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.1.22. - For information about new features in the 9.1 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.1.X release series in September 2016. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.1.23 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new option - in psql's \connect command to allow - explicit control of whether to re-use connection parameters from a - previous connection. (Without this, the choice is based on whether - the database name looks like a conninfo string, as before.) This - allows secure handling of database names containing special - characters in pg_dumpall scripts. - - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - - Revert to the old heuristic timeout for pg_ctl start -w - (Tom Lane) - - - - The new method adopted as of release 9.1.20 does not work - when silent_mode is enabled, so go back to the old way. - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.1.22 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.1.21. - For information about new features in the 9.1 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.1.X release series in September 2016. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.1.22 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.1.21 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.1.20. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.21 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.1.20 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.1.19. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.20 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with no - longer fails on tables with more than 8GB of data, and so - that pg_basebackup can handle files larger than 8GB. - In addition, fix some portability issues that could cause failures for - members between 4GB and 8GB on some platforms. Potentially these - problems could cause unrecoverable data loss due to unreadable backup - files. - - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.1.19 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.1.18. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.19 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - Back-patch 9.3-era addition of per-resource-owner lock caches - (Jeff Janes) - - - - This substantially improves performance when pg_dump - tries to dump a large number of tables. - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - - - Use fuzzy path cost tiebreaking rule in all supported branches (Tom Lane) - - - - This change is meant to avoid platform-specific behavior when - alternative plan choices have effectively-identical estimated costs. - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.1.18 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.1.17. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.18 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - - - Release 9.1.17 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.1.16. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.17 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.1.16 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.1.15. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.16 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.1.14, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - Avoid cannot GetMultiXactIdMembers() during recovery error - (Álvaro Herrera) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.1.15 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.1.14. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.15 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.14, - see . - - - - - - Changes - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - Ensure that unlogged tables are copied correctly - during CREATE DATABASE or ALTER DATABASE SET - TABLESPACE (Pavan Deolasee, Andres Freund) - - - - - - Fix DROP's dependency searching to correctly handle the - case where a table column is recursively visited before its table - (Petr Jelinek, Tom Lane) - - - - This case is only known to arise when an extension creates both a - datatype and a table using that datatype. The faulty code might - refuse a DROP EXTENSION unless CASCADE is - specified, which should not be required. - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - During crash recovery, ensure that unlogged relations are rewritten as - empty and are synced to disk before recovery is considered complete - (Abhijit Menon-Sen, Andres Freund) - - - - This prevents scenarios in which unlogged relations might contain - garbage data following database crash recovery. - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - Improve performance of pg_dump when the database - contains many instances of multiple dependency paths between the same - two objects (Tom Lane) - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - Fix upgrade-from-unpackaged script for contrib/citext - (Tom Lane) - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - Fix file descriptor leak in contrib/pg_test_fsync - (Jeff Janes) - - - - This could cause failure to remove temporary files on Windows. - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - Mark some contrib I/O functions with correct volatility - properties (Tom Lane) - - - - The previous over-conservative marking was immaterial in normal use, - but could cause optimization problems or rejection of valid index - expression definitions. Since the consequences are not large, we've - just adjusted the function definitions in the extension modules' - scripts, without changing version numbers. - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.1.14 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.1.13. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.14 - - - A dump/restore is not required for those running 9.1.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 9.1.11, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - Fix feedback status when is - turned off on-the-fly (Simon Riggs) - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Fix could not find pathkey item to sort planner failures - with UNION ALL over subqueries reading from tables with - inheritance children (Tom Lane) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Prevent foreign tables from being created with OIDS - when is true - (Etsuro Fujita) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Fix client host name lookup when processing pg_hba.conf - entries that specify host names instead of IP addresses (Tom Lane) - - - - Ensure that reverse-DNS lookup failures are reported, instead of just - silently not matching such entries. Also ensure that we make only - one reverse-DNS lookup attempt per connection, not one per host name - entry, which is what previously happened if the lookup attempts failed. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.1.13 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.1.12. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.13 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.11, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - Fix walsender's failure to shut down cleanly when client - is pg_receivexlog (Fujii Masao) - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Fix memory leak in PL/Perl when returning a composite result, including - multiple-OUT-parameter cases (Alex Hunsaker) - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.1.12 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.1.11. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.12 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.11, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - When pause_at_recovery_target - and recovery_target_inclusive are both set, ensure the - target record is applied before pausing, not after (Heikki - Linnakangas) - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix race conditions in walsender shutdown logic and walreceiver - SIGHUP signal handler (Tom Lane) - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - Fix parser crash for EXISTS(SELECT * FROM - zero_column_table) (Tom Lane) - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Fix placement of permissions checks in pg_start_backup() - and pg_stop_backup() (Andres Freund, Magnus Hagander) - - - - The previous coding might attempt to do catalog access when it - shouldn't. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix possible incorrect printing of filenames - in pg_basebackup's verbose mode (Magnus Hagander) - - - - - - Avoid including tablespaces inside PGDATA twice in base backups - (Dimitri Fontaine, Magnus Hagander) - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.1.11 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.1.10. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.11 - - - A dump/restore is not required for those running 9.1.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first two changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.1.9, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. Users - upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but - all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix incorrect generation of optimized MIN()/MAX() plans for - inheritance trees (Tom Lane) - - - - The planner could fail in cases where the MIN()/MAX() argument was an - expression rather than a simple variable. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Make ecpg search for quoted cursor names - case-sensitively (Zoltán Böszörményi) - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.1.10 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.1.9. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.10 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.9, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix checkpoint memory leak in background writer when wal_level = - hot_standby (Naoya Anzai) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix possible SSL state corruption in threaded libpq applications - (Nick Phillips, Stephen Frost) - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Fix pg_dump of foreign tables with dropped columns (Andrew Dunstan) - - - - Previously such cases could cause a pg_upgrade error. - - - - - - Reorder pg_dump processing of extension-related - rules and event triggers (Joe Conway) - - - - - - Force dumping of extension tables if specified by pg_dump - -t or -n (Joe Conway) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Fix pg_restore -l with the directory archive to display - the correct format name (Fujii Masao) - - - - - - Properly record index comments created using UNIQUE - and PRIMARY KEY syntax (Andres Freund) - - - - This fixes a parallel pg_restore failure. - - - - - - Properly guarantee transmission of WAL files before clean switchover - (Fujii Masao) - - - - Previously, the streaming replication connection might close before all - WAL files had been replayed on the standby. - - - - - - Fix WAL segment timeline handling during recovery (Mitsumasa Kondo, - Heikki Linnakangas) - - - - WAL file recycling during standby recovery could lead to premature - recovery completion, resulting in data loss. - - - - - - Fix REINDEX TABLE and REINDEX DATABASE - to properly revalidate constraints and mark invalidated indexes as - valid (Noah Misch) - - - - REINDEX INDEX has always worked properly. - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Allow ALTER DEFAULT PRIVILEGES to operate on schemas - without requiring CREATE permission (Tom Lane) - - - - - - Loosen restriction on keywords used in queries (Tom Lane) - - - - Specifically, lessen keyword restrictions for role names, language - names, EXPLAIN and COPY options, and - SET values. This allows COPY ... (FORMAT - BINARY) to work as expected; previously BINARY needed - to be quoted. - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Make pg_upgrade use pg_dump - --quote-all-identifiers to avoid problems with keyword changes - between releases (Tom Lane) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Ensure that VACUUM ANALYZE still runs the ANALYZE phase - if its attempt to truncate the file is cancelled due to lock conflicts - (Kevin Grittner) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 9.1.9 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 9.1.8. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.9 - - - A dump/restore is not required for those running 9.1.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 9.1.6, - see . - - - - - - Changes - - - - - - Fix insecure parsing of server command-line switches (Mitsumasa - Kondo, Kyotaro Horiguchi) - - - - A connection request containing a database name that begins with - - could be crafted to damage or destroy - files within the server's data directory, even if the request is - eventually rejected. (CVE-2013-1899) - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Make REPLICATION privilege checks test current user not authenticated - user (Noah Misch) - - - - An unprivileged database user could exploit this mistake to call - pg_start_backup() or pg_stop_backup(), - thus possibly interfering with creation of routine backups. - (CVE-2013-1901) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix gist_point_consistent - to handle fuzziness consistently (Alexander Korotkov) - - - - Index scans on GiST indexes on point columns would sometimes - yield results different from a sequential scan, because - gist_point_consistent disagreed with the underlying - operator code about whether to do comparisons exactly or fuzzily. - - - - - - Fix buffer leak in WAL replay (Heikki Linnakangas) - - - - This bug could result in incorrect local pin count errors - during replay, making recovery impossible. - - - - - - Fix race condition in DELETE RETURNING (Tom Lane) - - - - Under the right circumstances, DELETE RETURNING could - attempt to fetch data from a shared buffer that the current process - no longer has any pin on. If some other process changed the buffer - meanwhile, this would lead to garbage RETURNING output, or - even a crash. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Fix logic error when a single transaction does UNLISTEN - then LISTEN (Tom Lane) - - - - The session wound up not listening for notify events at all, though it - surely should listen in this case. - - - - - - Fix possible planner crash after columns have been added to a view - that's depended on by another view (Tom Lane) - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump and - pg_upgrade (Michael Paquier, Bruce Momjian) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - pg_upgrade now also skips invalid indexes rather than - failing. - - - - - - In pg_basebackup, include only the current server - version's subdirectory when backing up a tablespace (Heikki - Linnakangas) - - - - - - Add a server version check in pg_basebackup and - pg_receivexlog, so they fail cleanly with version - combinations that won't work (Heikki Linnakangas) - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 9.1.8 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 9.1.7. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.8 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.6, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix multiple problems in detection of when a consistent database - state has been reached during WAL replay (Fujii Masao, Heikki - Linnakangas, Simon Riggs, Andres Freund) - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix recycling of WAL segments after changing recovery target timeline - (Heikki Linnakangas) - - - - - - Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs) - - - - The need to cancel conflicting hot-standby queries would sometimes be - missed, allowing those queries to see inconsistent data. - - - - - - Prevent recovery pause feature from pausing before users can connect - (Tom Lane) - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Fix performance problems with autovacuum truncation in busy workloads - (Jan Wieck) - - - - Truncation of empty pages at the end of a table requires exclusive - lock, but autovacuum was coded to fail (and release the table lock) - when there are conflicting lock requests. Under load, it is easily - possible that truncation would never occur, resulting in table bloat. - Fix by performing a partial truncation, releasing the lock, then - attempting to re-acquire the lock and continue. This fix also greatly - reduces the average time before autovacuum releases the lock after a - conflicting request arrives. - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Fix failure to ignore leftover temporary tables after a server crash - (Tom Lane) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Fix pg_extension_config_dump() to handle - extension-update cases properly (Tom Lane) - - - - This function will now replace any existing entry for the target - table, making it usable in extension update scripts. - - - - - - Fix PL/Python's handling of functions used as triggers on multiple - tables (Andres Freund) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix possible error if a relation file is removed while - pg_basebackup is running (Heikki Linnakangas) - - - - - - Make pg_dump exclude data of unlogged tables when - running on a hot-standby server (Magnus Hagander) - - - - This would fail anyway because the data is not available on the standby - server, so it seems most convenient to assume - automatically. - - - - - - Fix pg_upgrade to deal with invalid indexes safely - (Bruce Momjian) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Include our version of isinf() in - libecpg if it's not provided by the system - (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 9.1.7 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 9.1.6. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.7 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.6, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Fix buffer locking during WAL replay (Tom Lane) - - - - The WAL replay code was insufficiently careful about locking buffers - when replaying WAL records that affect more than one page. This could - result in hot standby queries transiently seeing inconsistent states, - resulting in wrong answers or unexpected failures. - - - - - - Fix an error in WAL generation logic for GIN indexes (Tom Lane) - - - - This could result in index corruption, if a torn-page failure occurred. - - - - - - Properly remove startup process's virtual XID lock when promoting a - hot standby server to normal running (Simon Riggs) - - - - This oversight could prevent subsequent execution of certain - operations such as CREATE INDEX CONCURRENTLY. - - - - - - Avoid bogus out-of-sequence timeline ID errors in standby - mode (Heikki Linnakangas) - - - - - - Prevent the postmaster from launching new child processes after it's - received a shutdown signal (Tom Lane) - - - - This mistake could result in shutdown taking longer than it should, or - even never completing at all without additional user action. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Prevent file descriptors for dropped tables from being held open past - transaction end (Tom Lane) - - - - This should reduce problems with long-since-dropped tables continuing - to occupy disk space. - - - - - - Prevent database-wide crash and restart when a new child process is - unable to create a pipe for its latch (Tom Lane) - - - - Although the new process must fail, there is no good reason to force a - database-wide restart, so avoid that. This improves robustness when - the kernel is nearly out of file descriptors. - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Fix SELECT DISTINCT with index-optimized - MIN/MAX on an inheritance tree (Tom Lane) - - - - The planner would fail with failed to re-find MinMaxAggInfo - record given this combination of factors. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to a trigger WHEN condition, or to the - precheck logic for a foreign-key enforcement trigger. That could - result in a crash, or in an incorrect decision about whether to - fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix ALTER EXTENSION SET SCHEMA's failure to move some - subsidiary objects into the new schema (Álvaro Herrera, Dimitri - Fontaine) - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Fix failure to advance XID epoch if XID wraparound happens during a - checkpoint and wal_level is hot_standby - (Tom Lane, Andres Freund) - - - - While this mistake had no particular impact on - PostgreSQL itself, it was bad for - applications that rely on txid_current() and related - functions: the TXID value would appear to go backwards. - - - - - - Fix display of - pg_stat_replication.sync_state at a - page boundary (Kyotaro Horiguchi) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Make pg_dump dump SEQUENCE SET items in - the data not pre-data section of the archive (Tom Lane) - - - - This change fixes dumping of sequences that are marked as extension - configuration tables. - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in mode as well as the regular COPY mode. - - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix tar files emitted by pg_basebackup to - be POSIX conformant (Brian Weaver, Tom Lane) - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Fix ecpg's ecpg_get_data function to - handle arrays properly (Michael Meskes) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Ensure that make install for an extension creates the - extension installation directory (Cédric Villemain) - - - - Previously, this step was missed if MODULEDIR was set in - the extension's Makefile. - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 9.1.6 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 9.1.5. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.6 - - - A dump/restore is not required for those running 9.1.X. - - - - However, you may need to perform REINDEX operations to - recover from the effects of the data corruption bug described in the - first changelog item below. - - - - Also, if you are upgrading from a version earlier than 9.1.4, - see . - - - - - - Changes - - - - - - Fix persistence marking of shared buffers during WAL replay - (Jeff Davis) - - - - This mistake can result in buffers not being written out during - checkpoints, resulting in data corruption if the server later crashes - without ever having written those buffers. Corruption can occur on - any server following crash recovery, but it is significantly more - likely to occur on standby slave servers since those perform much - more WAL replay. There is a low probability of corruption of btree - and GIN indexes. There is a much higher probability of corruption of - table visibility maps. Fortunately, visibility maps are - non-critical data in 9.1, so the worst consequence of such corruption - in 9.1 installations is transient inefficiency of vacuuming. Table - data proper cannot be corrupted by this bug. - - - - While no index corruption due to this bug is known to have occurred - in the field, as a precautionary measure it is recommended that - production installations REINDEX all btree and GIN - indexes at a convenient time after upgrading to 9.1.6. - - - - Also, if you intend to do an in-place upgrade to 9.2.X, before doing - so it is recommended to perform a VACUUM of all tables - while having vacuum_freeze_table_age - set to zero. This will ensure that any lingering wrong data in the - visibility maps is corrected before 9.2.X can depend on it. vacuum_cost_delay - can be adjusted to reduce the performance impact of vacuuming, while - causing it to take longer to finish. - - - - - - Fix planner's assignment of executor parameters, and fix executor's - rescan logic for CTE plan nodes (Tom Lane) - - - - These errors could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Fix misbehavior when default_transaction_isolation - is set to serializable (Kevin Grittner, Tom Lane, Heikki - Linnakangas) - - - - Symptoms include crashes at process start on Windows, and crashes in - hot standby operation. - - - - - - Improve selectivity estimation for text search queries involving - prefixes, i.e. word:* patterns (Tom Lane) - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Disallow extensions from containing the schema they are assigned to - (Thom Brown) - - - - This situation creates circular dependencies that confuse - pg_dump and probably other things. It's confusing - for humans too, so disallow it. - - - - - - Improve error messages for Hot Standby misconfiguration errors - (Gurjeet Singh) - - - - - - Make configure probe for mbstowcs_l (Tom - Lane) - - - - This fixes build failures on some versions of AIX. - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Fix bugs in contrib/pg_trgm's LIKE pattern - analysis code (Fujii Masao) - - - - LIKE queries using a trigram index could produce wrong - results if the pattern contained LIKE escape characters. - - - - - - Fix pg_upgrade's handling of line endings on Windows - (Andrew Dunstan) - - - - Previously, pg_upgrade might add or remove carriage - returns in places such as function bodies. - - - - - - On Windows, make pg_upgrade use backslash path - separators in the scripts it emits (Andrew Dunstan) - - - - - - Remove unnecessary dependency on pg_config from - pg_upgrade (Peter Eisentraut) - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 9.1.5 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 9.1.4. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.5 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.4, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Fix race condition in enum-type value comparisons (Robert - Haas, Tom Lane) - - - - Comparisons could fail when encountering an enum value added since - the current query started. - - - - - - Fix txid_current() to report the correct epoch when not - in hot standby (Heikki Linnakangas) - - - - This fixes a regression introduced in the previous minor release. - - - - - - Prevent selection of unsuitable replication connections as - the synchronous standby (Fujii Masao) - - - - The master might improperly choose pseudo-servers such as - pg_receivexlog or pg_basebackup - as the synchronous standby, and then wait indefinitely for them. - - - - - - Fix bug in startup of Hot Standby when a master transaction has many - subtransactions (Andres Freund) - - - - This mistake led to failures reported as out-of-order XID - insertion in KnownAssignedXids. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Fix timeout handling in walsender processes (Tom Lane) - - - - WAL sender background processes neglected to establish a - SIGALRM handler, meaning they would wait forever in - some corner cases where a timeout ought to happen. - - - - - - Wake walsenders after each background flush by walwriter (Andres - Freund, Simon Riggs) - - - - This greatly reduces replication delay when the workload contains - only asynchronously-committed transactions. - - - - - - Fix LISTEN/NOTIFY to cope better with I/O - problems, such as out of disk space (Tom Lane) - - - - After a write failure, all subsequent attempts to send more - NOTIFY messages would fail with messages like - Could not read from file "pg_notify/nnnn" at - offset nnnnn: Success. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Fix WITH attached to a nested set operation - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Fix dependencies generated during ALTER TABLE ... ADD - CONSTRAINT USING INDEX (Tom Lane) - - - - This command left behind a redundant pg_depend entry - for the index, which could confuse later operations, notably - ALTER TABLE ... ALTER COLUMN TYPE on one of the indexed - columns. - - - - - - Fix REASSIGN OWNED to work on extensions (Alvaro Herrera) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix planner to pass correct collation to operator selectivity - estimators (Tom Lane) - - - - This was not previously required by any core selectivity estimation - function, but third-party code might need it. - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Fix bugs with parsing signed - hh:mm and - hh:mm:ss - fields in interval constants (Amit Kapila, Tom Lane) - - - - - - Fix pg_dump to better handle views containing partial - GROUP BY lists (Tom Lane) - - - - A view that lists only a primary key column in GROUP BY, - but uses other table columns as if they were grouped, gets marked as - depending on the primary key. Improper handling of such primary key - dependencies in pg_dump resulted in poorly-ordered - dumps, which at best would be inefficient to restore and at worst - could result in outright failure of a parallel - pg_restore run. - - - - - - In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding - (Alex Hunsaker, Kyotaro Horiguchi, Alvaro Herrera) - - - - - - Use Postgres' encoding conversion functions, not Python's, when - converting a Python Unicode string to the server encoding in - PL/Python (Jan Urbanski) - - - - This avoids some corner-case problems, notably that Python doesn't - support all the encodings Postgres does. A notable functional change - is that if the server encoding is SQL_ASCII, you will get the UTF-8 - representation of the string; formerly, any non-ASCII characters in - the string would result in an error. - - - - - - Fix mapping of PostgreSQL encodings to Python encodings in PL/Python - (Jan Urbanski) - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 9.1.4 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 9.1.3. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.4 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you use the citext data type, and you upgraded - from a previous major release by running pg_upgrade, - you should run CREATE EXTENSION citext FROM unpackaged - to avoid collation-related failures in citext operations. - The same is necessary if you restore a dump from a pre-9.1 database - that contains an instance of the citext data type. - If you've already run the CREATE EXTENSION command before - upgrading to 9.1.4, you will instead need to do manual catalog updates - as explained in the third changelog item below. - - - - Also, if you are upgrading from a version earlier than 9.1.2, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Make contrib/citext's upgrade script fix collations of - citext arrays and domains over citext - (Tom Lane) - - - - Release 9.1.2 provided a fix for collations of citext columns - and indexes in databases upgraded or reloaded from pre-9.1 - installations, but that fix was incomplete: it neglected to handle arrays - and domains over citext. This release extends the module's - upgrade script to handle these cases. As before, if you have already - run the upgrade script, you'll need to run the collation update - commands by hand instead. See the 9.1.2 release notes for more - information about doing this. - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Ensure txid_current() reports the correct epoch when - executed in hot standby (Simon Riggs) - - - - - - Fix planner's handling of outer PlaceHolderVars within subqueries (Tom - Lane) - - - - This bug concerns sub-SELECTs that reference variables coming from the - nullable side of an outer join of the surrounding query. - In 9.1, queries affected by this bug would fail with ERROR: - Upper-level PlaceHolderVar found where not expected. But in 9.0 and - 8.4, you'd silently get possibly-wrong answers, since the value - transmitted into the subquery wouldn't go to null when it should. - - - - - - Fix planning of UNION ALL subqueries with output columns - that are not simple variables (Tom Lane) - - - - Planning of such cases got noticeably worse in 9.1 as a result of a - misguided fix for MergeAppend child's targetlist doesn't match - MergeAppend errors. Revert that fix and do it another way. - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Fix COPY FROM to properly handle null marker strings that - correspond to invalid encoding (Tom Lane) - - - - A null marker string such as E'\\0' should work, and did - work in the past, but the case got broken in 8.4. - - - - - - Fix EXPLAIN VERBOSE for writable CTEs containing - RETURNING clauses (Tom Lane) - - - - - - Fix PREPARE TRANSACTION to work correctly in the presence - of advisory locks (Tom Lane) - - - - Historically, PREPARE TRANSACTION has simply ignored any - session-level advisory locks the session holds, but this case was - accidentally broken in 9.1. - - - - - - Fix truncation of unlogged tables (Robert Haas) - - - - - - Ignore missing schemas during non-interactive assignments of - search_path (Tom Lane) - - - - This re-aligns 9.1's behavior with that of older branches. Previously - 9.1 would throw an error for nonexistent schemas mentioned in - search_path settings obtained from places such as - ALTER DATABASE SET. - - - - - - Fix bugs with temporary or transient tables used in extension scripts - (Tom Lane) - - - - This includes cases such as a rewriting ALTER TABLE within - an extension update script, since that uses a transient table behind - the scenes. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix too many LWLocks taken failure in GiST indexes (Heikki - Linnakangas) - - - - - - Fix WAL replay logic for GIN indexes to not fail if the index was - subsequently dropped (Tom Lane) - - - - - - Correctly detect SSI conflicts of prepared transactions after a crash - (Dan Ports) - - - - - - Avoid synchronous replication delay when committing a transaction that - only modified temporary tables (Heikki Linnakangas) - - - - In such a case the transaction's commit record need not be flushed to - standby servers, but some of the code didn't know that and waited for - it to happen anyway. - - - - - - Fix error handling in pg_basebackup - (Thomas Ogrisegg, Fujii Masao) - - - - - - Fix walsender to not go into a busy loop if connection - is terminated (Fujii Masao) - - - - - - Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe - Conway) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Ensure that PL/Perl package-qualifies the _TD variable - (Alex Hunsaker) - - - - This bug caused trigger invocations to fail when they are nested - within a function invocation that changes the current package. - - - - - - Fix PL/Python functions returning composite types to accept a string - for their result value (Jan Urbanski) - - - - This case was accidentally broken by the 9.1 additions to allow a - composite result value to be supplied in other formats, such as - dictionaries. - - - - - - Fix potential access off the end of memory in psql's - expanded display (\x) mode (Peter Eisentraut) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix memory and file descriptor leaks in pg_restore - when reading a directory-format archive (Peter Eisentraut) - - - - - - Fix pg_upgrade for the case that a database stored in a - non-default tablespace contains a table in the cluster's default - tablespace (Bruce Momjian) - - - - - - In ecpg, fix rare memory leaks and possible overwrite - of one byte after the sqlca_t structure (Peter Eisentraut) - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Fix contrib/dblink to report the correct connection name in - error messages (Kyotaro Horiguchi) - - - - - - Fix contrib/vacuumlo to use multiple transactions when - dropping many large objects (Tim Lewis, Robert Haas, Tom Lane) - - - - This change avoids exceeding max_locks_per_transaction when - many objects need to be dropped. The behavior can be adjusted with the - new -l (limit) option. - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 9.1.3 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 9.1.2. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.3 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.2, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Remove arbitrary limitation on length of common name in SSL - certificates (Heikki Linnakangas) - - - - Both libpq and the server truncated the common name - extracted from an SSL certificate at 32 bytes. Normally this would - cause nothing worse than an unexpected verification failure, but there - are some rather-implausible scenarios in which it might allow one - certificate holder to impersonate another. The victim would have to - have a common name exactly 32 bytes long, and the attacker would have - to persuade a trusted CA to issue a certificate in which the common - name has that string as a prefix. Impersonating a server would also - require some additional exploit to redirect client connections. - (CVE-2012-0867) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Fix transient zeroing of shared buffers during WAL replay (Tom Lane) - - - - The replay logic would sometimes zero and refill a shared buffer, so - that the contents were transiently invalid. In hot standby mode this - can result in a query that's executing in parallel seeing garbage data. - Various symptoms could result from that, but the most common one seems - to be invalid memory alloc request size. - - - - - - Fix handling of data-modifying WITH subplans in - READ COMMITTED rechecking (Tom Lane) - - - - A WITH clause containing - INSERT/UPDATE/DELETE would crash - if the parent UPDATE or DELETE command needed - to be re-evaluated at one or more rows due to concurrent updates - in READ COMMITTED mode. - - - - - - Fix corner case in SSI transaction cleanup - (Dan Ports) - - - - When finishing up a read-write serializable transaction, - a crash could occur if all remaining active serializable transactions - are read-only. - - - - - - Fix postmaster to attempt restart after a hot-standby crash (Tom Lane) - - - - A logic error caused the postmaster to terminate, rather than attempt - to restart the cluster, if any backend process crashed while operating - in hot standby mode. - - - - - - Fix CLUSTER/VACUUM FULL handling of toast - values owned by recently-updated rows (Tom Lane) - - - - This oversight could lead to duplicate key value violates unique - constraint errors being reported against the toast table's index - during one of these commands. - - - - - - Update per-column permissions, not only per-table permissions, when - changing table owner (Tom Lane) - - - - Failure to do this meant that any previously granted column permissions - were still shown as having been granted by the old owner. This meant - that neither the new owner nor a superuser could revoke the - now-untraceable-to-table-owner permissions. - - - - - - Support foreign data wrappers and foreign servers in - REASSIGN OWNED (Alvaro Herrera) - - - - This command failed with unexpected classid errors if - it needed to change the ownership of any such objects. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Fix unsupported node type error caused by COLLATE - in an INSERT expression (Tom Lane) - - - - - - Avoid crashing when we have problems deleting table files post-commit - (Tom Lane) - - - - Dropping a table should lead to deleting the underlying disk files only - after the transaction commits. In event of failure then (for instance, - because of wrong file permissions) the code is supposed to just emit a - warning message and go on, since it's too late to abort the - transaction. This logic got broken as of release 8.4, causing such - situations to result in a PANIC and an unrestartable database. - - - - - - Recover from errors occurring during WAL replay of DROP - TABLESPACE (Tom Lane) - - - - Replay will attempt to remove the tablespace's directories, but there - are various reasons why this might fail (for example, incorrect - ownership or permissions on those directories). Formerly the replay - code would panic, rendering the database unrestartable without manual - intervention. It seems better to log the problem and continue, since - the only consequence of failure to remove the directories is some - wasted disk space. - - - - - - Fix race condition in logging AccessExclusiveLocks for hot standby - (Simon Riggs) - - - - Sometimes a lock would be logged as being held by transaction - zero. This is at least known to produce assertion failures on - slave servers, and might be the cause of more serious problems. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Prevent emitting misleading consistent recovery state reached - log message at the beginning of crash recovery (Heikki Linnakangas) - - - - - - Fix initial value of - pg_stat_replication.replay_location - (Fujii Masao) - - - - Previously, the value shown would be wrong until at least one WAL - record had been replayed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Fix planner's ability to push down index-expression restrictions - through UNION ALL (Tom Lane) - - - - This type of optimization was inadvertently disabled by a fix for - another problem in 9.1.2. - - - - - - Fix planning of WITH clauses referenced in - UPDATE/DELETE on an inherited table - (Tom Lane) - - - - This bug led to could not find plan for CTE failures. - - - - - - Fix GIN cost estimation to handle column IN (...) - index conditions (Marti Raudsepp) - - - - This oversight would usually lead to crashes if such a condition could - be used with a GIN index. - - - - - - Prevent assertion failure when exiting a session with an open, failed - transaction (Tom Lane) - - - - This bug has no impact on normal builds with asserts not enabled. - - - - - - Fix dangling pointer after CREATE TABLE AS/SELECT - INTO in a SQL-language function (Tom Lane) - - - - In most cases this only led to an assertion failure in assert-enabled - builds, but worse consequences seem possible. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Work around bug in perl's SvPVutf8() function (Andrew Dunstan) - - - - This function crashes when handed a typeglob or certain read-only - objects such as $^V. Make plperl avoid passing those to - it. - - - - - - In pg_dump, don't dump contents of an extension's - configuration tables if the extension itself is not being dumped - (Tom Lane) - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - or options fail when - using pg_restore from a release dated September or - December 2011, as a result of an oversight in a fix for another - problem. The archive file itself is not at fault, and text-mode - output is okay. - - - - - - Teach pg_upgrade to handle renaming of - plpython's shared library (Bruce Momjian) - - - - Upgrading a pre-9.1 database that included plpython would fail because - of this oversight. - - - - - - Allow pg_upgrade to process tables containing - regclass columns (Bruce Momjian) - - - - Since pg_upgrade now takes care to preserve - pg_class OIDs, there was no longer any reason for this - restriction. - - - - - - Make libpq ignore ENOTDIR errors - when looking for an SSL client certificate file - (Magnus Hagander) - - - - This allows SSL connections to be established, though without a - certificate, even when the user's home directory is set to something - like /dev/null. - - - - - - Fix some more field alignment issues in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Allow AT option in ecpg - DEALLOCATE statements (Michael Meskes) - - - - The infrastructure to support this has been there for awhile, but - through an oversight there was still an error check rejecting the case. - - - - - - Do not use the variable name when defining a varchar structure in ecpg - (Michael Meskes) - - - - - - Fix contrib/auto_explain's JSON output mode to produce - valid JSON (Andrew Dunstan) - - - - The output used brackets at the top level, when it should have used - braces. - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use option when building with - gcc versions that accept it (Andrew Dunstan) - - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - Allow MinGW builds to use standardly-named OpenSSL libraries - (Tomasz Ostrowski) - - - - - - - - - - Release 9.1.2 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 9.1.1. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.2 - - - A dump/restore is not required for those running 9.1.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you use the citext data type, and you upgraded - from a previous major release by running pg_upgrade, - you should run CREATE EXTENSION citext FROM unpackaged - to avoid collation-related failures in citext operations. - The same is necessary if you restore a dump from a pre-9.1 database - that contains an instance of the citext data type. - If you've already run the CREATE EXTENSION command before - upgrading to 9.1.2, you will instead need to do manual catalog updates - as explained in the second changelog item. - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Make contrib/citext's upgrade script fix collations of - citext columns and indexes (Tom Lane) - - - - Existing citext columns and indexes aren't correctly marked as - being of a collatable data type during pg_upgrade from - a pre-9.1 server, or when a pre-9.1 dump containing the citext - type is loaded into a 9.1 server. - That leads to operations on these columns failing with errors - such as could not determine which collation to use for string - comparison. This change allows them to be fixed by the same - script that upgrades the citext module into a proper 9.1 - extension during CREATE EXTENSION citext FROM unpackaged. - - - - If you have a previously-upgraded database that is suffering from this - problem, and you already ran the CREATE EXTENSION command, - you can manually run (as superuser) the UPDATE commands - found at the end of - SHAREDIR/extension/citext--unpackaged--1.0.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) - There is no harm in doing this again if unsure. - - - - - - Fix possible crash during UPDATE or DELETE that - joins to the output of a scalar-returning function (Tom Lane) - - - - A crash could only occur if the target row had been concurrently - updated, so this problem surfaced only intermittently. - - - - - - Fix incorrect replay of WAL records for GIN index updates - (Tom Lane) - - - - This could result in transiently failing to find index entries after - a crash, or on a hot-standby server. The problem would be repaired - by the next VACUUM of the index, however. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix possible failures during hot standby startup (Simon Riggs) - - - - - - Start hot standby faster when initial snapshot is incomplete - (Simon Riggs) - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Track dependencies of functions on items used in parameter default - expressions (Tom Lane) - - - - Previously, a referenced object could be dropped without having dropped - or modified the function, leading to misbehavior when the function was - used. Note that merely installing this update will not fix the missing - dependency entries; to do that, you'd need to CREATE OR - REPLACE each such function afterwards. If you have functions whose - defaults depend on non-built-in objects, doing so is recommended. - - - - - - Fix incorrect management of placeholder variables in nestloop joins - (Tom Lane) - - - - This bug is known to lead to variable not found in subplan target - list planner errors, and could possibly result in wrong query output - when outer joins are involved. - - - - - - Fix window functions that sort by expressions involving aggregates - (Tom Lane) - - - - Previously these could fail with could not find pathkey item to - sort planner errors. - - - - - - Fix MergeAppend child's targetlist doesn't match MergeAppend - planner errors (Tom Lane) - - - - - - Fix index matching for operators with both collatable and noncollatable - inputs (Tom Lane) - - - - In 9.1.0, an indexable operator that has a non-collatable left-hand - input type and a collatable right-hand input type would not be - recognized as matching the left-hand column's index. An example is - the hstore ? text operator. - - - - - - Allow inlining of set-returning SQL functions with multiple OUT - parameters (Tom Lane) - - - - - - Don't trust deferred-unique indexes for join removal (Tom Lane and Marti - Raudsepp) - - - - A deferred uniqueness constraint might not hold intra-transaction, - so assuming that it does could give incorrect query results. - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Fix IF EXISTS to work correctly in DROP OPERATOR - FAMILY (Robert Haas) - - - - - - Disallow dropping of an extension from within its own script - (Tom Lane) - - - - This prevents odd behavior in case of incorrect management of extension - dependencies. - - - - - - Don't mark auto-generated types as extension members (Robert Haas) - - - - Relation rowtypes and automatically-generated array types do not need to - have their own extension membership entries in pg_depend, - and creating such entries complicates matters for extension upgrades. - - - - - - Cope with invalid pre-existing search_path settings during - CREATE EXTENSION (Tom Lane) - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Prevent autovacuum transactions from running in serializable mode - (Tom Lane) - - - - Autovacuum formerly used the cluster-wide default transaction isolation - level, but there is no need for it to use anything higher than READ - COMMITTED, and using SERIALIZABLE could result in unnecessary delays - for other processes. - - - - - - Ensure walsender processes respond promptly to SIGTERM - (Magnus Hagander) - - - - - - Exclude postmaster.opts from base backups - (Magnus Hagander) - - - - - - Preserve configuration file name and line number values when starting - child processes under Windows (Tom Lane) - - - - Formerly, these would not be displayed correctly in the - pg_settings view. - - - - - - Fix incorrect field alignment in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Avoid platform-specific infinite loop in pg_dump - (Steve Singer) - - - - - - Fix compression of plain-text output format in pg_dump - (Adrian Klaver and Tom Lane) - - - - pg_dump has historically understood -Z with - no -F switch to mean that it should emit a gzip-compressed - version of its plain text output. Restore that behavior. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Fix missed quoting of foreign server names in pg_dump - (Tom Lane) - - - - - - Assorted fixes for pg_upgrade (Bruce Momjian) - - - - Handle exclusion constraints correctly, avoid failures on Windows, - don't complain about mismatched toast table names in 8.4 databases. - - - - - - In PL/pgSQL, allow foreign tables to define row types - (Alexander Soudakov) - - - - - - Fix up conversions of PL/Perl functions' results - (Alex Hunsaker and Tom Lane) - - - - Restore the pre-9.1 behavior that PL/Perl functions returning - void ignore the result value of their last Perl statement; - 9.1.0 would throw an error if that statement returned a reference. - Also, make sure it works to return a string value for a composite type, - so long as the string meets the type's input format. - In addition, throw errors for attempts to return Perl arrays or hashes - when the function's declared result type is not an array or composite - type, respectively. (Pre-9.1 versions rather uselessly returned - strings like ARRAY(0x221a9a0) or - HASH(0x221aa90) in such cases.) - - - - - - Ensure PL/Perl strings are always correctly UTF8-encoded - (Amit Khandekar and Alex Hunsaker) - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Correctly propagate SQLSTATE in PL/Python exceptions - (Mika Eloranta and Jan Urbanski) - - - - - - Do not install PL/Python extension files for Python major versions - other than the one built against (Peter Eisentraut) - - - - - - Change all the contrib extension script files to report - a useful error message if they are fed to psql - (Andrew Dunstan and Tom Lane) - - - - This should help teach people about the new method of using - CREATE EXTENSION to load these files. In most cases, - sourcing the scripts directly would fail anyway, but with - harder-to-interpret messages. - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Remove contrib/sepgsql tests from the regular regression - test mechanism (Tom Lane) - - - - Since these tests require root privileges for setup, they're impractical - to run automatically. Switch over to a manual approach instead, and - provide a testing script to help with that. - - - - - - Fix assorted errors in contrib/unaccent's configuration - file parsing (Tom Lane) - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Fix incorrect quoting of log file name in macOS start script - (Sidar Lopez) - - - - - - Revert unintentional enabling of WAL_DEBUG (Robert Haas) - - - - Fortunately, as debugging tools go, this one is pretty cheap; - but it's not intended to be enabled by default, so revert. - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 9.1.1 - - - Release date: - 2011-09-26 - - - - This release contains a small number of fixes from 9.1.0. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.1 - - - A dump/restore is not required for those running 9.1.X. - - - - - - Changes - - - - - - Make pg_options_to_table return NULL for an option with no - value (Tom Lane) - - - - Previously such cases would result in a server crash. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix explicit reference to pg_temp schema in CREATE - TEMPORARY TABLE (Robert Haas) - - - - This used to be allowed, but failed in 9.1.0. - - - - - - - - - - Release 9.1 - - - Release date: - 2011-09-12 - - - - Overview - - - This release shows PostgreSQL moving beyond the - traditional relational-database feature set with new, ground-breaking - functionality that is unique to PostgreSQL. - The streaming replication feature introduced in release 9.0 is - significantly enhanced by adding a synchronous-replication option, - streaming backups, and monitoring improvements. - Major enhancements include: - - - - - - - - - Allow synchronous - replication - - - - - - Add support for foreign - tables - - - - - - Add per-column collation support - - - - - - Add extensions which - simplify packaging of additions to PostgreSQL - - - - - - Add a true serializable isolation level - - - - - - Support unlogged tables using the UNLOGGED - option in CREATE - TABLE - - - - - - Allow data-modification commands - (INSERT/UPDATE/DELETE) in - WITH clauses - - - - - - Add nearest-neighbor (order-by-operator) searching to GiST indexes - - - - - - Add a SECURITY - LABEL command and support for - SELinux permissions control - - - - - - Update the PL/Python server-side - language - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.1 - - - A dump/restore using pg_dump, - or use of pg_upgrade, is required - for those wishing to migrate data from any previous - release. - - - - Version 9.1 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - Strings - - - - - - Change the default value of standard_conforming_strings - to on (Robert Haas) - - - - By default, backslashes are now ordinary characters in string literals, - not escape characters. This change removes a long-standing - incompatibility with the SQL standard. escape_string_warning - has produced warnings about this usage for years. E'' - strings are the proper way to embed backslash escapes in strings and are - unaffected by this change. - - - - - This change can break applications that are not expecting it and - do their own string escaping according to the old rules. The - consequences could be as severe as introducing SQL-injection security - holes. Be sure to test applications that are exposed to untrusted - input, to ensure that they correctly handle single quotes and - backslashes in text strings. - - - - - - - - - - Casting - - - - - - Disallow function-style and attribute-style data type casts for - composite types (Tom Lane) - - - - For example, disallow - composite_value.text and - text(composite_value). - Unintentional uses of this syntax have frequently resulted in bug - reports; although it was not a bug, it seems better to go back to - rejecting such expressions. - The CAST and :: syntaxes are still available - for use when a cast of an entire composite value is actually intended. - - - - - - Tighten casting checks for domains based on arrays (Tom Lane) - - - - When a domain is based on an array type, it is allowed to look - through the domain type to access the array elements, including - subscripting the domain value to fetch or assign an element. - Assignment to an element of such a domain value, for instance via - UPDATE ... SET domaincol[5] = ..., will now result in - rechecking the domain type's constraints, whereas before the checks - were skipped. - - - - - - - - - Arrays - - - - - - Change string_to_array() - to return an empty array for a zero-length string (Pavel - Stehule) - - - - Previously this returned a null value. - - - - - - Change string_to_array() - so a NULL separator splits the string into characters - (Pavel Stehule) - - - - Previously this returned a null value. - - - - - - - - - Object Modification - - - - - - Fix improper checks for before/after triggers (Tom Lane) - - - - Triggers can now be fired in three cases: BEFORE, - AFTER, or INSTEAD OF some action. - Trigger function authors should verify that their logic behaves - sanely in all three cases. - - - - - - Require superuser or CREATEROLE permissions in order to - set comments on roles (Tom Lane) - - - - - - - - - Server Settings - - - - - - Change pg_last_xlog_receive_location() - so it never moves backwards (Fujii Masao) - - - - Previously, the value of pg_last_xlog_receive_location() - could move backward when streaming replication is restarted. - - - - - - Have logging of replication connections honor log_connections - (Magnus Hagander) - - - - Previously, replication connections were always logged. - - - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Change PL/pgSQL's RAISE command without parameters - to be catchable by the attached exception block (Piyush Newe) - - - - Previously RAISE in a code block was always scoped to - an attached exception block, so it was uncatchable at the same - scope. - - - - - - Adjust PL/pgSQL's error line numbering code to be consistent - with other PLs (Pavel Stehule) - - - - Previously, PL/pgSQL would ignore (not count) an empty line at the - start of the function body. Since this was inconsistent with all - other languages, the special case was removed. - - - - - - Make PL/pgSQL complain about conflicting IN and OUT parameter names - (Tom Lane) - - - - Formerly, the collision was not detected, and the name would just - silently refer to only the OUT parameter. - - - - - - Type modifiers of PL/pgSQL variables are now visible to the SQL parser - (Tom Lane) - - - - A type modifier (such as a varchar length limit) attached to a PL/pgSQL - variable was formerly enforced during assignments, but was ignored for - all other purposes. Such variables will now behave more like table - columns declared with the same modifier. This is not expected to make - any visible difference in most cases, but it could result in subtle - changes for some SQL commands issued by PL/pgSQL functions. - - - - - - - - - Contrib - - - - - - All contrib modules are now installed with CREATE EXTENSION - rather than by manually invoking their SQL scripts - (Dimitri Fontaine, Tom Lane) - - - - To update an existing database containing the 9.0 version of a contrib - module, use CREATE EXTENSION ... FROM unpackaged - to wrap the existing contrib module's objects into an extension. When - updating from a pre-9.0 version, drop the contrib module's objects - using its old uninstall script, then use CREATE EXTENSION. - - - - - - - - - Other Incompatibilities - - - - - - Make pg_stat_reset() - reset all database-level statistics (Tomas Vondra) - - - - Some pg_stat_database counters were not being reset. - - - - - - Fix some information_schema.triggers - column names to match the new SQL-standard names (Dean Rasheed) - - - - - - Treat ECPG cursor names as case-insensitive - (Zoltan Boszormenyi) - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.1 and the previous major - release. - - - - Server - - - Performance - - - - - - Support unlogged tables using the UNLOGGED - option in CREATE - TABLE (Robert Haas) - - - - Such tables provide better update performance than regular tables, - but are not crash-safe: their contents are automatically cleared in - case of a server crash. Their contents do not propagate to - replication slaves, either. - - - - - - Allow FULL OUTER JOIN to be implemented as a - hash join, and allow either side of a LEFT OUTER JOIN - or RIGHT OUTER JOIN to be hashed (Tom Lane) - - - - Previously FULL OUTER JOIN could only be - implemented as a merge join, and LEFT OUTER JOIN - and RIGHT OUTER JOIN could hash only the nullable - side of the join. These changes provide additional query optimization - possibilities. - - - - - - Merge duplicate fsync requests (Robert Haas, Greg Smith) - - - - This greatly improves performance under heavy write loads. - - - - - - Improve performance of commit_siblings - (Greg Smith) - - - - This allows the use of commit_siblings with - less overhead. - - - - - - Reduce the memory requirement for large ispell dictionaries - (Pavel Stehule, Tom Lane) - - - - - - Avoid leaving data files open after blind writes - (Alvaro Herrera) - - - - This fixes scenarios in which backends might hold files open long - after they were deleted, preventing the kernel from reclaiming - disk space. - - - - - - - - - Optimizer - - - - - - Allow inheritance table scans to return meaningfully-sorted - results (Greg Stark, Hans-Jurgen Schonig, Robert Haas, Tom Lane) - - - - This allows better optimization of queries that use ORDER - BY, LIMIT, or MIN/MAX with - inherited tables. - - - - - - Improve GIN index scan cost estimation (Teodor Sigaev) - - - - - - Improve cost estimation for aggregates and window functions (Tom Lane) - - - - - - - - - Authentication - - - - - - Support host names and host suffixes - (e.g. .example.com) in pg_hba.conf - (Peter Eisentraut) - - - - Previously only host IP addresses and CIDR - values were supported. - - - - - - Support the key word all in the host column of pg_hba.conf - (Peter Eisentraut) - - - - Previously people used 0.0.0.0/0 or ::/0 - for this. - - - - - - Reject local lines in pg_hba.conf - on platforms that don't support Unix-socket connections - (Magnus Hagander) - - - - Formerly, such lines were silently ignored, which could be surprising. - This makes the behavior more like other unsupported cases. - - - - - - Allow GSSAPI - to be used to authenticate to servers via SSPI (Christian Ullrich) - - - - Specifically this allows Unix-based GSSAPI clients - to do SSPI authentication with Windows servers. - - - - - - ident - authentication over local sockets is now known as - peer - (Magnus Hagander) - - - - The old term is still accepted for backward compatibility, but since - the two methods are fundamentally different, it seemed better to adopt - different names for them. - - - - - - Rewrite peer - authentication to avoid use of credential control messages (Tom Lane) - - - - This change makes the peer authentication code simpler and - better-performing. However, it requires the platform to provide the - getpeereid function or an equivalent socket operation. - So far as is known, the only platform for which peer authentication - worked before and now will not is pre-5.0 NetBSD. - - - - - - - - - Monitoring - - - - - - Add details to the logging of restartpoints and checkpoints, - which is controlled by log_checkpoints - (Fujii Masao, Greg Smith) - - - - New details include WAL file and sync activity. - - - - - - Add log_file_mode - which controls the permissions on log files created by the - logging collector (Martin Pihlak) - - - - - - Reduce the default maximum line length for syslog - logging to 900 bytes plus prefixes (Noah Misch) - - - - This avoids truncation of long log lines on syslog implementations - that have a 1KB length limit, rather than the more common 2KB. - - - - - - - - - Statistical Views - - - - - - Add client_hostname column to pg_stat_activity - (Peter Eisentraut) - - - - Previously only the client address was reported. - - - - - - Add pg_stat_xact_* - statistics functions and views (Joel Jacobson) - - - - These are like the database-wide statistics counter views, but - reflect counts for only the current transaction. - - - - - - Add time of last reset in database-level and background writer - statistics views (Tomas Vondra) - - - - - - Add columns showing the number of vacuum and analyze operations - in pg_stat_*_tables - views (Magnus Hagander) - - - - - - Add buffers_backend_fsync column to pg_stat_bgwriter - (Greg Smith) - - - - This new column counts the number of times a backend fsyncs a - buffer. - - - - - - - - - Server Settings - - - - - - Provide auto-tuning of wal_buffers (Greg - Smith) - - - - By default, the value of wal_buffers is now chosen - automatically based on the value of shared_buffers. - - - - - - Increase the maximum values for - deadlock_timeout, - log_min_duration_statement, and - log_autovacuum_min_duration - (Peter Eisentraut) - - - - The maximum value for each of these parameters was previously - only about 35 minutes. Much larger values are now allowed. - - - - - - - - - - - Replication and Recovery - - - Streaming Replication and Continuous Archiving - - - - - - Allow synchronous - replication (Simon Riggs, Fujii Masao) - - - - This allows the primary server to wait for a standby to write a - transaction's information to disk before acknowledging the commit. - One standby at a time can take the role of the synchronous standby, - as controlled by the - synchronous_standby_names - setting. Synchronous replication can be enabled or disabled on a - per-transaction basis using the - synchronous_commit - setting. - - - - - - Add protocol support for sending file system backups to standby servers - using the streaming replication network connection (Magnus Hagander, - Heikki Linnakangas) - - - - This avoids the requirement of manually transferring a file - system backup when setting up a standby server. - - - - - - Add - replication_timeout - setting (Fujii Masao, Heikki Linnakangas) - - - - Replication connections that are idle for more than the - replication_timeout interval will be terminated - automatically. Formerly, a failed connection was typically not - detected until the TCP timeout elapsed, which is inconveniently - long in many situations. - - - - - - Add command-line tool pg_basebackup - for creating a new standby server or database backup (Magnus - Hagander) - - - - - - Add a replication permission - for roles (Magnus Hagander) - - - - This is a read-only permission used for streaming replication. - It allows a non-superuser role to be used for replication connections. - Previously only superusers could initiate replication - connections; superusers still have this permission by default. - - - - - - - - - Replication Monitoring - - - - - - Add system view pg_stat_replication - which displays activity of WAL sender processes (Itagaki - Takahiro, Simon Riggs) - - - - This reports the status of all connected standby servers. - - - - - - Add monitoring function pg_last_xact_replay_timestamp() - (Fujii Masao) - - - - This returns the time at which the primary generated the most - recent commit or abort record applied on the standby. - - - - - - - - - Hot Standby - - - - - - Add configuration parameter hot_standby_feedback - to enable standbys to postpone cleanup of old row versions on the - primary (Simon Riggs) - - - - This helps avoid canceling long-running queries on the standby. - - - - - - Add the pg_stat_database_conflicts - system view to show queries that have been canceled and the - reason (Magnus Hagander) - - - - Cancellations can occur because of dropped tablespaces, lock - timeouts, old snapshots, pinned buffers, and deadlocks. - - - - - - Add a conflicts count to pg_stat_database - (Magnus Hagander) - - - - This is the number of conflicts that occurred in the database. - - - - - - Increase the maximum values for - max_standby_archive_delay and - max_standby_streaming_delay - - - - The maximum value for each of these parameters was previously - only about 35 minutes. Much larger values are now allowed. - - - - - - Add ERRCODE_T_R_DATABASE_DROPPED - error code to report recovery conflicts due to dropped databases - (Tatsuo Ishii) - - - - This is useful for connection pooling software. - - - - - - - - - Recovery Control - - - - - - Add functions to control streaming replication replay (Simon Riggs) - - - - The new functions are pg_xlog_replay_pause(), - pg_xlog_replay_resume(), - and the status function pg_is_xlog_replay_paused(). - - - - - - Add recovery.conf setting - pause_at_recovery_target - to pause recovery at target (Simon Riggs) - - - - This allows a recovery server to be queried to check whether - the recovery point is the one desired. - - - - - - Add the ability to create named restore points using pg_create_restore_point() - (Jaime Casanova) - - - - These named restore points can be specified as recovery - targets using the new recovery.conf setting - recovery_target_name. - - - - - - Allow standby recovery to switch to a new timeline automatically - (Heikki Linnakangas) - - - - Now standby servers scan the archive directory for new - timelines periodically. - - - - - - Add restart_after_crash - setting which disables automatic server restart after a backend - crash (Robert Haas) - - - - This allows external cluster management software to control - whether the database server restarts or not. - - - - - - Allow recovery.conf - to use the same quoting behavior as postgresql.conf - (Dimitri Fontaine) - - - - Previously all values had to be quoted. - - - - - - - - - - - Queries - - - - - - Add a true serializable isolation level - (Kevin Grittner, Dan Ports) - - - - Previously, asking for serializable isolation guaranteed only that a - single MVCC snapshot would be used for the entire transaction, which - allowed certain documented anomalies. The old snapshot isolation - behavior is still available by requesting the REPEATABLE READ - isolation level. - - - - - - Allow data-modification commands - (INSERT/UPDATE/DELETE) in - WITH clauses - (Marko Tiikkaja, Hitoshi Harada) - - - - These commands can use RETURNING to pass data up to the - containing query. - - - - - - Allow WITH - clauses to be attached to INSERT, UPDATE, - DELETE statements (Marko Tiikkaja, Hitoshi Harada) - - - - - - Allow non-GROUP - BY columns in the query target list when the primary - key is specified in the GROUP BY clause (Peter - Eisentraut) - - - - The SQL standard allows this behavior, and - because of the primary key, the result is unambiguous. - - - - - - Allow use of the key word DISTINCT in UNION/INTERSECT/EXCEPT - clauses (Tom Lane) - - - - DISTINCT is the default behavior so use of this - key word is redundant, but the SQL standard allows it. - - - - - - Fix ordinary queries with rules to use the same snapshot behavior - as EXPLAIN ANALYZE (Marko Tiikkaja) - - - - Previously EXPLAIN ANALYZE used slightly different - snapshot timing for queries involving rules. The - EXPLAIN ANALYZE behavior was judged to be more logical. - - - - - - - Strings - - - - - - Add per-column collation support - (Peter Eisentraut, Tom Lane) - - - - Previously collation (the sort ordering of text strings) could only be - chosen at database creation. - Collation can now be set per column, domain, index, or - expression, via the SQL-standard COLLATE clause. - - - - - - - - - - - Object Manipulation - - - - - - Add extensions which - simplify packaging of additions to PostgreSQL - (Dimitri Fontaine, Tom Lane) - - - - Extensions are controlled by the new CREATE/ALTER/DROP EXTENSION - commands. This replaces ad-hoc methods of grouping objects that - are added to a PostgreSQL installation. - - - - - - Add support for foreign - tables (Shigeru Hanada, Robert Haas, Jan Urbanski, - Heikki Linnakangas) - - - - This allows data stored outside the database to be used like - native PostgreSQL-stored data. Foreign tables - are currently read-only, however. - - - - - - Allow new values to be added to an existing enum type via - ALTER TYPE (Andrew - Dunstan) - - - - - - Add ALTER TYPE ... - ADD/DROP/ALTER/RENAME ATTRIBUTE (Peter Eisentraut) - - - - This allows modification of composite types. - - - - - - - <command>ALTER</command> Object - - - - - - Add RESTRICT/CASCADE to ALTER TYPE operations - on typed tables (Peter Eisentraut) - - - - This controls - ADD/DROP/ALTER/RENAME - ATTRIBUTE cascading behavior. - - - - - - Support ALTER TABLE name {OF | NOT OF} - type - (Noah Misch) - - - - This syntax allows a standalone table to be made into a typed table, - or a typed table to be made standalone. - - - - - - Add support for more object types in ALTER ... SET - SCHEMA commands (Dimitri Fontaine) - - - - This command is now supported for conversions, operators, operator - classes, operator families, text search configurations, text search - dictionaries, text search parsers, and text search templates. - - - - - - - - - <link linkend="sql-createtable"><command>CREATE/ALTER TABLE</command></link> - - - - - - Add ALTER TABLE ... - ADD UNIQUE/PRIMARY KEY USING INDEX - (Gurjeet Singh) - - - - This allows a primary key or unique constraint to be defined using an - existing unique index, including a concurrently created unique index. - - - - - - Allow ALTER TABLE - to add foreign keys without validation (Simon Riggs) - - - - The new option is called NOT VALID. The constraint's - state can later be modified to VALIDATED and validation - checks performed. Together these allow you to add a foreign key - with minimal impact on read and write operations. - - - - - - Allow ALTER TABLE - ... SET DATA TYPE to avoid table rewrites in - appropriate cases (Noah Misch, Robert Haas) - - - - For example, converting a varchar column to - text no longer requires a rewrite of the table. - However, increasing the length constraint on a - varchar column still requires a table rewrite. - - - - - - Add CREATE TABLE IF - NOT EXISTS syntax (Robert Haas) - - - - This allows table creation without causing an error if the - table already exists. - - - - - - Fix possible tuple concurrently updated error - when two backends attempt to add an inheritance - child to the same table at the same time (Robert Haas) - - - - ALTER TABLE - now takes a stronger lock on the parent table, so that the sessions - cannot try to update it simultaneously. - - - - - - - - - Object Permissions - - - - - - Add a SECURITY - LABEL command (KaiGai Kohei) - - - - This allows security labels to be assigned to objects. - - - - - - - - - - - Utility Operations - - - - - - Add transaction-level advisory - locks (Marko Tiikkaja) - - - - These are similar to the existing session-level advisory locks, - but such locks are automatically released at transaction end. - - - - - - Make TRUNCATE ... RESTART - IDENTITY restart sequences transactionally (Steve - Singer) - - - - Previously the counter could have been left out of sync if a - backend crashed between the on-commit truncation activity and - commit completion. - - - - - - - <link linkend="sql-copy"><command>COPY</command></link> - - - - - - Add ENCODING option to COPY TO/FROM (Hitoshi - Harada, Itagaki Takahiro) - - - - This allows the encoding of the COPY file to be - specified separately from client encoding. - - - - - - Add bidirectional COPY - protocol support (Fujii Masao) - - - - This is currently only used by streaming replication. - - - - - - - - - <link linkend="sql-explain"><command>EXPLAIN</command></link> - - - - - - Make EXPLAIN VERBOSE show the function call expression - in a FunctionScan node (Tom Lane) - - - - - - - - - <link linkend="sql-vacuum"><command>VACUUM</command></link> - - - - - - Add additional details to the output of VACUUM FULL VERBOSE - and CLUSTER VERBOSE - (Itagaki Takahiro) - - - - New information includes the live and dead tuple count and - whether CLUSTER is using an index to rebuild. - - - - - - Prevent autovacuum from - waiting if it cannot acquire a table lock (Robert Haas) - - - - It will try to vacuum that table later. - - - - - - - - - <link linkend="sql-cluster"><command>CLUSTER</command></link> - - - - - - Allow CLUSTER to sort the table rather than scanning - the index when it seems likely to be cheaper (Leonardo Francalanci) - - - - - - - - - Indexes - - - - - - Add nearest-neighbor (order-by-operator) searching to GiST indexes (Teodor Sigaev, Tom Lane) - - - - This allows GiST indexes to quickly return the - N closest values in a query with LIMIT. - For example - point '(101,456)' LIMIT 10; -]]> - - finds the ten places closest to a given target point. - - - - - - Allow GIN indexes to index null - and empty values (Tom Lane) - - - - This allows full GIN index scans, and fixes various - corner cases in which GIN scans would fail. - - - - - - Allow GIN indexes to - better recognize duplicate search entries (Tom Lane) - - - - This reduces the cost of index scans, especially in cases where - it avoids unnecessary full index scans. - - - - - - Fix GiST indexes to be fully - crash-safe (Heikki Linnakangas) - - - - Previously there were rare cases where a REINDEX - would be required (you would be informed). - - - - - - - - - - - Data Types - - - - - - Allow numeric to use a more compact, two-byte header - in common cases (Robert Haas) - - - - Previously all numeric values had four-byte headers; - this change saves on disk storage. - - - - - - Add support for dividing money by money - (Andy Balholm) - - - - - - Allow binary I/O on type void (Radoslaw Smogura) - - - - - - Improve hypotenuse calculations for geometric operators (Paul Matthews) - - - - This avoids unnecessary overflows, and may also be more accurate. - - - - - - Support hashing array values (Tom Lane) - - - - This provides additional query optimization possibilities. - - - - - - Don't treat a composite type as sortable unless all its column types - are sortable (Tom Lane) - - - - This avoids possible could not identify a comparison function - failures at runtime, if it is possible to implement the query without - sorting. Also, ANALYZE won't try to use inappropriate - statistics-gathering methods for columns of such composite types. - - - - - - - Casting - - - - - - Add support for casting between money and numeric - (Andy Balholm) - - - - - - Add support for casting from int4 and int8 - to money (Joey Adams) - - - - - - Allow casting a table's row type to the table's supertype if - it's a typed table (Peter Eisentraut) - - - - This is analogous to the existing facility that allows casting a row - type to a supertable's row type. - - - - - - - - - <link linkend="functions-xml"><acronym>XML</acronym></link> - - - - - - Add XML function XMLEXISTS and xpath_exists() - functions (Mike Fowler) - - - - These are used for XPath matching. - - - - - - Add XML functions xml_is_well_formed(), - xml_is_well_formed_document(), - xml_is_well_formed_content() - (Mike Fowler) - - - - These check whether the input is properly-formed XML. - They provide functionality that was previously available only in - the deprecated contrib/xml2 module. - - - - - - - - - - - Functions - - - - - - Add SQL function format(text, ...), which - behaves analogously to C's printf() (Pavel Stehule, - Robert Haas) - - - - It currently supports formats for strings, SQL literals, and - SQL identifiers. - - - - - - Add string functions concat(), - concat_ws(), - left(), - right(), - and reverse() - (Pavel Stehule) - - - - These improve compatibility with other database products. - - - - - - Add function pg_read_binary_file() - to read binary files (Dimitri Fontaine, Itagaki Takahiro) - - - - - - Add a single-parameter version of function pg_read_file() - to read an entire file (Dimitri Fontaine, Itagaki Takahiro) - - - - - - Add three-parameter forms of array_to_string() - and string_to_array() - for null value processing control (Pavel Stehule) - - - - - - - Object Information Functions - - - - - - Add the pg_describe_object() - function (Alvaro Herrera) - - - - This function is used to obtain a human-readable string describing - an object, based on the pg_class - OID, object OID, and sub-object ID. It can be used to help - interpret the contents of pg_depend. - - - - - - Update comments for built-in operators and their underlying - functions (Tom Lane) - - - - Functions that are meant to be used via an associated operator - are now commented as such. - - - - - - Add variable quote_all_identifiers - to force the quoting of all identifiers in EXPLAIN - and in system catalog functions like pg_get_viewdef() - (Robert Haas) - - - - This makes exporting schemas to tools and other databases with - different quoting rules easier. - - - - - - Add columns to the information_schema.sequences - system view (Peter Eisentraut) - - - - Previously, though the view existed, the columns about the - sequence parameters were unimplemented. - - - - - - Allow public as a pseudo-role name in has_table_privilege() - and related functions (Alvaro Herrera) - - - - This allows checking for public permissions. - - - - - - - - - Function and Trigger Creation - - - - - - Support INSTEAD - OF triggers on views (Dean Rasheed) - - - - This feature can be used to implement fully updatable views. - - - - - - - - - - - Server-Side Languages - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Add FOREACH IN - ARRAY to PL/pgSQL - (Pavel Stehule) - - - - This is more efficient and readable than previous methods of - iterating through the elements of an array value. - - - - - - Allow RAISE without parameters to be caught in - the same places that could catch a RAISE ERROR - from the same location (Piyush Newe) - - - - The previous coding threw the error - from the block containing the active exception handler. - The new behavior is more consistent with other DBMS products. - - - - - - - - - <link linkend="plperl">PL/Perl</link> Server-Side Language - - - - - - Allow generic record arguments to PL/Perl functions (Andrew - Dunstan) - - - - PL/Perl functions can now be declared to accept type record. - The behavior is the same as for any named composite type. - - - - - - Convert PL/Perl array arguments to Perl arrays (Alexey Klyukin, - Alex Hunsaker) - - - - String representations are still available. - - - - - - Convert PL/Perl composite-type arguments to Perl hashes - (Alexey Klyukin, Alex Hunsaker) - - - - String representations are still available. - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add table function support for PL/Python (Jan Urbanski) - - - - PL/Python can now return multiple OUT parameters - and record sets. - - - - - - Add a validator to PL/Python (Jan Urbanski) - - - - This allows PL/Python functions to be syntax-checked at function - creation time. - - - - - - Allow exceptions for SQL queries in PL/Python (Jan Urbanski) - - - - This allows access to SQL-generated exception error codes from - PL/Python exception blocks. - - - - - - Add explicit subtransactions to PL/Python (Jan Urbanski) - - - - - - Add PL/Python functions for quoting strings (Jan Urbanski) - - - - These functions are plpy.quote_ident, - plpy.quote_literal, - and plpy.quote_nullable. - - - - - - Add traceback information to PL/Python errors (Jan Urbanski) - - - - - - Report PL/Python errors from iterators with PLy_elog (Jan - Urbanski) - - - - - - Fix exception handling with Python 3 (Jan Urbanski) - - - - Exception classes were previously not available in - plpy under Python 3. - - - - - - - - - - - Client Applications - - - - - - Mark createlang and droplang - as deprecated now that they just invoke extension commands (Tom - Lane) - - - - - - - <link linkend="app-psql"><application>psql</application></link> - - - - - - Add psql command \conninfo - to show current connection information (David Christensen) - - - - - - Add psql command \sf to - show a function's definition (Pavel Stehule) - - - - - - Add psql command \dL to list - languages (Fernando Ike) - - - - - - Add the (system) option to psql's - \dn (list schemas) command (Tom Lane) - - - - \dn without S now suppresses system - schemas. - - - - - - Allow psql's \e and \ef - commands to accept a line number to be used to position the - cursor in the editor (Pavel Stehule) - - - - This is passed to the editor according to the - PSQL_EDITOR_LINENUMBER_ARG environment variable. - - - - - - Have psql set the client encoding from the - operating system locale by default (Heikki Linnakangas) - - - - This only happens if the PGCLIENTENCODING environment - variable is not set. - - - - - - Make \d distinguish between unique - indexes and unique constraints (Josh Kupershmidt) - - - - - - Make \dt+ report pg_table_size - instead of pg_relation_size when talking to 9.0 or - later servers (Bernd Helmle) - - - - This is a more useful measure of table size, but note that it is - not identical to what was previously reported in the same display. - - - - - - Additional tab completion support (Itagaki Takahiro, Pavel Stehule, - Andrey Popp, Christoph Berg, David Fetter, Josh Kupershmidt) - - - - - - - - - <link linkend="app-pgdump"><application>pg_dump</application></link> - - - - - - Add pg_dump - and pg_dumpall - option to force quoting - of all identifiers (Robert Haas) - - - - - - Add directory format to pg_dump - (Joachim Wieland, Heikki Linnakangas) - - - - This is internally similar to the tar - pg_dump format. - - - - - - - - - <link linkend="app-pg-ctl"><application>pg_ctl</application></link> - - - - - - Fix pg_ctl - so it no longer incorrectly reports that the server is not - running (Bruce Momjian) - - - - Previously this could happen if the server was running but - pg_ctl could not authenticate. - - - - - - Improve pg_ctl start's wait - () option (Bruce Momjian, Tom Lane) - - - - The wait mode is now significantly more robust. It will not get - confused by non-default postmaster port numbers, non-default - Unix-domain socket locations, permission problems, or stale - postmaster lock files. - - - - - - Add promote option to pg_ctl to - switch a standby server to primary (Fujii Masao) - - - - - - - - - - - <application>Development Tools</application> - - - <link linkend="libpq"><application>libpq</application></link> - - - - - - Add a libpq connection option client_encoding - which behaves like the PGCLIENTENCODING environment - variable (Heikki Linnakangas) - - - - The value auto sets the client encoding based on - the operating system locale. - - - - - - Add PQlibVersion() - function which returns the libpq library version (Magnus - Hagander) - - - - libpq already had PQserverVersion() which returns - the server version. - - - - - - Allow libpq-using clients to - check the user name of the server process - when connecting via Unix-domain sockets, with the new requirepeer - connection option - (Peter Eisentraut) - - - - PostgreSQL already allowed servers to check - the client user name when connecting via Unix-domain sockets. - - - - - - Add PQping() - and PQpingParams() - to libpq (Bruce Momjian, Tom Lane) - - - - These functions allow detection of the server's status without - trying to open a new session. - - - - - - - - - <link linkend="ecpg"><application>ECPG</application></link> - - - - - - Allow ECPG to accept dynamic cursor names even in - WHERE CURRENT OF clauses - (Zoltan Boszormenyi) - - - - - - Make ecpglib write double values with a - precision of 15 digits, not 14 as formerly (Akira Kurosawa) - - - - - - - - - - Build Options - - - - - - Use +Olibmerrno compile flag with HP-UX C compilers - that accept it (Ibrar Ahmed) - - - - This avoids possible misbehavior of math library calls on recent - HP platforms. - - - - - - - Makefiles - - - - - - Improved parallel make support (Peter Eisentraut) - - - - This allows for faster compiles. Also, make -k - now works more consistently. - - - - - - Require GNU make - 3.80 or newer (Peter Eisentraut) - - - - This is necessary because of the parallel-make improvements. - - - - - - Add make maintainer-check target - (Peter Eisentraut) - - - - This target performs various source code checks that are not - appropriate for either the build or the regression tests. Currently: - duplicate_oids, SGML syntax and tabs check, NLS syntax check. - - - - - - Support make check in contrib - (Peter Eisentraut) - - - - Formerly only make installcheck worked, but now - there is support for testing in a temporary installation. - The top-level make check-world target now includes - testing contrib this way. - - - - - - - - - Windows - - - - - - On Windows, allow pg_ctl to register - the service as auto-start or start-on-demand (Quan Zongliang) - - - - - - Add support for collecting crash - dumps on Windows (Craig Ringer, Magnus Hagander) - - - - minidumps can now be generated by non-debug - Windows binaries and analyzed by standard debugging tools. - - - - - - Enable building with the MinGW64 compiler (Andrew Dunstan) - - - - This allows building 64-bit Windows binaries even on non-Windows - platforms via cross-compiling. - - - - - - - - - - - Source Code - - - - - - Revise the API for GUC variable assign hooks (Tom Lane) - - - - The previous functions of assign hooks are now split between check - hooks and assign hooks, where the former can fail but the latter - shouldn't. This change will impact add-on modules that define custom - GUC parameters. - - - - - - Add latches to the source code to support waiting for events (Heikki - Linnakangas) - - - - - - Centralize data modification permissions-checking logic - (KaiGai Kohei) - - - - - - Add missing get_object_oid() functions, for consistency - (Robert Haas) - - - - - - Improve ability to use C++ compilers for compiling add-on modules by removing - conflicting key words (Tom Lane) - - - - - - Add support for DragonFly BSD (Rumko) - - - - - - Expose quote_literal_cstr() for backend use - (Robert Haas) - - - - - - Run regression tests in the - default encoding (Peter Eisentraut) - - - - Regression tests were previously always run with - SQL_ASCII encoding. - - - - - - Add src/tools/git_changelog to replace - cvs2cl and pgcvslog (Robert - Haas, Tom Lane) - - - - - - Add git-external-diff script to - src/tools (Bruce Momjian) - - - - This is used to generate context diffs from git. - - - - - - Improve support for building with - Clang (Peter Eisentraut) - - - - - - - Server Hooks - - - - - - Add source code hooks to check permissions (Robert Haas, - Stephen Frost) - - - - - - Add post-object-creation function hooks for use by security - frameworks (KaiGai Kohei) - - - - - - Add a client authentication hook (KaiGai Kohei) - - - - - - - - - - - Contrib - - - - - - Modify contrib modules and procedural - languages to install via the new extension mechanism (Tom Lane, - Dimitri Fontaine) - - - - - - Add contrib/file_fdw - foreign-data wrapper (Shigeru Hanada) - - - - Foreign tables using this foreign data wrapper can read flat files - in a manner very similar to COPY. - - - - - - Add nearest-neighbor search support to contrib/pg_trgm and contrib/btree_gist - (Teodor Sigaev) - - - - - - Add contrib/btree_gist - support for searching on not-equals (Jeff Davis) - - - - - - Fix contrib/fuzzystrmatch's - levenshtein() function to handle multibyte characters - (Alexander Korotkov) - - - - - - Add ssl_cipher() and ssl_version() - functions to contrib/sslinfo (Robert - Haas) - - - - - - Fix contrib/intarray - and contrib/hstore - to give consistent results with indexed empty arrays (Tom Lane) - - - - Previously an empty-array query that used an index might return - different results from one that used a sequential scan. - - - - - - Allow contrib/intarray - to work properly on multidimensional arrays (Tom Lane) - - - - - - In - contrib/intarray, - avoid errors complaining about the presence of nulls in cases where no - nulls are actually present (Tom Lane) - - - - - - In - contrib/intarray, - fix behavior of containment operators with respect to empty arrays - (Tom Lane) - - - - Empty arrays are now correctly considered to be contained in any other - array. - - - - - - Remove contrib/xml2's - arbitrary limit on the number of - parameter=value pairs that can be - handled by xslt_process() (Pavel Stehule) - - - - The previous limit was 10. - - - - - - In contrib/pageinspect, - fix heap_page_item to return infomasks as 32-bit values (Alvaro Herrera) - - - - This avoids returning negative values, which was confusing. The - underlying value is a 16-bit unsigned integer. - - - - - - - Security - - - - - - Add contrib/sepgsql - to interface permission checks with SELinux (KaiGai Kohei) - - - - This uses the new SECURITY LABEL - facility. - - - - - - Add contrib module auth_delay (KaiGai - Kohei) - - - - This causes the server to pause before returning authentication - failure; it is designed to make brute force password attacks - more difficult. - - - - - - Add dummy_seclabel - contrib module (KaiGai Kohei) - - - - This is used for permission regression testing. - - - - - - - - - Performance - - - - - - Add support for LIKE and ILIKE index - searches to contrib/pg_trgm (Alexander - Korotkov) - - - - - - Add levenshtein_less_equal() function to contrib/fuzzystrmatch, - which is optimized for small distances (Alexander Korotkov) - - - - - - Improve performance of index lookups on contrib/seg columns (Alexander - Korotkov) - - - - - - Improve performance of pg_upgrade for - databases with many relations (Bruce Momjian) - - - - - - Add flag to contrib/pgbench to - report per-statement latencies (Florian Pflug) - - - - - - - - - Fsync Testing - - - - - - Move src/tools/test_fsync to contrib/pg_test_fsync - (Bruce Momjian, Tom Lane) - - - - - - Add O_DIRECT support to contrib/pg_test_fsync - (Bruce Momjian) - - - - This matches the use of O_DIRECT by wal_sync_method. - - - - - - Add new tests to contrib/pg_test_fsync - (Bruce Momjian) - - - - - - - - - - - Documentation - - - - - - Extensive ECPG - documentation improvements (Satoshi Nagayasu) - - - - - - Extensive proofreading and documentation improvements - (Thom Brown, Josh Kupershmidt, Susanne Ebrecht) - - - - - - Add documentation for exit_on_error - (Robert Haas) - - - - This parameter causes sessions to exit on any error. - - - - - - Add documentation for pg_options_to_table() - (Josh Berkus) - - - - This function shows table storage options in a readable form. - - - - - - Document that it is possible to access all composite type - fields using (compositeval).* - syntax (Peter Eisentraut) - - - - - - Document that translate() - removes characters in from that don't have a - corresponding to character (Josh Kupershmidt) - - - - - - Merge documentation for CREATE CONSTRAINT TRIGGER and CREATE TRIGGER - (Alvaro Herrera) - - - - - - Centralize permission and upgrade documentation (Bruce Momjian) - - - - - - Add kernel tuning - documentation for Solaris 10 (Josh Berkus) - - - - Previously only Solaris 9 kernel tuning was documented. - - - - - - Handle non-ASCII characters consistently in HISTORY file - (Peter Eisentraut) - - - - While the HISTORY file is in English, we do have to deal - with non-ASCII letters in contributor names. These are now - transliterated so that they are reasonably legible without assumptions - about character set. - - - - - - - - - diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml deleted file mode 100644 index 3494ddb5ce..0000000000 --- a/doc/src/sgml/release-9.2.sgml +++ /dev/null @@ -1,12201 +0,0 @@ - - - - - Release 9.2.24 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.2.23. - For information about new features in the 9.2 major release, see - . - - - - This is expected to be the last PostgreSQL - release in the 9.2.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.2.24 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.22, - see . - - - - - - Changes - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.2.23 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.2.22. - For information about new features in the 9.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.2.X release series in September 2017. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.2.23 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.22, - see . - - - - - - Changes - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - - - - - Release 9.2.22 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.2.21. - For information about new features in the 9.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.2.X release series in September 2017. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.2.22 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.2.20, - see . - - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - Always use , not , when building - shared libraries with gcc (Tom Lane) - - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the OpenSSL - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - - - - - Release 9.2.21 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.2.20. - For information about new features in the 9.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.2.X release series in September 2017. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.2.21 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.2.20, - see . - - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane) - - - - This is a back-patch of work previously done in newer branches; - it's needed since many platforms are adopting newer OpenSSL versions. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.2.20 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.2.19. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.20 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - - Fix WAL page header validation when re-reading segments (Takayuki - Tsunakawa, Amit Kapila) - - - - In corner cases, a spurious out-of-sequence TLI error - could be reported during recovery. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.2.19 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.2.18. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.19 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's and - options work consistently with our other executables (Haribabu Kommi) - - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the option - (Daniel Gustafsson) - - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.2.18 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.2.17. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.18 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new option - in psql's \connect command to allow - explicit control of whether to re-use connection parameters from a - previous connection. (Without this, the choice is based on whether - the database name looks like a conninfo string, as before.) This - allows secure handling of database names containing special - characters in pg_dumpall scripts. - - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - In pg_dump with both and - options, avoid emitting an unwanted CREATE SCHEMA public - command (David Johnston, Tom Lane) - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.2.17 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.2.16. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.17 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Back-port 9.4-era memory-barrier code changes into 9.2 and 9.3 (Tom Lane) - - - - These changes were not originally needed in pre-9.4 branches, but we - recently back-patched a fix that expected the barrier code to work - properly. Only IA64 (when using icc), HPPA, and Alpha platforms are - affected. - - - - - - Reduce the number of SysV semaphores used by a build configured with - (Tom Lane) - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.2.16 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.2.15. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.16 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.2.15 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.2.14. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.15 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with no - longer fails on tables with more than 8GB of data, and so - that pg_basebackup can handle files larger than 8GB. - In addition, fix some portability issues that could cause failures for - members between 4GB and 8GB on some platforms. Potentially these - problems could cause unrecoverable data loss due to unreadable backup - files. - - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - Fix failure to localize messages emitted - by pg_receivexlog and pg_recvlogical - (Ioseph Kim) - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.2.14 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.2.13. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.14 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - - - Back-patch 9.3-era addition of per-resource-owner lock caches - (Jeff Janes) - - - - This substantially improves performance when pg_dump - tries to dump a large number of tables. - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - In regular expression execution, correctly record match data for - capturing parentheses within a quantifier even when the match is - zero-length (Tom Lane) - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - Improve planner's performance for UPDATE/DELETE - on large inheritance sets (Tom Lane, Dean Rasheed) - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix handling of all-zeroes pages in SP-GiST indexes (Heikki - Linnakangas) - - - - VACUUM attempted to recycle such pages, but did so in a - way that wasn't crash-safe. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - - - Fix contrib/sepgsql's handling of SELECT INTO - statements (Kohei KaiGai) - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Make pg_dump handle inherited NOT VALID - check constraints correctly (Tom Lane) - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping data types from pre-9.2 servers, and when dumping - functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.2.13 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.2.12. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.13 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - - - Release 9.2.12 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.2.11. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.12 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - - - Fix pg_get_functiondef() to show - functions' LEAKPROOF property, if set (Jeevan Chalke) - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.2.11 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.2.10. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.11 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.2.10, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Fix planning of star-schema-style queries (Tom Lane) - - - - Sometimes, efficient scanning of a large table requires that index - parameters be provided from more than one other table (commonly, - dimension tables whose keys are needed to index a large fact table). - The planner should be able to find such plans, but an overly - restrictive search heuristic prevented it. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - - - Avoid cannot GetMultiXactIdMembers() during recovery error - (Álvaro Herrera) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Fix crash when doing COPY IN to a table with check - constraints that contain whole-row references (Tom Lane) - - - - The known failure case only crashes in 9.4 and up, but there is very - similar code in 9.3 and 9.2, so back-patch those branches as well. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - In libpq, fix misparsing of empty values in URI - connection strings (Thomas Fanghaenel) - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - - - Fix failure in pg_receivexlog (Andres Freund) - - - - A patch merge mistake in 9.2.10 led to could not create archive - status file errors. - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.2.10 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.2.9. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.10 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are a Windows user and are using the Norwegian - (Bokmål) locale, manual action is needed after the upgrade to - replace any Norwegian (Bokmål)_Norway locale names stored - in PostgreSQL system catalogs with the plain-ASCII - alias Norwegian_Norway. For details see - - - - - Also, if you are upgrading from a version earlier than 9.2.9, - see . - - - - - - Changes - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - Cope with the Windows locale named Norwegian (Bokmål) - (Heikki Linnakangas) - - - - Non-ASCII locale names are problematic since it's not clear what - encoding they should be represented in. Map the troublesome locale - name to a plain-ASCII alias, Norwegian_Norway. - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - Ensure that unlogged tables are copied correctly - during CREATE DATABASE or ALTER DATABASE SET - TABLESPACE (Pavan Deolasee, Andres Freund) - - - - - - Fix DROP's dependency searching to correctly handle the - case where a table column is recursively visited before its table - (Petr Jelinek, Tom Lane) - - - - This case is only known to arise when an extension creates both a - datatype and a table using that datatype. The faulty code might - refuse a DROP EXTENSION unless CASCADE is - specified, which should not be required. - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - Restore previous behavior of conversion of domains to JSON - (Tom Lane) - - - - This change causes domains over numeric and boolean to be treated - like their base types for purposes of conversion to JSON. It worked - like that before 9.3.5 and 9.2.9, but was unintentionally changed - while fixing a related problem. - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - Fix incorrect search for shortest-first regular expression matches - (Tom Lane) - - - - Matching would often fail when the number of allowed iterations is - limited by a ? quantifier or a bound expression. - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - Ensure that whole-row variables expose nonempty column names - to functions that pay attention to column names within composite - arguments (Tom Lane) - - - - In some contexts, constructs like row_to_json(tab.*) may - not produce the expected column names. This is fixed properly as of - 9.4; in older branches, just ensure that we produce some nonempty - name. (In some cases this will be the underlying table's column name - rather than the query-assigned alias that should theoretically be - visible.) - - - - - - Fix mishandling of system columns, - particularly tableoid, in FDW queries (Etsuro Fujita) - - - - - - Avoid doing indexed_column = ANY - (array) as an index qualifier if that leads - to an inferior plan (Andrew Gierth) - - - - In some cases, = ANY conditions applied to non-first index - columns would be done as index conditions even though it would be - better to use them as simple filter conditions. - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - During crash recovery, ensure that unlogged relations are rewritten as - empty and are synced to disk before recovery is considered complete - (Abhijit Menon-Sen, Andres Freund) - - - - This prevents scenarios in which unlogged relations might contain - garbage data following database crash recovery. - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - Prevent latest WAL file from being archived a second time at completion - of crash recovery (Fujii Masao) - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - Improve performance of pg_dump when the database - contains many instances of multiple dependency paths between the same - two objects (Tom Lane) - - - - - - Fix pg_dumpall to restore its ability to dump from - pre-8.1 servers (Gilles Darold) - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - Fix failure of contrib/auto_explain to print per-node - timing information when doing EXPLAIN ANALYZE (Tom Lane) - - - - - - Fix upgrade-from-unpackaged script for contrib/citext - (Tom Lane) - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - Fix file descriptor leak in contrib/pg_test_fsync - (Jeff Janes) - - - - This could cause failure to remove temporary files on Windows. - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - Mark some contrib I/O functions with correct volatility - properties (Tom Lane) - - - - The previous over-conservative marking was immaterial in normal use, - but could cause optimization problems or rejection of valid index - expression definitions. Since the consequences are not large, we've - just adjusted the function definitions in the extension modules' - scripts, without changing version numbers. - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.2.9 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.2.8. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.9 - - - A dump/restore is not required for those running 9.2.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 9.2.6, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - Fix corner-case infinite loop during insertion into an SP-GiST text - index (Tom Lane) - - - - - - Fix feedback status when is - turned off on-the-fly (Simon Riggs) - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Fix planner's mishandling of nested PlaceHolderVars generated in - nested-nestloop plans (Tom Lane) - - - - This oversight could result in variable not found in subplan - target lists errors, or in silently wrong query results. - - - - - - Fix could not find pathkey item to sort planner failures - with UNION ALL over subqueries reading from tables with - inheritance children (Tom Lane) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Improve planner to drop constant-NULL inputs - of AND/OR when possible (Tom Lane) - - - - This change fixes some cases where the more aggressive parameter - substitution done by 9.2 and later can lead to a worse plan than - older versions produced. - - - - - - Fix identification of input type category in to_json() - and friends (Tom Lane) - - - - This is known to have led to inadequate quoting of money - fields in the JSON result, and there may have been wrong - results for other data types as well. - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Prevent foreign tables from being created with OIDS - when is true - (Etsuro Fujita) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Fix client host name lookup when processing pg_hba.conf - entries that specify host names instead of IP addresses (Tom Lane) - - - - Ensure that reverse-DNS lookup failures are reported, instead of just - silently not matching such entries. Also ensure that we make only - one reverse-DNS lookup attempt per connection, not one per host name - entry, which is what previously happened if the lookup attempts failed. - - - - - - Allow the root user to use postgres -C variable and - postgres --describe-config (MauMau) - - - - The prohibition on starting the server as root does not need to extend - to these operations, and relaxing it prevents failure - of pg_ctl in some scenarios. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - Fix pg_upgrade for cases where the new server creates - a TOAST table but the old version did not (Bruce Momjian) - - - - This rare situation would manifest as relation OID mismatch - errors. - - - - - - Prevent contrib/auto_explain from changing the output of - a user's EXPLAIN (Tom Lane) - - - - If auto_explain is active, it could cause - an EXPLAIN (ANALYZE, TIMING OFF) command to nonetheless - print timing information. - - - - - - Fix query-lifespan memory leak in contrib/dblink - (MauMau, Joe Conway) - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - Prevent use of already-freed memory in - contrib/pgstattuple's pgstat_heap() - (Noah Misch) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.2.8 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.2.7. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.8 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.6, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - Fix walsender's failure to shut down cleanly when client - is pg_receivexlog (Fujii Masao) - - - - - - Check WAL level and hot standby parameters correctly when doing crash - recovery that will be followed by archive recovery (Heikki Linnakangas) - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Fix memory leak in PL/Perl when returning a composite result, including - multiple-OUT-parameter cases (Alex Hunsaker) - - - - - - Fix tracking of psql script line numbers - during \copy from out-of-line data - (Kumar Rajeev Rastogi, Amit Khandekar) - - - - \copy ... from incremented the script file line number - for each data line, even if the data was not coming from the script - file. This mistake resulted in wrong line numbers being reported for - any errors occurring later in the same script file. - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.2.7 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.2.6. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.7 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.6, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - When pause_at_recovery_target - and recovery_target_inclusive are both set, ensure the - target record is applied before pausing, not after (Heikki - Linnakangas) - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix race conditions in walsender shutdown logic and walreceiver - SIGHUP signal handler (Tom Lane) - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - Fix parser crash for EXISTS(SELECT * FROM - zero_column_table) (Tom Lane) - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Fix UPDATE/DELETE of an inherited target table - that has UNION ALL subqueries (Tom Lane) - - - - Without this fix, UNION ALL subqueries aren't correctly - inserted into the update plans for inheritance child tables after the - first one, typically resulting in no update happening for those child - table(s). - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Properly distinguish numbers from non-numbers when generating JSON - output (Andrew Dunstan) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Fix placement of permissions checks in pg_start_backup() - and pg_stop_backup() (Andres Freund, Magnus Hagander) - - - - The previous coding might attempt to do catalog access when it - shouldn't. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix *-qualification of named parameters in SQL-language - functions (Tom Lane) - - - - Given a composite-type parameter - named foo, $1.* worked fine, - but foo.* not so much. - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix incorrect translation handling in - some psql \d commands - (Peter Eisentraut, Tom Lane) - - - - - - Ensure pg_basebackup's background process is killed - when exiting its foreground process (Magnus Hagander) - - - - - - Fix possible incorrect printing of filenames - in pg_basebackup's verbose mode (Magnus Hagander) - - - - - - Avoid including tablespaces inside PGDATA twice in base backups - (Dimitri Fontaine, Magnus Hagander) - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Fix contrib/pg_stat_statement's handling - of CURRENT_DATE and related constructs (Kyotaro - Horiguchi) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.2.6 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.2.5. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.6 - - - A dump/restore is not required for those running 9.2.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first two changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.2.4, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. In 9.2.0 - and later, the probability of loss is higher, and it's also possible - to get could not access status of transaction errors as a - consequence of this bug. Users upgrading from releases 9.0.4 or 8.4.8 - or earlier are not affected, but all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Fix dangling-pointer problem in fast-path locking (Tom Lane) - - - - This could lead to corruption of the lock data structures in shared - memory, causing lock already held and other odd errors. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Ensure an anti-wraparound VACUUM counts a page as scanned - when it's only verified that no tuples need freezing (Sergey - Burladyan, Jeff Janes) - - - - This bug could result in failing to - advance relfrozenxid, so that the table would still be - thought to need another anti-wraparound vacuum. In the worst case the - database might even shut down to prevent wraparound. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Fix unexpected spgdoinsert() failure error during SP-GiST - index creation (Teodor Sigaev) - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix incorrect planning in cases where the same non-strict expression - appears in multiple WHERE and outer JOIN - equality clauses (Tom Lane) - - - - - - Fix planner crash with whole-row reference to a subquery (Tom Lane) - - - - - - Fix incorrect generation of optimized MIN()/MAX() plans for - inheritance trees (Tom Lane) - - - - The planner could fail in cases where the MIN()/MAX() argument was an - expression rather than a simple variable. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Prevent intra-transaction memory leak when printing range values - (Tom Lane) - - - - This fix actually cures transient memory leaks in any datatype output - function, but range types are the only ones known to have had a - significant problem. - - - - - - Prevent incorrect display of dropped columns in NOT NULL and CHECK - constraint violation messages (Michael Paquier and Tom Lane) - - - - - - Allow default arguments and named-argument notation for window - functions (Tom Lane) - - - - Previously, these cases were likely to crash. - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Make ecpg search for quoted cursor names - case-sensitively (Zoltán Böszörményi) - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.2.5 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.2.4. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.5 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.4, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix memory leak when creating B-tree indexes on range columns - (Heikki Linnakangas) - - - - - - Fix checkpoint memory leak in background writer when wal_level = - hot_standby (Naoya Anzai) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix possible SSL state corruption in threaded libpq applications - (Nick Phillips, Stephen Frost) - - - - - - Improve estimate of planner cost when choosing between generic and - custom plans (Tom Lane) - - - - This change will favor generic plans when planning cost is high. - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Fix accounting for qualifier evaluation costs in UNION ALL - and inheritance queries (Tom Lane) - - - - This fixes cases where suboptimal query plans could be chosen if - some WHERE clauses are expensive to calculate. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Fix pg_dump of foreign tables with dropped columns (Andrew Dunstan) - - - - Previously such cases could cause a pg_upgrade error. - - - - - - Reorder pg_dump processing of extension-related - rules and event triggers (Joe Conway) - - - - - - Force dumping of extension tables if specified by pg_dump - -t or -n (Joe Conway) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Fix pg_restore -l with the directory archive to display - the correct format name (Fujii Masao) - - - - - - Properly record index comments created using UNIQUE - and PRIMARY KEY syntax (Andres Freund) - - - - This fixes a parallel pg_restore failure. - - - - - - Cause pg_basebackup -x with an empty xlog directory - to throw an error rather than crashing (Magnus Hagander, Haruka - Takatsuka) - - - - - - Properly guarantee transmission of WAL files before clean switchover - (Fujii Masao) - - - - Previously, the streaming replication connection might close before all - WAL files had been replayed on the standby. - - - - - - Fix WAL segment timeline handling during recovery (Mitsumasa Kondo, - Heikki Linnakangas) - - - - WAL file recycling during standby recovery could lead to premature - recovery completion, resulting in data loss. - - - - - - Prevent errors in WAL replay due to references to uninitialized empty - pages (Andres Freund) - - - - - - Fix REINDEX TABLE and REINDEX DATABASE - to properly revalidate constraints and mark invalidated indexes as - valid (Noah Misch) - - - - REINDEX INDEX has always worked properly. - - - - - - Avoid deadlocks during insertion into SP-GiST indexes (Teodor Sigaev) - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix GiST index lookup crash (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Allow ALTER DEFAULT PRIVILEGES to operate on schemas - without requiring CREATE permission (Tom Lane) - - - - - - Loosen restriction on keywords used in queries (Tom Lane) - - - - Specifically, lessen keyword restrictions for role names, language - names, EXPLAIN and COPY options, and - SET values. This allows COPY ... (FORMAT - BINARY) to work as expected; previously BINARY needed - to be quoted. - - - - - - Print proper line number during COPY failure (Heikki - Linnakangas) - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Make pg_upgrade use pg_dump - --quote-all-identifiers to avoid problems with keyword changes - between releases (Tom Lane) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Ensure that VACUUM ANALYZE still runs the ANALYZE phase - if its attempt to truncate the file is cancelled due to lock conflicts - (Kevin Grittner) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Avoid unnecessary reporting when track_activities is off - (Tom Lane) - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Prevent crash when psql's PSQLRC variable - contains a tilde (Bruce Momjian) - - - - - - Add spinlock support for ARM64 (Mark Salter) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 9.2.4 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 9.2.3. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.4 - - - A dump/restore is not required for those running 9.2.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 9.2.2, - see . - - - - - - Changes - - - - - - Fix insecure parsing of server command-line switches (Mitsumasa - Kondo, Kyotaro Horiguchi) - - - - A connection request containing a database name that begins with - - could be crafted to damage or destroy - files within the server's data directory, even if the request is - eventually rejected. (CVE-2013-1899) - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Make REPLICATION privilege checks test current user not authenticated - user (Noah Misch) - - - - An unprivileged database user could exploit this mistake to call - pg_start_backup() or pg_stop_backup(), - thus possibly interfering with creation of routine backups. - (CVE-2013-1901) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix gist_point_consistent - to handle fuzziness consistently (Alexander Korotkov) - - - - Index scans on GiST indexes on point columns would sometimes - yield results different from a sequential scan, because - gist_point_consistent disagreed with the underlying - operator code about whether to do comparisons exactly or fuzzily. - - - - - - Fix buffer leak in WAL replay (Heikki Linnakangas) - - - - This bug could result in incorrect local pin count errors - during replay, making recovery impossible. - - - - - - Ensure we do crash recovery before entering archive recovery, if the - database was not stopped cleanly and a recovery.conf file - is present (Heikki Linnakangas, Kyotaro Horiguchi, Mitsumasa Kondo) - - - - This is needed to ensure that the database is consistent in certain - scenarios, such as initializing a standby server with a filesystem - snapshot from a running server. - - - - - - Avoid deleting not-yet-archived WAL files during crash recovery - (Heikki Linnakangas, Fujii Masao) - - - - - - Fix race condition in DELETE RETURNING (Tom Lane) - - - - Under the right circumstances, DELETE RETURNING could - attempt to fetch data from a shared buffer that the current process - no longer has any pin on. If some other process changed the buffer - meanwhile, this would lead to garbage RETURNING output, or - even a crash. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Fix SQL-language functions to be safely usable as support - functions for range types (Tom Lane) - - - - - - Fix logic error when a single transaction does UNLISTEN - then LISTEN (Tom Lane) - - - - The session wound up not listening for notify events at all, though it - surely should listen in this case. - - - - - - Fix possible planner crash after columns have been added to a view - that's depended on by another view (Tom Lane) - - - - - - Fix performance issue in EXPLAIN (ANALYZE, TIMING OFF) - (Pavel Stehule) - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Remove vestigial secondary-split support in - gist_box_picksplit() (Tom Lane) - - - - Not only was this implementation of secondary-split not better than the - default implementation, it's actually worse. So remove it and let the - default code path handle the case. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump and - pg_upgrade (Michael Paquier, Bruce Momjian) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - pg_upgrade now also skips invalid indexes rather than - failing. - - - - - - In pg_basebackup, include only the current server - version's subdirectory when backing up a tablespace (Heikki - Linnakangas) - - - - - - Add a server version check in pg_basebackup and - pg_receivexlog, so they fail cleanly with version - combinations that won't work (Heikki Linnakangas) - - - - - - Fix contrib/dblink to handle inconsistent settings of - DateStyle or IntervalStyle safely (Daniel - Farina, Tom Lane) - - - - Previously, if the remote server had different settings of these - parameters, ambiguous dates might be read incorrectly. This fix - ensures that datetime and interval columns fetched by a - dblink query will be interpreted correctly. Note however - that inconsistent settings are still risky, since literal values - appearing in SQL commands sent to the remote server might be - interpreted differently than they would be locally. - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Enable building PostgreSQL with Microsoft Visual - Studio 2012 (Brar Piening, Noah Misch) - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 9.2.3 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 9.2.2. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.3 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.2, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix multiple problems in detection of when a consistent database - state has been reached during WAL replay (Fujii Masao, Heikki - Linnakangas, Simon Riggs, Andres Freund) - - - - - - Fix detection of end-of-backup point when no actual redo work is - required (Heikki Linnakangas) - - - - This mistake could result in incorrect WAL ends before end of - online backup errors. - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix recycling of WAL segments after changing recovery target timeline - (Heikki Linnakangas) - - - - - - Properly restore timeline history files from archive on cascading - standby servers (Heikki Linnakangas) - - - - - - Fix lock conflict detection on hot-standby servers (Andres Freund, - Robert Haas) - - - - - - Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs) - - - - The need to cancel conflicting hot-standby queries would sometimes be - missed, allowing those queries to see inconsistent data. - - - - - - Prevent recovery pause feature from pausing before users can connect - (Tom Lane) - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Fix performance problems with autovacuum truncation in busy workloads - (Jan Wieck) - - - - Truncation of empty pages at the end of a table requires exclusive - lock, but autovacuum was coded to fail (and release the table lock) - when there are conflicting lock requests. Under load, it is easily - possible that truncation would never occur, resulting in table bloat. - Fix by performing a partial truncation, releasing the lock, then - attempting to re-acquire the lock and continue. This fix also greatly - reduces the average time before autovacuum releases the lock after a - conflicting request arrives. - - - - - - Improve performance of SPI_execute and related - functions, thereby improving PL/pgSQL's EXECUTE - (Heikki Linnakangas, Tom Lane) - - - - Remove some data-copying overhead that was added in 9.2 as a - consequence of revisions in the plan caching mechanism. This - eliminates a performance regression compared to 9.1, and also saves - memory, especially when the query string to be executed contains many - SQL statements. - - - - A side benefit is that multi-statement query strings are now - processed fully serially, that is we complete execution of earlier - statements before running parse analysis and planning on the - following ones. This eliminates a long-standing issue, in that DDL - that should affect the behavior of a later statement will now behave as - expected. - - - - - - Restore pre-9.2 cost estimates for index usage (Tom Lane) - - - - An ill-considered change of a fudge factor led to undesirably high - cost estimates for use of very large indexes. - - - - - - Fix intermittent crash in DROP INDEX CONCURRENTLY (Tom Lane) - - - - - - Fix potential corruption of shared-memory lock table during - CREATE/DROP INDEX CONCURRENTLY (Tom Lane) - - - - - - Fix COPY's multiple-tuple-insertion code for the case of - a tuple larger than page size minus fillfactor (Heikki Linnakangas) - - - - The previous coding could get into an infinite loop. - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Fix some bugs associated with privileges on datatypes (Tom Lane) - - - - There were some issues with default privileges for types, and - pg_dump failed to dump such privileges at all. - - - - - - Fix failure to ignore leftover temporary tables after a server crash - (Tom Lane) - - - - - - Fix failure to rotate postmaster log files for size reasons on - Windows (Jeff Janes, Heikki Linnakangas) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Fix pg_extension_config_dump() to handle - extension-update cases properly (Tom Lane) - - - - This function will now replace any existing entry for the target - table, making it usable in extension update scripts. - - - - - - Fix PL/pgSQL's reporting of plan-time errors in possibly-simple - expressions (Tom Lane) - - - - The previous coding resulted in sometimes omitting the first line in - the CONTEXT traceback for the error. - - - - - - Fix PL/Python's handling of functions used as triggers on multiple - tables (Andres Freund) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix possible error if a relation file is removed while - pg_basebackup is running (Heikki Linnakangas) - - - - - - Tolerate timeline switches while pg_basebackup -X fetch - is backing up a standby server (Heikki Linnakangas) - - - - - - Make pg_dump exclude data of unlogged tables when - running on a hot-standby server (Magnus Hagander) - - - - This would fail anyway because the data is not available on the standby - server, so it seems most convenient to assume - automatically. - - - - - - Fix pg_upgrade to deal with invalid indexes safely - (Bruce Momjian) - - - - - - Fix pg_upgrade's -O/-o options (Marti Raudsepp) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Include our version of isinf() in - libecpg if it's not provided by the system - (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 9.2.2 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 9.2.1. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.2 - - - A dump/restore is not required for those running 9.2.X. - - - - However, you may need to perform REINDEX operations to - correct problems in concurrently-built indexes, as described in the first - changelog item below. - - - - Also, if you are upgrading from version 9.2.0, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE/DROP INDEX - CONCURRENTLY (Andres Freund, Tom Lane, Simon Riggs, Pavan Deolasee) - - - - An error introduced while adding DROP INDEX CONCURRENTLY - allowed incorrect indexing decisions to be made during the initial - phase of CREATE INDEX CONCURRENTLY; so that indexes built - by that command could be corrupt. It is recommended that indexes - built in 9.2.X with CREATE INDEX CONCURRENTLY be rebuilt - after applying this update. - - - - In addition, fix CREATE/DROP INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - again resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - Also fix DROP INDEX CONCURRENTLY to not disable - insertions into the target index until all queries using it are done. - - - - Also fix misbehavior if DROP INDEX CONCURRENTLY is - canceled: the previous coding could leave an un-droppable index behind. - - - - - - Correct predicate locking for DROP INDEX CONCURRENTLY - (Kevin Grittner) - - - - Previously, SSI predicate locks were processed at the wrong time, - possibly leading to incorrect behavior of serializable transactions - executing in parallel with the DROP. - - - - - - Fix buffer locking during WAL replay (Tom Lane) - - - - The WAL replay code was insufficiently careful about locking buffers - when replaying WAL records that affect more than one page. This could - result in hot standby queries transiently seeing inconsistent states, - resulting in wrong answers or unexpected failures. - - - - - - Fix an error in WAL generation logic for GIN indexes (Tom Lane) - - - - This could result in index corruption, if a torn-page failure occurred. - - - - - - Fix an error in WAL replay logic for SP-GiST indexes (Tom Lane) - - - - This could result in index corruption after a crash, or on a standby - server. - - - - - - Fix incorrect detection of end-of-base-backup location during WAL - recovery (Heikki Linnakangas) - - - - This mistake allowed hot standby mode to start up before the database - reaches a consistent state. - - - - - - Properly remove startup process's virtual XID lock when promoting a - hot standby server to normal running (Simon Riggs) - - - - This oversight could prevent subsequent execution of certain - operations such as CREATE INDEX CONCURRENTLY. - - - - - - Avoid bogus out-of-sequence timeline ID errors in standby - mode (Heikki Linnakangas) - - - - - - Prevent the postmaster from launching new child processes after it's - received a shutdown signal (Tom Lane) - - - - This mistake could result in shutdown taking longer than it should, or - even never completing at all without additional user action. - - - - - - Fix the syslogger process to not fail when - log_rotation_age exceeds 2^31 milliseconds (about 25 days) - (Tom Lane) - - - - - - Fix WaitLatch() to return promptly when the requested - timeout expires (Jeff Janes, Tom Lane) - - - - With the previous coding, a steady stream of non-wait-terminating - interrupts could delay return from WaitLatch() - indefinitely. This has been shown to be a problem for the autovacuum - launcher process, and might cause trouble elsewhere as well. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Prevent file descriptors for dropped tables from being held open past - transaction end (Tom Lane) - - - - This should reduce problems with long-since-dropped tables continuing - to occupy disk space. - - - - - - Prevent database-wide crash and restart when a new child process is - unable to create a pipe for its latch (Tom Lane) - - - - Although the new process must fail, there is no good reason to force a - database-wide restart, so avoid that. This improves robustness when - the kernel is nearly out of file descriptors. - - - - - - Avoid planner crash with joins to unflattened subqueries (Tom Lane) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - 9.2 showed this type of error in more cases than previous releases, - but the basic bug has been there for a long time. - - - - - - Fix SELECT DISTINCT with index-optimized - MIN/MAX on an inheritance tree (Tom Lane) - - - - The planner would fail with failed to re-find MinMaxAggInfo - record given this combination of factors. - - - - - - Make sure the planner sees implicit and explicit casts as equivalent - for all purposes, except in the minority of cases where there's - actually a semantic difference (Tom Lane) - - - - - - Include join clauses when considering whether partial indexes can be - used for a query (Tom Lane) - - - - A strict join clause can be sufficient to establish an - x IS NOT NULL predicate, for example. - This fixes a planner regression in 9.2, since previous versions could - make comparable deductions. - - - - - - Limit growth of planning time when there are many indexable join - clauses for the same index (Tom Lane) - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Fix btree mark/restore functions to handle array keys (Tom Lane) - - - - This oversight could result in wrong answers from merge joins whose - inner side is an index scan using an - indexed_column = - ANY(array) condition. - - - - - - Revert patch for taking fewer snapshots (Tom Lane) - - - - The 9.2 change to reduce the number of snapshots taken during query - execution led to some anomalous behaviors not seen in previous - releases, because execution would proceed with a snapshot acquired - before locking the tables used by the query. Thus, for example, - a query would not be guaranteed to see updates committed by a - preceding transaction even if that transaction had exclusive lock. - We'll probably revisit this in future releases, but meanwhile put it - back the way it was before 9.2. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to a trigger WHEN condition, or to the - precheck logic for a foreign-key enforcement trigger. That could - result in a crash, or in an incorrect decision about whether to - fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix ALTER EXTENSION SET SCHEMA's failure to move some - subsidiary objects into the new schema (Álvaro Herrera, Dimitri - Fontaine) - - - - - - Handle CREATE TABLE AS EXECUTE correctly in extended query - protocol (Tom Lane) - - - - - - Don't modify the input parse tree in DROP RULE IF NOT - EXISTS and DROP TRIGGER IF NOT EXISTS (Tom Lane) - - - - This mistake would cause errors if a cached statement of one of these - types was re-executed. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Fix failure to advance XID epoch if XID wraparound happens during a - checkpoint and wal_level is hot_standby - (Tom Lane, Andres Freund) - - - - While this mistake had no particular impact on - PostgreSQL itself, it was bad for - applications that rely on txid_current() and related - functions: the TXID value would appear to go backwards. - - - - - - Fix pg_terminate_backend() and - pg_cancel_backend() to not throw error for a non-existent - target process (Josh Kupershmidt) - - - - This case already worked as intended when called by a superuser, - but not so much when called by ordinary users. - - - - - - Fix display of - pg_stat_replication.sync_state at a - page boundary (Kyotaro Horiguchi) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Save some cycles by not searching for subtransaction locks at commit - (Simon Riggs) - - - - In a transaction holding many exclusive locks, this useless activity - could be quite costly. - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - This fixes race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Make pg_dump dump SEQUENCE SET items in - the data not pre-data section of the archive (Tom Lane) - - - - This fixes an undesirable inconsistency between the meanings of - and , and also fixes - dumping of sequences that are marked as extension configuration tables. - - - - - - Fix pg_dump's handling of DROP DATABASE - commands in mode (Guillaume Lelarge) - - - - Beginning in 9.2.0, pg_dump --clean would issue a - DROP DATABASE command, which was either useless or - dangerous depending on the usage scenario. It no longer does that. - This change also fixes the combination of and - to work sensibly, i.e., emit DROP - DATABASE then CREATE DATABASE before reconnecting to the - target database. - - - - - - Fix pg_dump for views with circular dependencies and - no relation options (Tom Lane) - - - - The previous fix to dump relation options when a view is - involved in a circular dependency didn't work right for the case - that the view has no options; it emitted ALTER VIEW foo - SET () which is invalid syntax. - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in mode as well as the regular COPY mode. - - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix tar files emitted by pg_basebackup to - be POSIX conformant (Brian Weaver, Tom Lane) - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Fix ecpg's ecpg_get_data function to - handle arrays properly (Michael Meskes) - - - - - - Prevent pg_upgrade from trying to process TOAST tables - for system catalogs (Bruce Momjian) - - - - This fixes an error seen when the information_schema has - been dropped and recreated. Other failures were also possible. - - - - - - Improve pg_upgrade performance by setting - synchronous_commit to off in the new cluster - (Bruce Momjian) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Work around unportable behavior of malloc(0) and - realloc(NULL, 0) (Tom Lane) - - - - On platforms where these calls return NULL, some code - mistakenly thought that meant out-of-memory. - This is known to have broken pg_dump for databases - containing no user-defined aggregates. There might be other cases - as well. - - - - - - Ensure that make install for an extension creates the - extension installation directory (Cédric Villemain) - - - - Previously, this step was missed if MODULEDIR was set in - the extension's Makefile. - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 9.2.1 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 9.2.0. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.1 - - - A dump/restore is not required for those running 9.2.X. - - - - However, you may need to perform REINDEX and/or - VACUUM operations to recover from the effects of the data - corruption bug described in the first changelog item below. - - - - - - Changes - - - - - - Fix persistence marking of shared buffers during WAL replay - (Jeff Davis) - - - - This mistake can result in buffers not being written out during - checkpoints, resulting in data corruption if the server later crashes - without ever having written those buffers. Corruption can occur on - any server following crash recovery, but it is significantly more - likely to occur on standby slave servers since those perform much - more WAL replay. There is a low probability of corruption of btree - and GIN indexes. There is a much higher probability of corruption - of table visibility maps, which might lead to wrong answers - from index-only scans. Table data proper cannot be corrupted by this - bug. - - - - While no index corruption due to this bug is known to have occurred - in the field, as a precautionary measure it is recommended that - production installations REINDEX all btree and GIN - indexes at a convenient time after upgrading to 9.2.1. - - - - Also, it is recommended to perform a VACUUM of all tables - while having vacuum_freeze_table_age - set to zero. This will fix any incorrect visibility map data. vacuum_cost_delay - can be adjusted to reduce the performance impact of vacuuming, while - causing it to take longer to finish. - - - - - - Fix possible incorrect sorting of output from queries involving - WHERE indexed_column IN - (list_of_values) (Tom Lane) - - - - - - Fix planner failure for queries involving GROUP BY - expressions along with window functions and aggregates (Tom Lane) - - - - - - Fix planner's assignment of executor parameters (Tom Lane) - - - - This error could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Improve planner's handling of join conditions in index scans (Tom Lane) - - - - - - Improve selectivity estimation for text search queries involving - prefixes, i.e. word:* patterns (Tom Lane) - - - - - - Fix delayed recognition of permissions changes (Tom Lane) - - - - A command that needed no locks other than ones its transaction already - had might fail to notice a concurrent GRANT or - REVOKE that committed since the start of its transaction. - - - - - - Fix ANALYZE to not fail when a column is a domain over an - array type (Tom Lane) - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Remove unnecessary dependency on pg_config from - pg_upgrade (Peter Eisentraut) - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 9.2 - - - Release date: - 2012-09-10 - - - - Overview - - - This release has been largely focused on performance improvements, though - new SQL features are not lacking. Work also continues in the area of - replication support. Major enhancements include: - - - - - - - - - Allow queries to retrieve data only from indexes, avoiding heap - access (index-only scans) - - - - - - Allow the planner to generate custom plans for specific parameter - values even when using prepared statements - - - - - - Improve the planner's ability to use nested loops with inner - index scans - - - - - - Allow streaming replication slaves to forward data to other slaves - (cascading - replication) - - - - - - Allow pg_basebackup - to make base backups from standby servers - - - - - - Add a pg_receivexlog - tool to archive WAL file changes as they are written - - - - - - Add the SP-GiST (Space-Partitioned - GiST) index access method - - - - - - Add support for range data types - - - - - - Add a JSON - data type - - - - - - Add a security_barrier - option for views - - - - - - Allow libpq connection strings to have the format of a - URI - - - - - - Add a single-row processing - mode to libpq for better handling of large - result sets - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.2 - - - A dump/restore using pg_dump, or use of - pg_upgrade, is required for those wishing - to migrate data from any previous release. - - - - Version 9.2 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - System Catalogs - - - - - - Remove the spclocation field from pg_tablespace - (Magnus Hagander) - - - - This field was duplicative of the symbolic links that actually define - tablespace locations, and thus risked errors of omission when moving - a tablespace. This change allows tablespace directories to be moved - while the server is down, by manually adjusting the symbolic links. - To replace this field, we have added pg_tablespace_location() - to allow querying of the symbolic links. - - - - - - Move tsvector most-common-element statistics to new - pg_stats columns - (Alexander Korotkov) - - - - Consult most_common_elems - and most_common_elem_freqs for the data formerly - available in most_common_vals - and most_common_freqs for a tsvector column. - - - - - - - - - Functions - - - - - - Remove hstore's => - operator (Robert Haas) - - - - Users should now use hstore(text, text). Since - PostgreSQL 9.0, a warning message has been - emitted when an operator named => is created because - the SQL standard reserves that token for - another use. - - - - - - Ensure that xpath() - escapes special characters in string values (Florian Pflug) - - - - Without this it is possible for the result not to be valid - XML. - - - - - - Make pg_relation_size() - and friends return NULL if the object does not exist (Phil Sorber) - - - - This prevents queries that call these functions from returning - errors immediately after a concurrent DROP. - - - - - - Make EXTRACT(EPOCH FROM - timestamp without time zone) - measure the epoch from local midnight, not UTC - midnight (Tom Lane) - - - - This change reverts an ill-considered change made in release 7.3. - Measuring from UTC midnight was inconsistent - because it made the result dependent on the timezone setting, which - computations for timestamp without time zone should not be. - The previous behavior remains available by casting the input value - to timestamp with time zone. - - - - - - Properly parse time strings with trailing yesterday, - today, and tomorrow (Dean Rasheed) - - - - Previously, SELECT '04:00:00 yesterday'::timestamp - returned yesterday's date at midnight. - - - - - - Fix to_date() and - to_timestamp() to wrap incomplete dates toward 2020 - (Bruce Momjian) - - - - Previously, supplied years and year masks of less than four digits - wrapped inconsistently. - - - - - - - - - Object Modification - - - - - - Prevent ALTER - DOMAIN from working on non-domain types (Peter - Eisentraut) - - - - Owner and schema changes were previously possible on non-domain - types. - - - - - - No longer forcibly lowercase procedural language names in CREATE FUNCTION - (Robert Haas) - - - - While unquoted language identifiers are still lowercased, strings - and quoted identifiers are no longer forcibly down-cased. - Thus for example CREATE FUNCTION ... LANGUAGE 'C' - will no longer work; it must be spelled 'c', or better - omit the quotes. - - - - - - Change system-generated names of foreign key enforcement triggers - (Tom Lane) - - - - This change ensures that the triggers fire in the correct order in - some corner cases involving self-referential foreign key constraints. - - - - - - - - - Command-Line Tools - - - - - - Provide consistent backquote, variable - expansion, and quoted substring behavior in psql meta-command - arguments (Tom Lane) - - - - Previously, such references were treated oddly when not separated by - whitespace from adjacent text. For example 'FOO'BAR was - output as FOO BAR (unexpected insertion of a space) and - FOO'BAR'BAZ was output unchanged (not removing the quotes - as most would expect). - - - - - - No longer treat clusterdb - table names as double-quoted; no longer treat reindexdb table - and index names as double-quoted (Bruce Momjian) - - - - Users must now include double-quotes in the command arguments if - quoting is wanted. - - - - - - createuser - no longer prompts for option settings by default (Peter Eisentraut) - - - - Use to obtain the old behavior. - - - - - - Disable prompting for the user name in dropuser unless - is specified (Peter Eisentraut) - - - - - - - - - Server Settings - - - - - - Add server parameters for specifying the locations of server-side - SSL files (Peter Eisentraut) - - - - This allows changing the names and locations of the files that were - previously hard-coded as server.crt, - server.key, root.crt, and - root.crl in the data directory. - The server will no longer examine root.crt or - root.crl by default; to load these files, the - associated parameters must be set to non-default values. - - - - - - Remove the silent_mode parameter (Heikki Linnakangas) - - - - Similar behavior can be obtained with pg_ctl start - -l postmaster.log. - - - - - - Remove the wal_sender_delay parameter, - as it is no longer needed (Tom Lane) - - - - - - Remove the custom_variable_classes parameter (Tom Lane) - - - - The checking provided by this setting was dubious. Now any - setting can be prefixed by any class name. - - - - - - - - Monitoring - - - - - - Rename pg_stat_activity.procpid - to pid, to match other system tables (Magnus Hagander) - - - - - - Create a separate pg_stat_activity column to - report process state (Scott Mead, Magnus Hagander) - - - - The previous query and query_start - values now remain available for an idle session, allowing enhanced - analysis. - - - - - - Rename pg_stat_activity.current_query to - query because it is not cleared when the query - completes (Magnus Hagander) - - - - - - Change all SQL-level statistics timing values - to be float8 columns measured in milliseconds (Tom Lane) - - - - This change eliminates the designed-in assumption that the values - are accurate to microseconds and no more (since the float8 - values can be fractional). - The columns affected are - pg_stat_user_functions.total_time, - pg_stat_user_functions.self_time, - pg_stat_xact_user_functions.total_time, - and - pg_stat_xact_user_functions.self_time. - The statistics functions underlying these columns now also return - float8 milliseconds, rather than bigint - microseconds. - contrib/pg_stat_statements' - total_time column is now also measured in - milliseconds. - - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.2 and the previous major - release. - - - - Server - - - Performance - - - - - Allow queries to retrieve data only from indexes, avoiding heap - access (Robert Haas, Ibrar Ahmed, Heikki Linnakangas, Tom Lane) - - - - This feature is often called index-only scans. - Heap access can be skipped for heap pages containing only tuples that - are visible to all sessions, as reported by the visibility map; so - the benefit applies mainly to mostly-static data. The visibility map - was made crash-safe as a necessary part of implementing this feature. - - - - - - Add the SP-GiST (Space-Partitioned - GiST) index access method (Teodor Sigaev, Oleg Bartunov, Tom - Lane) - - - - SP-GiST is comparable to GiST in flexibility, but supports - unbalanced partitioned search structures rather than balanced - trees. For suitable problems, SP-GiST can be faster than GiST in both - index build time and search time. - - - - - - Allow group commit to work effectively under heavy load (Peter - Geoghegan, Simon Riggs, Heikki Linnakangas) - - - - Previously, batching of commits became ineffective as the write - workload increased, because of internal lock contention. - - - - - - Allow uncontended locks to be managed using a new - fast-path lock mechanism (Robert Haas) - - - - - - Reduce overhead of creating virtual transaction ID locks (Robert - Haas) - - - - - - Reduce the overhead of serializable isolation level locks (Dan - Ports) - - - - - - Improve PowerPC and Itanium spinlock performance (Manabu Ori, - Robert Haas, Tom Lane) - - - - - - Reduce overhead for shared invalidation cache messages (Robert - Haas) - - - - - - Move the frequently accessed members of the PGPROC - shared memory array to a separate array (Pavan - Deolasee, Heikki Linnakangas, Robert Haas) - - - - - - Improve COPY performance by adding tuples to - the heap in batches (Heikki Linnakangas) - - - - - - Improve GiST index performance for geometric data types by producing - better trees with less memory allocation overhead (Alexander Korotkov) - - - - - - Improve GiST index build times (Alexander Korotkov, Heikki - Linnakangas) - - - - - - Allow hint bits to be set sooner for temporary and unlogged tables - (Robert Haas) - - - - - - Allow sorting to be performed by inlined, - non-SQL-callable comparison functions (Peter - Geoghegan, Robert Haas, Tom Lane) - - - - - - Make the number of CLOG buffers scale based on shared_buffers - (Robert Haas, Simon Riggs, Tom Lane) - - - - - - Improve performance of buffer pool scans that occur when tables or - databases are dropped (Jeff Janes, Simon Riggs) - - - - - - Improve performance of checkpointer's fsync-request queue - when many tables are being dropped or truncated (Tom Lane) - - - - - - Pass the safe number of file descriptors to child processes on Windows - (Heikki Linnakangas) - - - - This allows Windows sessions to use more open file descriptors than - before. - - - - - - - - - Process Management - - - - - - Create a dedicated background process to perform checkpoints (Simon - Riggs) - - - - Formerly the background writer did both dirty-page writing and - checkpointing. Separating this into two processes allows each goal - to be accomplished more predictably. - - - - - - Improve asynchronous commit behavior by waking the walwriter sooner - (Simon Riggs) - - - - Previously, only wal_writer_delay - triggered WAL flushing to disk; now filling a - WAL buffer also triggers WAL - writes. - - - - - - Allow the bgwriter, walwriter, checkpointer, statistics collector, - log collector, and archiver background processes to sleep more - efficiently during periods of inactivity (Peter Geoghegan, Tom Lane) - - - - This series of changes reduces the frequency of process wake-ups when - there is nothing to do, dramatically reducing power consumption on - idle servers. - - - - - - - - - Optimizer - - - - - - Allow the planner to generate custom plans for specific parameter - values even when using prepared statements - (Tom Lane) - - - - In the past, a prepared statement always had a single - generic plan that was used for all parameter values, which - was frequently much inferior to the plans used for non-prepared - statements containing explicit constant values. Now, the planner - attempts to generate custom plans for specific parameter values. - A generic plan will only be used after custom plans have repeatedly - proven to provide no benefit. This change should eliminate the - performance penalties formerly seen from use of prepared statements - (including non-dynamic statements in PL/pgSQL). - - - - - - Improve the planner's ability to use nested loops with inner - index scans (Tom Lane) - - - - The new parameterized path mechanism allows inner - index scans to use values from relations that are more than one join - level up from the scan. This can greatly improve performance in - situations where semantic restrictions (such as outer joins) limit - the allowed join orderings. - - - - - - Improve the planning API for foreign data wrappers - (Etsuro Fujita, Shigeru Hanada, Tom Lane) - - - - Wrappers can now provide multiple access paths for their - tables, allowing more flexibility in join planning. - - - - - - Recognize self-contradictory restriction clauses for non-table - relations (Tom Lane) - - - - This check is only performed when constraint_exclusion - is on. - - - - - - Allow indexed_col op ANY(ARRAY[...]) conditions to be - used in plain index scans and index-only scans (Tom Lane) - - - - Formerly such conditions could only be used in bitmap index scans. - - - - - - Support MIN/MAX index optimizations on - boolean columns (Marti Raudsepp) - - - - - - Account for set-returning functions in SELECT target - lists when setting row count estimates (Tom Lane) - - - - - - Fix planner to handle indexes with duplicated columns more reliably - (Tom Lane) - - - - - - Collect and use element-frequency statistics for arrays (Alexander - Korotkov, Tom Lane) - - - - This change improves selectivity estimation for the array - <@, &&, and - @> operators (array containment and overlaps). - - - - - - Allow statistics to be collected for foreign tables - (Etsuro Fujita) - - - - - - Improve cost estimates for use of partial indexes (Tom Lane) - - - - - - Improve the planner's ability to use statistics for columns - referenced in subqueries (Tom Lane) - - - - - - Improve statistical estimates for subqueries using - DISTINCT (Tom Lane) - - - - - - - - - Authentication - - - - - - Do not treat role names and samerole specified in pg_hba.conf - as automatically including superusers (Andrew Dunstan) - - - - This makes it easier to use reject lines with group roles. - - - - - - Adjust pg_hba.conf processing to handle token - parsing more consistently (Brendan Jurd, Álvaro Herrera) - - - - - - Disallow empty pg_hba.conf files (Tom Lane) - - - - This was done to more quickly detect misconfiguration. - - - - - - Make superuser privilege imply replication privilege (Noah Misch) - - - - This avoids the need to explicitly assign such privileges. - - - - - - - - - Monitoring - - - - - - Attempt to log the current query string during a backend crash - (Marti Raudsepp) - - - - - - Make logging of autovacuum I/O activity more verbose (Greg - Smith, Noah Misch) - - - - This logging is triggered by log_autovacuum_min_duration. - - - - - - Make WAL replay report failures sooner - (Fujii Masao) - - - - There were some cases where failures were only reported once the - server went into master mode. - - - - - - Add pg_xlog_location_diff() - to simplify WAL location comparisons (Euler Taveira de Oliveira) - - - - This is useful for computing replication lag. - - - - - - Support configurable event log application names on Windows - (MauMau, Magnus Hagander) - - - - This allows different instances to use the event log - with different identifiers, by setting the event_source - server parameter, which is similar to how syslog_ident works. - - - - - - Change unexpected EOF messages to DEBUG1 level, - except when there is an open transaction (Magnus Hagander) - - - - This change reduces log chatter caused by applications that close - database connections ungracefully. - - - - - - - - - Statistical Views - - - - - - Track temporary file sizes and file counts in the pg_stat_database - system view (Tomas Vondra) - - - - - - Add a deadlock counter to the pg_stat_database - system view (Magnus Hagander) - - - - - - Add a server parameter track_io_timing - to track I/O timings (Ants Aasma, Robert Haas) - - - - - - Report checkpoint timing information in pg_stat_bgwriter - (Greg Smith, Peter Geoghegan) - - - - - - - - - Server Settings - - - - - - Silently ignore nonexistent schemas specified in search_path (Tom Lane) - - - - This makes it more convenient to use generic path settings, which - might include some schemas that don't exist in all databases. - - - - - - Allow superusers to set deadlock_timeout - per-session, not just per-cluster (Noah Misch) - - - - This allows deadlock_timeout to be reduced for - transactions that are likely to be involved in a deadlock, thus - detecting the failure more quickly. Alternatively, increasing the - value can be used to reduce the chances of a session being chosen for - cancellation due to a deadlock. - - - - - - Add a server parameter temp_file_limit - to constrain temporary file space usage per session (Mark Kirkwood) - - - - - - Allow a superuser to SET an extension's - superuser-only custom variable before loading the associated - extension (Tom Lane) - - - - The system now remembers whether a SET was - performed by a superuser, so that proper privilege checking can be - done when the extension is loaded. - - - - - - Add postmaster - option to query configuration parameters (Bruce Momjian) - - - - This allows pg_ctl to better handle cases where - PGDATA or points to a configuration-only - directory. - - - - - - Replace an empty locale name with the implied value in - CREATE DATABASE - (Tom Lane) - - - - This prevents cases where - pg_database.datcollate or - datctype could be interpreted differently after a - server restart. - - - - - - - <filename>postgresql.conf</filename> - - - - - - Allow multiple errors in postgresql.conf - to be reported, rather than just the first one (Alexey Klyukin, - Tom Lane) - - - - - - Allow a reload of postgresql.conf to be - processed by all sessions, even if there are some settings that - are invalid for particular sessions (Alexey Klyukin) - - - - Previously, such not-valid-within-session values would cause all - setting changes to be ignored by that session. - - - - - - Add an include_if_exists facility for configuration - files (Greg Smith) - - - - This works the same as include, except that an error - is not thrown if the file is missing. - - - - - - Identify the server time zone during initdb, and set - postgresql.conf entries - timezone and - log_timezone - accordingly (Tom Lane) - - - - This avoids expensive time zone probes during server start. - - - - - - Fix pg_settings to - report postgresql.conf line numbers on Windows - (Tom Lane) - - - - - - - - - - - - - Replication and Recovery - - - - - - Allow streaming replication slaves to forward data to other slaves - (cascading - replication) (Fujii Masao) - - - - Previously, only the master server could supply streaming - replication log files to standby servers. - - - - - - Add new synchronous_commit - mode remote_write (Fujii Masao, Simon Riggs) - - - - This mode waits for the standby server to write transaction data to - its own operating system, but does not wait for the data to be - flushed to the standby's disk. - - - - - - Add a pg_receivexlog - tool to archive WAL file changes as they are written, rather - than waiting for completed WAL files (Magnus Hagander) - - - - - - Allow pg_basebackup - to make base backups from standby servers (Jun Ishizuka, Fujii Masao) - - - - This feature lets the work of making new base backups be off-loaded - from the primary server. - - - - - - Allow streaming of WAL files while pg_basebackup - is performing a backup (Magnus Hagander) - - - - This allows passing of WAL files to the standby before they are - discarded on the primary. - - - - - - - - - Queries - - - - - - Cancel the running query if the client gets disconnected - (Florian Pflug) - - - - If the backend detects loss of client connection during a query, it - will now cancel the query rather than attempting to finish it. - - - - - - Retain column names at run time for row expressions - (Andrew Dunstan, Tom Lane) - - - - This change allows better results when a row value is converted to - hstore or json type: the fields of the resulting - value will now have the expected names. - - - - - - Improve column labels used for sub-SELECT results - (Marti Raudsepp) - - - - Previously, the generic label ?column? was used. - - - - - - Improve heuristics for determining the types of unknown values - (Tom Lane) - - - - The longstanding rule that an unknown constant might have the - same type as the value on the other side of the operator using it - is now applied when considering polymorphic operators, not only - for simple operator matches. - - - - - - Warn about creating casts to or from domain types (Robert Haas) - - - - Such casts have no effect. - - - - - - When a row fails a CHECK or NOT NULL - constraint, show the row's contents as error detail (Jan - Kundrát) - - - - This should make it easier to identify which row is problematic - when an insert or update is processing many rows. - - - - - - - - - Object Manipulation - - - - - - Provide more reliable operation during concurrent - DDL (Robert Haas, Noah Misch) - - - - This change adds locking that should eliminate cache lookup - failed errors in many scenarios. Also, it is no longer possible - to add relations to a schema that is being concurrently dropped, a - scenario that formerly led to inconsistent system catalog contents. - - - - - - Add CONCURRENTLY option to DROP INDEX - (Simon Riggs) - - - - This allows index removal without blocking other sessions. - - - - - - Allow foreign data wrappers to have per-column options (Shigeru Hanada) - - - - - - Improve pretty-printing of view definitions (Andrew Dunstan) - - - - - - - Constraints - - - - - - Allow CHECK - constraints to be declared NOT VALID (Álvaro - Herrera) - - - - Adding a NOT VALID constraint does not cause the table to - be scanned to verify that existing rows meet the constraint. - Subsequently, newly added or updated rows are checked. - Such constraints are ignored by the planner when considering - constraint_exclusion, since it is not certain that all - rows meet the constraint. - - - - The new ALTER TABLE VALIDATE command allows NOT - VALID constraints to be checked for existing rows, after which - they are converted into ordinary constraints. - - - - - - Allow CHECK constraints to be declared NO - INHERIT (Nikhil Sontakke, Alex Hunsaker, Álvaro Herrera) - - - - This makes them enforceable only on the parent table, not on - child tables. - - - - - - Add the ability to rename - constraints (Peter Eisentraut) - - - - - - - - <command>ALTER</command> - - - - - - Reduce need to rebuild tables and indexes for certain ALTER TABLE - ... ALTER COLUMN TYPE operations (Noah Misch) - - - - Increasing the length limit for a varchar or varbit - column, or removing the limit altogether, no longer requires a table - rewrite. Similarly, increasing the allowable precision of a - numeric column, or changing a column from constrained - numeric to unconstrained numeric, no longer - requires a table rewrite. Table rewrites are also avoided in similar - cases involving the interval, timestamp, and - timestamptz types. - - - - - - Avoid having ALTER - TABLE revalidate foreign key constraints in some - cases where it is not necessary (Noah Misch) - - - - - - Add IF EXISTS options to some ALTER - commands (Pavel Stehule) - - - - For example, ALTER FOREIGN TABLE IF EXISTS foo RENAME - TO bar. - - - - - - Add ALTER - FOREIGN DATA WRAPPER ... RENAME - and ALTER - SERVER ... RENAME (Peter Eisentraut) - - - - - - Add ALTER - DOMAIN ... RENAME (Peter Eisentraut) - - - - You could already rename domains using ALTER - TYPE. - - - - - - Throw an error for ALTER DOMAIN ... DROP - CONSTRAINT on a nonexistent constraint (Peter Eisentraut) - - - - An IF EXISTS option has been added to provide the - previous behavior. - - - - - - - - - <link linkend="sql-createtable"><command>CREATE TABLE</command></link> - - - - - - Allow CREATE TABLE (LIKE ...) from foreign - tables, views, and composite types (Peter Eisentraut) - - - - For example, this allows a table to be created whose schema matches a - view. - - - - - - Fix CREATE TABLE (LIKE ...) to avoid index name - conflicts when copying index comments (Tom Lane) - - - - - - Fix CREATE TABLE ... AS EXECUTE - to handle WITH NO DATA and column name specifications - (Tom Lane) - - - - - - - - - Object Permissions - - - - - - Add a security_barrier - option for views (KaiGai Kohei, Robert Haas) - - - - This option prevents optimizations that might allow view-protected - data to be exposed to users, for example pushing a clause involving - an insecure function into the WHERE clause of the view. - Such views can be expected to perform more poorly than ordinary - views. - - - - - - Add a new LEAKPROOF function - attribute to mark functions that can safely be pushed down - into security_barrier views (KaiGai Kohei) - - - - - - Add support for privileges on data types (Peter Eisentraut) - - - - This adds support for the SQL-conforming - USAGE privilege on types and domains. The intent is - to be able to restrict which users can create dependencies on types, - since such dependencies limit the owner's ability to alter the type. - - - - - - Check for INSERT privileges in SELECT - INTO / CREATE TABLE AS (KaiGai Kohei) - - - - Because the object is being created by SELECT INTO - or CREATE TABLE AS, the creator would ordinarily - have insert permissions; but there are corner cases where this is not - true, such as when ALTER DEFAULT PRIVILEGES has removed - such permissions. - - - - - - - - - - - Utility Operations - - - - - - Allow VACUUM to more - easily skip pages that cannot be locked (Simon Riggs, Robert Haas) - - - - This change should greatly reduce the incidence of VACUUM - getting stuck waiting for other sessions. - - - - - - Make EXPLAIN - (BUFFERS) count blocks dirtied and written (Robert Haas) - - - - - - Make EXPLAIN ANALYZE report the number of rows - rejected by filter steps (Marko Tiikkaja) - - - - - - Allow EXPLAIN ANALYZE to avoid timing overhead when - time values are not wanted (Tomas Vondra) - - - - This is accomplished by setting the new TIMING option to - FALSE. - - - - - - - - - Data Types - - - - - - Add support for range data types - (Jeff Davis, Tom Lane, Alexander Korotkov) - - - - A range data type stores a lower and upper bound belonging to its - base data type. It supports operations like contains, overlaps, and - intersection. - - - - - - Add a JSON - data type (Robert Haas) - - - - This type stores JSON (JavaScript Object Notation) - data with proper validation. - - - - - - Add array_to_json() - and row_to_json() (Andrew Dunstan) - - - - - - Add a SMALLSERIAL - data type (Mike Pultz) - - - - This is like SERIAL, except it stores the sequence in - a two-byte integer column (int2). - - - - - - Allow domains to be - declared NOT VALID (Álvaro Herrera) - - - - This option can be set at domain creation time, or via ALTER - DOMAIN ... ADD CONSTRAINT ... NOT - VALID. ALTER DOMAIN ... VALIDATE - CONSTRAINT fully validates the constraint. - - - - - - Support more locale-specific formatting options for the money data type (Tom Lane) - - - - Specifically, honor all the POSIX options for ordering of the value, - sign, and currency symbol in monetary output. Also, make sure that - the thousands separator is only inserted to the left of the decimal - point, as required by POSIX. - - - - - - Add bitwise and, or, and not - operators for the macaddr data type (Brendan Jurd) - - - - - - Allow xpath() to - return a single-element XML array when supplied a - scalar value (Florian Pflug) - - - - Previously, it returned an empty array. This change will also - cause xpath_exists() to return true, not false, - for such expressions. - - - - - - Improve XML error handling to be more robust - (Florian Pflug) - - - - - - - - - Functions - - - - - - Allow non-superusers to use pg_cancel_backend() - and pg_terminate_backend() - on other sessions belonging to the same user - (Magnus Hagander, Josh Kupershmidt, Dan Farina) - - - - Previously only superusers were allowed to use these functions. - - - - - - Allow importing and exporting of transaction snapshots (Joachim - Wieland, Tom Lane) - - - - This allows multiple transactions to share identical views of the - database state. - Snapshots are exported via pg_export_snapshot() - and imported via SET - TRANSACTION SNAPSHOT. Only snapshots from - currently-running transactions can be imported. - - - - - - Support COLLATION - FOR on expressions (Peter Eisentraut) - - - - This returns a string representing the collation of the expression. - - - - - - Add pg_opfamily_is_visible() - (Josh Kupershmidt) - - - - - - Add a numeric variant of pg_size_pretty() - for use with pg_xlog_location_diff() (Fujii Masao) - - - - - - Add a pg_trigger_depth() - function (Kevin Grittner) - - - - This reports the current trigger call depth. - - - - - - Allow string_agg() - to process bytea values (Pavel Stehule) - - - - - - Fix regular expressions in which a back-reference occurs within - a larger quantified subexpression (Tom Lane) - - - - For example, ^(\w+)( \1)+$. Previous releases did not - check that the back-reference actually matched the first occurrence. - - - - - - - - - <link linkend="information-schema">Information Schema</link> - - - - - - Add information schema views - role_udt_grants, udt_privileges, - and user_defined_types (Peter Eisentraut) - - - - - - Add composite-type attributes to the - information schema element_types view - (Peter Eisentraut) - - - - - - Implement interval_type columns in the information - schema (Peter Eisentraut) - - - - Formerly these columns read as nulls. - - - - - - Implement collation-related columns in the information schema - attributes, columns, - domains, and element_types - views (Peter Eisentraut) - - - - - - Implement the with_hierarchy column in the - information schema table_privileges view (Peter - Eisentraut) - - - - - - Add display of sequence USAGE privileges to information - schema (Peter Eisentraut) - - - - - - Make the information schema show default privileges (Peter - Eisentraut) - - - - Previously, non-empty default permissions were not represented in the - views. - - - - - - - - - Server-Side Languages - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Allow the PL/pgSQL OPEN cursor command to supply - parameters by name (Yeb Havinga) - - - - - - Add a GET STACKED DIAGNOSTICS PL/pgSQL command - to retrieve exception info (Pavel Stehule) - - - - - - Speed up PL/pgSQL array assignment by caching type information - (Pavel Stehule) - - - - - - Improve performance and memory consumption for long chains of - ELSIF clauses (Tom Lane) - - - - - - Output the function signature, not just the name, in PL/pgSQL - error messages (Pavel Stehule) - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add PL/Python SPI cursor support (Jan - Urbanski) - - - - This allows PL/Python to read partial result sets. - - - - - - Add result metadata functions to PL/Python (Peter Eisentraut) - - - - Specifically, this adds result object functions - .colnames, .coltypes, and - .coltypmods. - - - - - - Remove support for Python 2.2 (Peter Eisentraut) - - - - - - - - - <link linkend="xfunc-sql">SQL</link> Server-Side Language - - - - - Allow SQL-language functions to reference - parameters by name (Matthew Draper) - - - - To use this, simply name the function arguments and then reference - the argument names in the SQL function body. - - - - - - - - - - Client Applications - - - - - - Add initdb - options and - (Peter Eisentraut) - - - - This allows separate control of local and - host pg_hba.conf authentication - settings. still controls both. - - - - - - Add / flags to - createuser - to control replication permission (Fujii Masao) - - - - - - Add the option to dropdb and dropuser (Josh - Kupershmidt) - - - - - - Give command-line tools the ability to specify the name of the - database to connect to, and fall back to template1 - if a postgres database connection fails (Robert Haas) - - - - - - - <link linkend="app-psql"><application>psql</application></link> - - - - - - Add a display mode to auto-expand output based on the - display width (Peter Eisentraut) - - - - This adds the auto option to the \x - command, which switches to the expanded mode when the normal - output would be wider than the screen. - - - - - - Allow inclusion of a script file that is named relative to the - directory of the file from which it was invoked (Gurjeet Singh) - - - - This is done with a new command \ir. - - - - - - Add support for non-ASCII characters in - psql variable names (Tom Lane) - - - - - - Add support for major-version-specific .psqlrc files - (Bruce Momjian) - - - - psql already supported minor-version-specific - .psqlrc files. - - - - - - Provide environment variable overrides for psql - history and startup file locations (Andrew Dunstan) - - - - PSQL_HISTORY and PSQLRC now - determine these file names if set. - - - - - - Add a \setenv command to modify - the environment variables passed to child processes (Andrew Dunstan) - - - - - - Name psql's temporary editor files with a - .sql extension (Peter Eisentraut) - - - - This allows extension-sensitive editors to select the right mode. - - - - - - Allow psql to use zero-byte field and record - separators (Peter Eisentraut) - - - - Various shell tools use zero-byte (NUL) separators, - e.g. find. - - - - - - Make the \timing option report times for - failed queries (Magnus Hagander) - - - - Previously times were reported only for successful queries. - - - - - - Unify and tighten psql's treatment of \copy - and SQL COPY (Noah Misch) - - - - This fix makes failure behavior more predictable and honors - \set ON_ERROR_ROLLBACK. - - - - - - - - - Informational Commands - - - - - Make \d on a sequence show the - table/column name owning it (Magnus Hagander) - - - - - - Show statistics target for columns in \d+ (Magnus - Hagander) - - - - - - Show role password expiration dates in \du - (Fabrízio de Royes Mello) - - - - - - Display comments for casts, conversions, domains, and languages - (Josh Kupershmidt) - - - - These are included in the output of \dC+, - \dc+, \dD+, and \dL respectively. - - - - - - Display comments for SQL/MED - objects (Josh Kupershmidt) - - - - These are included in the output of \des+, - \det+, and \dew+ for foreign servers, foreign - tables, and foreign data wrappers respectively. - - - - - - Change \dd to display comments only for object types - without their own backslash command (Josh Kupershmidt) - - - - - - - - - Tab Completion - - - - - - In psql tab completion, complete SQL - keywords in either upper or lower case according to the new COMP_KEYWORD_CASE - setting (Peter Eisentraut) - - - - - - Add tab completion support for - EXECUTE (Andreas Karlsson) - - - - - - Allow tab completion of role references in - GRANT/REVOKE (Peter - Eisentraut) - - - - - - Allow tab completion of file names to supply quotes, when necessary - (Noah Misch) - - - - - - Change tab completion support for - TABLE to also include views (Magnus Hagander) - - - - - - - - - <link linkend="app-pgdump"><application>pg_dump</application></link> - - - - - - Add an option to - pg_dump (Andrew Dunstan) - - - - This allows dumping of a table's definition but not its data, - on a per-table basis. - - - - - - Add a option to pg_dump - and pg_restore (Andrew Dunstan) - - - - Valid values are pre-data, data, - and post-data. The option can be - given more than once to select two or more sections. - - - - - - Make pg_dumpall dump all - roles first, then all configuration settings on roles (Phil Sorber) - - - - This allows a role's configuration settings to mention other - roles without generating an error. - - - - - - Allow pg_dumpall to avoid errors if the - postgres database is missing in the new cluster - (Robert Haas) - - - - - - Dump foreign server user mappings in user name order (Peter - Eisentraut) - - - - This helps produce deterministic dump files. - - - - - - Dump operators in a predictable order (Peter Eisentraut) - - - - - - Tighten rules for when extension configuration tables are dumped - by pg_dump (Tom Lane) - - - - - - Make pg_dump emit more useful dependency - information (Tom Lane) - - - - The dependency links included in archive-format dumps were formerly - of very limited use, because they frequently referenced objects that - appeared nowhere in the dump. Now they represent actual dependencies - (possibly indirect) among the dumped objects. - - - - - - Improve pg_dump's performance when dumping many - database objects (Tom Lane) - - - - - - - - - - - <link linkend="libpq"><application>libpq</application></link> - - - - - - Allow libpq connection strings to have the format of a - URI - (Alexander Shulgin) - - - - The syntax begins with postgres://. This can allow - applications to avoid implementing their own parser for URIs - representing database connections. - - - - - - Add a connection - option to disable SSL compression - (Laurenz Albe) - - - - This can be used to remove the overhead of SSL - compression on fast networks. - - - - - - Add a single-row processing - mode for better handling of large result sets - (Kyotaro Horiguchi, Marko Kreen) - - - - Previously, libpq always collected the entire query - result in memory before passing it back to the application. - - - - - - Add const qualifiers to the declarations of the functions - PQconnectdbParams, PQconnectStartParams, - and PQpingParams (Lionel Elie Mamane) - - - - - - Allow the .pgpass file to include escaped characters - in the password field (Robert Haas) - - - - - - Make library functions use abort() instead of - exit() when it is necessary to terminate the process - (Peter Eisentraut) - - - - This choice does not interfere with the normal exit codes used by the - program, and generates a signal that can be caught by the caller. - - - - - - - - - Source Code - - - - - - Remove dead ports (Peter Eisentraut) - - - - The following platforms are no longer supported: dgux, - nextstep, sunos4, svr4, ultrix4, univel, bsdi. - - - - - - Add support for building with MS - Visual Studio 2010 (Brar Piening) - - - - - - Enable compiling with the MinGW-w64 32-bit compiler (Lars Kanis) - - - - - - Install plpgsql.h into include/server during installation - (Heikki Linnakangas) - - - - - - Improve the latch facility to include detection of postmaster death - (Peter Geoghegan, Heikki Linnakangas, Tom Lane) - - - - This eliminates one of the main reasons that background processes - formerly had to wake up to poll for events. - - - - - - Use C flexible array members, where supported (Peter Eisentraut) - - - - - - Improve the concurrent transaction regression tests - (isolationtester) (Noah Misch) - - - - - - Modify thread_test to create its test files in - the current directory, rather than /tmp (Bruce Momjian) - - - - - - Improve flex and bison warning and error reporting (Tom Lane) - - - - - - Add memory barrier support (Robert Haas) - - - - This is currently unused. - - - - - - Modify pgindent to use a typedef file (Bruce Momjian) - - - - - - Add a hook for processing messages due to be sent to the server - log (Martin Pihlak) - - - - - - Add object access hooks for DROP commands - (KaiGai Kohei) - - - - - - Centralize DROP handling for some object types - (KaiGai Kohei) - - - - - - Add a pg_upgrade test suite (Peter Eisentraut) - - - - - - Sync regular expression code with TCL 8.5.11 - and improve internal processing (Tom Lane) - - - - - - Move CRC tables to libpgport, and provide them - in a separate include file (Daniel Farina) - - - - - - Add options to git_changelog for use in major - release note creation (Bruce Momjian) - - - - - - Support Linux's /proc/self/oom_score_adj API (Tom Lane) - - - - - - - - - Additional Modules - - - - - - Improve efficiency of dblink by using - libpq's new single-row processing mode (Kyotaro Horiguchi, Marko - Kreen) - - - - This improvement does not apply to - dblink_send_query()/dblink_get_result(). - - - - - - Support force_not_null option in file_fdw (Shigeru Hanada) - - - - - - Implement dry-run mode for pg_archivecleanup - (Gabriele Bartolini) - - - - This only outputs the names of files to be deleted. - - - - - - Add new pgbench switches - , , and - (Robert Haas) - - - - - - Change pg_test_fsync to test - for a fixed amount of time, rather than a fixed number of cycles - (Bruce Momjian) - - - - The /cycles option was removed, and - /seconds added. - - - - - - Add a pg_test_timing - utility to measure clock monotonicity and timing overhead (Ants - Aasma, Greg Smith) - - - - - - Add a tcn (triggered change notification) - module to generate NOTIFY events on table changes - (Kevin Grittner) - - - - - - - <link linkend="pgupgrade"><application>pg_upgrade</application></link> - - - - - - Adjust pg_upgrade environment variables (Bruce - Momjian) - - - - Rename data, bin, and port environment - variables to begin with PG, and support - PGPORTOLD/PGPORTNEW, to replace - PGPORT. - - - - - - Overhaul pg_upgrade logging and failure reporting - (Bruce Momjian) - - - - Create four append-only log files, and delete them on success. - Add / option to unconditionally - retain these files. Also remove pg_upgrade options - // options as unnecessary, - and tighten log file permissions. - - - - - - Make pg_upgrade create a script to incrementally - generate more accurate optimizer statistics (Bruce Momjian) - - - - This reduces the time needed to generate minimal cluster statistics - after an upgrade. - - - - - - Allow pg_upgrade to upgrade an old cluster that - does not have a postgres database (Bruce Momjian) - - - - - - Allow pg_upgrade to handle cases where some - old or new databases are missing, as long as they are empty - (Bruce Momjian) - - - - - - Allow pg_upgrade to handle configuration-only - directory installations (Bruce Momjian) - - - - - - In pg_upgrade, add / - options to pass parameters to the servers (Bruce Momjian) - - - - This is useful for configuration-only directory installs. - - - - - - Change pg_upgrade to use port 50432 by default - (Bruce Momjian) - - - - This helps avoid unintended client connections during the upgrade. - - - - - - Reduce cluster locking in pg_upgrade (Bruce - Momjian) - - - - Specifically, only lock the old cluster if link mode is used, - and do it right after the schema is restored. - - - - - - - - - <link linkend="pgstatstatements"><application>pg_stat_statements</application></link> - - - - - - Allow pg_stat_statements to aggregate similar - queries via SQL text normalization (Peter Geoghegan, Tom Lane) - - - - Users with applications that use non-parameterized SQL will now - be able to monitor query performance without detailed log analysis. - - - - - - Add dirtied and written block counts and read/write times to - pg_stat_statements (Robert Haas, Ants Aasma) - - - - - - Prevent pg_stat_statements from double-counting - PREPARE and EXECUTE commands - (Tom Lane) - - - - - - - - - <link linkend="sepgsql">sepgsql</link> - - - - - Support SECURITY LABEL on global objects (KaiGai - Kohei, Robert Haas) - - - - Specifically, add security labels to databases, - tablespaces, and roles. - - - - - - Allow sepgsql to honor database labels (KaiGai Kohei) - - - - - - Perform sepgsql permission checks during the creation of various - objects (KaiGai Kohei) - - - - - - Add sepgsql_setcon() and related functions to control - the sepgsql security domain (KaiGai Kohei) - - - - - - Add a user space access cache to sepgsql to improve performance - (KaiGai Kohei) - - - - - - - - - - Documentation - - - - - - Add a rule to optionally build HTML documentation using the - stylesheet from the website (Magnus Hagander) - - - - Use gmake STYLE=website draft. - - - - - - Improve EXPLAIN documentation (Tom Lane) - - - - - - Document that user/database names are preserved with double-quoting - by command-line tools like vacuumdb (Bruce - Momjian) - - - - - - Document the actual string returned by the client for MD5 - authentication (Cyan Ogilvie) - - - - - - Deprecate use of GLOBAL and LOCAL in - CREATE TEMP TABLE (Noah Misch) - - - - PostgreSQL has long treated these keyword as no-ops, - and continues to do so; but in future they might mean what the SQL - standard says they mean, so applications should avoid using them. - - - - - - - - - diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml deleted file mode 100644 index 0c1498015b..0000000000 --- a/doc/src/sgml/release-9.3.sgml +++ /dev/null @@ -1,14551 +0,0 @@ - - - - - Release 9.3.25 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 9.3.24. - For information about new features in the 9.3 major release, see - . - - - - This is expected to be the last PostgreSQL - release in the 9.3.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.3.25 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.23, - see . - - - - - Changes - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - Support building on Windows with Visual Studio 2015 or Visual Studio 2017 - (Michael Paquier, Haribabu Kommi) - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - Provide ALLOCSET_DEFAULT_SIZES and sibling macros - in back branches (Tom Lane) - - - - These macros have existed since 9.6, but there were requests to add - them to older branches to allow extensions to rely on them without - branch-specific coding. - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 9.3.24 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 9.3.23. - For information about new features in the 9.3 major release, see - . - - - - The PostgreSQL community will stop releasing - updates for the 9.3.X release series shortly after September 2018. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.3.24 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.23, - see . - - - - - Changes - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, and text search objects - were not schema-qualified when they should be. - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 9.3.23 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 9.3.22. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.23 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if the function marking mistakes mentioned in the first - changelog entry below affect you, you will want to take steps to - correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 9.3.22, - see . - - - - - Changes - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 9.3.22 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 9.3.21. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.22 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - Changes - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - - - - - Release 9.3.21 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 9.3.20. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.21 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - Changes - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 9.3.20 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.3.19. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.20 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - - Changes - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix mis-parsing of the last line in a - non-newline-terminated pg_hba.conf file - (Tom Lane) - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Fix ecpg's handling of out-of-scope cursor - declarations with pointer or array variables (Michael Meskes) - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.3.19 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.3.18. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.19 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - - Changes - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Fix crash in pg_restore when using parallel mode and - using a list file to select a subset of items to restore - (Fabrízio de Royes Mello) - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - - - - - Release 9.3.18 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.3.17. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.18 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.3.16, - see . - - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - Fix concurrent locking of tuple update chains (Álvaro Herrera) - - - - If several sessions concurrently lock a tuple update chain with - nonconflicting lock modes using an old snapshot, and they all - succeed, it was possible for some of them to nonetheless fail (and - conclude there is no live tuple version) due to a race condition. - This had consequences such as foreign-key checks failing to see a - tuple that definitely exists but is being updated concurrently. - - - - - - Fix potential data corruption when freezing a tuple whose XMAX is a - multixact with exactly one still-interesting member (Teodor Sigaev) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Allow window functions to be used in sub-SELECTs that - are within the arguments of an aggregate function (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In libpq, reset GSS/SASL and SSPI authentication - state properly after a failed connection attempt (Michael Paquier) - - - - Failure to do this meant that when falling back from SSL to non-SSL - connections, a GSS/SASL failure in the SSL attempt would always cause - the non-SSL attempt to fail. SSPI did not fail, but it leaked memory. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump and pg_restore to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane) - - - - This prevents errors during dump/restore when a materialized view - refers to tables owned by a different user. - - - - - - Fix pg_dump with the option to - drop event triggers as expected (Tom Lane) - - - - It also now correctly assigns ownership of event triggers; before, - they were restored as being owned by the superuser running the - restore script. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of outer joins with empty constraints, such as the result - of a NATURAL LEFT JOIN with no common columns (Tom Lane) - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - In postgres_fdw, re-establish connections to remote - servers after ALTER SERVER or ALTER USER - MAPPING commands (Kyotaro Horiguchi) - - - - This ensures that option changes affecting connection parameters will - be applied promptly. - - - - - - In postgres_fdw, allow cancellation of remote - transaction control commands (Robert Haas, Rafia Sabih) - - - - This change allows us to quickly escape a wait for an unresponsive - remote server in many more cases than previously. - - - - - - Always use , not , when building - shared libraries with gcc (Tom Lane) - - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the OpenSSL - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - - - - - Release 9.3.17 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.3.16. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.17 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.3.16, - see . - - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Restore libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson) - - - - Processing of this environment variable was unintentionally dropped - in PostgreSQL 9.3, but its documentation remained. - This creates a security hazard, since users might be relying on the - environment variable to force SSL-encrypted connections, but that - would no longer be guaranteed. Restore handling of the variable, - but give it lower priority than PGSSLMODE, to avoid - breaking configurations that work correctly with post-9.3 code. - (CVE-2017-7485) - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Fix contrib/pg_trgm's extraction of trigrams from regular - expressions (Tom Lane) - - - - In some cases it would produce a broken data structure that could never - match anything, leading to GIN or GiST indexscans that use a trigram - index not finding any matches to the regular expression. - - - - - - In contrib/postgres_fdw, - transmit query cancellation requests to the remote server - (Michael Paquier, Etsuro Fujita) - - - - Previously, a local query cancellation request did not cause an - already-sent remote query to terminate early. This is a back-patch - of work originally done for 9.6. - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane) - - - - This is a back-patch of work previously done in newer branches; - it's needed since many platforms are adopting newer OpenSSL versions. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.3.16 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.3.15. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.16 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.3.15, - see . - - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Ensure that hot standby feedback works correctly when it's enabled at - standby server start (Ants Aasma, Craig Ringer) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Report correct object identity during ALTER TEXT SEARCH - CONFIGURATION (Artur Zakirov) - - - - The wrong catalog OID was reported to extensions such as logical - decoding. - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Prevent multicolumn expansion of foo.* in - an UPDATE source expression (Tom Lane) - - - - This led to UPDATE target count mismatch --- internal - error. Now the syntax is understood as a whole-row variable, - as it would be in other contexts. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Ensure that cached plans are invalidated by changes in foreign-table - options (Amit Langote, Etsuro Fujita, Ashutosh Bapat) - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - Teach contrib/dblink to ignore irrelevant server options - when it uses a contrib/postgres_fdw foreign server as - the source of connection options (Corey Huinker) - - - - Previously, if the foreign server object had options that were not - also libpq connection options, an error occurred. - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.3.15 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.3.14. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.15 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted free space maps. - - - - Also, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix WAL-logging of truncation of relation free space maps and - visibility maps (Pavan Deolasee, Heikki Linnakangas) - - - - It was possible for these files to not be correctly restored during - crash recovery, or to be written incorrectly on a standby server. - Bogus entries in a free space map could lead to attempts to access - pages that have been truncated away from the relation itself, typically - producing errors like could not read block XXX: - read only 0 of 8192 bytes. Checksum failures in the - visibility map are also possible, if checksumming is enabled. - - - - Procedures for determining whether there is a problem and repairing it - if so are discussed at - . - - - - - - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that - have been updated by a subsequently-aborted transaction - (Álvaro Herrera) - - - - In 9.5 and later, the SELECT would sometimes fail to - return such tuples at all. A failure has not been proven to occur in - earlier releases, but might be possible with concurrent updates. - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's and - options work consistently with our other executables (Haribabu Kommi) - - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - In pg_xlogdump, retry opening new WAL segments when - using option (Magnus Hagander) - - - - This allows for a possible delay in the server's creation of the next - segment. - - - - - - Fix pg_xlogdump to cope with a WAL file that begins - with a continuation record spanning more than one page (Pavan - Deolasee) - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the option - (Daniel Gustafsson) - - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.3.14 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.3.13. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.14 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new option - in psql's \connect command to allow - explicit control of whether to re-use connection parameters from a - previous connection. (Without this, the choice is based on whether - the database name looks like a conninfo string, as before.) This - allows secure handling of database names containing special - characters in pg_dumpall scripts. - - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Avoid possible crash in pg_get_expr() when inconsistent - values are passed to it (Michael Paquier, Thomas Munro) - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Do not run the planner on the query contained in CREATE - MATERIALIZED VIEW or CREATE TABLE AS - when WITH NO DATA is specified (Michael Paquier, - Tom Lane) - - - - This avoids some unnecessary failure conditions, for example if a - stable function invoked by the materialized view depends on a table - that doesn't exist yet. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Fix hint bit update during WAL replay of row locking operations - (Andres Freund) - - - - The only known consequence of this problem is that row locks held by - a prepared, but uncommitted, transaction might fail to be enforced - after a crash and restart. - - - - - - Avoid unnecessary could not serialize access errors when - acquiring FOR KEY SHARE row locks in serializable mode - (Álvaro Herrera) - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - Ensure that backends see up-to-date statistics for shared catalogs - (Tom Lane) - - - - The statistics collector failed to update the statistics file for - shared catalogs after a request from a regular backend. This problem - was partially masked because the autovacuum launcher regularly makes - requests that did cause such updates; however, it became obvious with - autovacuum disabled. - - - - - - Avoid redundant writes of the statistics files when multiple - backends request updates close together (Tom Lane, Tomas Vondra) - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - Prevent possible failure when vacuuming multixact IDs in an - installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, - Álvaro Herrera) - - - - The usual symptom of this bug is errors - like MultiXactId NNN has not been created - yet -- apparent wraparound. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - In pg_dump with both and - options, avoid emitting an unwanted CREATE SCHEMA public - command (David Johnston, Tom Lane) - - - - - - Improve handling of SIGTERM/control-C in - parallel pg_dump and pg_restore (Tom - Lane) - - - - Make sure that the worker processes will exit promptly, and also arrange - to send query-cancel requests to the connected backends, in case they - are doing something long-running such as a CREATE INDEX. - - - - - - Fix error reporting in parallel pg_dump - and pg_restore (Tom Lane) - - - - Previously, errors reported by pg_dump - or pg_restore worker processes might never make it to - the user's console, because the messages went through the master - process, and there were various deadlock scenarios that would prevent - the master process from passing on the messages. Instead, just print - everything to stderr. In some cases this will result in - duplicate messages (for instance, if all the workers report a server - shutdown), but that seems better than no message. - - - - - - Ensure that parallel pg_dump - or pg_restore on Windows will shut down properly - after an error (Kyotaro Horiguchi) - - - - Previously, it would report the error, but then just sit until - manually stopped by the user. - - - - - - Make pg_dump behave better when built without zlib - support (Kyotaro Horiguchi) - - - - It didn't work right for parallel dumps, and emitted some rather - pointless warnings in other cases. - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Be more predictable about reporting statement timeout - versus lock timeout (Tom Lane) - - - - On heavily loaded machines, the regression tests sometimes failed due - to reporting lock timeout even though the statement timeout - should have occurred first. - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.3.13 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.3.12. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.13 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Fix pg_upgrade to not fail when new-cluster TOAST rules - differ from old (Tom Lane) - - - - pg_upgrade had special-case code to handle the - situation where the new PostgreSQL version thinks that - a table should have a TOAST table while the old version did not. That - code was broken, so remove it, and instead do nothing in such cases; - there seems no reason to believe that we can't get along fine without - a TOAST table if that was okay according to the old version's rules. - - - - - - - Back-port 9.4-era memory-barrier code changes into 9.2 and 9.3 (Tom Lane) - - - - These changes were not originally needed in pre-9.4 branches, but we - recently back-patched a fix that expected the barrier code to work - properly. Only IA64 (when using icc), HPPA, and Alpha platforms are - affected. - - - - - - Reduce the number of SysV semaphores used by a build configured with - (Tom Lane) - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Fix putenv() to work properly with Visual Studio 2013 - (Michael Paquier) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.3.12 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.3.11. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.12 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In pg_upgrade, skip creating a deletion script when - the new data directory is inside the old data directory (Bruce - Momjian) - - - - Blind application of the script in such cases would result in loss of - the new data directory. - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.3.11 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.3.10. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.11 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - Ensure walsender slots are fully re-initialized when being re-used - (Magnus Hagander) - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - Fix possible crash after doing query rewrite for an updatable view - (Stephen Frost) - - - - - - Fix planner's handling of LATERAL references (Tom - Lane) - - - - This fixes some corner cases that led to failed to build any - N-way joins or could not devise a query plan planner - failures. - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - Speed up generation of unique table aliases in EXPLAIN and - rule dumping, and ensure that generated aliases do not - exceed NAMEDATALEN (Tom Lane) - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with no - longer fails on tables with more than 8GB of data, and so - that pg_basebackup can handle files larger than 8GB. - In addition, fix some portability issues that could cause failures for - members between 4GB and 8GB on some platforms. Potentially these - problems could cause unrecoverable data loss due to unreadable backup - files. - - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - Avoid repeated password prompts during parallel pg_dump - (Zeus Kronion) - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - Fix failure to localize messages emitted - by pg_receivexlog and pg_recvlogical - (Ioseph Kim) - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - Fix premature clearing of libpq's input buffer when - socket EOF is seen (Tom Lane) - - - - This mistake caused libpq to sometimes not report the - backend's final error message before reporting server closed the - connection unexpectedly. - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Fix hstore_to_json_loose()'s test for whether - an hstore value can be converted to a JSON number (Tom Lane) - - - - Previously this function could be fooled by non-alphanumeric trailing - characters, leading to emitting syntactically-invalid JSON. - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Improve reproducibility of build output by ensuring filenames are given - to the linker in a fixed order (Christoph Berg) - - - - This avoids possible bitwise differences in the produced executable - files from one build to the next. - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.3.10 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.3.9. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.10 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Guard against stack overflows in json parsing - (Oskari Saarenmaa) - - - - If an application constructs PostgreSQL json - or jsonb values from arbitrary user input, the application's - users can reliably crash the PostgreSQL server, causing momentary - denial of service. (CVE-2015-5289) - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Ensure all relations referred to by an updatable view are properly - locked during an update statement (Dean Rasheed) - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - Fix performance problem when a session alters large numbers of foreign - key constraints (Jan Wieck, Tom Lane) - - - - This was seen primarily when restoring pg_dump output - for databases with many thousands of tables. - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Avoid logging complaints when a parameter that can only be set at - server start appears multiple times in postgresql.conf, - and fix counting of line numbers after an include_dir - directive (Tom Lane) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - In regular expression execution, correctly record match data for - capturing parentheses within a quantifier even when the match is - zero-length (Tom Lane) - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - Improve planner's performance for UPDATE/DELETE - on large inheritance sets (Tom Lane, Dean Rasheed) - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Make emergency autovacuuming for multixact wraparound more robust - (Andres Freund) - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix handling of all-zeroes pages in SP-GiST indexes (Heikki - Linnakangas) - - - - VACUUM attempted to recycle such pages, but did so in a - way that wasn't crash-safe. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - Improve contrib/postgres_fdw's handling of - collation-related decisions (Tom Lane) - - - - The main user-visible effect is expected to be that comparisons - involving varchar columns will be sent to the remote server - for execution in more cases than before. - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Make pg_dump handle inherited NOT VALID - check constraints correctly (Tom Lane) - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping data types from pre-9.2 servers, and when dumping - functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.3.9 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.3.8. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.9 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading an installation that was previously - upgraded using a pg_upgrade version between 9.3.0 and - 9.3.4 inclusive, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.3.7, - see . - - - - - - Changes - - - - - - Fix possible failure to recover from an inconsistent database state - (Robert Haas) - - - - Recent PostgreSQL releases introduced mechanisms to - protect against multixact wraparound, but some of that code did not - account for the possibility that it would need to run during crash - recovery, when the database may not be in a consistent state. This - could result in failure to restart after a crash, or failure to start - up a secondary server. The lingering effects of a previously-fixed - bug in pg_upgrade could also cause such a failure, in - installations that had used pg_upgrade versions - between 9.3.0 and 9.3.4. - - - - The pg_upgrade bug in question was that it would - set oldestMultiXid to 1 in pg_control even - if the true value should be higher. With the fixes introduced in - this release, such a situation will result in immediate emergency - autovacuuming until a correct oldestMultiXid value can be - determined. If that would pose a hardship, users can avoid it by - doing manual vacuuming before upgrading to this release. - In detail: - - - - - Check whether pg_controldata reports Latest - checkpoint's oldestMultiXid to be 1. If not, there's nothing - to do. - - - - - Look in PGDATA/pg_multixact/offsets to see if there's a - file named 0000. If there is, there's nothing to do. - - - - - Otherwise, for each table that has - pg_class.relminmxid equal to 1, - VACUUM that table with - both - and set to - zero. (You can use the vacuum cost delay parameters described - in to reduce - the performance consequences for concurrent sessions.) You must - use PostgreSQL 9.3.5 or later to perform this step. - - - - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - Improve planner's cost estimates for semi-joins and anti-joins with - inner indexscans (Tom Lane, Tomas Vondra) - - - - This type of plan is quite cheap when all the join clauses are used - as index scan conditions, even if the inner scan would nominally - fetch many rows, because the executor will stop after obtaining one - row. The planner only partially accounted for that effect, and would - therefore overestimate the cost, leading it to possibly choose some - other much less efficient plan type. - - - - - - - - - - Release 9.3.8 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.3.7. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.8 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.7, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - Also apply the same rules in initdb --sync-only. - This case is less critical but it should act similarly. - - - - - - Fix pg_get_functiondef() to show - functions' LEAKPROOF property, if set (Jeevan Chalke) - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.3.7 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.3.6. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.7 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.3.6, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Protect against wraparound of multixact member IDs - (Álvaro Herrera, Robert Haas, Thomas Munro) - - - - Under certain usage patterns, the existing defenses against this might - be insufficient, allowing pg_multixact/members files to be - removed too early, resulting in data loss. - The fix for this includes modifying the server to fail transactions - that would result in overwriting old multixact member ID data, and - improving autovacuum to ensure it will act proactively to prevent - multixact member ID wraparound, as it does for transaction ID - wraparound. - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Fix planning of star-schema-style queries (Tom Lane) - - - - Sometimes, efficient scanning of a large table requires that index - parameters be provided from more than one other table (commonly, - dimension tables whose keys are needed to index a large fact table). - The planner should be able to find such plans, but an overly - restrictive search heuristic prevented it. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Fix crash when doing COPY IN to a table with check - constraints that contain whole-row references (Tom Lane) - - - - The known failure case only crashes in 9.4 and up, but there is very - similar code in 9.3 and 9.2, so back-patch those branches as well. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Include the schema name in object identity strings for conversions - (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - In libpq, fix misparsing of empty values in URI - connection strings (Thomas Fanghaenel) - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - Avoid possible pg_dump failure when concurrent sessions - are creating and dropping temporary functions (Tom Lane) - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Silence some build warnings on macOS (Tom Lane) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.3.6 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.3.5. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.6 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are a Windows user and are using the Norwegian - (Bokmål) locale, manual action is needed after the upgrade to - replace any Norwegian (Bokmål)_Norway locale names stored - in PostgreSQL system catalogs with the plain-ASCII - alias Norwegian_Norway. For details see - - - - - Also, if you are upgrading from a version earlier than 9.3.5, - see . - - - - - - Changes - - - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - - - Cope with the Windows locale named Norwegian (Bokmål) - (Heikki Linnakangas) - - - - Non-ASCII locale names are problematic since it's not clear what - encoding they should be represented in. Map the troublesome locale - name to a plain-ASCII alias, Norwegian_Norway. - - - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - - - Ensure that unlogged tables are copied correctly - during CREATE DATABASE or ALTER DATABASE SET - TABLESPACE (Pavan Deolasee, Andres Freund) - - - - - - - - Fix incorrect processing - of CreateEventTrigStmt.eventname (Petr - Jelinek) - - - - This could result in misbehavior if CREATE EVENT TRIGGER - were executed as a prepared query, or via extended query protocol. - - - - - - - - Fix DROP's dependency searching to correctly handle the - case where a table column is recursively visited before its table - (Petr Jelinek, Tom Lane) - - - - This case is only known to arise when an extension creates both a - datatype and a table using that datatype. The faulty code might - refuse a DROP EXTENSION unless CASCADE is - specified, which should not be required. - - - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - - - Avoid possible deadlock while trying to acquire tuple locks - in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood) - - - - - - - - Fix failure to wait when a transaction tries to acquire a FOR - NO KEY EXCLUSIVE tuple lock, while multiple other transactions - currently hold FOR SHARE locks (Álvaro Herrera) - - - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - - - Improve performance of EXPLAIN with large range tables - (Tom Lane) - - - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - - - Re-enable error for SELECT ... OFFSET -1 (Tom Lane) - - - - A negative offset value has been an error since 8.4, but an - optimization added in 9.3 accidentally turned the case into a no-op. - Restore the expected behavior. - - - - - - - - Restore previous behavior of conversion of domains to JSON - (Tom Lane) - - - - This change causes domains over numeric and boolean to be treated - like their base types for purposes of conversion to JSON. It worked - like that before 9.3.5 and 9.2.9, but was unintentionally changed - while fixing a related problem. - - - - - - - - Fix json_agg() to not return extra trailing right - brackets in its result (Tom Lane) - - - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - - - Fix incorrect search for shortest-first regular expression matches - (Tom Lane) - - - - Matching would often fail when the number of allowed iterations is - limited by a ? quantifier or a bound expression. - - - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - - - Ensure that whole-row variables expose nonempty column names - to functions that pay attention to column names within composite - arguments (Tom Lane) - - - - In some contexts, constructs like row_to_json(tab.*) may - not produce the expected column names. This is fixed properly as of - 9.4; in older branches, just ensure that we produce some nonempty - name. (In some cases this will be the underlying table's column name - rather than the query-assigned alias that should theoretically be - visible.) - - - - - - - - Fix mishandling of system columns, - particularly tableoid, in FDW queries (Etsuro Fujita) - - - - - - - - Fix assorted oversights in range-operator selectivity estimation - (Emre Hasegeli) - - - - This patch fixes corner-case unexpected operator NNNN planner - errors, and improves the selectivity estimates for some other cases. - - - - - - - - Avoid doing indexed_column = ANY - (array) as an index qualifier if that leads - to an inferior plan (Andrew Gierth) - - - - In some cases, = ANY conditions applied to non-first index - columns would be done as index conditions even though it would be - better to use them as simple filter conditions. - - - - - - - - Fix variable not found in subplan target list planner - failure when an inline-able SQL function taking a composite argument - is used in a LATERAL subselect and the composite argument - is a lateral reference (Tom Lane) - - - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - - - During crash recovery, ensure that unlogged relations are rewritten as - empty and are synced to disk before recovery is considered complete - (Abhijit Menon-Sen, Andres Freund) - - - - This prevents scenarios in which unlogged relations might contain - garbage data following database crash recovery. - - - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - - - Prevent latest WAL file from being archived a second time at completion - of crash recovery (Fujii Masao) - - - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - - - Fix possible corruption of postmaster's list of dynamic background - workers (Andres Freund) - - - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - - - Make psql's \watch command display - nulls as specified by \pset null (Fujii Masao) - - - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - - - Fix pg_dump to handle comments on event triggers - without failing (Tom Lane) - - - - - - - - Allow parallel pg_dump to - use (Kevin Grittner) - - - - - - - - Improve performance of pg_dump when the database - contains many instances of multiple dependency paths between the same - two objects (Tom Lane) - - - - - - - - Fix pg_dumpall to restore its ability to dump from - pre-8.1 servers (Gilles Darold) - - - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - - - Fix failure to fsync tables in nondefault tablespaces - during pg_upgrade (Abhijit Menon-Sen, Andres Freund) - - - - With an operating system crash and some bad luck, this could result in - data loss during an upgrade. - - - - - - - - In pg_upgrade, cope with cases where the new cluster - creates a TOAST table for a table that didn't previously have one - (Bruce Momjian) - - - - Previously this could result in failures due to OID conflicts. - - - - - - - - In pg_upgrade, don't try to - set autovacuum_multixact_freeze_max_age for the old cluster - (Bruce Momjian) - - - - This could result in failure because not all 9.3.X versions have that - parameter. Fortunately, we don't actually need to set it at all. - - - - - - - - In pg_upgrade, preserve the transaction ID epoch - (Bruce Momjian) - - - - This oversight did not bother PostgreSQL proper, - but could confuse some external replication tools. - - - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - - - Fix memory leak in pg_receivexlog (Fujii Masao) - - - - - - - - Fix unintended suppression of pg_receivexlog verbose - messages (Fujii Masao) - - - - - - - - Fix failure of contrib/auto_explain to print per-node - timing information when doing EXPLAIN ANALYZE (Tom Lane) - - - - - - - - Fix upgrade-from-unpackaged script for contrib/citext - (Tom Lane) - - - - - - - - Avoid integer overflow and buffer overrun - in contrib/hstore's hstore_to_json() - (Heikki Linnakangas) - - - - - - - - Fix recognition of numbers in hstore_to_json_loose(), - so that JSON numbers and strings are correctly distinguished - (Andrew Dunstan) - - - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - - - Fix file descriptor leak in contrib/pg_test_fsync - (Jeff Janes) - - - - This could cause failure to remove temporary files on Windows. - - - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - - - Mark some contrib I/O functions with correct volatility - properties (Tom Lane) - - - - The previous over-conservative marking was immaterial in normal use, - but could cause optimization problems or rejection of valid index - expression definitions. Since the consequences are not large, we've - just adjusted the function definitions in the extension modules' - scripts, without changing version numbers. - - - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - - - Fix setup of background workers in EXEC_BACKEND builds, eg Windows - (Robert Haas) - - - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.3.5 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.3.4. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.5 - - - A dump/restore is not required for those running 9.3.X. - - - - However, this release corrects a logic error - in pg_upgrade, as well as an index corruption problem in - some GiST indexes. See the first two changelog entries below to find out - whether your installation has been affected and what steps you should take - if so. - - - - Also, if you are upgrading from a version earlier than 9.3.4, - see . - - - - - - Changes - - - - - - - - In pg_upgrade, remove pg_multixact files - left behind by initdb (Bruce Momjian) - - - - If you used a pre-9.3.5 version of pg_upgrade to - upgrade a database cluster to 9.3, it might have left behind a file - $PGDATA/pg_multixact/offsets/0000 that should not be - there and will eventually cause problems in VACUUM. - However, in common cases this file is actually valid and - must not be removed. - To determine whether your installation has this problem, run this - query as superuser, in any database of the cluster: - -WITH list(file) AS (SELECT * FROM pg_ls_dir('pg_multixact/offsets')) -SELECT EXISTS (SELECT * FROM list WHERE file = '0000') AND - NOT EXISTS (SELECT * FROM list WHERE file = '0001') AND - NOT EXISTS (SELECT * FROM list WHERE file = 'FFFF') AND - EXISTS (SELECT * FROM list WHERE file != '0000') - AS file_0000_removal_required; - - If this query returns t, manually remove the file - $PGDATA/pg_multixact/offsets/0000. - Do nothing if the query returns f. - - - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - - - Fix corner-case infinite loop during insertion into an SP-GiST text - index (Tom Lane) - - - - - - - - Fix incorrect answers from SP-GiST index searches - with -|- (range adjacency) operator - (Heikki Linnakangas) - - - - - - - - Fix wraparound handling for pg_multixact/members - (Álvaro Herrera) - - - - - - - - Truncate pg_multixact during checkpoints, not - during VACUUM (Álvaro Herrera) - - - - This change ensures that pg_multixact segments can't be - removed if they'd still be needed during WAL replay after a crash. - - - - - - - - Fix possible inconsistency of all-visible flags after WAL recovery - (Heikki Linnakangas) - - - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - - - Fix race condition when updating a tuple concurrently locked by - another process (Andres Freund, Álvaro Herrera) - - - - - - - - Fix could not find pathkey item to sort planner failures - with UNION ALL over subqueries reading from tables with - inheritance children (Tom Lane) - - - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - - - Improve planner to drop constant-NULL inputs - of AND/OR when possible (Tom Lane) - - - - This change fixes some cases where the more aggressive parameter - substitution done by 9.2 and later can lead to a worse plan than - older versions produced. - - - - - - - - Ensure that the planner sees equivalent VARIADIC and - non-VARIADIC function calls as equivalent (Tom Lane) - - - - This bug could for example result in failure to use expression indexes - involving variadic functions. It might be necessary to re-create such - indexes, and/or re-create views including variadic function calls that - should match the indexes, for the fix to be effective for existing 9.3 - installations. - - - - - - - - Fix handling of nested JSON objects - in json_populate_recordset() and friends - (Michael Paquier, Tom Lane) - - - - A nested JSON object could result in previous fields of the - parent object not being shown in the output. - - - - - - - - Fix identification of input type category in to_json() - and friends (Tom Lane) - - - - This is known to have led to inadequate quoting of money - fields in the JSON result, and there may have been wrong - results for other data types as well. - - - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - - - Prevent foreign tables from being created with OIDS - when is true - (Etsuro Fujita) - - - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - - - Prevent pg_class.relminmxid values from - going backwards during VACUUM FULL (Álvaro Herrera) - - - - - - - - Reduce indentation in rule/view dumps to improve readability and avoid - excessive whitespace (Greg Stark, Tom Lane) - - - - This change reduces the amount of indentation applied to nested - constructs, including some cases that the user probably doesn't think - of as nested, such as UNION lists. Previously, deeply nested - constructs were printed with an amount of whitespace growing as - O(N^2), which created a performance problem and even risk of - out-of-memory failures. Now the indentation is reduced modulo 40, - which is initially odd to look at but seems to preserve readability - better than simply limiting the indentation would do. - Redundant parenthesization of UNION lists has been reduced as well. - - - - - - - - Fix dumping of rules/views when subsequent addition of a column has - resulted in multiple input columns matching a USING - specification (Tom Lane) - - - - - - - - Repair view printing for some cases involving functions - in FROM that return a composite type containing dropped - columns (Tom Lane) - - - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - - - Fix client host name lookup when processing pg_hba.conf - entries that specify host names instead of IP addresses (Tom Lane) - - - - Ensure that reverse-DNS lookup failures are reported, instead of just - silently not matching such entries. Also ensure that we make only - one reverse-DNS lookup attempt per connection, not one per host name - entry, which is what previously happened if the lookup attempts failed. - - - - - - - - Allow the root user to use postgres -C variable and - postgres --describe-config (MauMau) - - - - The prohibition on starting the server as root does not need to extend - to these operations, and relaxing it prevents failure - of pg_ctl in some scenarios. - - - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - - - Fix pg_dump to cope with a materialized view that - depends on a table's primary key (Tom Lane) - - - - This occurs if the view's query relies on functional dependency to - abbreviate a GROUP BY list. pg_dump got - sufficiently confused that it dumped the materialized view as a - regular view. - - - - - - - - Fix parsing of pg_dumpall's switch - (Tom Lane) - - - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - - - Fix pg_upgrade for cases where the new server creates - a TOAST table but the old version did not (Bruce Momjian) - - - - This rare situation would manifest as relation OID mismatch - errors. - - - - - - - - In pg_upgrade, - preserve pg_database.datminmxid - and pg_class.relminmxid values from the - old cluster, or insert reasonable values when upgrading from pre-9.3; - also defend against unreasonable values in the core server - (Bruce Momjian, Álvaro Herrera, Tom Lane) - - - - These changes prevent scenarios in which autovacuum might insist on - scanning the entire cluster's contents immediately upon starting the - new cluster, or in which tracking of unfrozen MXID values might be - disabled completely. - - - - - - - - Prevent contrib/auto_explain from changing the output of - a user's EXPLAIN (Tom Lane) - - - - If auto_explain is active, it could cause - an EXPLAIN (ANALYZE, TIMING OFF) command to nonetheless - print timing information. - - - - - - - - Fix query-lifespan memory leak in contrib/dblink - (MauMau, Joe Conway) - - - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - - - Prevent use of already-freed memory in - contrib/pgstattuple's pgstat_heap() - (Noah Misch) - - - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.3.4 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.3.3. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.4 - - - A dump/restore is not required for those running 9.3.X. - - - - However, the error fixed in the first changelog entry below could have - resulted in corrupt data on standby servers. It may be prudent to - reinitialize standby servers from fresh base backups after installing - this update. - - - - Also, if you are upgrading from a version earlier than 9.3.3, - see . - - - - - - Changes - - - - - - - - Fix WAL replay of locking an already-updated tuple (Andres Freund, - Álvaro Herrera) - - - - This error caused updated rows to not be found by index scans, resulting - in inconsistent query results depending on whether an index scan was - used. Subsequent processing could result in constraint violations, - since the previously updated row would not be found by later index - searches, thus possibly allowing conflicting rows to be inserted. - Since this error is in WAL replay, it would only manifest during crash - recovery or on standby servers. The improperly-replayed case most - commonly arises when a table row that is referenced by a foreign-key - constraint is updated concurrently with creation of a referencing row. - - - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - - - Allow materialized views to be referenced in UPDATE - and DELETE commands (Michael Paquier) - - - - Previously such queries failed with a complaint about not being able - to lock rows in the materialized view. - - - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - - - Use non-default selectivity estimates for - value IN (list) and - value operator ANY - (array) - expressions when the righthand side is a stable expression (Tom Lane) - - - - - - - - Remove the correct per-database statistics file during DROP - DATABASE (Tomas Vondra) - - - - This fix prevents a permanent leak of statistics file space. - Users who have done many DROP DATABASE commands since - upgrading to PostgreSQL 9.3 may wish to check their - statistics directory and delete statistics files that do not - correspond to any existing database. Please note - that db_0.stat should not be removed. - - - - - - - - Fix walsender ping logic to avoid inappropriate - disconnects under continuous load (Andres Freund, Heikki Linnakangas) - - - - walsender failed to send ping messages to the client - if it was constantly busy sending WAL data; but it expected to see - ping responses despite that, and would therefore disconnect - once elapsed. - - - - - - - - Fix walsender's failure to shut down cleanly when client - is pg_receivexlog (Fujii Masao) - - - - - - - - Check WAL level and hot standby parameters correctly when doing crash - recovery that will be followed by archive recovery (Heikki Linnakangas) - - - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - - - Add read-only parameter to - display whether page checksums are enabled (Heikki Linnakangas) - - - - Without this parameter, determining the state of checksum - processing was difficult. - - - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - - - Fix memory leak in PL/Perl when returning a composite result, including - multiple-OUT-parameter cases (Alex Hunsaker) - - - - - - - - Fix tracking of psql script line numbers - during \copy from out-of-line data - (Kumar Rajeev Rastogi, Amit Khandekar) - - - - \copy ... from incremented the script file line number - for each data line, even if the data was not coming from the script - file. This mistake resulted in wrong line numbers being reported for - any errors occurring later in the same script file. - - - - - - - - Fix contrib/postgres_fdw to handle multiple join - conditions properly (Tom Lane) - - - - This oversight could result in sending WHERE clauses to - the remote server for execution even though the clauses are not known - to have the same semantics on the remote server (for example, clauses - that use non-built-in operators). The query might succeed anyway, - but it could also fail with errors from the remote server, or worse - give silently wrong answers. - - - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.3.3 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.3.2. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.3 - - - A dump/restore is not required for those running 9.3.X. - - - - However, several of the issues corrected in this release could have - resulted in corruption of foreign-key constraints; that is, there - might now be referencing rows for which there is no matching row in - the referenced table. It may be worthwhile to recheck such - constraints after installing this update. The simplest way to do that - is to drop and recreate each suspect constraint; however, that will - require taking an exclusive lock on both tables, so it is unlikely to - be acceptable in production databases. Alternatively, you can do a - manual join query between the two tables to look for unmatched rows. - - - - Note also the requirement for replication standby servers to be - upgraded before their master server is upgraded. - - - - Also, if you are upgrading from a version earlier than 9.3.2, - see . - - - - - - Changes - - - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - - - Rework tuple freezing protocol - (Álvaro Herrera, Andres Freund) - - - - The logic for tuple freezing was unable to handle some cases involving - freezing of - multixact - IDs, with the practical effect that shared row-level locks - might be forgotten once old enough. - - - - Fixing this required changing the WAL record format for tuple - freezing. While this is no issue for standalone servers, when using - replication it means that standby servers must be upgraded - to 9.3.3 or later before their masters are. An older standby will - be unable to interpret freeze records generated by a newer master, and - will fail with a PANIC message. (In such a case, upgrading the - standby should be sufficient to let it resume execution.) - - - - - - - - Create separate GUC parameters to control multixact freezing - (Álvaro Herrera) - - - - 9.3 requires multixact tuple labels to be frozen before - they grow too old, in the same fashion as plain transaction ID labels - have been frozen for some time. Previously, the transaction ID - freezing parameters were used for multixact IDs too; but since - the consumption rates of transaction IDs and multixact IDs can be - quite different, this did not work very well. Introduce new settings - , - , and - - to control when to freeze multixacts. - - - - - - - - Account for remote row locks propagated by local updates - (Álvaro Herrera) - - - - If a row was locked by transaction A, and transaction B updated it, - the new version of the row created by B would be locked by A, yet - visible only to B. If transaction B then again updated the row, A's - lock wouldn't get checked, thus possibly allowing B to complete when - it shouldn't. This case is new in 9.3 since prior versions did not - have any types of row locking that would permit another transaction - to update the row at all. - - - - This oversight could allow referential integrity checks to give false - positives (for instance, allow deletes that should have been rejected). - Applications using the new commands SELECT FOR KEY SHARE - and SELECT FOR NO KEY UPDATE might also have suffered - locking failures of this kind. - - - - - - - - Prevent forgetting valid row locks when one of several - holders of a row lock aborts (Álvaro Herrera) - - - - This was yet another mechanism by which a shared row lock could be - lost, thus possibly allowing updates that should have been prevented - by foreign-key constraints. - - - - - - - - Fix incorrect logic during update chain locking - (Álvaro Herrera) - - - - This mistake could result in spurious could not serialize access - due to concurrent update errors in REPEATABLE READ - and SERIALIZABLE transaction isolation modes. - - - - - - - - Handle wraparound correctly during extension or truncation - of pg_multixact/members - (Andres Freund, Álvaro Herrera) - - - - - - - - Fix handling of 5-digit filenames in pg_multixact/members - (Álvaro Herrera) - - - - As of 9.3, these names can be more than 4 digits, but the directory - cleanup code ignored such files. - - - - - - - - Improve performance of multixact cache code - (Álvaro Herrera) - - - - - - - - Optimize updating a row that's already locked by the same transaction - (Andres Freund, Álvaro Herrera) - - - - This fixes a performance regression from pre-9.3 versions when doing - SELECT FOR UPDATE followed by UPDATE/DELETE. - - - - - - - - During archive recovery, prefer highest timeline number when WAL - segments with the same ID are present in both the archive - and pg_xlog/ (Kyotaro Horiguchi) - - - - Previously, not-yet-archived segments could get ignored during - recovery. This reverts an undesirable behavioral change in 9.3.0 - back to the way things worked pre-9.3. - - - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - - - Fix WAL logging of visibility map changes (Heikki Linnakangas) - - - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - - - When pause_at_recovery_target - and recovery_target_inclusive are both set, ensure the - target record is applied before pausing, not after (Heikki - Linnakangas) - - - - - - - - Ensure walreceiver sends hot-standby feedback messages on time even - when there is a continuous stream of data (Andres Freund, Amit - Kapila) - - - - - - - - Prevent timeout interrupts from taking control away from mainline - code unless ImmediateInterruptOK is set - (Andres Freund, Tom Lane) - - - - This is a serious issue for any application making use of statement - timeouts, as it could cause all manner of strange failures after a - timeout occurred. We have seen reports of stuck spinlocks, - ERRORs being unexpectedly promoted to PANICs, unkillable backends, - and other misbehaviors. - - - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - - - Fix race conditions in walsender shutdown logic and walreceiver - SIGHUP signal handler (Tom Lane) - - - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - - - Fix parsing of Unicode literals and identifiers just before the end - of a command string or function body (Tom Lane) - - - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - - - Fix parser crash for EXISTS(SELECT * FROM - zero_column_table) (Tom Lane) - - - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - - - Fix mishandling of WHERE conditions pulled up from - a LATERAL subquery (Tom Lane) - - - - The typical symptom of this bug was a JOIN qualification - cannot refer to other relations error, though subtle logic - errors in created plans seem possible as well. - - - - - - - - Disallow LATERAL references to the target table of - an UPDATE/DELETE (Tom Lane) - - - - While this might be allowed in some future release, it was - unintentional in 9.3, and didn't work quite right anyway. - - - - - - - - Fix UPDATE/DELETE of an inherited target table - that has UNION ALL subqueries (Tom Lane) - - - - Without this fix, UNION ALL subqueries aren't correctly - inserted into the update plans for inheritance child tables after the - first one, typically resulting in no update happening for those child - table(s). - - - - - - - - Fix ANALYZE to not fail on a column that's a domain over - a range type (Tom Lane) - - - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - - - Fix support for extensions containing event triggers (Tom Lane) - - - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - - - Fix memory leakage in JSON functions (Craig Ringer) - - - - - - - - Properly distinguish numbers from non-numbers when generating JSON - output (Andrew Dunstan) - - - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - - - Fix placement of permissions checks in pg_start_backup() - and pg_stop_backup() (Andres Freund, Magnus Hagander) - - - - The previous coding might attempt to do catalog access when it - shouldn't. - - - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - - - Fix *-qualification of named parameters in SQL-language - functions (Tom Lane) - - - - Given a composite-type parameter - named foo, $1.* worked fine, - but foo.* not so much. - - - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - - - Fix incorrect translation handling in - some psql \d commands - (Peter Eisentraut, Tom Lane) - - - - - - - - Ensure pg_basebackup's background process is killed - when exiting its foreground process (Magnus Hagander) - - - - - - - - Fix possible incorrect printing of filenames - in pg_basebackup's verbose mode (Magnus Hagander) - - - - - - - - Avoid including tablespaces inside PGDATA twice in base backups - (Dimitri Fontaine, Magnus Hagander) - - - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - - - Fix contrib/pgbench's progress logging to avoid overflow - when the scale factor is large (Tatsuo Ishii) - - - - - - - - Fix contrib/pg_stat_statement's handling - of CURRENT_DATE and related constructs (Kyotaro - Horiguchi) - - - - - - - - Improve lost-connection error handling - in contrib/postgres_fdw (Tom Lane) - - - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - - - Enable building with Visual Studio 2013 (Brar Piening) - - - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.3.2 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.3.1. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.2 - - - A dump/restore is not required for those running 9.3.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first three changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.3.1, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. In 9.2.0 - and later, the probability of loss is higher, and it's also possible - to get could not access status of transaction errors as a - consequence of this bug. Users upgrading from releases 9.0.4 or 8.4.8 - or earlier are not affected, but all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix multiple bugs in MultiXactId freezing (Andres Freund, - Álvaro Herrera) - - - - These bugs could lead to could not access status of - transaction errors, or to duplicate or vanishing rows. - Users upgrading from releases prior to 9.3.0 are not affected. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix latent corruption but will not be able to - fix all pre-existing data errors. - - - - As a separate issue, these bugs can also cause standby servers to get - out of sync with the primary, thus exhibiting data errors that are not - in the primary. Therefore, it's recommended that 9.3.0 and 9.3.1 - standby servers be re-cloned from the primary (e.g., with a new base - backup) after upgrading. - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Fix multiple bugs in update chain traversal (Andres Freund, - Álvaro Herrera) - - - - These bugs could result in incorrect behavior, such as locking or even - updating the wrong row, in the presence of concurrent updates. - Spurious unable to fetch updated version of tuple errors - were also possible. - - - - - - Fix dangling-pointer problem in fast-path locking (Tom Lane) - - - - This could lead to corruption of the lock data structures in shared - memory, causing lock already held and other odd errors. - - - - - - Fix assorted race conditions in timeout management (Tom Lane) - - - - These errors could result in a server process becoming unresponsive - because it had blocked SIGALRM and/or SIGINT. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Ensure an anti-wraparound VACUUM counts a page as scanned - when it's only verified that no tuples need freezing (Sergey - Burladyan, Jeff Janes) - - - - This bug could result in failing to - advance relfrozenxid, so that the table would still be - thought to need another anti-wraparound vacuum. In the worst case the - database might even shut down to prevent wraparound. - - - - - - Fix full-table-vacuum request mechanism for MultiXactIds (Andres Freund) - - - - This bug could result in large amounts of useless autovacuum activity. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Fix unexpected spgdoinsert() failure error during SP-GiST - index creation (Teodor Sigaev) - - - - - - Fix assorted bugs in materialized views (Kevin Grittner, Andres Freund) - - - - - - Re-allow duplicate table aliases if they're within aliased JOINs - (Tom Lane) - - - - Historically PostgreSQL has accepted queries like - -SELECT ... FROM tab1 x CROSS JOIN (tab2 x CROSS JOIN tab3 y) z - - although a strict reading of the SQL standard would forbid the - duplicate usage of table alias x. A misguided change in - 9.3.0 caused it to reject some such cases that were formerly accepted. - Restore the previous behavior. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix incorrect planning in cases where the same non-strict expression - appears in multiple WHERE and outer JOIN - equality clauses (Tom Lane) - - - - - - Fix planner crash with whole-row reference to a subquery (Tom Lane) - - - - - - Fix incorrect generation of optimized MIN()/MAX() plans for - inheritance trees (Tom Lane) - - - - The planner could fail in cases where the MIN()/MAX() argument was an - expression rather than a simple variable. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Prevent intra-transaction memory leak when printing range values - (Tom Lane) - - - - This fix actually cures transient memory leaks in any datatype output - function, but range types are the only ones known to have had a - significant problem. - - - - - - Fix memory leaks when reloading configuration files (Heikki - Linnakangas, Hari Babu) - - - - - - Prevent incorrect display of dropped columns in NOT NULL and CHECK - constraint violation messages (Michael Paquier and Tom Lane) - - - - - - Allow default arguments and named-argument notation for window - functions (Tom Lane) - - - - Previously, these cases were likely to crash. - - - - - - Suppress trailing whitespace on each line when pretty-printing rules - and views (Tom Lane) - - - - 9.3.0 generated such whitespace in many more cases than previous - versions did. To reduce unexpected behavioral changes, suppress - unnecessary whitespace in all cases. - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Return a valid JSON value when converting an empty hstore value - to json - (Oskari Saarenmaa) - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Fix pg_isready to handle its option - properly (Fabrízio de Royes Mello and Fujii Masao) - - - - - - Fix parsing of WAL file names in pg_receivexlog - (Heikki Linnakangas) - - - - This error made pg_receivexlog unable to restart - streaming after stopping, once at least 4 GB of WAL had been written. - - - - - - Report out-of-disk-space failures properly - in pg_upgrade (Peter Eisentraut) - - - - - - Make ecpg search for quoted cursor names - case-sensitively (Zoltán Böszörményi) - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.3.1 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.3.0. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.1 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use the hstore extension, see the - first changelog entry. - - - - - - Changes - - - - - - Ensure new-in-9.3 JSON functionality is added to the hstore - extension during an update (Andrew Dunstan) - - - - Users who upgraded a pre-9.3 database containing hstore - should execute - -ALTER EXTENSION hstore UPDATE; - - after installing 9.3.1, to add two new JSON functions and a cast. - (If hstore is already up to date, this command does - nothing.) - - - - - - Fix memory leak when creating B-tree indexes on range columns - (Heikki Linnakangas) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix timeline handling bugs in pg_receivexlog - (Heikki Linnakangas, Andrew Gierth) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - - - - - Release 9.3 - - - Release date: - 2013-09-09 - - - - Overview - - - Major enhancements in PostgreSQL 9.3 include: - - - - - - - - - Add materialized - views - - - - - - Make simple views auto-updatable - - - - - - Add many features for the JSON data type, - including operators and functions - to extract elements from JSON values - - - - - - Implement SQL-standard LATERAL option for - FROM-clause subqueries and function calls - - - - - - Allow foreign data - wrappers to support writes (inserts/updates/deletes) on foreign - tables - - - - - - Add a Postgres foreign - data wrapper to allow access to - other Postgres servers - - - - - - Add support for event triggers - - - - - - Add optional ability to checksum data pages and - report corruption - - - - - - Prevent non-key-field row updates from blocking foreign key checks - - - - - - Greatly reduce System V shared - memory requirements - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.3 - - - A dump/restore using pg_dumpall, or use - of pg_upgrade, is - required for those wishing to migrate data from any previous release. - - - - Version 9.3 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - Server Settings - - - - - - Rename replication_timeout to wal_sender_timeout - (Amit Kapila) - - - - This setting controls the WAL sender timeout. - - - - - - Require superuser privileges to set commit_delay - because it can now potentially delay other sessions (Simon Riggs) - - - - - - Allow in-memory sorts to use their full memory allocation (Jeff Janes) - - - - Users who have set work_mem based on the - previous behavior may need to revisit that setting. - - - - - - - - - Other - - - - - - Throw an error if a tuple to be updated or deleted has already been - updated or deleted by a BEFORE trigger (Kevin Grittner) - - - - Formerly, the originally-intended update was silently skipped, - resulting in logical inconsistency since the trigger might have - propagated data to other places based on the intended update. - Now an error is thrown to prevent the inconsistent results from being - committed. If this change affects your application, the best solution - is usually to move the data-propagation actions to - an AFTER trigger. - - - - This error will also be thrown if a query invokes a volatile function - that modifies rows that are later modified by the query itself. - Such cases likewise previously resulted in silently skipping updates. - - - - - - Change multicolumn ON UPDATE - SET NULL/SET DEFAULT foreign key actions to affect - all columns of the constraint, not just those changed in the - UPDATE (Tom Lane) - - - - Previously, we would set only those referencing columns that - correspond to referenced columns that were changed by - the UPDATE. This was what was required by SQL-92, - but more recent editions of the SQL standard specify the new behavior. - - - - - - Force cached plans to be replanned if the search_path changes - (Tom Lane) - - - - Previously, cached plans already generated in the current session were - not redone if the query was re-executed with a - new search_path setting, resulting in surprising behavior. - - - - - - Fix to_number() - to properly handle a period used as a thousands separator (Tom Lane) - - - - Previously, a period was considered to be a decimal point even when - the locale says it isn't and the D format code is used to - specify use of the locale-specific decimal point. This resulted in - wrong answers if FM format was also used. - - - - - - Fix STRICT non-set-returning functions that have - set-returning functions in their arguments to properly return null - rows (Tom Lane) - - - - A null value passed to the strict function should result in a null - output, but instead, that output row was suppressed entirely. - - - - - - Store WAL in a continuous - stream, rather than skipping the last 16MB segment every 4GB - (Heikki Linnakangas) - - - - Previously, WAL files with names ending in FF - were not used because of this skipping. If you have WAL - backup or restore scripts that took this behavior into account, they - will need to be adjusted. - - - - - - In pg_constraint.confmatchtype, - store the default foreign key match type (non-FULL, - non-PARTIAL) as s for simple - (Tom Lane) - - - - Previously this case was represented by u - for unspecified. - - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.3 and the previous major - release. - - - - Server - - - Locking - - - - - - Prevent non-key-field row updates from blocking foreign key checks - (Álvaro Herrera, Noah Misch, Andres Freund, Alexander - Shulgin, Marti Raudsepp, Alexander Shulgin) - - - - This change improves concurrency and reduces the probability of - deadlocks when updating tables involved in a foreign-key constraint. - UPDATEs that do not change any columns referenced in a - foreign key now take the new NO KEY UPDATE lock mode on - the row, while foreign key checks use the new KEY SHARE - lock mode, which does not conflict with NO KEY UPDATE. - So there is no blocking unless a foreign-key column is changed. - - - - - - Add configuration variable lock_timeout to - allow limiting how long a session will wait to acquire any one lock - (Zoltán Böszörményi) - - - - - - - - - Indexes - - - - - - Add SP-GiST - support for range data types (Alexander Korotkov) - - - - - - Allow GiST indexes to be - unlogged (Jeevan Chalke) - - - - - - Improve performance of GiST index insertion by randomizing - the choice of which page to descend to when there are multiple equally - good alternatives (Heikki Linnakangas) - - - - - - Improve concurrency of hash index operations (Robert Haas) - - - - - - - - - Optimizer - - - - - - Collect and use histograms of upper and lower bounds, as well as range - lengths, for range types - (Alexander Korotkov) - - - - - - Improve optimizer's cost estimation for index access (Tom Lane) - - - - - - Improve optimizer's hash table size estimate for - doing DISTINCT via hash aggregation (Tom Lane) - - - - - - Suppress no-op Result and Limit plan nodes - (Kyotaro Horiguchi, Amit Kapila, Tom Lane) - - - - - - Reduce optimizer overhead by not keeping plans on the basis of cheap - startup cost when the optimizer only cares about total cost overall - (Tom Lane) - - - - - - - - - General Performance - - - - - - Add COPY FREEZE - option to avoid the overhead of marking tuples as frozen later - (Simon Riggs, Jeff Davis) - - - - - - Improve performance of NUMERIC calculations - (Kyotaro Horiguchi) - - - - - - Improve synchronization of sessions waiting for commit_delay - (Peter Geoghegan) - - - - This greatly improves the usefulness of commit_delay. - - - - - - Improve performance of the CREATE TEMPORARY TABLE ... ON - COMMIT DELETE ROWS option by not truncating such temporary - tables in transactions that haven't touched any temporary tables - (Heikki Linnakangas) - - - - - - Make vacuum recheck visibility after it has removed expired tuples - (Pavan Deolasee) - - - - This increases the chance of a page being marked as all-visible. - - - - - - Add per-resource-owner lock caches (Jeff Janes) - - - - This speeds up lock bookkeeping at statement completion in - multi-statement transactions that hold many locks; it is particularly - useful for pg_dump. - - - - - - Avoid scanning the entire relation cache at commit of a transaction - that creates a new relation (Jeff Janes) - - - - This speeds up sessions that create many tables in successive - small transactions, such as a pg_restore run. - - - - - - Improve performance of transactions that drop many relations - (Tomas Vondra) - - - - - - - - - Monitoring - - - - - - Add optional ability to checksum data pages and - report corruption (Simon Riggs, Jeff Davis, Greg Smith, Ants Aasma) - - - - The checksum option can be set during initdb. - - - - - - Split the statistics collector's - data file into separate global and per-database files (Tomas Vondra) - - - - This reduces the I/O required for statistics tracking. - - - - - - Fix the statistics collector to operate properly in cases where the - system clock goes backwards (Tom Lane) - - - - Previously, statistics collection would stop until the time again - reached the latest time previously recorded. - - - - - - Emit an informative message to postmaster standard error when we - are about to stop logging there - (Tom Lane) - - - - This should help reduce user confusion about where to look for log - output in common configurations that log to standard error only during - postmaster startup. - - - - - - - - - Authentication - - - - - - When an authentication failure occurs, log the relevant - pg_hba.conf - line, to ease debugging of unintended failures - (Magnus Hagander) - - - - - - Improve LDAP error - reporting and documentation (Peter Eisentraut) - - - - - - Add support for specifying LDAP authentication parameters - in URL format, per RFC 4516 (Peter Eisentraut) - - - - - - Change the ssl_ciphers parameter - to start with DEFAULT, rather than ALL, - then remove insecure ciphers (Magnus Hagander) - - - - This should yield a more appropriate SSL cipher set. - - - - - - Parse and load pg_ident.conf - once, not during each connection (Amit Kapila) - - - - This is similar to how pg_hba.conf is processed. - - - - - - - - - Server Settings - - - - - - Greatly reduce System V shared - memory requirements (Robert Haas) - - - - On Unix-like systems, mmap() is now used for most - of PostgreSQL's shared memory. For most users, this - will eliminate any need to adjust kernel parameters for shared memory. - - - - - - Allow the postmaster to listen on multiple Unix-domain sockets - (Honza Horák) - - - - The configuration parameter - unix_socket_directory is replaced by unix_socket_directories, - which accepts a list of directories. - - - - - - Allow a directory of configuration files to be processed (Magnus - Hagander, Greg Smith, Selena Deckelmann) - - - - Such a directory is specified with include_dir in the server - configuration file. - - - - - - Increase the maximum initdb-configured value for shared_buffers - to 128MB (Robert Haas) - - - - This is the maximum value that initdb will attempt to set in postgresql.conf; - the previous maximum was 32MB. - - - - - - Remove the external - PID file, if any, on postmaster exit - (Peter Eisentraut) - - - - - - - - - - - Replication and Recovery - - - - - - Allow a streaming replication standby to follow a timeline switch - (Heikki Linnakangas) - - - - This allows streaming standby servers to receive WAL data from a slave - newly promoted to master status. Previously, other standbys would - require a resync to begin following the new master. - - - - - - Add SQL functions pg_is_in_backup() - and pg_backup_start_time() - (Gilles Darold) - - - - These functions report the status of base backups. - - - - - - Improve performance of streaming log shipping with synchronous_commit - disabled (Andres Freund) - - - - - - Allow much faster promotion of a streaming standby to primary (Simon - Riggs, Kyotaro Horiguchi) - - - - - - Add the last checkpoint's redo location to pg_controldata's - output (Fujii Masao) - - - - This information is useful for determining which WAL - files are needed for restore. - - - - - - Allow tools like pg_receivexlog - to run on computers with different architectures (Heikki - Linnakangas) - - - - WAL files can still only be replayed on servers with the same - architecture as the primary; but they can now be transmitted to and - stored on machines of any architecture, since the - streaming replication protocol is now machine-independent. - - - - - - Make pg_basebackup - output a - minimal recovery.conf file (Zoltán - Böszörményi, Magnus Hagander) - - - - This simplifies setting up a standby server. - - - - - - Allow pg_receivexlog - and pg_basebackup - to handle streaming timeline switches - (Heikki Linnakangas) - - - - - - Add wal_receiver_timeout - parameter to control the WAL receiver's timeout - (Amit Kapila) - - - - This allows more rapid detection of connection failure. - - - - - - Change the WAL record format to - allow splitting the record header across pages (Heikki Linnakangas) - - - - The new format is slightly more compact, and is more efficient to - write. - - - - - - - - - Queries - - - - - - Implement SQL-standard LATERAL option for - FROM-clause subqueries and function calls (Tom Lane) - - - - This feature allows subqueries and functions in FROM to - reference columns from other tables in the FROM - clause. The LATERAL keyword is optional for functions. - - - - - - Add support for piping COPY and psql \copy - data to/from an external program (Etsuro Fujita) - - - - - - Allow a multirow VALUES clause in a rule - to reference OLD/NEW (Tom Lane) - - - - - - - - - Object Manipulation - - - - - - Add support for event triggers - (Dimitri Fontaine, Robert Haas, Álvaro Herrera) - - - - This allows server-side functions written in event-enabled - languages to be called when DDL commands are run. - - - - - - Allow foreign data - wrappers to support writes (inserts/updates/deletes) on foreign - tables (KaiGai Kohei) - - - - - - Add CREATE SCHEMA ... IF - NOT EXISTS clause (Fabrízio de Royes Mello) - - - - - - Make REASSIGN - OWNED also change ownership of shared objects - (Álvaro Herrera) - - - - - - Make CREATE - AGGREGATE complain if the given initial value string is not - valid input for the transition datatype (Tom Lane) - - - - - - Suppress CREATE - TABLE's messages about implicit index and sequence creation - (Robert Haas) - - - - These messages now appear at DEBUG1 verbosity, so that - they will not be shown by default. - - - - - - Allow DROP TABLE IF - EXISTS to succeed when a non-existent schema is specified - in the table name (Bruce Momjian) - - - - Previously, it threw an error if the schema did not exist. - - - - - - Provide clients with constraint violation details - as separate fields (Pavel Stehule) - - - - This allows clients to retrieve table, column, data type, or - constraint name error details. Previously such information had to be - extracted from error strings. Client library support is required to - access these fields. - - - - - - - <command>ALTER</command> - - - - - - Support IF NOT EXISTS option in ALTER TYPE ... ADD VALUE - (Andrew Dunstan) - - - - This is useful for conditionally adding values to enumerated types. - - - - - - Add ALTER ROLE ALL - SET to establish settings for all users (Peter Eisentraut) - - - - This allows settings to apply to all users in all databases. ALTER DATABASE SET - already allowed addition of settings for all users in a single - database. postgresql.conf has a similar effect. - - - - - - Add support for ALTER RULE - ... RENAME (Ali Dar) - - - - - - - - - <link linkend="rules-views"><command>VIEWs</command></link> - - - - - - Add materialized - views (Kevin Grittner) - - - - Unlike ordinary views, where the base tables are read on every access, - materialized views create physical tables at creation or refresh time. - Access to the materialized view then reads from its physical - table. There is not yet any facility for incrementally refreshing - materialized views or auto-accessing them via base table access. - - - - - - Make simple views auto-updatable - (Dean Rasheed) - - - - Simple views that reference some or all columns from a - single base table are now updatable by default. More - complex views can be made updatable using INSTEAD OF triggers - or INSTEAD rules. - - - - - - Add CREATE RECURSIVE - VIEW syntax (Peter Eisentraut) - - - - Internally this is translated into CREATE VIEW ... WITH - RECURSIVE .... - - - - - - Improve view/rule printing code to handle cases where referenced - tables are renamed, or columns are renamed, added, or dropped - (Tom Lane) - - - - Table and column renamings can produce cases where, if we merely - substitute the new name into the original text of a rule or view, the - result is ambiguous. This change fixes the rule-dumping code to insert - manufactured table and column aliases when needed to preserve the - original semantics. - - - - - - - - - - - Data Types - - - - - - Increase the maximum size of large - objects from 2GB to 4TB (Nozomi Anzai, Yugo Nagata) - - - - This change includes adding 64-bit-capable large object access - functions, both in the server and in libpq. - - - - - - Allow text timezone - designations, e.g. America/Chicago, in the - T field of ISO-format timestamptz - input (Bruce Momjian) - - - - - - - <link linkend="datatype-json"><type>JSON</type></link> - - - - - - Add operators and functions - to extract elements from JSON values (Andrew Dunstan) - - - - - - Allow JSON values to be converted into records - (Andrew Dunstan) - - - - - - Add functions to convert - scalars, records, and hstore values to JSON (Andrew - Dunstan) - - - - - - - - - - - - Functions - - - - - - Add array_remove() - and array_replace() - functions (Marco Nenciarini, Gabriele Bartolini) - - - - - - Allow concat() - and format() - to properly expand VARIADIC-labeled arguments - (Pavel Stehule) - - - - - - Improve format() - to provide field width and left/right alignment options (Pavel Stehule) - - - - - - Make to_char(), - to_date(), - and to_timestamp() - handle negative (BC) century values properly - (Bruce Momjian) - - - - Previously the behavior was either wrong or inconsistent - with positive/AD handling, e.g. with the format mask - IYYY-IW-DY. - - - - - - Make to_date() - and to_timestamp() - return proper results when mixing ISO and Gregorian - week/day designations (Bruce Momjian) - - - - - - Cause pg_get_viewdef() - to start a new line by default after each SELECT target - list entry and FROM entry (Marko Tiikkaja) - - - - This reduces line length in view printing, for instance in pg_dump output. - - - - - - Fix map_sql_value_to_xml_value() to print values of - domain types the same way their base type would be printed - (Pavel Stehule) - - - - There are special formatting rules for certain built-in types such as - boolean; these rules now also apply to domains over these - types. - - - - - - - - - Server-Side Languages - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Allow PL/pgSQL to use RETURN with a composite-type - expression (Asif Rehman) - - - - Previously, in a function returning a composite type, - RETURN could only reference a variable of that type. - - - - - - Allow PL/pgSQL to access constraint violation - details as separate fields (Pavel Stehule) - - - - - - Allow PL/pgSQL to access the number of rows processed by - COPY (Pavel Stehule) - - - - A COPY executed in a PL/pgSQL function now updates the - value retrieved by GET DIAGNOSTICS - x = ROW_COUNT. - - - - - - Allow unreserved keywords to be used as identifiers everywhere in - PL/pgSQL (Tom Lane) - - - - In certain places in the PL/pgSQL grammar, keywords had to be quoted - to be used as identifiers, even if they were nominally unreserved. - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add PL/Python result object string handler (Peter Eisentraut) - - - - This allows plpy.debug(rv) to output something reasonable. - - - - - - Make PL/Python convert OID values to a proper Python numeric type - (Peter Eisentraut) - - - - - - Handle SPI errors raised - explicitly (with PL/Python's RAISE) the same as - internal SPI errors (Oskari Saarenmaa and Jan Urbanski) - - - - - - - - - - - Server Programming Interface (<link linkend="spi">SPI</link>) - - - - - - Prevent leakage of SPI tuple tables during subtransaction - abort (Tom Lane) - - - - At the end of any failed subtransaction, the core SPI code now - releases any SPI tuple tables that were created during that - subtransaction. This avoids the need for SPI-using code to keep track - of such tuple tables and release them manually in error-recovery code. - Failure to do so caused a number of transaction-lifespan memory leakage - issues in PL/pgSQL and perhaps other SPI clients. SPI_freetuptable() - now protects itself against multiple freeing requests, so any existing - code that did take care to clean up shouldn't be broken by this change. - - - - - - Allow SPI functions to access the number of rows processed - by COPY (Pavel Stehule) - - - - - - - - - Client Applications - - - - - - Add command-line utility pg_isready to - check if the server is ready to accept connections (Phil Sorber) - - - - - - Support multiple arguments for pg_restore, - clusterdb, - reindexdb, - and vacuumdb - (Josh Kupershmidt) - - - - This is similar to the way pg_dump's - option works. - - - - - - Add option to pg_dumpall, pg_basebackup, and - pg_receivexlog - to allow specifying a connection string (Amit Kapila) - - - - - - Add libpq function PQconninfo() - to return connection information (Zoltán - Böszörményi, Magnus Hagander) - - - - - - - <link linkend="app-psql"><application>psql</application></link> - - - - - - Adjust function cost settings so psql tab - completion and pattern searching are more efficient (Tom Lane) - - - - - - Improve psql's tab completion coverage (Jeff Janes, - Dean Rasheed, Peter Eisentraut, Magnus Hagander) - - - - - - Allow the psql - mode to work when reading from standard input (Fabien Coelho, - Robert Haas) - - - - Previously this option only worked when reading from a file. - - - - - - Remove psql warning when connecting to an older - server (Peter Eisentraut) - - - - A warning is still issued when connecting to a server of a newer major - version than psql's. - - - - - - - <link linkend="app-psql-meta-commands">Backslash Commands</link> - - - - - - Add psql command \watch to repeatedly - execute a SQL command (Will Leinweber) - - - - - - Add psql command \gset to store query - results in psql variables (Pavel Stehule) - - - - - - Add SSL information to psql's - \conninfo command (Alastair Turner) - - - - - - Add Security column to psql's - \df+ output (Jon Erdman) - - - - - - Allow psql command \l to accept a database - name pattern (Peter Eisentraut) - - - - - - In psql, do not allow \connect to - use defaults if there is no active connection (Bruce Momjian) - - - - This might be the case if the server had crashed. - - - - - - Properly reset state after failure of a SQL command executed with - psql's \g file - (Tom Lane) - - - - Previously, the output from subsequent SQL commands would unexpectedly - continue to go to the same file. - - - - - - - - - Output - - - - - - Add a latex-longtable output format to - psql (Bruce Momjian) - - - - This format allows tables to span multiple pages. - - - - - - Add a border=3 output mode to the psql - latex format (Bruce Momjian) - - - - - - In psql's tuples-only and expanded output modes, no - longer emit (No rows) for zero rows (Peter Eisentraut) - - - - - - In psql's unaligned, expanded output mode, no longer - print an empty line for zero rows (Peter Eisentraut) - - - - - - - - - - - <link linkend="app-pgdump"><application>pg_dump</application></link> - - - - - - Add pg_dump option to dump tables in - parallel (Joachim Wieland) - - - - - - Make pg_dump output functions in a more predictable - order (Joel Jacobson) - - - - - - Fix tar files emitted by pg_dump - to be POSIX conformant (Brian Weaver, Tom Lane) - - - - - - Add option to pg_dump, for - consistency with other client commands (Heikki Linnakangas) - - - - The database name could already be supplied last without a flag. - - - - - - - - - <link linkend="app-initdb"><application>initdb</application></link> - - - - - - Make initdb fsync the newly created data directory (Jeff Davis) - - - - This insures data integrity in event of a system crash shortly after - initdb. This can be disabled by using . - - - - - - Add initdb option to sync the data directory to durable - storage (Bruce Momjian) - - - - This is used by pg_upgrade. - - - - - - Make initdb issue a warning about placing the data directory at the - top of a file system mount point (Bruce Momjian) - - - - - - - - - - - Source Code - - - - - - Add infrastructure to allow plug-in background worker processes - (Álvaro Herrera) - - - - - - Create a centralized timeout API (Zoltán - Böszörményi) - - - - - - Create libpgcommon and move pg_malloc() and other - functions there (Álvaro Herrera, Andres Freund) - - - - This allows libpgport to be used solely for portability-related code. - - - - - - Add support for list links embedded in larger structs (Andres Freund) - - - - - - Use SA_RESTART for all signals, - including SIGALRM (Tom Lane) - - - - - - Ensure that the correct text domain is used when - translating errcontext() messages - (Heikki Linnakangas) - - - - - - Standardize naming of client-side memory allocation functions (Tom Lane) - - - - - - Provide support for static assertions that will fail at - compile time if some compile-time-constant condition is not met - (Andres Freund, Tom Lane) - - - - - - Support Assert() in client-side code (Andrew Dunstan) - - - - - - Add decoration to inform the C compiler that some ereport() - and elog() calls do not return (Peter Eisentraut, - Andres Freund, Tom Lane, Heikki Linnakangas) - - - - - - Allow options to be passed to the regression - test output comparison utility via PG_REGRESS_DIFF_OPTS - (Peter Eisentraut) - - - - - - Add isolation tests for CREATE INDEX - CONCURRENTLY (Abhijit Menon-Sen) - - - - - - Remove typedefs for int2/int4 as they are better - represented as int16/int32 (Peter Eisentraut) - - - - - - Fix install-strip on Mac OS - X (Peter Eisentraut) - - - - - - Remove configure flag - , as it is no longer supported - (Bruce Momjian) - - - - - - Rewrite pgindent in Perl (Andrew Dunstan) - - - - - - Provide Emacs macro to set Perl formatting to - match PostgreSQL's perltidy settings (Peter Eisentraut) - - - - - - Run tool to check the keyword list whenever the backend grammar is - changed (Tom Lane) - - - - - - Change the way UESCAPE is lexed, to significantly reduce - the size of the lexer tables (Heikki Linnakangas) - - - - - - Centralize flex and bison - make rules (Peter Eisentraut) - - - - This is useful for pgxs authors. - - - - - - Change many internal backend functions to return object OIDs - rather than void (Dimitri Fontaine) - - - - This is useful for event triggers. - - - - - - Invent pre-commit/pre-prepare/pre-subcommit events for transaction - callbacks (Tom Lane) - - - - Loadable modules that use transaction callbacks might need modification - to handle these new event types. - - - - - - Add function pg_identify_object() - to produce a machine-readable description of a database object - (Álvaro Herrera) - - - - - - Add post-ALTER-object server hooks (KaiGai Kohei) - - - - - - Implement a generic binary heap and use it for Merge-Append - operations (Abhijit Menon-Sen) - - - - - - Provide a tool to help detect timezone abbreviation changes when - updating the src/timezone/data files - (Tom Lane) - - - - - - Add pkg-config support for libpq - and ecpg libraries (Peter Eisentraut) - - - - - - Remove src/tools/backend, now that the content is on - the PostgreSQL wiki (Bruce Momjian) - - - - - - Split out WAL reading as - an independent facility (Heikki Linnakangas, Andres Freund) - - - - - - Use a 64-bit integer to represent WAL positions - (XLogRecPtr) instead of two 32-bit integers - (Heikki Linnakangas) - - - - Generally, tools that need to read the WAL format - will need to be adjusted. - - - - - - Allow PL/Python to support - platform-specific include directories (Peter Eisentraut) - - - - - - Allow PL/Python on OS - X to build against custom versions of Python - (Peter Eisentraut) - - - - - - - - - Additional Modules - - - - - - Add a Postgres foreign - data wrapper contrib module to allow access to - other Postgres servers (Shigeru Hanada) - - - - This foreign data wrapper supports writes. - - - - - - Add pg_xlogdump - contrib program (Andres Freund) - - - - - - Add support for indexing of regular-expression searches in - pg_trgm - (Alexander Korotkov) - - - - - - Improve pg_trgm's - handling of multibyte characters (Tom Lane) - - - - On a platform that does not have the wcstombs() or towlower() library - functions, this could result in an incompatible change in the contents - of pg_trgm indexes for non-ASCII data. In such cases, - REINDEX those indexes to ensure correct search results. - - - - - - Add a pgstattuple function to report - the size of the pending-insertions list of a GIN index - (Fujii Masao) - - - - - - Make oid2name, - pgbench, and - vacuumlo set - fallback_application_name (Amit Kapila) - - - - - - Improve output of pg_test_timing - (Bruce Momjian) - - - - - - Improve output of pg_test_fsync - (Peter Geoghegan) - - - - - - Create a dedicated foreign data wrapper, with its own option validator - function, for dblink (Shigeru Hanada) - - - - When using this FDW to define the target of a dblink - connection, instead of using a hard-wired list of connection options, - the underlying libpq library is consulted to see what - connection options it supports. - - - - - - - <link linkend="pgupgrade"><application>pg_upgrade</application></link> - - - - - - Allow pg_upgrade to do dumps and restores in - parallel (Bruce Momjian, Andrew Dunstan) - - - - This allows parallel schema dump/restore of databases, as well as - parallel copy/link of data files per tablespace. Use the - option to specify the level of parallelism. - - - - - - Make pg_upgrade create Unix-domain sockets in - the current directory (Bruce Momjian, Tom Lane) - - - - This reduces the possibility that someone will accidentally connect - during the upgrade. - - - - - - Make pg_upgrade mode properly - detect the location of non-default socket directories (Bruce - Momjian, Tom Lane) - - - - - - Improve performance of pg_upgrade for databases - with many tables (Bruce Momjian) - - - - - - Improve pg_upgrade's logs by showing - executed commands (Álvaro Herrera) - - - - - - Improve pg_upgrade's status display during - copy/link (Bruce Momjian) - - - - - - - - - <link linkend="pgbench"><application>pgbench</application></link> - - - - - - Add option to pgbench - (Jeff Janes) - - - - This adds foreign key constraints to the standard tables created by - pgbench, for use in foreign key performance testing. - - - - - - Allow pgbench to aggregate performance statistics - and produce output every - seconds (Tomas Vondra) - - - - - - Add pgbench option - to control the percentage of transactions logged (Tomas Vondra) - - - - - - Reduce and improve the status message output of - pgbench's initialization mode (Robert Haas, - Peter Eisentraut) - - - - - - Add pgbench mode to print one output - line every five seconds (Tomas Vondra) - - - - - - Output pgbench elapsed and estimated remaining - time during initialization (Tomas Vondra) - - - - - - Allow pgbench to use much larger scale factors, - by changing relevant columns from integer to bigint - when the requested scale factor exceeds 20000 - (Greg Smith) - - - - - - - - - - - Documentation - - - - - - Allow EPUB-format documentation to be created - (Peter Eisentraut) - - - - - - Update FreeBSD kernel configuration documentation - (Brad Davis) - - - - - - Improve WINDOW - function documentation (Bruce Momjian, Florian Pflug) - - - - - - Add instructions for setting - up the documentation tool chain on macOS - (Peter Eisentraut) - - - - - - Improve commit_delay - documentation (Peter Geoghegan) - - - - - - - - - diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml deleted file mode 100644 index 50442e98b4..0000000000 --- a/doc/src/sgml/release-9.4.sgml +++ /dev/null @@ -1,13159 +0,0 @@ - - - - - Release 9.4.20 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 9.4.19. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.20 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.18, - see . - - - - - Changes - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - Ensure that ApplyLogicalMappingFile() closes the - mapping file when done with it (Tomas Vondra) - - - - Previously, the file descriptor was leaked, eventually resulting in - failures during logical decoding. - - - - - - Fix logical decoding to handle cases where a mapped catalog table is - repeatedly rewritten, e.g. by VACUUM FULL - (Andres Freund) - - - - - - Prevent starting the server with wal_level set - to too low a value to support an existing replication slot (Andres - Freund) - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - Allow DSM allocation to be interrupted (Chris Travers) - - - - - - Avoid possible buffer overrun when replaying GIN page recompression - from WAL (Alexander Korotkov, Sivasubramanian Ramasubramanian) - - - - - - Fix missed fsync of a replication slot's directory (Konstantin - Knizhnik, Michael Paquier) - - - - - - Fix unexpected timeouts when - using wal_sender_timeout on a slow server - (Noah Misch) - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - Support building on Windows with Visual Studio 2015 or Visual Studio 2017 - (Michael Paquier, Haribabu Kommi) - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - Provide ALLOCSET_DEFAULT_SIZES and sibling macros - in back branches (Tom Lane) - - - - These macros have existed since 9.6, but there were requests to add - them to older branches to allow extensions to rely on them without - branch-specific coding. - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 9.4.19 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 9.4.18. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.19 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.18, - see . - - - - - Changes - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - Make logical WAL senders report streaming state correctly (Simon - Riggs, Sawada Masahiko) - - - - The code previously mis-detected whether or not it had caught up with - the upstream server. - - - - - - Fix bugs in snapshot handling during logical decoding, allowing wrong - decoding results in rare cases (Arseny Sher, Álvaro Herrera) - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - Fix mishandling of empty uncompressed posting list pages in GIN - indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov) - - - - This could result in an assertion failure after pg_upgrade of a - pre-9.4 GIN index (9.4 and later will not create such pages). - - - - - - Ensure that VACUUM will respond to signals - within btree page deletion loops (Andres Freund) - - - - Corrupted btree indexes could result in an infinite loop here, and - that previously wasn't interruptible without forcing a crash. - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, and text search objects - were not schema-qualified when they should be. - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - Fix pg_dump's failure to - dump REPLICA IDENTITY properties for constraint - indexes (Tom Lane) - - - - Manually created unique indexes were properly marked, but not those - created by declaring UNIQUE or PRIMARY - KEY constraints. - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 9.4.18 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 9.4.17. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.18 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if the function marking mistakes mentioned in the first - changelog entry below affect you, you will want to take steps to - correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 9.4.17, - see . - - - - - Changes - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - Avoid deadlocks in concurrent CREATE INDEX - CONCURRENTLY commands that are run - under SERIALIZABLE or REPEATABLE - READ transaction isolation (Tom Lane) - - - - - - Fix possible slow execution of REFRESH MATERIALIZED VIEW - CONCURRENTLY (Thomas Munro) - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - Fix a corner case where a streaming standby gets stuck at a WAL - continuation record (Kyotaro Horiguchi) - - - - - - In logical decoding, avoid possible double processing of WAL data - when a walsender restarts (Craig Ringer) - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - Fix pg_recvlogical to not fail against - pre-v10 PostgreSQL servers - (Michael Paquier) - - - - A previous fix caused pg_recvlogical to - issue a command regardless of server version, but it should only be - issued to v10 and later servers. - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 9.4.17 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 9.4.16. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.17 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - - - - - Release 9.4.16 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 9.4.15. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.16 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - Fix spurious deadlock failures when multiple sessions are - running CREATE INDEX CONCURRENTLY (Jeff Janes) - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - Fix logical decoding to correctly clean up disk files for crashed - transactions (Atsushi Torikoshi) - - - - Logical decoding may spill WAL records to disk for transactions - generating many WAL records. Normally these files are cleaned up - after the transaction's commit or abort record arrives; but if - no such record is ever seen, the removal code misbehaved. - - - - - - Fix walsender timeout failure and failure to respond to interrupts - when processing a large transaction (Petr Jelinek) - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - Cope with failure to start a parallel worker process - (Amit Kapila, Robert Haas) - - - - Parallel query previously tended to hang indefinitely if a worker - could not be started, as the result of fork() - failure or other low-probability problems. - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 9.4.15 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.4.14. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.15 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Fix crash when logical decoding is invoked from a SPI-using function, - in particular any function written in a PL language - (Tom Lane) - - - - - - Fix json_build_array(), - json_build_object(), and their jsonb - equivalents to handle explicit VARIADIC arguments - correctly (Michael Paquier) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Avoid SIGBUS crash on Linux when a DSM memory - request exceeds the space available in tmpfs - (Thomas Munro) - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Allow COPY's FREEZE option to - work when the transaction isolation level is REPEATABLE - READ or higher (Noah Misch) - - - - This case was unintentionally broken by a previous bug fix. - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix mis-parsing of the last line in a - non-newline-terminated pg_hba.conf file - (Tom Lane) - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Fix ecpg's handling of out-of-scope cursor - declarations with pointer or array variables (Michael Meskes) - - - - - - In ecpglib, correctly handle backslashes in string literals depending - on whether standard_conforming_strings is set - (Tsunakawa Takayuki) - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.4.14 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.4.13. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.14 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - - Fix failure of walsender processes to respond to shutdown signals - (Marco Nenciarini) - - - - A missed flag update resulted in walsenders continuing to run as long - as they had a standby server connected, preventing primary-server - shutdown unless immediate shutdown mode is used. - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Fix crash in pg_restore when using parallel mode and - using a list file to select a subset of items to restore - (Fabrízio de Royes Mello) - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - - - - - Release 9.4.13 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.4.12. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.13 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.12, - see . - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - Make lo_put() check for UPDATE privilege on - the target large object (Tom Lane, Michael Paquier) - - - - lo_put() should surely require the same permissions - as lowrite(), but the check was missing, allowing any - user to change the data in a large object. - (CVE-2017-7548) - - - - - - Fix concurrent locking of tuple update chains (Álvaro Herrera) - - - - If several sessions concurrently lock a tuple update chain with - nonconflicting lock modes using an old snapshot, and they all - succeed, it was possible for some of them to nonetheless fail (and - conclude there is no live tuple version) due to a race condition. - This had consequences such as foreign-key checks failing to see a - tuple that definitely exists but is being updated concurrently. - - - - - - Fix potential data corruption when freezing a tuple whose XMAX is a - multixact with exactly one still-interesting member (Teodor Sigaev) - - - - - - Avoid integer overflow and ensuing crash when sorting more than one - billion tuples in-memory (Sergey Koposov) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix walsender to exit promptly when client requests - shutdown (Tom Lane) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Prevent walsender-triggered panics during shutdown checkpoints - (Andres Freund, Michael Paquier) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - - Fix logical decoding failure with very wide tuples (Andres Freund) - - - - Logical decoding crashed on tuples that are wider than 64KB (after - compression, but with all data in-line). The case arises only - when REPLICA IDENTITY FULL is enabled for a table - containing such tuples. - - - - - - Fix leakage of small subtransactions spilled to disk during logical - decoding (Andres Freund) - - - - This resulted in temporary files consuming excessive disk space. - - - - - - Reduce the work needed to build snapshots during creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - The previous algorithm was infeasibly expensive on a server with a - lot of open transactions. - - - - - - Fix race condition that could indefinitely delay creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - - - Reduce overhead in processing syscache invalidation events (Tom Lane) - - - - This is particularly helpful for logical decoding, which triggers - frequent cache invalidation. - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Allow window functions to be used in sub-SELECTs that - are within the arguments of an aggregate function (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In libpq, reset GSS/SASL and SSPI authentication - state properly after a failed connection attempt (Michael Paquier) - - - - Failure to do this meant that when falling back from SSL to non-SSL - connections, a GSS/SASL failure in the SSL attempt would always cause - the non-SSL attempt to fail. SSPI did not fail, but it leaked memory. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump and pg_restore to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane) - - - - This prevents errors during dump/restore when a materialized view - refers to tables owned by a different user. - - - - - - Improve pg_dump/pg_restore's - reporting of error conditions originating in zlib - (Vladimir Kunschikov, Álvaro Herrera) - - - - - - Fix pg_dump with the option to - drop event triggers as expected (Tom Lane) - - - - It also now correctly assigns ownership of event triggers; before, - they were restored as being owned by the superuser running the - restore script. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of outer joins with empty constraints, such as the result - of a NATURAL LEFT JOIN with no common columns (Tom Lane) - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - In postgres_fdw, re-establish connections to remote - servers after ALTER SERVER or ALTER USER - MAPPING commands (Kyotaro Horiguchi) - - - - This ensures that option changes affecting connection parameters will - be applied promptly. - - - - - - In postgres_fdw, allow cancellation of remote - transaction control commands (Robert Haas, Rafia Sabih) - - - - This change allows us to quickly escape a wait for an unresponsive - remote server in many more cases than previously. - - - - - - Increase MAX_SYSCACHE_CALLBACKS to provide more room for - extensions (Tom Lane) - - - - - - Always use , not , when building - shared libraries with gcc (Tom Lane) - - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the OpenSSL - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - In MSVC builds, honor PROVE_FLAGS settings - on vcregress.pl's command line (Andrew Dunstan) - - - - - - - - - - Release 9.4.12 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.4.11. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.12 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are using third-party replication tools that depend - on logical decoding, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.11, - see . - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Restore libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson) - - - - Processing of this environment variable was unintentionally dropped - in PostgreSQL 9.3, but its documentation remained. - This creates a security hazard, since users might be relying on the - environment variable to force SSL-encrypted connections, but that - would no longer be guaranteed. Restore handling of the variable, - but give it lower priority than PGSSLMODE, to avoid - breaking configurations that work correctly with post-9.3 code. - (CVE-2017-7485) - - - - - - Fix possibly-invalid initial snapshot during logical decoding - (Petr Jelinek, Andres Freund) - - - - The initial snapshot created for a logical decoding replication slot - was potentially incorrect. This could cause third-party tools that - use logical decoding to copy incomplete/inconsistent initial data. - This was more likely to happen if the source server was busy at the - time of slot creation, or if another logical slot already existed. - - - - If you are using a replication tool that depends on logical decoding, - and it should have copied a nonempty data set at the start of - replication, it is advisable to recreate the replica after - installing this update, or to verify its contents against the source - server. - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Avoid possible crash in walsender due to failure - to initialize a string buffer (Stas Kelvich, Fujii Masao) - - - - - - Fix postmaster's handling of fork() failure for a - background worker process (Tom Lane) - - - - Previously, the postmaster updated portions of its state as though - the process had been launched successfully, resulting in subsequent - confusion. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix integer-overflow problems in interval comparison (Kyotaro - Horiguchi, Tom Lane) - - - - The comparison operators for type interval could yield wrong - answers for intervals larger than about 296000 years. Indexes on - columns containing such large values should be reindexed, since they - may be corrupt. - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Fix roundoff problems in float8_timestamptz() - and make_interval() (Tom Lane) - - - - These functions truncated, rather than rounded, when converting a - floating-point value to integer microseconds; that could cause - unexpectedly off-by-one results. - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Reduce memory management overhead for contexts containing many large - blocks (Tom Lane) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Fix contrib/pg_trgm's extraction of trigrams from regular - expressions (Tom Lane) - - - - In some cases it would produce a broken data structure that could never - match anything, leading to GIN or GiST indexscans that use a trigram - index not finding any matches to the regular expression. - - - - - - In contrib/postgres_fdw, - transmit query cancellation requests to the remote server - (Michael Paquier, Etsuro Fujita) - - - - Previously, a local query cancellation request did not cause an - already-sent remote query to terminate early. This is a back-patch - of work originally done for 9.6. - - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane) - - - - This is a back-patch of work previously done in newer branches; - it's needed since many platforms are adopting newer OpenSSL versions. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.4.11 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.4.10. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.11 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.4.10, - see . - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Ensure that the special snapshot used for catalog scans is not - invalidated by premature data pruning (Tom Lane) - - - - Backends failed to account for this snapshot when advertising their - oldest xmin, potentially allowing concurrent vacuuming operations to - remove data that was still needed. This led to transient failures - along the lines of cache lookup failed for relation 1255. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - Reduce interlocking on standby servers during the replay of btree - index vacuuming operations (Simon Riggs) - - - - This change avoids substantial replication delays that sometimes - occurred while replaying such operations. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Ensure that hot standby feedback works correctly when it's enabled at - standby server start (Ants Aasma, Craig Ringer) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Fix incorrect updating of trigger function properties when changing a - foreign-key constraint's deferrability properties with ALTER - TABLE ... ALTER CONSTRAINT (Tom Lane) - - - - This led to odd failures during subsequent exercise of the foreign - key, as the triggers were fired at the wrong times. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Fix CREATE OR REPLACE VIEW to update the view query - before attempting to apply the new view options (Dean Rasheed) - - - - Previously the command would fail if the new options were - inconsistent with the old view definition. - - - - - - Report correct object identity during ALTER TEXT SEARCH - CONFIGURATION (Artur Zakirov) - - - - The wrong catalog OID was reported to extensions such as logical - decoding. - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Prevent multicolumn expansion of foo.* in - an UPDATE source expression (Tom Lane) - - - - This led to UPDATE target count mismatch --- internal - error. Now the syntax is understood as a whole-row variable, - as it would be in other contexts. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Ensure that cached plans are invalidated by changes in foreign-table - options (Amit Langote, Etsuro Fujita, Ashutosh Bapat) - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix pg_restore with - to behave more sanely if an archive contains - unrecognized DROP commands (Tom Lane) - - - - This doesn't fix any live bug, but it may improve the behavior in - future if pg_restore is used with an archive - generated by a later pg_dump version. - - - - - - Fix pg_basebackup's rate limiting in the presence of - slow I/O (Antonin Houska) - - - - If disk I/O was transiently much slower than the specified rate - limit, the calculation overflowed, effectively disabling the rate - limit for the rest of the run. - - - - - - Fix pg_basebackup's handling of - symlinked pg_stat_tmp and pg_replslot - subdirectories (Magnus Hagander, Michael Paquier) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - Teach contrib/dblink to ignore irrelevant server options - when it uses a contrib/postgres_fdw foreign server as - the source of connection options (Corey Huinker) - - - - Previously, if the foreign server object had options that were not - also libpq connection options, an error occurred. - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.4.10 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.4.9. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.10 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted free space maps. - - - - Also, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Fix WAL-logging of truncation of relation free space maps and - visibility maps (Pavan Deolasee, Heikki Linnakangas) - - - - It was possible for these files to not be correctly restored during - crash recovery, or to be written incorrectly on a standby server. - Bogus entries in a free space map could lead to attempts to access - pages that have been truncated away from the relation itself, typically - producing errors like could not read block XXX: - read only 0 of 8192 bytes. Checksum failures in the - visibility map are also possible, if checksumming is enabled. - - - - Procedures for determining whether there is a problem and repairing it - if so are discussed at - . - - - - - - Fix incorrect creation of GIN index WAL records on big-endian machines - (Tom Lane) - - - - The typical symptom was unexpected GIN leaf action errors - during WAL replay. - - - - - - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that - have been updated by a subsequently-aborted transaction - (Álvaro Herrera) - - - - In 9.5 and later, the SELECT would sometimes fail to - return such tuples at all. A failure has not been proven to occur in - earlier releases, but might be possible with concurrent updates. - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix query-lifespan memory leak in a bulk UPDATE on a table - with a PRIMARY KEY or REPLICA IDENTITY index - (Tom Lane) - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix logical WAL decoding to work properly when a subtransaction's WAL - output is large enough to spill to disk (Andres Freund) - - - - - - - Fix buffer overread in logical WAL decoding (Tom Lane) - - - - Logical decoding of a tuple update record read 23 bytes too many, - which was usually harmless but with very bad luck could result in a - crash. - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Properly initialize replication slot state when recycling a - previously-used slot (Michael Paquier) - - - - This failure to reset all of the fields of the slot could - prevent VACUUM from removing dead tuples. - - - - - - Round shared-memory allocation request to a multiple of the actual - huge page size when attempting to use huge pages on Linux (Tom Lane) - - - - This avoids possible failures during munmap() on systems - with atypical default huge page sizes. Except in crash-recovery - cases, there were no ill effects other than a log message. - - - - - - Use a more random value for the dynamic shared memory control - segment's ID (Robert Haas, Tom Lane) - - - - Previously, the same value would be chosen every time, because it was - derived from random() but srandom() had not - yet been called. While relatively harmless, this was not the intended - behavior. - - - - - - On Windows, retry creation of the dynamic shared memory control - segment after an access-denied error (Kyotaro Horiguchi, Amit Kapila) - - - - Windows sometimes returns ERROR_ACCESS_DENIED rather - than ERROR_ALREADY_EXISTS when there is an existing - segment. This led to postmaster startup failure due to believing that - the former was an unrecoverable error. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's and - options work consistently with our other executables (Haribabu Kommi) - - - - - - Fix pgbench's calculation of average latency - (Fabien Coelho) - - - - The calculation was incorrect when there were \sleep - commands in the script, or when the test duration was specified in - number of transactions rather than total time. - - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - In pg_xlogdump, retry opening new WAL segments when - using option (Magnus Hagander) - - - - This allows for a possible delay in the server's creation of the next - segment. - - - - - - Fix pg_xlogdump to cope with a WAL file that begins - with a continuation record spanning more than one page (Pavan - Deolasee) - - - - - - Fix contrib/pg_buffercache to work - when shared_buffers exceeds 256GB (KaiGai Kohei) - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the option - (Daniel Gustafsson) - - - - - - Install TAP test infrastructure so that it's available for extension - testing (Craig Ringer) - - - - When PostgreSQL has been configured - with , make install will now - install the Perl support files for TAP testing where PGXS can find - them. This allows non-core extensions to - use $(prove_check) without extra tests. - - - - - - In MSVC builds, include pg_recvlogical in a - client-only installation (MauMau) - - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.4.9 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.4.8. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.9 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new option - in psql's \connect command to allow - explicit control of whether to re-use connection parameters from a - previous connection. (Without this, the choice is based on whether - the database name looks like a conninfo string, as before.) This - allows secure handling of database names containing special - characters in pg_dumpall scripts. - - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Avoid possible crash in pg_get_expr() when inconsistent - values are passed to it (Michael Paquier, Thomas Munro) - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Do not run the planner on the query contained in CREATE - MATERIALIZED VIEW or CREATE TABLE AS - when WITH NO DATA is specified (Michael Paquier, - Tom Lane) - - - - This avoids some unnecessary failure conditions, for example if a - stable function invoked by the materialized view depends on a table - that doesn't exist yet. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Fix hint bit update during WAL replay of row locking operations - (Andres Freund) - - - - The only known consequence of this problem is that row locks held by - a prepared, but uncommitted, transaction might fail to be enforced - after a crash and restart. - - - - - - Avoid unnecessary could not serialize access errors when - acquiring FOR KEY SHARE row locks in serializable mode - (Álvaro Herrera) - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - Fix possible loss of large subtransactions in logical decoding - (Petru-Florin Mihancea) - - - - - - Fix failure of logical decoding when a subtransaction contains no - actual changes (Marko Tiikkaja, Andrew Gierth) - - - - - - Ensure that backends see up-to-date statistics for shared catalogs - (Tom Lane) - - - - The statistics collector failed to update the statistics file for - shared catalogs after a request from a regular backend. This problem - was partially masked because the autovacuum launcher regularly makes - requests that did cause such updates; however, it became obvious with - autovacuum disabled. - - - - - - Avoid redundant writes of the statistics files when multiple - backends request updates close together (Tom Lane, Tomas Vondra) - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - Prevent possible failure when vacuuming multixact IDs in an - installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, - Álvaro Herrera) - - - - The usual symptom of this bug is errors - like MultiXactId NNN has not been created - yet -- apparent wraparound. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Avoid duplicate buffer lock release when abandoning a b-tree index - page deletion attempt (Tom Lane) - - - - This mistake prevented VACUUM from completing in some - cases involving corrupt b-tree indexes. - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - In pg_dump with both and - options, avoid emitting an unwanted CREATE SCHEMA public - command (David Johnston, Tom Lane) - - - - - - Improve handling of SIGTERM/control-C in - parallel pg_dump and pg_restore (Tom - Lane) - - - - Make sure that the worker processes will exit promptly, and also arrange - to send query-cancel requests to the connected backends, in case they - are doing something long-running such as a CREATE INDEX. - - - - - - Fix error reporting in parallel pg_dump - and pg_restore (Tom Lane) - - - - Previously, errors reported by pg_dump - or pg_restore worker processes might never make it to - the user's console, because the messages went through the master - process, and there were various deadlock scenarios that would prevent - the master process from passing on the messages. Instead, just print - everything to stderr. In some cases this will result in - duplicate messages (for instance, if all the workers report a server - shutdown), but that seems better than no message. - - - - - - Ensure that parallel pg_dump - or pg_restore on Windows will shut down properly - after an error (Kyotaro Horiguchi) - - - - Previously, it would report the error, but then just sit until - manually stopped by the user. - - - - - - Make pg_dump behave better when built without zlib - support (Kyotaro Horiguchi) - - - - It didn't work right for parallel dumps, and emitted some rather - pointless warnings in other cases. - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Be more predictable about reporting statement timeout - versus lock timeout (Tom Lane) - - - - On heavily loaded machines, the regression tests sometimes failed due - to reporting lock timeout even though the statement timeout - should have occurred first. - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.4.8 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.4.7. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.8 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - Fix query-lifespan memory leak in GIN index scans (Julien Rouhaud) - - - - - - Fix query-lifespan memory leak and potential index corruption hazard in - GIN index insertion (Tom Lane) - - - - The memory leak would typically not amount to much in simple queries, - but it could be very substantial during a large GIN index build with - high maintenance_work_mem. - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Disallow newlines in ALTER SYSTEM parameter values - (Tom Lane) - - - - The configuration-file parser doesn't support embedded newlines in - string literals, so we mustn't allow them in values to be inserted - by ALTER SYSTEM. - - - - - - Fix ALTER TABLE ... REPLICA IDENTITY USING INDEX to - work properly if an index on OID is selected (David Rowley) - - - - - - Fix crash in logical decoding on alignment-picky platforms (Tom Lane, - Andres Freund) - - - - The failure occurred only with a transaction large enough to spill to - disk and a primary-key change within that transaction. - - - - - - Avoid repeated requests for feedback from receiver while shutting down - walsender (Nick Cleaton) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Fix pg_upgrade to not fail when new-cluster TOAST rules - differ from old (Tom Lane) - - - - pg_upgrade had special-case code to handle the - situation where the new PostgreSQL version thinks that - a table should have a TOAST table while the old version did not. That - code was broken, so remove it, and instead do nothing in such cases; - there seems no reason to believe that we can't get along fine without - a TOAST table if that was okay according to the old version's rules. - - - - - - Reduce the number of SysV semaphores used by a build configured with - (Tom Lane) - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Fix putenv() to work properly with Visual Studio 2013 - (Michael Paquier) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.4.7 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.4.6. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.7 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Fix bug in json_to_record() when a field of its input - object contains a sub-object with a field name matching one of the - requested output column names (Tom Lane) - - - - - - Fix misformatting of negative time zone offsets - by to_char()'s OF format code - (Thomas Munro, Tom Lane) - - - - - - Ignore parameter until - recovery has reached a consistent state (Michael Paquier) - - - - Previously, standby servers would delay application of WAL records in - response to recovery_min_apply_delay even while replaying - the initial portion of WAL needed to make their database state valid. - Since the standby is useless until it's reached a consistent database - state, this was deemed unhelpful. - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix assorted bugs in logical decoding (Andres Freund) - - - - Trouble cases included tuples larger than one page when replica - identity is FULL, UPDATEs that change a - primary key within a transaction large enough to be spooled to disk, - incorrect reports of subxact logged without previous toplevel - record, and incorrect reporting of a transaction's commit time. - - - - - - Fix planner error with nested security barrier views when the outer - view has a WHERE clause containing a correlated subquery - (Dean Rasheed) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In pg_upgrade, skip creating a deletion script when - the new data directory is inside the old data directory (Bruce - Momjian) - - - - Blind application of the script in such cases would result in loss of - the new data directory. - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.4.6 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.4.5. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.6 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading an installation that contains any GIN - indexes that use the (non-default) jsonb_path_ops operator - class, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.4, - see . - - - - - Changes - - - - - - - - Fix inconsistent hash calculations in jsonb_path_ops GIN - indexes (Tom Lane) - - - - When processing jsonb values that contain both scalars and - sub-objects at the same nesting level, for example an array containing - both scalars and sub-arrays, key hash values could be calculated - differently than they would be for the same key in a different context. - This could result in queries not finding entries that they should find. - Fixing this means that existing indexes may now be inconsistent with the - new hash calculation code. Users - should REINDEX jsonb_path_ops GIN indexes after - installing this update to make sure that all searches work as expected. - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - - - Ensure walsender slots are fully re-initialized when being re-used - (Magnus Hagander) - - - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - - - Fix possible crash after doing query rewrite for an updatable view - (Stephen Frost) - - - - - - - - Fix planner's handling of LATERAL references (Tom - Lane) - - - - This fixes some corner cases that led to failed to build any - N-way joins or could not devise a query plan planner - failures. - - - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - - - Speed up generation of unique table aliases in EXPLAIN and - rule dumping, and ensure that generated aliases do not - exceed NAMEDATALEN (Tom Lane) - - - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - - - Translation of minus-infinity dates and timestamps to json - or jsonb incorrectly rendered them as plus-infinity (Tom Lane) - - - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with no - longer fails on tables with more than 8GB of data, and so - that pg_basebackup can handle files larger than 8GB. - In addition, fix some portability issues that could cause failures for - members between 4GB and 8GB on some platforms. Potentially these - problems could cause unrecoverable data loss due to unreadable backup - files. - - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - - - Avoid repeated password prompts during parallel pg_dump - (Zeus Kronion) - - - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - - - Fix failure to localize messages emitted - by pg_receivexlog and pg_recvlogical - (Ioseph Kim) - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - - - Fix premature clearing of libpq's input buffer when - socket EOF is seen (Tom Lane) - - - - This mistake caused libpq to sometimes not report the - backend's final error message before reporting server closed the - connection unexpectedly. - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Fix hstore_to_json_loose()'s test for whether - an hstore value can be converted to a JSON number (Tom Lane) - - - - Previously this function could be fooled by non-alphanumeric trailing - characters, leading to emitting syntactically-invalid JSON. - - - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - In contrib/postgres_fdw, fix bugs triggered by use - of tableoid in data-modifying commands (Etsuro Fujita, - Robert Haas) - - - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Improve reproducibility of build output by ensuring filenames are given - to the linker in a fixed order (Christoph Berg) - - - - This avoids possible bitwise differences in the produced executable - files from one build to the next. - - - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.4.5 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.4.4. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.5 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.4, - see . - - - - - Changes - - - - - - - - Guard against stack overflows in json parsing - (Oskari Saarenmaa) - - - - If an application constructs PostgreSQL json - or jsonb values from arbitrary user input, the application's - users can reliably crash the PostgreSQL server, causing momentary - denial of service. (CVE-2015-5289) - - - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - - - Fix possible deadlock during WAL insertion - when commit_delay is set (Heikki Linnakangas) - - - - - - - - Ensure all relations referred to by an updatable view are properly - locked during an update statement (Dean Rasheed) - - - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - - - Fix performance problem when a session alters large numbers of foreign - key constraints (Jan Wieck, Tom Lane) - - - - This was seen primarily when restoring pg_dump output - for databases with many thousands of tables. - - - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - - - Avoid logging complaints when a parameter that can only be set at - server start appears multiple times in postgresql.conf, - and fix counting of line numbers after an include_dir - directive (Tom Lane) - - - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - - - In regular expression execution, correctly record match data for - capturing parentheses within a quantifier even when the match is - zero-length (Tom Lane) - - - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - - - Improve planner's performance for UPDATE/DELETE - on large inheritance sets (Tom Lane, Dean Rasheed) - - - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - - - Ensure that the postmaster does not exit until all its child processes - are gone, even in an immediate shutdown (Tom Lane) - - - - Like the previous item, this avoids possible race conditions against a - subsequently-started postmaster. - - - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - - - Make emergency autovacuuming for multixact wraparound more robust - (Andres Freund) - - - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - - - Fix handling of all-zeroes pages in SP-GiST indexes (Heikki - Linnakangas) - - - - VACUUM attempted to recycle such pages, but did so in a - way that wasn't crash-safe. - - - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - - - Improve contrib/pg_stat_statements' handling of - query-text garbage collection (Peter Geoghegan) - - - - The external file containing query texts could bloat to very large - sizes; once it got past 1GB attempts to trim it would fail, soon - leading to situations where the file could not be read at all. - - - - - - - - Improve contrib/postgres_fdw's handling of - collation-related decisions (Tom Lane) - - - - The main user-visible effect is expected to be that comparisons - involving varchar columns will be sent to the remote server - for execution in more cases than before. - - - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - - - Make pg_dump handle inherited NOT VALID - check constraints correctly (Tom Lane) - - - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping data types from pre-9.2 servers, and when dumping - functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - - - Fix pgbench's progress-report behavior when a query, - or pgbench itself, gets stuck (Fabien Coelho) - - - - - - - - Fix spinlock assembly code for Alpha hardware (Tom Lane) - - - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - - - Translate encoding UHC as Windows code page 949 - (Noah Misch) - - - - This fixes presentation of non-ASCII log messages from processes that - are not attached to any particular database, such as the postmaster. - - - - - - - - On Windows, avoid failure when doing encoding conversion to UTF16 - outside a transaction, such as for log messages (Noah Misch) - - - - - - - - Fix postmaster startup failure due to not - copying setlocale()'s return value (Noah Misch) - - - - This has been reported on Windows systems with the ANSI code page set - to CP936 (Chinese (Simplified, PRC)), and may occur with - other multibyte code pages. - - - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.4.4 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.4.3. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.4 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading an installation that was previously - upgraded using a pg_upgrade version between 9.3.0 and - 9.3.4 inclusive, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.2, - see . - - - - - Changes - - - - - - - - Fix possible failure to recover from an inconsistent database state - (Robert Haas) - - - - Recent PostgreSQL releases introduced mechanisms to - protect against multixact wraparound, but some of that code did not - account for the possibility that it would need to run during crash - recovery, when the database may not be in a consistent state. This - could result in failure to restart after a crash, or failure to start - up a secondary server. The lingering effects of a previously-fixed - bug in pg_upgrade could also cause such a failure, in - installations that had used pg_upgrade versions - between 9.3.0 and 9.3.4. - - - - The pg_upgrade bug in question was that it would - set oldestMultiXid to 1 in pg_control even - if the true value should be higher. With the fixes introduced in - this release, such a situation will result in immediate emergency - autovacuuming until a correct oldestMultiXid value can - be determined. If that would pose a hardship, users can avoid it by - doing manual vacuuming before upgrading to this release. - In detail: - - - - - Check whether pg_controldata reports Latest - checkpoint's oldestMultiXid to be 1. If not, there's nothing - to do. - - - - - Look in PGDATA/pg_multixact/offsets to see if there's a - file named 0000. If there is, there's nothing to do. - - - - - Otherwise, for each table that has - pg_class.relminmxid equal to 1, - VACUUM that table with - both - and set to - zero. (You can use the vacuum cost delay parameters described - in to reduce - the performance consequences for concurrent sessions.) - - - - - - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - Improve planner's cost estimates for semi-joins and anti-joins with - inner indexscans (Tom Lane, Tomas Vondra) - - - - This type of plan is quite cheap when all the join clauses are used - as index scan conditions, even if the inner scan would nominally - fetch many rows, because the executor will stop after obtaining one - row. The planner only partially accounted for that effect, and would - therefore overestimate the cost, leading it to possibly choose some - other much less efficient plan type. - - - - - - - - - - Release 9.4.3 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.4.2. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.3 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.2, - see . - - - - - Changes - - - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - Also apply the same rules in initdb --sync-only. - This case is less critical but it should act similarly. - - - - - - - - Fix pg_get_functiondef() to show - functions' LEAKPROOF property, if set (Jeevan Chalke) - - - - - - - - Fix pushJsonbValue() to unpack jbvBinary - objects (Andrew Dunstan) - - - - This change does not affect any behavior in the core code as of 9.4, - but it avoids a corner case for possible third-party callers. - - - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - - - - - Release 9.4.2 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.4.1. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.2 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.4.1, - see . - - - - - Changes - - - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - - - Protect against wraparound of multixact member IDs - (Álvaro Herrera, Robert Haas, Thomas Munro) - - - - Under certain usage patterns, the existing defenses against this might - be insufficient, allowing pg_multixact/members files to be - removed too early, resulting in data loss. - The fix for this includes modifying the server to fail transactions - that would result in overwriting old multixact member ID data, and - improving autovacuum to ensure it will act proactively to prevent - multixact member ID wraparound, as it does for transaction ID - wraparound. - - - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - - - Render infinite dates and timestamps as infinity when - converting to json, rather than throwing an error - (Andrew Dunstan) - - - - - - - - Fix json/jsonb's populate_record() - and to_record() functions to handle empty input properly - (Andrew Dunstan) - - - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - - - Fix behavior when changing foreign key constraint deferrability status - with ALTER TABLE ... ALTER CONSTRAINT (Tom Lane) - - - - Operations later in the same session or concurrent sessions might not - honor the status change promptly. - - - - - - - - Fix planning of star-schema-style queries (Tom Lane) - - - - Sometimes, efficient scanning of a large table requires that index - parameters be provided from more than one other table (commonly, - dimension tables whose keys are needed to index a large fact table). - The planner should be able to find such plans, but an overly - restrictive search heuristic prevented it. - - - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - - - Ensure that row locking occurs properly when the target of - an UPDATE or DELETE is a security-barrier view - (Stephen Frost) - - - - - - - - Use a file opened for read/write when syncing replication slot data - during database startup (Andres Freund) - - - - On some platforms, the previous coding could result in errors like - could not fsync file "pg_replslot/...": Bad file descriptor. - - - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - - - Fix failure to handle invalidation messages for system catalogs - early in session startup (Tom Lane) - - - - This oversight could result in failures in sessions that start - concurrently with a VACUUM FULL on a system catalog. - - - - - - - - Fix crash in BackendIdGetTransactionIds() when trying - to get status for a backend process that just exited (Tom Lane) - - - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - - - Fix crash when doing COPY IN to a table with check - constraints that contain whole-row references (Tom Lane) - - - - The known failure case only crashes in 9.4 and up, but there is very - similar code in 9.3 and 9.2, so back-patch those branches as well. - - - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - - - Avoid busy-waiting with short recovery_min_apply_delay - values (Andres Freund) - - - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - - - Fix memory leaks in GIN index vacuum (Heikki Linnakangas) - - - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - - - Include the schema name in object identity strings for conversions - (Álvaro Herrera) - - - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - - - Fix status reporting for terminated background workers that were never - actually started (Robert Haas) - - - - - - - - After a database crash, don't restart background workers that are - marked BGW_NEVER_RESTART (Amit Khandekar) - - - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - - - In libpq, fix misparsing of empty values in URI - connection strings (Thomas Fanghaenel) - - - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - - - Avoid possible pg_dump failure when concurrent sessions - are creating and dropping temporary functions (Tom Lane) - - - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - - - Ensure that a view's replication identity is correctly set - to nothing during dump/restore (Marko Tiikkaja) - - - - Previously, if the view was involved in a circular dependency, - it might wind up with an incorrect replication identity property. - - - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - - - Silence some build warnings on macOS (Tom Lane) - - - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.4.1 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.4.0. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.1 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are a Windows user and are using the Norwegian - (Bokmål) locale, manual action is needed after the upgrade to - replace any Norwegian (Bokmål)_Norway - or norwegian-bokmal locale names stored - in PostgreSQL system catalogs with the plain-ASCII - alias Norwegian_Norway. For details see - - - - - - Changes - - - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - - - Cope with the Windows locale named Norwegian (Bokmål) - (Heikki Linnakangas) - - - - Non-ASCII locale names are problematic since it's not clear what - encoding they should be represented in. Map the troublesome locale - name to a plain-ASCII alias, Norwegian_Norway. - - - - 9.4.0 mapped the troublesome name to norwegian-bokmal, - but that turns out not to work on all Windows configurations. - Norwegian_Norway is now recommended instead. - - - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - - - Avoid possible deadlock while trying to acquire tuple locks - in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood) - - - - - - - - Fix failure to wait when a transaction tries to acquire a FOR - NO KEY EXCLUSIVE tuple lock, while multiple other transactions - currently hold FOR SHARE locks (Álvaro Herrera) - - - - - - - - Improve performance of EXPLAIN with large range tables - (Tom Lane) - - - - - - - - Fix jsonb Unicode escape processing, and in consequence - disallow \u0000 (Tom Lane) - - - - Previously, the JSON Unicode escape \u0000 was accepted - and was stored as those six characters; but that is indistinguishable - from what is stored for the input \\u0000, resulting in - ambiguity. Moreover, in cases where de-escaped textual output is - expected, such as the ->> operator, the sequence was - printed as \u0000, which does not meet the expectation - that JSON escaping would be removed. (Consistent behavior would - require emitting a zero byte, but PostgreSQL does not - support zero bytes embedded in text strings.) 9.4.0 included an - ill-advised attempt to improve this situation by adjusting JSON output - conversion rules; but of course that could not fix the fundamental - ambiguity, and it turned out to break other usages of Unicode escape - sequences. Revert that, and to avoid the core problem, - reject \u0000 in jsonb input. - - - - If a jsonb column contains a \u0000 value stored - with 9.4.0, it will henceforth read out as though it - were \\u0000, which is the other valid interpretation of - the data stored by 9.4.0 for this case. - - - - The json type did not have the storage-ambiguity problem, but - it did have the problem of inconsistent de-escaped textual output. - Therefore \u0000 will now also be rejected - in json values when conversion to de-escaped form is - required. This change does not break the ability to - store \u0000 in json columns so long as no - processing is done on the values. This is exactly parallel to the - cases in which non-ASCII Unicode escapes are allowed when the database - encoding is not UTF8. - - - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - - - Fix assorted oversights in range-operator selectivity estimation - (Emre Hasegeli) - - - - This patch fixes corner-case unexpected operator NNNN planner - errors, and improves the selectivity estimates for some other cases. - - - - - - - - Revert unintended reduction in maximum size of a GIN index item - (Heikki Linnakangas) - - - - 9.4.0 could fail with index row size exceeds maximum errors - for data that previous versions would accept. - - - - - - - - Fix query-duration memory leak during repeated GIN index rescans - (Heikki Linnakangas) - - - - - - - - Fix possible crash when using - nonzero gin_fuzzy_search_limit (Heikki Linnakangas) - - - - - - - - Assorted fixes for logical decoding (Andres Freund) - - - - - - - - Fix incorrect replay of WAL parameter change records that report - changes in the wal_log_hints setting (Petr Jelinek) - - - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - - - Fix libpq's behavior when /etc/passwd - isn't readable (Tom Lane) - - - - While doing PQsetdbLogin(), libpq - attempts to ascertain the user's operating system name, which on most - Unix platforms involves reading /etc/passwd. As of 9.4, - failure to do that was treated as a hard error. Restore the previous - behavior, which was to fail only if the application does not provide a - database role name to connect as. This supports operation in chroot - environments that lack an /etc/passwd file. - - - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - - - Fix pg_dump to handle comments on event triggers - without failing (Tom Lane) - - - - - - - - Allow parallel pg_dump to - use (Kevin Grittner) - - - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - - - Allow CFLAGS from configure's environment - to override automatically-supplied CFLAGS (Tom Lane) - - - - Previously, configure would add any switches that it - chose of its own accord to the end of the - user-specified CFLAGS string. Since most compilers - process switches left-to-right, this meant that configure's choices - would override the user-specified flags in case of conflicts. That - should work the other way around, so adjust the logic to put the - user's string at the end not the beginning. - - - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - - - Add CST (China Standard Time) to our lists of timezone abbreviations - (Tom Lane) - - - - - - - - Update time zone data files to tzdata release 2015a - for DST law changes in Chile and Mexico, plus historical changes in - Iceland. - - - - - - - - - - Release 9.4 - - - Release date: - 2014-12-18 - - - - Overview - - - Major enhancements in PostgreSQL 9.4 include: - - - - - - - - - Add jsonb, a more - capable and efficient data type for storing JSON data - - - - - - Add new SQL command - for changing postgresql.conf configuration file entries - - - - - - Reduce lock strength for some - commands - - - - - - Allow materialized views - to be refreshed without blocking concurrent reads - - - - - - Add support for logical decoding - of WAL data, to allow database changes to be streamed out in a - customizable format - - - - - - Allow background worker processes - to be dynamically registered, started and terminated - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.4 - - - A dump/restore using , or use - of , is required for those wishing to migrate - data from any previous release. - - - - Version 9.4 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - - - - Tighten checks for multidimensional array input (Bruce Momjian) - - - - Previously, an input array string that started with a single-element - sub-array could later contain multi-element sub-arrays, - e.g. '{{1}, {2,3}}'::int[] would be accepted. - - - - - - When converting values of type date, timestamp - or timestamptz - to JSON, render the - values in a format compliant with ISO 8601 (Andrew Dunstan) - - - - Previously such values were rendered according to the current - setting; but many JSON processors - require timestamps to be in ISO 8601 format. If necessary, the - previous behavior can be obtained by explicitly casting the datetime - value to text before passing it to the JSON conversion - function. - - - - - - The json - #> text[] path extraction operator now - returns its lefthand input, not NULL, if the array is empty (Tom Lane) - - - - This is consistent with the notion that this represents zero - applications of the simple field/element extraction - operator ->. Similarly, json - #>> text[] with an empty array merely - coerces its lefthand input to text. - - - - - - Corner cases in - the JSON - field/element/path extraction operators now return NULL rather - than raising an error (Tom Lane) - - - - For example, applying field extraction to a JSON array now yields NULL - not an error. This is more consistent (since some comparable cases such - as no-such-field already returned NULL), and it makes it safe to create - expression indexes that use these operators, since they will now not - throw errors for any valid JSON input. - - - - - - Cause consecutive whitespace in to_timestamp() - and to_date() format strings to consume a corresponding - number of characters in the input string (whitespace or not), then - conditionally consume adjacent whitespace, if not in FX - mode (Jeevan Chalke) - - - - Previously, consecutive whitespace characters in a non-FX - format string behaved like a single whitespace character and consumed - all adjacent whitespace in the input string. For example, previously - a format string of three spaces would consume only the first space in - ' 12', but it will now consume all three characters. - - - - - - Fix ts_rank_cd() - to ignore stripped lexemes (Alex Hill) - - - - Previously, stripped lexemes were treated as if they had a default - location, producing a rank of dubious usefulness. - - - - - - For functions declared to - take VARIADIC - "any", an actual parameter marked as VARIADIC - must be of a determinable array type (Pavel Stehule) - - - - Such parameters can no longer be written as an undecorated string - literal or NULL; a cast to an appropriate array data type - will now be required. Note that this does not affect parameters not - marked VARIADIC. - - - - - - Ensure that whole-row variables expose the expected column names - to functions that pay attention to column names within composite - arguments (Tom Lane) - - - - Constructs like row_to_json(tab.*) now always emit column - names that match the column aliases visible for table tab - at the point of the call. In previous releases the emitted column - names would sometimes be the table's actual column names regardless - of any aliases assigned in the query. - - - - - - now also discards sequence-related state - (Fabrízio de Royes Mello, Robert Haas) - - - - - - Rename EXPLAIN - ANALYZE's total runtime output - to execution time (Tom Lane) - - - - Now that planning time is also reported, the previous name was - confusing. - - - - - - SHOW TIME ZONE now - outputs simple numeric UTC offsets in POSIX timezone - format (Tom Lane) - - - - Previously, such timezone settings were displayed as interval values. - The new output is properly interpreted by SET TIME ZONE - when passed as a simple string, whereas the old output required - special treatment to be re-parsed correctly. - - - - - - Foreign data wrappers that support updating foreign tables must - consider the possible presence of AFTER ROW triggers - (Noah Misch) - - - - When an AFTER ROW trigger is present, all columns of the - table must be returned by updating actions, since the trigger might - inspect any or all of them. Previously, foreign tables never had - triggers, so the FDW might optimize away fetching columns not mentioned - in the RETURNING clause (if any). - - - - - - Prevent CHECK - constraints from referencing system columns, except - tableoid (Amit Kapila) - - - - Previously such check constraints were allowed, but they would often - cause errors during restores. - - - - - - Use the last specified recovery - target parameter if multiple target parameters are specified - (Heikki Linnakangas) - - - - Previously, there was an undocumented precedence order among - the recovery_target_xxx parameters. - - - - - - On Windows, automatically preserve quotes in command strings supplied - by the user (Heikki Linnakangas) - - - - User commands that did their own quote preservation might need - adjustment. This is likely to be an issue for commands used in - , , - and COPY TO/FROM PROGRAM. - - - - - - Remove catalog column pg_class.reltoastidxid - (Michael Paquier) - - - - - - Remove catalog column pg_rewrite.ev_attr - (Kevin Grittner) - - - - Per-column rules have not been supported since - PostgreSQL 7.3. - - - - - - Remove native support for Kerberos authentication - (, etc) - (Magnus Hagander) - - - - The supported way to use Kerberos authentication is - with GSSAPI. The native code has been deprecated since - PostgreSQL 8.3. - - - - - - In PL/Python, handle domains over arrays like the - underlying array type (Rodolfo Campero) - - - - Previously such values were treated as strings. - - - - - - Make libpq's PQconnectdbParams() - and PQpingParams() - functions process zero-length strings as defaults (Adrian - Vondendriesch) - - - - Previously, these functions treated zero-length string values as - selecting the default in only some cases. - - - - - - Change empty arrays returned by the module - to be zero-dimensional arrays (Bruce Momjian) - - - - Previously, empty arrays were returned as zero-length one-dimensional - arrays, whose text representation looked the same as zero-dimensional - arrays ({}), but they acted differently in array - operations. intarray's behavior in this area now - matches the built-in array operators. - - - - - - now uses - or to specify the user name (Bruce Momjian) - - - - Previously this option was spelled or , - but that was inconsistent with other tools. - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.4 and the previous major - release. - - - - Server - - - - - - Allow background worker processes - to be dynamically registered, started and terminated (Robert Haas) - - - - The new worker_spi module shows an example of use - of this feature. - - - - - - Allow dynamic allocation of shared memory segments (Robert Haas, - Amit Kapila) - - - - This feature is illustrated in the test_shm_mq - module. - - - - - - During crash recovery or immediate shutdown, send uncatchable - termination signals (SIGKILL) to child processes - that do not shut down promptly (MauMau, Álvaro Herrera) - - - - This reduces the likelihood of leaving orphaned child processes - behind after shutdown, as well - as ensuring that crash recovery can proceed if some child processes - have become stuck. - - - - - - Improve randomness of the database system identifier (Tom Lane) - - - - - - Make properly report dead but - not-yet-removable rows to the statistics collector (Hari Babu) - - - - Previously these were reported as live rows. - - - - - - - Indexes - - - - - - Reduce GIN index size - (Alexander Korotkov, Heikki Linnakangas) - - - - Indexes upgraded via will work fine - but will still be in the old, larger GIN format. - Use to recreate old GIN indexes in the - new format. - - - - - - Improve speed of multi-key GIN lookups (Alexander Korotkov, - Heikki Linnakangas) - - - - - - Add GiST index support - for inet and - cidr data types - (Emre Hasegeli) - - - - Such indexes improve subnet and supernet - lookups and ordering comparisons. - - - - - - Fix rare race condition in B-tree page deletion (Heikki Linnakangas) - - - - - - Make the handling of interrupted B-tree page splits more robust - (Heikki Linnakangas) - - - - - - - - - General Performance - - - - - - Allow multiple backends to insert - into WAL buffers - concurrently (Heikki Linnakangas) - - - - This improves parallel write performance. - - - - - - Conditionally write only the modified portion of updated rows to - WAL (Amit Kapila) - - - - - - Improve performance of aggregate functions used as window functions - (David Rowley, Florian Pflug, Tom Lane) - - - - - - Improve speed of aggregates that - use numeric state - values (Hadi Moshayedi) - - - - - - Attempt to freeze - tuples when tables are rewritten with or VACUUM FULL (Robert Haas, - Andres Freund) - - - - This can avoid the need to freeze the tuples in the future. - - - - - - Improve speed of with default nextval() - columns (Simon Riggs) - - - - - - Improve speed of accessing many different sequences in the same session - (David Rowley) - - - - - - Raise hard limit on the number of tuples held in memory during sorting - and B-tree index builds (Noah Misch) - - - - - - Reduce memory allocated by PL/pgSQL - blocks (Tom Lane) - - - - - - Make the planner more aggressive about extracting restriction clauses - from mixed AND/OR clauses (Tom Lane) - - - - - - Disallow pushing volatile WHERE clauses down - into DISTINCT subqueries (Tom Lane) - - - - Pushing down a WHERE clause can produce a more - efficient plan overall, but at the cost of evaluating the clause - more often than is implied by the text of the query; so don't do it - if the clause contains any volatile functions. - - - - - - Auto-resize the catalog caches (Heikki Linnakangas) - - - - This reduces memory consumption for sessions accessing only a few - tables, and improves performance for sessions accessing many tables. - - - - - - - - - Monitoring - - - - - - Add system view to - report WAL archiver activity - (Gabriele Bartolini) - - - - - - Add n_mod_since_analyze columns to - and related system views - (Mark Kirkwood) - - - - These columns expose the system's estimate of the number of changed - tuples since the table's last . This - estimate drives decisions about when to auto-analyze. - - - - - - Add backend_xid and backend_xmin - columns to the system view , - and a backend_xmin column to - (Christian Kruse) - - - - - - - - - <acronym>SSL</acronym> - - - - - - Add support for SSL ECDH key exchange - (Marko Kreen) - - - - This allows use of Elliptic Curve keys for server authentication. - Such keys are faster and have better security than RSA - keys. The new configuration parameter - - controls which curve is used for ECDH. - - - - - - Improve the default setting - (Marko Kreen) - - - - - - By default, the server not the client now controls the preference - order of SSL ciphers - (Marko Kreen) - - - - Previously, the order specified by - was usually ignored in favor of client-side defaults, which are not - configurable in most PostgreSQL clients. If - desired, the old behavior can be restored via the new configuration - parameter . - - - - - - Make show SSL - encryption information (Andreas Kunert) - - - - - - Improve SSL renegotiation handling (Álvaro - Herrera) - - - - - - - - - Server Settings - - - - - - Add new SQL command - for changing postgresql.conf configuration file entries - (Amit Kapila) - - - - Previously such settings could only be changed by manually - editing postgresql.conf. - - - - - - Add configuration parameter - to control the amount of memory used by autovacuum workers - (Peter Geoghegan) - - - - - - Add parameter to allow using huge - memory pages on Linux (Christian Kruse, Richard Poole, Abhijit - Menon-Sen) - - - - This can improve performance on large-memory systems. - - - - - - Add parameter - to limit the number of background workers (Robert Haas) - - - - This is helpful in configuring a standby server to have the - required number of worker processes (the same as the primary). - - - - - - Add superuser-only - parameter to load libraries at session start (Peter Eisentraut) - - - - In contrast to , this - parameter can load any shared library, not just those in - the $libdir/plugins directory. - - - - - - Add parameter to enable WAL - logging of hint-bit changes (Sawada Masahiko) - - - - Hint bit changes are not normally logged, except when checksums are - enabled. This is useful for external tools - like pg_rewind. - - - - - - Increase the default settings of - and by four times (Bruce - Momjian) - - - - The new defaults are 4MB and 64MB respectively. - - - - - - Increase the default setting of - to 4GB (Bruce Momjian, Tom Lane) - - - - - - Allow printf-style space padding to be - specified in (David Rowley) - - - - - - Allow terabyte units (TB) to be used when specifying - configuration variable values (Simon Riggs) - - - - - - Show PIDs of lock holders and waiters and improve - information about relations in - log messages (Christian Kruse) - - - - - - Reduce server logging level when loading shared libraries (Peter - Geoghegan) - - - - The previous level was LOG, which was too verbose - for libraries loaded per-session. - - - - - - On Windows, make SQL_ASCII-encoded databases and server - processes (e.g., ) emit messages in - the character encoding of the server's Windows user locale - (Alexander Law, Noah Misch) - - - - Previously these messages were output in the Windows - ANSI code page. - - - - - - - - - - - Replication and Recovery - - - - - - Add replication - slots to coordinate activity on streaming standbys with the - node they are streaming from (Andres Freund, Robert Haas) - - - - Replication slots allow preservation of resources like - WAL files on the primary until they are no longer - needed by standby servers. - - - - - - Add recovery parameter - to delay replication (Robert Haas, Fabrízio de Royes Mello, - Simon Riggs) - - - - Delaying replay on standby servers can be useful for recovering - from user errors. - - - - - - Add - option to stop WAL recovery as soon as a - consistent state is reached (MauMau, Heikki Linnakangas) - - - - - - Improve recovery target processing (Heikki Linnakangas) - - - - The timestamp reported - by pg_last_xact_replay_timestamp() - now reflects already-committed records, not transactions about to - be committed. Recovering to a restore point now replays the restore - point, rather than stopping just before the restore point. - - - - - - pg_switch_xlog() - now clears any unused trailing space in the old WAL file - (Heikki Linnakangas) - - - - This improves the compression ratio for WAL files. - - - - - - Report failure return codes from external recovery commands - (Peter Eisentraut) - - - - - - Reduce spinlock contention during WAL replay (Heikki - Linnakangas) - - - - - - Write WAL records of running transactions more - frequently (Andres Freund) - - - - This allows standby servers to start faster and clean up resources - more aggressively. - - - - - - - <link linkend="logicaldecoding">Logical Decoding</link> - - - Logical decoding allows database changes to be streamed in a - configurable format. The data is read from - the WAL and transformed into the - desired target format. To implement this feature, the following changes - were made: - - - - - - - Add support for logical decoding - of WAL data, to allow database changes to be streamed out in a - customizable format - (Andres Freund) - - - - - - Add new setting - to enable logical change-set encoding in WAL (Andres - Freund) - - - - - - Add table-level parameter REPLICA IDENTITY - to control logical replication (Andres Freund) - - - - - - Add relation option - to identify user-created tables involved in logical change-set - encoding (Andres Freund) - - - - - - Add application to receive - logical-decoding data (Andres Freund) - - - - - - Add module to illustrate logical - decoding at the SQL level (Andres Freund) - - - - - - - - - - - Queries - - - - - - Add WITH - ORDINALITY syntax to number the rows returned from a - set-returning function in the FROM clause - (Andrew Gierth, David Fetter) - - - - This is particularly useful for functions like - unnest(). - - - - - - Add ROWS - FROM() syntax to allow horizontal concatenation of - set-returning functions in the FROM clause (Andrew Gierth) - - - - - - Allow to have - an empty target list (Tom Lane) - - - - This was added so that views that select from a table with zero - columns can be dumped and restored correctly. - - - - - - Ensure that SELECT ... FOR UPDATE - NOWAIT does not wait in corner cases involving - already-concurrently-updated tuples (Craig Ringer and Thomas Munro) - - - - - - - - - Utility Commands - - - - - - Add DISCARD - SEQUENCES command to discard cached sequence-related state - (Fabrízio de Royes Mello, Robert Haas) - - - - DISCARD ALL will now also discard such information. - - - - - - Add FORCE NULL option - to COPY FROM, which - causes quoted strings matching the specified null string to be - converted to NULLs in CSV mode (Ian Barwick, Michael - Paquier) - - - - Without this option, only unquoted matching strings will be imported - as null values. - - - - - - Issue warnings for commands used outside of transaction blocks - when they can have no effect (Bruce Momjian) - - - - New warnings are issued for SET - LOCAL, SET CONSTRAINTS, SET TRANSACTION and - ABORT when used outside a transaction block. - - - - - - - <xref linkend="sql-explain"/> - - - - - - Make EXPLAIN ANALYZE show planning time (Andreas - Karlsson) - - - - - - Make EXPLAIN show the grouping columns in Agg and - Group nodes (Tom Lane) - - - - - - Make EXPLAIN ANALYZE show exact and lossy - block counts in bitmap heap scans (Etsuro Fujita) - - - - - - - - - Views - - - - - - Allow a materialized view - to be refreshed without blocking other sessions from reading the view - meanwhile (Kevin Grittner) - - - - This is done with REFRESH MATERIALIZED - VIEW CONCURRENTLY. - - - - - - Allow views to be automatically - updated even if they contain some non-updatable columns - (Dean Rasheed) - - - - Previously the presence of non-updatable output columns such as - expressions, literals, and function calls prevented automatic - updates. Now INSERTs, UPDATEs and - DELETEs are supported, provided that they do not - attempt to assign new values to any of the non-updatable columns. - - - - - - Allow control over whether INSERTs and - UPDATEs can add rows to an auto-updatable view that - would not appear in the view (Dean Rasheed) - - - - This is controlled with the new - clause WITH CHECK OPTION. - - - - - - Allow security barrier views - to be automatically updatable (Dean Rasheed) - - - - - - - - - - - Object Manipulation - - - - - - Support triggers on foreign - tables (Ronan Dunklau) - - - - - - Allow moving groups of objects from one tablespace to another - using the ALL IN TABLESPACE ... SET TABLESPACE form of - , , or - (Stephen Frost) - - - - - - Allow changing foreign key constraint deferrability - via ... ALTER - CONSTRAINT (Simon Riggs) - - - - - - Reduce lock strength for some - commands - (Simon Riggs, Noah Misch, Robert Haas) - - - - Specifically, VALIDATE CONSTRAINT, CLUSTER - ON, SET WITHOUT CLUSTER, ALTER COLUMN - SET STATISTICS, ALTER COLUMN SET - , ALTER COLUMN RESET - no longer require ACCESS - EXCLUSIVE locks. - - - - - - Allow tablespace options to be set - in (Vik Fearing) - - - - Formerly these options could only be set - via . - - - - - - Allow to define the estimated - size of the aggregate's transition state data (Hadi Moshayedi) - - - - Proper use of this feature allows the planner to better estimate - how much memory will be used by aggregates. - - - - - - Fix DROP IF EXISTS to avoid errors for non-existent - objects in more cases (Pavel Stehule, Dean Rasheed) - - - - - - Improve how system relations are identified (Andres Freund, - Robert Haas) - - - - Previously, relations once moved into the pg_catalog - schema could no longer be modified or dropped. - - - - - - - - - Data Types - - - - - - Fully implement the line data type (Peter - Eisentraut) - - - - The line segment data type (lseg) has always been - fully supported. The previous line data type (which was - enabled only via a compile-time option) is not binary or - dump-compatible with the new implementation. - - - - - - Add pg_lsn - data type to represent a WAL log sequence number - (LSN) (Robert Haas, Michael Paquier) - - - - - - Allow single-point polygons to be converted - to circles - (Bruce Momjian) - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Allow 5+ digit years for non-ISO timestamp and - date strings, where appropriate (Bruce Momjian) - - - - - - Add checks for overflow/underflow of interval values - (Bruce Momjian) - - - - - - - <link linkend="datatype-json"><acronym>JSON</acronym></link> - - - - - - Add jsonb, a more - capable and efficient data type for storing JSON data - (Oleg Bartunov, Teodor Sigaev, Alexander - Korotkov, Peter Geoghegan, Andrew Dunstan) - - - - This new type allows faster access to values within a JSON - document, and faster and more useful indexing of JSON columns. - Scalar values in jsonb documents are stored as appropriate - scalar SQL types, and the JSON document structure is pre-parsed - rather than being stored as text as in the original json - data type. - - - - - - Add new JSON functions to allow for the construction - of arbitrarily complex JSON trees (Andrew Dunstan, Laurence Rowe) - - - - New functions include json_array_elements_text(), - json_build_array(), json_object(), - json_object_agg(), json_to_record(), - and json_to_recordset(). - - - - - - Add json_typeof() - to return the data type of a json value (Andrew Tipton) - - - - - - - - - - - Functions - - - - - - Add pg_sleep_for(interval) - and pg_sleep_until(timestamp) to specify - delays more flexibly (Vik Fearing, Julien Rouhaud) - - - - The existing pg_sleep() function only supports delays - specified in seconds. - - - - - - Add cardinality() - function for arrays (Marko Tiikkaja) - - - - This returns the total number of elements in the array, or zero - for an array with no elements. - - - - - - Add SQL functions to allow large - object reads/writes at arbitrary offsets (Pavel Stehule) - - - - - - Allow unnest() - to take multiple arguments, which are individually unnested then - horizontally concatenated (Andrew Gierth) - - - - - - Add functions to construct times, dates, - timestamps, timestamptzs, and intervals - from individual values, rather than strings (Pavel Stehule) - - - - These functions' names are prefixed with make_, - e.g. make_date(). - - - - - - Make to_char()'s - TZ format specifier return a useful value for simple - numeric time zone offsets (Tom Lane) - - - - Previously, to_char(CURRENT_TIMESTAMP, 'TZ') returned - an empty string if the timezone was set to a constant - like -4. - - - - - - Add timezone offset format specifier OF to to_char() - (Bruce Momjian) - - - - - - Improve the random seed used for random() - (Honza Horak) - - - - - - Tighten validity checking for Unicode code points in chr(int) - (Tom Lane) - - - - This function now only accepts values that are valid UTF8 characters - according to RFC 3629. - - - - - - - System Information Functions - - - - - - Add functions for looking up objects in pg_class, - pg_proc, pg_type, and - pg_operator that do not generate errors for - non-existent objects (Yugo Nagata, Nozomi Anzai, - Robert Haas) - - - - For example, to_regclass() - does a lookup in pg_class similarly to - the regclass input function, but it returns NULL for a - non-existent object instead of failing. - - - - - - Add function pg_filenode_relation() - to allow for more efficient lookup of relation names from filenodes - (Andres Freund) - - - - - - Add parameter_default column to information_schema.parameters - view (Peter Eisentraut) - - - - - - Make information_schema.schemata - show all accessible schemas (Peter Eisentraut) - - - - Previously it only showed schemas owned by the current user. - - - - - - - - - Aggregates - - - - - - Add control over which rows are passed - into aggregate functions via the FILTER clause - (David Fetter) - - - - - - Support ordered-set (WITHIN GROUP) - aggregates (Atri Sharma, Andrew Gierth, Tom Lane) - - - - - - Add standard ordered-set aggregates percentile_cont(), - percentile_disc(), mode(), rank(), - dense_rank(), percent_rank(), and - cume_dist() - (Atri Sharma, Andrew Gierth) - - - - - - Support VARIADIC - aggregate functions (Tom Lane) - - - - - - Allow polymorphic aggregates to have non-polymorphic state data - types (Tom Lane) - - - This allows proper declaration in SQL of aggregates like the built-in - aggregate array_agg(). - - - - - - - - - - - Server-Side Languages - - - - - - Add event trigger support to PL/Perl - and PL/Tcl (Dimitri Fontaine) - - - - - - Convert numeric - values to decimal in PL/Python - (Szymon Guz, Ronan Dunklau) - - - - Previously such values were converted to Python float values, - risking loss of precision. - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Add ability to retrieve the current PL/pgSQL call stack - using GET - DIAGNOSTICS - (Pavel Stehule, Stephen Frost) - - - - - - Add option - to display the parameters passed to a query that violated a - STRICT constraint (Marko Tiikkaja) - - - - - - Add variables plpgsql.extra_warnings - and plpgsql.extra_errors to enable additional PL/pgSQL - warnings and errors (Marko Tiikkaja, Petr Jelinek) - - - - Currently only warnings/errors about shadowed variables are available. - - - - - - - - - - - <link linkend="libpq"><application>libpq</application></link> - - - - - Make libpq's PQconndefaults() - function ignore invalid service files (Steve Singer, Bruce Momjian) - - - - Previously it returned NULL if an incorrect service file was - encountered. - - - - - - Accept TLS protocol versions beyond TLSv1 - in libpq (Marko Kreen) - - - - - - - - - Client Applications - - - - - - Add option - to specify role membership (Christopher Browne) - - - - - - Add - option to analyze in stages of - increasing granularity (Peter Eisentraut) - - - - This allows minimal statistics to be created quickly. - - - - - - Make pg_resetxlog - with option output current and potentially changed - values (Rajeev Rastogi) - - - - - - Make throw error for incorrect locale - settings, rather than silently falling back to a default choice - (Tom Lane) - - - - - - Make return exit code 4 for - an inaccessible data directory (Amit Kapila, Bruce Momjian) - - - - This behavior more closely matches the Linux Standard Base - (LSB) Core Specification. - - - - - - On Windows, ensure that a non-absolute path - specification is interpreted relative - to 's current directory - (Kumar Rajeev Rastogi) - - - - Previously it would be interpreted relative to whichever directory - the underlying Windows service was started in. - - - - - - Allow sizeof() in ECPG - C array definitions (Michael Meskes) - - - - - - Make ECPG properly handle nesting - of C-style comments in both C and SQL text - (Michael Meskes) - - - - - - - <xref linkend="app-psql"/> - - - - - - Suppress No rows output in psql - mode when the footer is disabled (Bruce Momjian) - - - - - - Allow Control-C to abort psql when it's hung at - connection startup (Peter Eisentraut) - - - - - - - <link linkend="app-psql-meta-commands">Backslash Commands</link> - - - - - - Make psql's \db+ show tablespace options - (Magnus Hagander) - - - - - - Make \do+ display the functions - that implement the operators (Marko Tiikkaja) - - - - - - Make \d+ output an - OID line only if an oid column - exists in the table (Bruce Momjian) - - - - Previously, the presence or absence of an oid - column was always reported. - - - - - - Make \d show disabled system triggers (Bruce - Momjian) - - - - Previously, if you disabled all triggers, only user triggers - would show as disabled. - - - - - - Fix \copy to no longer require - a space between stdin and a semicolon (Etsuro Fujita) - - - - - - Output the row count at the end of \copy, just - like COPY already did (Kumar Rajeev Rastogi) - - - - - - Fix \conninfo to display the - server's IP address for connections using - hostaddr (Fujii Masao) - - - - Previously \conninfo could not display the server's - IP address in such cases. - - - - - - Show the SSL protocol version in - \conninfo (Marko Kreen) - - - - - - Add tab completion for \pset - (Pavel Stehule) - - - - - - Allow \pset with no arguments - to show all settings (Gilles Darold) - - - - - - Make \s display the name of the history file it wrote - without converting it to an absolute path (Tom Lane) - - - - The code previously attempted to convert a relative file name to - an absolute path for display, but frequently got it wrong. - - - - - - - - - - - <xref linkend="app-pgdump"/> - - - - - - Allow options - , , and - to be specified multiple times (Heikki Linnakangas) - - - - This allows multiple objects to be restored in one operation. - - - - - - Optionally add IF EXISTS clauses to the DROP - commands emitted when removing old objects during a restore (Pavel - Stehule) - - - - This change prevents unnecessary errors when removing old objects. - The new option - for , , - and is only available - when is also specified. - - - - - - - - - <xref linkend="app-pgbasebackup"/> - - - - - - Add pg_basebackup option - to specify the pg_xlog directory location (Haribabu - Kommi) - - - - - - Allow pg_basebackup to relocate tablespaces in - the backup copy (Steeve Lennmark) - - - - This is particularly useful for using pg_basebackup - on the same machine as the primary. - - - - - - Allow network-stream base backups to be throttled (Antonin Houska) - - - - This can be controlled with the pg_basebackup - parameter. - - - - - - - - - - - Source Code - - - - - - Improve the way tuples are frozen to preserve forensic information - (Robert Haas, Andres Freund) - - - - This change removes the main objection to freezing tuples as soon - as possible. Code that inspects tuple flag bits will need to be - modified. - - - - - - No longer require function prototypes for functions marked with the - PG_FUNCTION_INFO_V1 - macro (Peter Eisentraut) - - - - This change eliminates the need to write boilerplate prototypes. - Note that the PG_FUNCTION_INFO_V1 macro must appear - before the corresponding function definition to avoid compiler - warnings. - - - - - - Remove SnapshotNow and - HeapTupleSatisfiesNow() (Robert Haas) - - - - All existing uses have been switched to more appropriate snapshot - types. Catalog scans now use MVCC snapshots. - - - - - - Add an API to allow memory allocations over one gigabyte - (Noah Misch) - - - - - - Add psprintf() to simplify memory allocation during - string composition (Peter Eisentraut, Tom Lane) - - - - - - Support printf() size modifier z to - print size_t values (Andres Freund) - - - - - - Change API of appendStringInfoVA() - to better use vsnprintf() (David Rowley, Tom Lane) - - - - - - Allow new types of external toast datums to be created (Andres - Freund) - - - - - - Add single-reader, single-writer, lightweight shared message queue - (Robert Haas) - - - - - - Improve spinlock speed on x86_64 CPUs (Heikki - Linnakangas) - - - - - - Remove spinlock support for unsupported platforms - SINIX, Sun3, and - NS32K (Robert Haas) - - - - - - Remove IRIX port (Robert Haas) - - - - - - Reduce the number of semaphores required by - builds (Robert Haas) - - - - - - Rewrite duplicate_oids Unix shell script in - Perl (Andrew Dunstan) - - - - - - Add Test Anything Protocol (TAP) tests for client - programs (Peter Eisentraut) - - - - Currently, these tests are run by make check-world - only if the option was given - to configure. - This might become the default behavior in some future release. - - - - - - Add make targets and - , which allow selection of individual - tests to be run (Andrew Dunstan) - - - - - - Remove makefile rule (Peter Eisentraut) - - - - The default build rules now include all the formerly-optional tests. - - - - - - Improve support for VPATH builds of PGXS - modules (Cédric Villemain, Andrew Dunstan, Peter Eisentraut) - - - - - - Upgrade to Autoconf 2.69 (Peter Eisentraut) - - - - - - Add a configure flag that appends custom text to the - PG_VERSION string (Oskari Saarenmaa) - - - - This is useful for packagers building custom binaries. - - - - - - Improve DocBook XML validity (Peter Eisentraut) - - - - - - Fix various minor security and sanity issues reported by the - Coverity scanner (Stephen Frost) - - - - - - Improve detection of invalid memory usage when testing - PostgreSQL with Valgrind - (Noah Misch) - - - - - - Improve sample Emacs configuration file - emacs.samples (Peter Eisentraut) - - - - Also add .dir-locals.el to the top of the source tree. - - - - - - Allow pgindent to accept a command-line list - of typedefs (Bruce Momjian) - - - - - - Make pgindent smarter about blank lines - around preprocessor conditionals (Bruce Momjian) - - - - - - Avoid most uses of dlltool - in Cygwin and - Mingw builds (Marco Atzeri, Hiroshi Inoue) - - - - - - Support client-only installs in MSVC (Windows) builds - (MauMau) - - - - - - - - - Additional Modules - - - - - - Add extension to preload relation data - into the shared buffer cache at server start (Robert Haas) - - - - This allows reaching full operating performance more quickly. - - - - - - Add UUID random number generator - gen_random_uuid() to - (Oskari Saarenmaa) - - - - This allows creation of version 4 UUIDs without - requiring installation of . - - - - - - Allow to work with - the BSD or e2fsprogs UUID libraries, - not only the OSSP UUID library (Matteo Beccati) - - - - This improves the uuid-ossp module's portability - since it no longer has to have the increasingly-obsolete OSSP - library. The module's name is now rather a misnomer, but we won't - change it. - - - - - - Add option to to include trigger - execution time (Horiguchi Kyotaro) - - - - - - Fix to not report rows from - uncommitted transactions as dead (Robert Haas) - - - - - - Make functions - use regclass-type arguments (Satoshi Nagayasu) - - - - While text-type arguments are still supported, they - may be removed in a future major release. - - - - - - Improve consistency of output to honor - snapshot rules more consistently (Robert Haas) - - - - - - Improve 's choice of trigrams for indexed - regular expression searches (Alexander Korotkov) - - - - This change discourages use of trigrams containing whitespace, which - are usually less selective. - - - - - - Allow pg_xlogdump - to report a live log stream with - (Heikki Linnakangas) - - - - - - Store data more compactly (Stas Kelvich) - - - - Existing data must be dumped/restored to use the new format. - The old format can still be read. - - - - - - Reduce client-side memory usage by using - a cursor (Andrew Dunstan) - - - - - - Dramatically reduce memory consumption - in (Bruce Momjian) - - - - - - Pass 's user name () option to - generated analyze scripts (Bruce Momjian) - - - - - - - <xref linkend="pgbench"/> - - - - - - Remove line length limit for pgbench scripts (Sawada - Masahiko) - - - - The previous line limit was BUFSIZ. - - - - - - Add long option names to pgbench (Fabien Coelho) - - - - - - Add pgbench option to control - the transaction rate (Fabien Coelho) - - - - - - Add pgbench option to - print periodic progress reports - (Fabien Coelho) - - - - - - - - - <xref linkend="pgstatstatements"/> - - - - - - Make pg_stat_statements use a file, rather than - shared memory, for query text storage (Peter Geoghegan) - - - - This removes the previous limitation on query text length, and - allows a higher number of unique statements to be tracked by default. - - - - - - Allow reporting of pg_stat_statements's internal - query hash identifier (Daniel Farina, Sameer Thakur, Peter - Geoghegan) - - - - - - Add the ability to retrieve all pg_stat_statements - information except the query text (Peter Geoghegan) - - - - This allows monitoring tools to fetch query text only for - just-created entries, improving performance during repeated querying - of the statistics. - - - - - - Make pg_stat_statements ignore DEALLOCATE - commands (Fabien Coelho) - - - - It already ignored PREPARE, as well as planning time in - general, so this seems more consistent. - - - - - - Save the statistics file into $PGDATA/pg_stat at server - shutdown, rather than $PGDATA/global (Fujii Masao) - - - - - - - - - - - diff --git a/doc/src/sgml/release-9.5.sgml b/doc/src/sgml/release-9.5.sgml deleted file mode 100644 index ccd8eee3e3..0000000000 --- a/doc/src/sgml/release-9.5.sgml +++ /dev/null @@ -1,11192 +0,0 @@ - - - - - Release 9.5.15 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 9.5.14. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.15 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.13, - see . - - - - - Changes - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - Fix parsing of standard multi-character operators that are immediately - followed by a comment or + or - - (Andrew Gierth) - - - - This oversight could lead to parse errors, or to incorrect assignment - of precedence. - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Ensure that the server will process - already-received NOTIFY - and SIGTERM interrupts before waiting for client - input (Jeff Janes, Tom Lane) - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - Ensure that ApplyLogicalMappingFile() closes the - mapping file when done with it (Tomas Vondra) - - - - Previously, the file descriptor was leaked, eventually resulting in - failures during logical decoding. - - - - - - Fix logical decoding to handle cases where a mapped catalog table is - repeatedly rewritten, e.g. by VACUUM FULL - (Andres Freund) - - - - - - Prevent starting the server with wal_level set - to too low a value to support an existing replication slot (Andres - Freund) - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - Fix event triggers to handle nested ALTER TABLE - commands (Michael Paquier, Álvaro Herrera) - - - - - - Propagate parent process's transaction and statement start timestamps - to parallel workers (Konstantin Knizhnik) - - - - This prevents misbehavior of functions such - as transaction_timestamp() when executed in a - worker. - - - - - - Fix WAL file recycling logic to work correctly on standby servers - (Michael Paquier) - - - - Depending on the setting of archive_mode, a standby - might fail to remove some WAL files that could be removed. - - - - - - Fix handling of commit-timestamp tracking during recovery - (Masahiko Sawada, Michael Paquier) - - - - If commit timestamp tracking has been turned on or off, recovery might - fail due to trying to fetch the commit timestamp for a transaction - that did not record it. - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - Allow DSM allocation to be interrupted (Chris Travers) - - - - - - Properly handle turning full_page_writes on - dynamically (Kyotaro Horiguchi) - - - - - - Avoid possible buffer overrun when replaying GIN page recompression - from WAL (Alexander Korotkov, Sivasubramanian Ramasubramanian) - - - - - - Fix missed fsync of a replication slot's directory (Konstantin - Knizhnik, Michael Paquier) - - - - - - Fix unexpected timeouts when - using wal_sender_timeout on a slow server - (Noah Misch) - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - Ensure background workers are stopped properly when the postmaster - receives a fast-shutdown request before completing database startup - (Alexander Kukushkin) - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - Fix psql, as well as documentation - examples, to call PQconsumeInput() before - each PQnotifies() call (Tom Lane) - - - - This fixes cases in which psql would not - report receipt of a NOTIFY message until after the - next command. - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - On Windows, allow the regression tests to be run by an Administrator - account (Andrew Dunstan) - - - - To do this safely, pg_regress now gives up - any such privileges at startup. - - - - - - - Support building on Windows with Visual Studio 2015 or Visual Studio 2017 - (Michael Paquier, Haribabu Kommi) - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - - Provide ALLOCSET_DEFAULT_SIZES and sibling macros - in back branches (Tom Lane) - - - - These macros have existed since 9.6, but there were requests to add - them to older branches to allow extensions to rely on them without - branch-specific coding. - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 9.5.14 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 9.5.13. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.14 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.13, - see . - - - - - Changes - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - Fix INSERT ... ON CONFLICT UPDATE through a view - that isn't just SELECT * FROM ... - (Dean Rasheed, Amit Langote) - - - - Erroneous expansion of an updatable view could lead to crashes - or attribute ... has the wrong type errors, if the - view's SELECT list doesn't match one-to-one with - the underlying table's columns. - Furthermore, this bug could be leveraged to allow updates of columns - that an attacking user lacks UPDATE privilege for, - if that user has INSERT and UPDATE - privileges for some other column(s) of the table. - Any user could also use it for disclosure of server memory. - (CVE-2018-10925) - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - During WAL replay, guard against corrupted record lengths exceeding - 1GB (Michael Paquier) - - - - Treat such a case as corrupt data. Previously, the code would try to - allocate space and get a hard error, making recovery impossible. - - - - - - When ending recovery, delay writing the timeline history file as long - as possible (Heikki Linnakangas) - - - - This avoids some situations where a failure during recovery cleanup - (such as a problem with a two-phase state file) led to inconsistent - timeline state on-disk. - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - Make logical WAL senders report streaming state correctly (Simon - Riggs, Sawada Masahiko) - - - - The code previously mis-detected whether or not it had caught up with - the upstream server. - - - - - - Fix bugs in snapshot handling during logical decoding, allowing wrong - decoding results in rare cases (Arseny Sher, Álvaro Herrera) - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - Fix mishandling of empty uncompressed posting list pages in GIN - indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov) - - - - This could result in an assertion failure after pg_upgrade of a - pre-9.4 GIN index (9.4 and later will not create such pages). - - - - - - Ensure that VACUUM will respond to signals - within btree page deletion loops (Andres Freund) - - - - Corrupted btree indexes could result in an infinite loop here, and - that previously wasn't interruptible without forcing a crash. - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, and text search objects - were not schema-qualified when they should be. - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - Fix pg_dump's failure to - dump REPLICA IDENTITY properties for constraint - indexes (Tom Lane) - - - - Manually created unique indexes were properly marked, but not those - created by declaring UNIQUE or PRIMARY - KEY constraints. - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - Fix contrib/hstore_plperl to look through Perl - scalar references, and to not crash if it doesn't find a hash - reference where it expects one (Tom Lane) - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 9.5.13 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 9.5.12. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.13 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if the function marking mistakes mentioned in the first - changelog entry below affect you, you will want to take steps to - correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 9.5.12, - see . - - - - - Changes - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - Avoid deadlocks in concurrent CREATE INDEX - CONCURRENTLY commands that are run - under SERIALIZABLE or REPEATABLE - READ transaction isolation (Tom Lane) - - - - - - Fix possible slow execution of REFRESH MATERIALIZED VIEW - CONCURRENTLY (Thomas Munro) - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - Fix possibly incorrect generation of an index-only-scan plan when the - same table column appears in multiple index columns, and only some of - those index columns use operator classes that can return the column - value (Kyotaro Horiguchi) - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - Fix executor crash due to double free in some GROUPING - SET usages (Peter Geoghegan) - - - - - - Avoid crash if a table rewrite event trigger is added concurrently - with a command that could call such a trigger (Álvaro Herrera, - Andrew Gierth, Tom Lane) - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - Fix a corner case where a streaming standby gets stuck at a WAL - continuation record (Kyotaro Horiguchi) - - - - - - In logical decoding, avoid possible double processing of WAL data - when a walsender restarts (Craig Ringer) - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - Fix pg_recvlogical to not fail against - pre-v10 PostgreSQL servers - (Michael Paquier) - - - - A previous fix caused pg_recvlogical to - issue a command regardless of server version, but it should only be - issued to v10 and later servers. - - - - - - Ensure that pg_rewind deletes files on the - target server if they are deleted from the source server during the - run (Takayuki Tsunakawa) - - - - Failure to do this could result in data inconsistency on the target, - particularly if the file in question is a WAL segment. - - - - - - Fix pg_rewind to handle tables in - non-default tablespaces correctly (Takayuki Tsunakawa) - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - - Support building with Microsoft Visual Studio 2015 (Michael Paquier) - - - - Various fixes needed for VS2015 compatibility were previously - back-patched into the 9.5 branch, but this one was missed. - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 9.5.12 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 9.5.11. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.12 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 9.5.10, - see . - - - - - Changes - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - - - - - Release 9.5.11 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 9.5.10. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.11 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.10, - see . - - - - - Changes - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - Fix incorrect query results from cases involving flattening of - subqueries whose outputs are used in GROUPING SETS - (Heikki Linnakangas) - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - Fix spurious deadlock failures when multiple sessions are - running CREATE INDEX CONCURRENTLY (Jeff Janes) - - - - - - Fix failures when an inheritance tree contains foreign child tables - (Etsuro Fujita) - - - - A mix of regular and foreign tables in an inheritance tree resulted in - creation of incorrect plans for UPDATE - and DELETE queries. This led to visible failures in - some cases, notably when there are row-level triggers on a foreign - child table. - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - Fix logical decoding to correctly clean up disk files for crashed - transactions (Atsushi Torikoshi) - - - - Logical decoding may spill WAL records to disk for transactions - generating many WAL records. Normally these files are cleaned up - after the transaction's commit or abort record arrives; but if - no such record is ever seen, the removal code misbehaved. - - - - - - Fix walsender timeout failure and failure to respond to interrupts - when processing a large transaction (Petr Jelinek) - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - Cope with failure to start a parallel worker process - (Amit Kapila, Robert Haas) - - - - Parallel query previously tended to hang indefinitely if a worker - could not be started, as the result of fork() - failure or other low-probability problems. - - - - - - Avoid unsafe alignment assumptions when working - with __int128 (Tom Lane) - - - - Typically, compilers assume that __int128 variables are - aligned on 16-byte boundaries, but our memory allocation - infrastructure isn't prepared to guarantee that, and increasing the - setting of MAXALIGN seems infeasible for multiple reasons. Adjust the - code to allow use of __int128 only when we can tell the - compiler to assume lesser alignment. The only known symptom of this - problem so far is crashes in some parallel aggregation queries. - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - Rename pg_rewind's - copy_file_range function to avoid conflict - with new Linux system call of that name (Andres Freund) - - - - This change prevents build failures with newer glibc versions. - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 9.5.10 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.5.9. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.10 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you use BRIN indexes, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.5.8, - see . - - - - - Changes - - - - - - Ensure that INSERT ... ON CONFLICT DO UPDATE checks - table permissions and RLS policies in all cases (Dean Rasheed) - - - - The update path of INSERT ... ON CONFLICT DO UPDATE - requires SELECT permission on the columns of the - arbiter index, but it failed to check for that in the case of an - arbiter specified by constraint name. - In addition, for a table with row level security enabled, it failed to - check updated rows against the table's SELECT - policies (regardless of how the arbiter index was specified). - (CVE-2017-15099) - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Fix BRIN index summarization to handle concurrent table extension - correctly (Álvaro Herrera) - - - - Previously, a race condition allowed some table rows to be omitted from - the index. It may be necessary to reindex existing BRIN indexes to - recover from past occurrences of this problem. - - - - - - Fix possible failures during concurrent updates of a BRIN index - (Tom Lane) - - - - These race conditions could result in errors like invalid index - offnum or inconsistent range map. - - - - - - Fix crash when logical decoding is invoked from a SPI-using function, - in particular any function written in a PL language - (Tom Lane) - - - - - - Fix json_build_array(), - json_build_object(), and their jsonb - equivalents to handle explicit VARIADIC arguments - correctly (Michael Paquier) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Correctly ignore RelabelType expression nodes - when determining relation distinctness (David Rowley) - - - - This allows the intended optimization to occur when a subquery has - a result column of type varchar. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Avoid SIGBUS crash on Linux when a DSM memory - request exceeds the space available in tmpfs - (Thomas Munro) - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Allow COPY's FREEZE option to - work when the transaction isolation level is REPEATABLE - READ or higher (Noah Misch) - - - - This case was unintentionally broken by a previous bug fix. - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix mis-parsing of the last line in a - non-newline-terminated pg_hba.conf file - (Tom Lane) - - - - - - Fix pg_basebackup's matching of tablespace - paths to canonicalize both paths before comparing (Michael Paquier) - - - - This is particularly helpful on Windows. - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Fix ecpg's handling of out-of-scope cursor - declarations with pointer or array variables (Michael Meskes) - - - - - - In ecpglib, correctly handle backslashes in string literals depending - on whether standard_conforming_strings is set - (Tsunakawa Takayuki) - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - Fix missing temp-install prerequisites - for check-like Make targets (Noah Misch) - - - - Some non-default test procedures that are meant to work - like make check failed to ensure that the temporary - installation was up to date. - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.5.9 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.5.8. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.9 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.8, - see . - - - - - Changes - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Fix crash in pg_restore when using parallel mode and - using a list file to select a subset of items to restore - (Fabrízio de Royes Mello) - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - Fix make check to behave correctly when invoked via a - non-GNU make program (Thomas Munro) - - - - - - - - - - Release 9.5.8 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.5.7. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.8 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.5.7, - see . - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - Make lo_put() check for UPDATE privilege on - the target large object (Tom Lane, Michael Paquier) - - - - lo_put() should surely require the same permissions - as lowrite(), but the check was missing, allowing any - user to change the data in a large object. - (CVE-2017-7548) - - - - - - Correct the documentation about the process for upgrading standby - servers with pg_upgrade (Bruce Momjian) - - - - The previous documentation instructed users to start/stop the primary - server after running pg_upgrade but before syncing - the standby servers. This sequence is unsafe. - - - - - - Fix concurrent locking of tuple update chains (Álvaro Herrera) - - - - If several sessions concurrently lock a tuple update chain with - nonconflicting lock modes using an old snapshot, and they all - succeed, it was possible for some of them to nonetheless fail (and - conclude there is no live tuple version) due to a race condition. - This had consequences such as foreign-key checks failing to see a - tuple that definitely exists but is being updated concurrently. - - - - - - Fix potential data corruption when freezing a tuple whose XMAX is a - multixact with exactly one still-interesting member (Teodor Sigaev) - - - - - - Avoid integer overflow and ensuing crash when sorting more than one - billion tuples in-memory (Sergey Koposov) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix walsender to exit promptly when client requests - shutdown (Tom Lane) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Prevent walsender-triggered panics during shutdown checkpoints - (Andres Freund, Michael Paquier) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - Fix leakage of small subtransactions spilled to disk during logical - decoding (Andres Freund) - - - - This resulted in temporary files consuming excessive disk space. - - - - - - Reduce the work needed to build snapshots during creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - The previous algorithm was infeasibly expensive on a server with a - lot of open transactions. - - - - - - Fix race condition that could indefinitely delay creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - - - Reduce overhead in processing syscache invalidation events (Tom Lane) - - - - This is particularly helpful for logical decoding, which triggers - frequent cache invalidation. - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Allow window functions to be used in sub-SELECTs that - are within the arguments of an aggregate function (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Fix dangling pointer in ALTER TABLE when there is a - comment on a constraint belonging to the table (David Rowley) - - - - Re-applying the comment to the reconstructed constraint could fail - with a weird error message, or even crash. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In libpq, reset GSS/SASL and SSPI authentication - state properly after a failed connection attempt (Michael Paquier) - - - - Failure to do this meant that when falling back from SSL to non-SSL - connections, a GSS/SASL failure in the SSL attempt would always cause - the non-SSL attempt to fail. SSPI did not fail, but it leaked memory. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump and pg_restore to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane) - - - - This prevents errors during dump/restore when a materialized view - refers to tables owned by a different user. - - - - - - Improve pg_dump/pg_restore's - reporting of error conditions originating in zlib - (Vladimir Kunschikov, Álvaro Herrera) - - - - - - Fix pg_dump with the option to - drop event triggers as expected (Tom Lane) - - - - It also now correctly assigns ownership of event triggers; before, - they were restored as being owned by the superuser running the - restore script. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of outer joins with empty constraints, such as the result - of a NATURAL LEFT JOIN with no common columns (Tom Lane) - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_rewind to correctly handle files exceeding 2GB - (Kuntal Ghosh, Michael Paquier) - - - - Ordinarily such files won't appear in PostgreSQL data - directories, but they could be present in some cases. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - Fix pg_xlogdump's computation of WAL record length - (Andres Freund) - - - - - - In postgres_fdw, re-establish connections to remote - servers after ALTER SERVER or ALTER USER - MAPPING commands (Kyotaro Horiguchi) - - - - This ensures that option changes affecting connection parameters will - be applied promptly. - - - - - - In postgres_fdw, allow cancellation of remote - transaction control commands (Robert Haas, Rafia Sabih) - - - - This change allows us to quickly escape a wait for an unresponsive - remote server in many more cases than previously. - - - - - - Increase MAX_SYSCACHE_CALLBACKS to provide more room for - extensions (Tom Lane) - - - - - - Always use , not , when building - shared libraries with gcc (Tom Lane) - - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the OpenSSL - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - In MSVC builds, honor PROVE_FLAGS settings - on vcregress.pl's command line (Andrew Dunstan) - - - - - - - - - - Release 9.5.7 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.5.6. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.7 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are using third-party replication tools that depend - on logical decoding, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.5.6, - see . - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Restore libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson) - - - - Processing of this environment variable was unintentionally dropped - in PostgreSQL 9.3, but its documentation remained. - This creates a security hazard, since users might be relying on the - environment variable to force SSL-encrypted connections, but that - would no longer be guaranteed. Restore handling of the variable, - but give it lower priority than PGSSLMODE, to avoid - breaking configurations that work correctly with post-9.3 code. - (CVE-2017-7485) - - - - - - Fix possibly-invalid initial snapshot during logical decoding - (Petr Jelinek, Andres Freund) - - - - The initial snapshot created for a logical decoding replication slot - was potentially incorrect. This could cause third-party tools that - use logical decoding to copy incomplete/inconsistent initial data. - This was more likely to happen if the source server was busy at the - time of slot creation, or if another logical slot already existed. - - - - If you are using a replication tool that depends on logical decoding, - and it should have copied a nonempty data set at the start of - replication, it is advisable to recreate the replica after - installing this update, or to verify its contents against the source - server. - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Avoid possible crash in walsender due to failure - to initialize a string buffer (Stas Kelvich, Fujii Masao) - - - - - - Fix possible crash when rescanning a nearest-neighbor index-only scan - on a GiST index (Tom Lane) - - - - - - Fix postmaster's handling of fork() failure for a - background worker process (Tom Lane) - - - - Previously, the postmaster updated portions of its state as though - the process had been launched successfully, resulting in subsequent - confusion. - - - - - - - Fix crash or wrong answers when a GROUPING SETS column's - data type is hashable but not sortable (Pavan Deolasee) - - - - - - Avoid applying physical targetlist optimization to custom - scans (Dmitry Ivanov, Tom Lane) - - - - This optimization supposed that retrieving all columns of a tuple - is inexpensive, which is true for ordinary Postgres tuples; but it - might not be the case for a custom scan provider. - - - - - - Use the correct sub-expression when applying a FOR ALL - row-level-security policy (Stephen Frost) - - - - In some cases the WITH CHECK restriction would be applied - when the USING restriction is more appropriate. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Avoid dangling pointer in COPY ... TO when row-level - security is active for the source table (Tom Lane) - - - - Usually this had no ill effects, but sometimes it would cause - unexpected errors or crashes. - - - - - - Avoid accessing an already-closed relcache entry in CLUSTER - and VACUUM FULL (Tom Lane) - - - - With some bad luck, this could lead to indexes on the target - relation getting rebuilt with the wrong persistence setting. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix integer-overflow problems in interval comparison (Kyotaro - Horiguchi, Tom Lane) - - - - The comparison operators for type interval could yield wrong - answers for intervals larger than about 296000 years. Indexes on - columns containing such large values should be reindexed, since they - may be corrupt. - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Fix roundoff problems in float8_timestamptz() - and make_interval() (Tom Lane) - - - - These functions truncated, rather than rounded, when converting a - floating-point value to integer microseconds; that could cause - unexpectedly off-by-one results. - - - - - - Fix pg_get_object_address() to handle members of operator - families correctly (Álvaro Herrera) - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Reduce memory management overhead for contexts containing many large - blocks (Tom Lane) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Fix contrib/pg_trgm's extraction of trigrams from regular - expressions (Tom Lane) - - - - In some cases it would produce a broken data structure that could never - match anything, leading to GIN or GiST indexscans that use a trigram - index not finding any matches to the regular expression. - - - - - - - In contrib/postgres_fdw, - transmit query cancellation requests to the remote server - (Michael Paquier, Etsuro Fujita) - - - - Previously, a local query cancellation request did not cause an - already-sent remote query to terminate early. This is a back-patch - of work originally done for 9.6. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.5.6 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.5.5. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.6 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.5.5, - see . - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Ensure that the special snapshot used for catalog scans is not - invalidated by premature data pruning (Tom Lane) - - - - Backends failed to account for this snapshot when advertising their - oldest xmin, potentially allowing concurrent vacuuming operations to - remove data that was still needed. This led to transient failures - along the lines of cache lookup failed for relation 1255. - - - - - - Fix incorrect WAL logging for BRIN indexes (Kuntal Ghosh) - - - - The WAL record emitted for a BRIN revmap page when moving an - index tuple to a different page was incorrect. Replay would make the - related portion of the index useless, forcing it to be recomputed. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - - Reduce interlocking on standby servers during the replay of btree - index vacuuming operations (Simon Riggs) - - - - This change avoids substantial replication delays that sometimes - occurred while replaying such operations. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Ensure that hot standby feedback works correctly when it's enabled at - standby server start (Ants Aasma, Craig Ringer) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Fix incorrect updating of trigger function properties when changing a - foreign-key constraint's deferrability properties with ALTER - TABLE ... ALTER CONSTRAINT (Tom Lane) - - - - This led to odd failures during subsequent exercise of the foreign - key, as the triggers were fired at the wrong times. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix ALTER TABLE ... SET DATA TYPE ... USING when child - table has different column ordering than the parent - (Álvaro Herrera) - - - - Failure to adjust the column numbering in the USING - expression led to errors, - typically attribute N has wrong type. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Fix CREATE OR REPLACE VIEW to update the view query - before attempting to apply the new view options (Dean Rasheed) - - - - Previously the command would fail if the new options were - inconsistent with the old view definition. - - - - - - Report correct object identity during ALTER TEXT SEARCH - CONFIGURATION (Artur Zakirov) - - - - The wrong catalog OID was reported to extensions such as logical - decoding. - - - - - - Fix commit timestamp mechanism to not fail when queried about - the special XIDs FrozenTransactionId - and BootstrapTransactionId (Craig Ringer) - - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Fix incorrect use of view reloptions as regular table reloptions (Tom - Lane) - - - - The symptom was spurious ON CONFLICT is not supported on table - ... used as a catalog table errors when the target - of INSERT ... ON CONFLICT is a view with cascade option. - - - - - - Fix incorrect target lists can have at most N - entries complaint when using ON CONFLICT with - wide tables (Tom Lane) - - - - - - Prevent multicolumn expansion of foo.* in - an UPDATE source expression (Tom Lane) - - - - This led to UPDATE target count mismatch --- internal - error. Now the syntax is understood as a whole-row variable, - as it would be in other contexts. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Improve speed of user-defined aggregates that - use array_append() as transition function (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix possible crash in array_position() - or array_positions() when processing arrays of records - (Junseok Yang) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Disable transform that attempted to remove no-op AT TIME - ZONE conversions (Tom Lane) - - - - This resulted in wrong answers when the simplified expression was - used in an index condition. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Fix bugs in transmitting GUC parameter values to parallel workers - (Michael Paquier, Tom Lane) - - - - - - Ensure that cached plans are invalidated by changes in foreign-table - options (Amit Langote, Etsuro Fujita, Ashutosh Bapat) - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix pg_restore with - to behave more sanely if an archive contains - unrecognized DROP commands (Tom Lane) - - - - This doesn't fix any live bug, but it may improve the behavior in - future if pg_restore is used with an archive - generated by a later pg_dump version. - - - - - - Fix pg_basebackup's rate limiting in the presence of - slow I/O (Antonin Houska) - - - - If disk I/O was transiently much slower than the specified rate - limit, the calculation overflowed, effectively disabling the rate - limit for the rest of the run. - - - - - - Fix pg_basebackup's handling of - symlinked pg_stat_tmp and pg_replslot - subdirectories (Magnus Hagander, Michael Paquier) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Fix possible mishandling of expanded arrays in domain check - constraints and CASE execution (Tom Lane) - - - - It was possible for a PL/pgSQL function invoked in these contexts to - modify or even delete an array value that needs to be preserved for - additional operations. - - - - - - Fix nested uses of PL/pgSQL functions in contexts such as domain - check constraints evaluated during assignment to a PL/pgSQL variable - (Tom Lane) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - Teach contrib/dblink to ignore irrelevant server options - when it uses a contrib/postgres_fdw foreign server as - the source of connection options (Corey Huinker) - - - - Previously, if the foreign server object had options that were not - also libpq connection options, an error occurred. - - - - - - Fix portability problems in contrib/pageinspect's - functions for GIN indexes (Peter Eisentraut, Tom Lane) - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.5.5 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.5.4. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.5 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted free space maps. - - - - Also, if you are upgrading from a version earlier than 9.5.2, - see . - - - - - Changes - - - - - - Fix WAL-logging of truncation of relation free space maps and - visibility maps (Pavan Deolasee, Heikki Linnakangas) - - - - It was possible for these files to not be correctly restored during - crash recovery, or to be written incorrectly on a standby server. - Bogus entries in a free space map could lead to attempts to access - pages that have been truncated away from the relation itself, typically - producing errors like could not read block XXX: - read only 0 of 8192 bytes. Checksum failures in the - visibility map are also possible, if checksumming is enabled. - - - - Procedures for determining whether there is a problem and repairing it - if so are discussed at - . - - - - - - - Fix incorrect creation of GIN index WAL records on big-endian machines - (Tom Lane) - - - - The typical symptom was unexpected GIN leaf action errors - during WAL replay. - - - - - - - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that - have been updated by a subsequently-aborted transaction - (Álvaro Herrera) - - - - In 9.5 and later, the SELECT would sometimes fail to - return such tuples at all. A failure has not been proven to occur in - earlier releases, but might be possible with concurrent updates. - - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - - Fix deletion of speculatively inserted TOAST tuples when backing out - of INSERT ... ON CONFLICT (Oskari Saarenmaa) - - - - In the race condition where two transactions try to insert conflicting - tuples at about the same time, the loser would fail with - an attempted to delete invisible tuple error if its - insertion included any TOAST'ed fields. - - - - - - Don't throw serialization errors for self-conflicting insertions - in INSERT ... ON CONFLICT (Thomas Munro, Peter Geoghegan) - - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - - Fix query-lifespan memory leak in a bulk UPDATE on a table - with a PRIMARY KEY or REPLICA IDENTITY index - (Tom Lane) - - - - - - Fix COPY with a column name list from a table that has - row-level security enabled (Adam Brightwell) - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix statistics update for TRUNCATE in a prepared - transaction (Stas Kelvich) - - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Show a sensible value - in pg_settings.unit - for min_wal_size and max_wal_size (Tom Lane) - - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Preserve commit timestamps across server restart - (Julien Rouhaud, Craig Ringer) - - - - With turned on, old - commit timestamps became inaccessible after a clean server restart. - - - - - - Fix logical WAL decoding to work properly when a subtransaction's WAL - output is large enough to spill to disk (Andres Freund) - - - - - - - Fix possible sorting error when aborting use of abbreviated keys - (Peter Geoghegan) - - - - In the worst case, this could result in a corrupt btree index, which - would need to be rebuilt using REINDEX. However, the - situation is believed to be rare. - - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - - Properly initialize replication slot state when recycling a - previously-used slot (Michael Paquier) - - - - This failure to reset all of the fields of the slot could - prevent VACUUM from removing dead tuples. - - - - - - Round shared-memory allocation request to a multiple of the actual - huge page size when attempting to use huge pages on Linux (Tom Lane) - - - - This avoids possible failures during munmap() on systems - with atypical default huge page sizes. Except in crash-recovery - cases, there were no ill effects other than a log message. - - - - - - - Use a more random value for the dynamic shared memory control - segment's ID (Robert Haas, Tom Lane) - - - - Previously, the same value would be chosen every time, because it was - derived from random() but srandom() had not - yet been called. While relatively harmless, this was not the intended - behavior. - - - - - - - On Windows, retry creation of the dynamic shared memory control - segment after an access-denied error (Kyotaro Horiguchi, Amit Kapila) - - - - Windows sometimes returns ERROR_ACCESS_DENIED rather - than ERROR_ALREADY_EXISTS when there is an existing - segment. This led to postmaster startup failure due to believing that - the former was an unrecoverable error. - - - - - - - Fix PL/pgSQL to not misbehave with parameters and - local variables of type int2vector or oidvector - (Tom Lane) - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - - Make ecpg's and - options work consistently with our other executables (Haribabu Kommi) - - - - - - - Fix pgbench's calculation of average latency - (Fabien Coelho) - - - - The calculation was incorrect when there were \sleep - commands in the script, or when the test duration was specified in - number of transactions rather than total time. - - - - - - In pg_upgrade, check library loadability in name order - (Tom Lane) - - - - This is a workaround to deal with cross-extension dependencies from - language transform modules to their base language and data type - modules. - - - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - - In pg_dump with , - suppress TABLESPACE clause of CREATE DATABASE - if is specified (Tom Lane) - - - - - - - Make pg_receivexlog work correctly - with without slots (Gabriele Bartolini) - - - - - - Disallow specifying both - and options to pg_rewind - (Michael Banck) - - - - - - Make pg_rewind turn off synchronous_commit - in its session on the source server (Michael Banck, Michael Paquier) - - - - This allows pg_rewind to work even when the source - server is using synchronous replication that is not working for some - reason. - - - - - - In pg_xlogdump, retry opening new WAL segments when - using option (Magnus Hagander) - - - - This allows for a possible delay in the server's creation of the next - segment. - - - - - - - Fix pg_xlogdump to cope with a WAL file that begins - with a continuation record spanning more than one page (Pavan - Deolasee) - - - - - - - Fix contrib/pg_buffercache to work - when shared_buffers exceeds 256GB (KaiGai Kohei) - - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the option - (Daniel Gustafsson) - - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas) - - - - - - - Install TAP test infrastructure so that it's available for extension - testing (Craig Ringer) - - - - When PostgreSQL has been configured - with , make install will now - install the Perl support files for TAP testing where PGXS can find - them. This allows non-core extensions to - use $(prove_check) without extra tests. - - - - - - - In MSVC builds, include pg_recvlogical in a - client-only installation (MauMau) - - - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.5.4 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.5.3. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.4 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.2, - see . - - - - - Changes - - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new option - in psql's \connect command to allow - explicit control of whether to re-use connection parameters from a - previous connection. (Without this, the choice is based on whether - the database name looks like a conninfo string, as before.) This - allows secure handling of database names containing special - characters in pg_dumpall scripts. - - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - - Fix unrecognized node type error for INSERT ... ON - CONFLICT within a recursive CTE (a WITH item) (Peter - Geoghegan) - - - - - - - Fix INSERT ... ON CONFLICT to successfully match index - expressions or index predicates that are simplified during the - planner's expression preprocessing phase (Tom Lane) - - - - - - - Correctly handle violations of exclusion constraints that apply to - the target table of an INSERT ... ON CONFLICT command, - but are not one of the selected arbiter indexes (Tom Lane) - - - - Such a case should raise a normal constraint-violation error, but it - got into an infinite loop instead. - - - - - - - Fix INSERT ... ON CONFLICT to not fail if the target - table has a unique index on OID (Tom Lane) - - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - - Avoid possible crash in pg_get_expr() when inconsistent - values are passed to it (Michael Paquier, Thomas Munro) - - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - - Do not run the planner on the query contained in CREATE - MATERIALIZED VIEW or CREATE TABLE AS - when WITH NO DATA is specified (Michael Paquier, - Tom Lane) - - - - This avoids some unnecessary failure conditions, for example if a - stable function invoked by the materialized view depends on a table - that doesn't exist yet. - - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - - Fix hint bit update during WAL replay of row locking operations - (Andres Freund) - - - - The only known consequence of this problem is that row locks held by - a prepared, but uncommitted, transaction might fail to be enforced - after a crash and restart. - - - - - - - Avoid unnecessary could not serialize access errors when - acquiring FOR KEY SHARE row locks in serializable mode - (Álvaro Herrera) - - - - - - - Make sure expanded datums returned by a plan node are - read-only (Tom Lane) - - - - This avoids failures in some cases where the result of a lower plan - node is referenced in multiple places in upper nodes. So far as - core PostgreSQL is concerned, only array values - returned by PL/pgSQL functions are at risk; but extensions might - use expanded datums for other things. - - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - - Prevent unintended waits for the receiver in WAL sender processes - (Kyotaro Horiguchi) - - - - - - - Fix possible loss of large subtransactions in logical decoding - (Petru-Florin Mihancea) - - - - - - - Fix failure of logical decoding when a subtransaction contains no - actual changes (Marko Tiikkaja, Andrew Gierth) - - - - - - - Ensure that backends see up-to-date statistics for shared catalogs - (Tom Lane) - - - - The statistics collector failed to update the statistics file for - shared catalogs after a request from a regular backend. This problem - was partially masked because the autovacuum launcher regularly makes - requests that did cause such updates; however, it became obvious with - autovacuum disabled. - - - - - - - Avoid redundant writes of the statistics files when multiple - backends request updates close together (Tom Lane, Tomas Vondra) - - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - - Prevent possible failure when vacuuming multixact IDs in an - installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, - Álvaro Herrera) - - - - The usual symptom of this bug is errors - like MultiXactId NNN has not been created - yet -- apparent wraparound. - - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - - Fix bug in b-tree mark/restore processing (Kevin Grittner) - - - - This error could lead to incorrect join results or assertion failures - in a merge join whose inner source node is a b-tree indexscan. - - - - - - - Avoid duplicate buffer lock release when abandoning a b-tree index - page deletion attempt (Tom Lane) - - - - This mistake prevented VACUUM from completing in some - cases involving corrupt b-tree indexes. - - - - - - - Fix building of large (bigger than shared_buffers) - hash indexes (Tom Lane) - - - - The code path used for large indexes contained a bug causing - incorrect hash values to be inserted into the index, so that - subsequent index searches always failed, except for tuples inserted - into the index after the initial build. - - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - - Fix possible crash during a nearest-neighbor (ORDER BY - distance) indexscan on a contrib/btree_gist index on - an interval column (Peter Geoghegan) - - - - - - - Fix PANIC: failed to add BRIN tuple error when attempting - to update a BRIN index entry (Álvaro Herrera) - - - - - - - Fix possible crash during background worker shutdown (Dmitry Ivanov) - - - - - - - Fix PL/pgSQL's handling of the INTO clause - within IMPORT FOREIGN SCHEMA commands (Tom Lane) - - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - - In pg_dump with both and - options, avoid emitting an unwanted CREATE SCHEMA public - command (David Johnston, Tom Lane) - - - - - - - Improve handling of SIGTERM/control-C in - parallel pg_dump and pg_restore (Tom - Lane) - - - - Make sure that the worker processes will exit promptly, and also arrange - to send query-cancel requests to the connected backends, in case they - are doing something long-running such as a CREATE INDEX. - - - - - - - Fix error reporting in parallel pg_dump - and pg_restore (Tom Lane) - - - - Previously, errors reported by pg_dump - or pg_restore worker processes might never make it to - the user's console, because the messages went through the master - process, and there were various deadlock scenarios that would prevent - the master process from passing on the messages. Instead, just print - everything to stderr. In some cases this will result in - duplicate messages (for instance, if all the workers report a server - shutdown), but that seems better than no message. - - - - - - - Ensure that parallel pg_dump - or pg_restore on Windows will shut down properly - after an error (Kyotaro Horiguchi) - - - - Previously, it would report the error, but then just sit until - manually stopped by the user. - - - - - - - Make parallel pg_dump fail cleanly when run against a - standby server (Magnus Hagander) - - - - This usage is not supported - unless is specified, but the - error was not handled very well. - - - - - - - Make pg_dump behave better when built without zlib - support (Kyotaro Horiguchi) - - - - It didn't work right for parallel dumps, and emitted some rather - pointless warnings in other cases. - - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - - Be more predictable about reporting statement timeout - versus lock timeout (Tom Lane) - - - - On heavily loaded machines, the regression tests sometimes failed due - to reporting lock timeout even though the statement timeout - should have occurred first. - - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.5.3 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.5.2. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.3 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.2, - see . - - - - - Changes - - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - - Fix corner-case parser failures occurring - when is turned on - (Tom Lane) - - - - An example is that SELECT (ARRAY[])::text[] gave an error, - though it worked without the parentheses. - - - - - - - Fix query-lifespan memory leak in GIN index scans (Julien Rouhaud) - - - - - - - Fix query-lifespan memory leak and potential index corruption hazard in - GIN index insertion (Tom Lane) - - - - The memory leak would typically not amount to much in simple queries, - but it could be very substantial during a large GIN index build with - high maintenance_work_mem. - - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - - Disallow newlines in ALTER SYSTEM parameter values - (Tom Lane) - - - - The configuration-file parser doesn't support embedded newlines in - string literals, so we mustn't allow them in values to be inserted - by ALTER SYSTEM. - - - - - - - Fix ALTER TABLE ... REPLICA IDENTITY USING INDEX to - work properly if an index on OID is selected (David Rowley) - - - - - - - Avoid possible misbehavior after failing to remove a tablespace symlink - (Tom Lane) - - - - - - - Fix crash in logical decoding on alignment-picky platforms (Tom Lane, - Andres Freund) - - - - The failure occurred only with a transaction large enough to spill to - disk and a primary-key change within that transaction. - - - - - - - Avoid repeated requests for feedback from receiver while shutting down - walsender (Nick Cleaton) - - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - - Fix pg_upgrade to not fail when new-cluster TOAST rules - differ from old (Tom Lane) - - - - pg_upgrade had special-case code to handle the - situation where the new PostgreSQL version thinks that - a table should have a TOAST table while the old version did not. That - code was broken, so remove it, and instead do nothing in such cases; - there seems no reason to believe that we can't get along fine without - a TOAST table if that was okay according to the old version's rules. - - - - - - - Fix atomic operations for PPC when using IBM's XLC compiler (Noah Misch) - - - - - - - Reduce the number of SysV semaphores used by a build configured with - (Tom Lane) - - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - - Support building with Visual Studio 2015 - (Michael Paquier, Petr Jelínek) - - - - Note that builds made with VS2015 will not run on Windows versions - before Windows Vista. - - - - - - - Fix putenv() to work properly with Visual Studio 2013 - (Michael Paquier) - - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.5.2 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.5.1. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.2 - - - A dump/restore is not required for those running 9.5.X. - - - - However, you may need to REINDEX some indexes after applying - the update, as per the first changelog entry below. - - - - - Changes - - - - - - - - Disable abbreviated keys for string sorting in non-C - locales (Robert Haas) - - - - PostgreSQL 9.5 introduced logic for speeding up - comparisons of string data types by using the standard C library - function strxfrm() as a substitute - for strcoll(). It now emerges that most versions of - glibc (Linux's implementation of the C library) have buggy - implementations of strxfrm() that, in some locales, - can produce string comparison results that do not - match strcoll(). Until this problem can be better - characterized, disable the optimization in all non-C - locales. (C locale is safe since it uses - neither strcoll() nor strxfrm().) - - - - Unfortunately, this problem affects not only sorting but also entry - ordering in B-tree indexes, which means that B-tree indexes - on text, varchar, or char columns may now - be corrupt if they sort according to an affected locale and were - built or modified under PostgreSQL 9.5.0 or 9.5.1. - Users should REINDEX indexes that might be affected. - - - - It is not possible at this time to give an exhaustive list of - known-affected locales. C locale is known safe, and - there is no evidence of trouble in English-based locales such - as en_US, but some other popular locales such - as de_DE are affected in most glibc versions. - - - - - - - - Maintain row-security status properly in cached plans (Stephen Frost) - - - - In a session that performs queries as more than one role, the plan - cache might incorrectly re-use a plan that was generated for another - role ID, thus possibly applying the wrong set of policies when - row-level security (RLS) is in use. - (CVE-2016-2193) - - - - - - - - Add must-be-superuser checks to some - new contrib/pageinspect functions (Andreas Seltenreich) - - - - Most functions in the pageinspect extension that - inspect bytea values disallow calls by non-superusers, - but brin_page_type() and brin_metapage_info() - failed to do so. Passing contrived bytea values to them might - crash the server or disclose a few bytes of server memory. Add the - missing permissions checks to prevent misuse. - (CVE-2016-3065) - - - - - - - - Fix incorrect handling of indexed ROW() comparisons - (Simon Riggs) - - - - Flaws in a minor optimization introduced in 9.5 caused incorrect - results if the ROW() comparison matches the index ordering - partially but not exactly (for example, differing column order, or the - index contains both ASC and DESC columns). - Pending a better solution, the optimization has been removed. - - - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - - - Fix incorrect behavior when rechecking a just-modified row in a query - that does SELECT FOR UPDATE/SHARE and contains some - relations that need not be locked (Tom Lane) - - - - Rows from non-locked relations were incorrectly treated as containing - all NULLs during the recheck, which could result in incorrectly - deciding that the updated row no longer passes the WHERE - condition, or in incorrectly outputting NULLs. - - - - - - - - Fix bug in json_to_record() when a field of its input - object contains a sub-object with a field name matching one of the - requested output column names (Tom Lane) - - - - - - - - Fix nonsense result from two-argument form - of jsonb_object() when called with empty arrays - (Michael Paquier, Andrew Dunstan) - - - - - - - - Fix misbehavior in jsonb_set() when converting a path - array element into an integer for use as an array subscript - (Michael Paquier) - - - - - - - - Fix misformatting of negative time zone offsets - by to_char()'s OF format code - (Thomas Munro, Tom Lane) - - - - - - - - Fix possible incorrect logging of waits done by - INSERT ... ON CONFLICT (Peter Geoghegan) - - - - Log messages would sometimes claim that the wait was due to an - exclusion constraint although no such constraint was responsible. - - - - - - - - Ignore parameter until - recovery has reached a consistent state (Michael Paquier) - - - - Previously, standby servers would delay application of WAL records in - response to recovery_min_apply_delay even while replaying - the initial portion of WAL needed to make their database state valid. - Since the standby is useless until it's reached a consistent database - state, this was deemed unhelpful. - - - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - - - Fix assorted bugs in logical decoding (Andres Freund) - - - - Trouble cases included tuples larger than one page when replica - identity is FULL, UPDATEs that change a - primary key within a transaction large enough to be spooled to disk, - incorrect reports of subxact logged without previous toplevel - record, and incorrect reporting of a transaction's commit time. - - - - - - - - Fix planner error with nested security barrier views when the outer - view has a WHERE clause containing a correlated subquery - (Dean Rasheed) - - - - - - - - Fix memory leak in GIN index searches (Tom Lane) - - - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - - - Fix atomic-operations code used on PPC with IBM's xlc compiler - (Noah Misch) - - - - This error led to rare failures of concurrent operations on that - platform. - - - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - - - In pg_upgrade, skip creating a deletion script when - the new data directory is inside the old data directory (Bruce - Momjian) - - - - Blind application of the script in such cases would result in loss of - the new data directory. - - - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.5.1 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.5.0. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.1 - - - A dump/restore is not required for those running 9.5.X. - - - - - Changes - - - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - - - Fix an oversight that caused hash joins to miss joining to some tuples - of the inner relation in rare cases (Tomas Vondra, Tom Lane) - - - - - - - - Avoid pushdown of HAVING clauses when grouping sets are - used (Andrew Gierth) - - - - - - - - Fix deparsing of ON CONFLICT arbiter WHERE - clauses (Peter Geoghegan) - - - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - - - Fix improper quoting of domain constraint names - in pg_dump (Elvis Pranskevichus) - - - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - - - Suppress useless warning message when pg_receivexlog - connects to a pre-9.4 server (Marco Nenciarini) - - - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - - - Fix hstore_to_json_loose()'s test for whether - an hstore value can be converted to a JSON number (Tom Lane) - - - - Previously this function could be fooled by non-alphanumeric trailing - characters, leading to emitting syntactically-invalid JSON. - - - - - - - - In contrib/postgres_fdw, fix bugs triggered by use - of tableoid in data-modifying commands (Etsuro Fujita, - Robert Haas) - - - - - - - - Fix ill-advised restriction of NAMEDATALEN to be less - than 256 (Robert Haas, Tom Lane) - - - - - - - - Improve reproducibility of build output by ensuring filenames are given - to the linker in a fixed order (Christoph Berg) - - - - This avoids possible bitwise differences in the produced executable - files from one build to the next. - - - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.5 - - - Release date: - 2016-01-07 - - - - Overview - - - Major enhancements in PostgreSQL 9.5 include: - - - - - - - - - Allow INSERTs - that would generate constraint conflicts to be turned into - UPDATEs or ignored - - - - - - Add GROUP BY analysis features GROUPING SETS, - CUBE and - ROLLUP - - - - - - Add row-level security control - - - - - - Create mechanisms for tracking - the progress of replication, - including methods for identifying the origin of individual changes - during logical replication - - - - - - Add Block Range Indexes (BRIN) - - - - - - Substantial performance improvements for sorting - - - - - - Substantial performance improvements for multi-CPU machines - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.5 - - - A dump/restore using , or use - of , is required for those wishing to migrate - data from any previous release. - - - - Version 9.5 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - - - - - Adjust operator precedence - to match the SQL standard (Tom Lane) - - - - The precedence of <=, >= - and <> has been reduced to match that of - <, > - and =. The precedence of IS tests - (e.g., x IS NULL) has been reduced to be - just below these six comparison operators. - Also, multi-keyword operators beginning with NOT now have - the precedence of their base operator (for example, NOT - BETWEEN now has the same precedence as BETWEEN) whereas - before they had inconsistent precedence, behaving like NOT - with respect to their left operand but like their base operator with - respect to their right operand. The new configuration - parameter can be - enabled to warn about queries in which these precedence changes result - in different parsing choices. - - - - - - - Change 's default shutdown mode from - smart to fast (Bruce Momjian) - - - - This means the default behavior will be to forcibly cancel existing - database sessions, not simply wait for them to exit. - - - - - - - Use assignment cast behavior for data type conversions - in PL/pgSQL assignments, rather than converting to and - from text (Tom Lane) - - - - This change causes conversions of Booleans to strings to - produce true or false, not t - or f. Other type conversions may succeed in more cases - than before; for example, assigning a numeric value 3.9 to - an integer variable will now assign 4 rather than failing. If no - assignment-grade cast is defined for the particular source and - destination types, PL/pgSQL will fall back to its old - I/O conversion behavior. - - - - - - - Allow characters in server - command-line options to be escaped with a backslash (Andres Freund) - - - - Formerly, spaces in the options string always separated options, so - there was no way to include a space in an option value. Including - a backslash in an option value now requires writing \\. - - - - - - - Change the default value of the GSSAPI include_realm parameter to 1, so - that by default the realm is not removed from a GSS - or SSPI principal name (Stephen Frost) - - - - - - - Replace configuration parameter checkpoint_segments - with - and (Heikki Linnakangas) - - - - If you previously adjusted checkpoint_segments, the - following formula will give you an approximately equivalent setting: - -max_wal_size = (3 * checkpoint_segments) * 16MB - - Note that the default setting for max_wal_size is - much higher than the default checkpoint_segments used - to be, so adjusting it might no longer be necessary. - - - - - - - Control the Linux OOM killer via new environment - variables PG_OOM_ADJUST_FILE - and PG_OOM_ADJUST_VALUE, - instead of compile-time options LINUX_OOM_SCORE_ADJ and - LINUX_OOM_ADJ - (Gurjeet Singh) - - - - - - - Decommission server configuration - parameter ssl_renegotiation_limit, which was deprecated - in earlier releases (Andres Freund) - - - - While SSL renegotiation is a good idea in theory, it has caused enough - bugs to be considered a net negative in practice, and it is due to be - removed from future versions of the relevant standards. We have - therefore removed support for it from PostgreSQL. - The ssl_renegotiation_limit parameter still exists, but - cannot be set to anything but zero (disabled). It's not documented - anymore, either. - - - - - - - Remove server configuration parameter autocommit, which - was already deprecated and non-operational (Tom Lane) - - - - - - - Remove the pg_authid - catalog's rolcatupdate field, as it had no usefulness - (Adam Brightwell) - - - - - - - The pg_stat_replication - system view's sent field is now NULL, not zero, when - it has no valid value (Magnus Hagander) - - - - - - - Allow json and jsonb array extraction operators to - accept negative subscripts, which count from the end of JSON arrays - (Peter Geoghegan, Andrew Dunstan) - - - - Previously, these operators returned NULL for negative - subscripts. - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.5 and the previous major - release. - - - - Server - - - Indexes - - - - - - - Add Block Range Indexes (BRIN) - (Álvaro Herrera) - - - - BRIN indexes store only summary data (such as minimum - and maximum values) for ranges of heap blocks. They are therefore - very compact and cheap to update; but if the data is naturally - clustered, they can still provide substantial speedup of searches. - - - - - - - Allow queries to perform accurate distance filtering of - bounding-box-indexed objects (polygons, circles) using GiST indexes (Alexander Korotkov, Heikki - Linnakangas) - - - - Previously, to exploit such an index a subquery had to be used to - select a large number of rows ordered by bounding-box distance, and - the result then had to be filtered further with a more accurate - distance calculation. - - - - - - - Allow GiST indexes to perform index-only - scans (Anastasia Lubennikova, Heikki Linnakangas, Andreas Karlsson) - - - - - - - Add configuration parameter - to control the size of GIN pending lists (Fujii Masao) - - - - This value can also be set on a per-index basis as an index storage - parameter. Previously the pending-list size was controlled - by , which was awkward because - appropriate values for work_mem are often much too large - for this purpose. - - - - - - - Issue a warning during the creation of hash indexes because they are not - crash-safe (Bruce Momjian) - - - - - - - - - General Performance - - - - - - - Improve the speed of sorting of varchar, text, - and numeric fields via abbreviated keys - (Peter Geoghegan, Andrew Gierth, Robert Haas) - - - - - - - Extend the infrastructure that allows sorting to be performed by - inlined, non-SQL-callable comparison functions to - cover CREATE INDEX, REINDEX, and - CLUSTER (Peter Geoghegan) - - - - - - - Improve performance of hash joins (Tomas Vondra, Robert Haas) - - - - - - - Improve concurrency of shared buffer replacement - (Robert Haas, Amit Kapila, Andres Freund) - - - - - - - Reduce the number of page locks and pins during index scans (Kevin Grittner) - - - - The primary benefit of this is to allow index vacuums to be blocked - less often. - - - - - - - Make per-backend tracking of buffer pins more memory-efficient - (Andres Freund) - - - - - - - Improve lock scalability (Andres Freund) - - - - This particularly addresses scalability problems when running on - systems with multiple CPU sockets. - - - - - - - Allow the optimizer to remove unnecessary references to left-joined - subqueries (David Rowley) - - - - - - - Allow pushdown of query restrictions into subqueries with window functions, where appropriate - (David Rowley) - - - - - - - Allow a non-leakproof function to be pushed down into a security - barrier view if the function does not receive any view output - columns (Dean Rasheed) - - - - - - - Teach the planner to use statistics obtained from an expression - index on a boolean-returning function, when a matching function call - appears in WHERE (Tom Lane) - - - - - - - Make ANALYZE compute basic statistics (null fraction and - average column width) even for columns whose data type lacks an - equality function (Oleksandr Shulgin) - - - - - - - Speed up CRC (cyclic redundancy check) computations - and switch to CRC-32C (Abhijit Menon-Sen, Heikki Linnakangas) - - - - - - - Improve bitmap index scan performance (Teodor Sigaev, Tom Lane) - - - - - - - Speed up CREATE INDEX by avoiding unnecessary memory - copies (Robert Haas) - - - - - - - Increase the number of buffer mapping partitions (Amit Kapila, - Andres Freund, Robert Haas) - - - - This improves performance for highly concurrent workloads. - - - - - - - - - Monitoring - - - - - - - Add per-table autovacuum logging control via new - log_autovacuum_min_duration storage parameter - (Michael Paquier) - - - - - - - Add new configuration parameter - (Thomas Munro) - - - - This string, typically set in postgresql.conf, - allows clients to identify the cluster. This name also appears - in the process title of all server processes, allowing for easier - identification of processes belonging to the same cluster. - - - - - - - Prevent non-superusers from changing on connection startup (Fujii Masao) - - - - - - - - - <acronym>SSL</acronym> - - - - - - - Check Subject Alternative - Names in SSL server certificates, if present - (Alexey Klyukin) - - - - When they are present, this replaces checks against the certificate's - Common Name. - - - - - - - Add system view pg_stat_ssl to report - SSL connection information (Magnus Hagander) - - - - - - - Add libpq functions to return SSL - information in an implementation-independent way (Heikki Linnakangas) - - - - While PQgetssl() can - still be used to call OpenSSL functions, it is now - considered deprecated because future versions - of libpq might support other SSL - implementations. When possible, use the new - functions PQsslAttribute(), PQsslAttributeNames(), - and PQsslInUse() - to obtain SSL information in - an SSL-implementation-independent way. - - - - - - - Make libpq honor any OpenSSL - thread callbacks (Jan Urbanski) - - - - Previously they were overwritten. - - - - - - - - - Server Settings - - - - - - - Replace configuration parameter checkpoint_segments - with - and (Heikki Linnakangas) - - - - This change allows the allocation of a large number of WAL - files without keeping them after they are no longer needed. - Therefore the default for max_wal_size has been set - to 1GB, much larger than the old default - for checkpoint_segments. - Also note that standby servers perform restartpoints to try to limit - their WAL space consumption to max_wal_size; previously - they did not pay any attention to checkpoint_segments. - - - - - - - Control the Linux OOM killer via new environment - variables PG_OOM_ADJUST_FILE - and PG_OOM_ADJUST_VALUE - (Gurjeet Singh) - - - - The previous OOM control infrastructure involved - compile-time options LINUX_OOM_SCORE_ADJ and - LINUX_OOM_ADJ, which are no longer supported. - The new behavior is available in all builds. - - - - - - - Allow recording of transaction - commit time stamps when configuration parameter - is enabled (Álvaro Herrera, Petr Jelínek) - - - - Time stamp information can be accessed using functions pg_xact_commit_timestamp() - and pg_last_committed_xact(). - - - - - - - Allow to be set - by ALTER ROLE SET (Peter Eisentraut, Kyotaro Horiguchi) - - - - - - - Allow autovacuum workers - to respond to configuration parameter changes during a run - (Michael Paquier) - - - - - - - Make configuration parameter - read-only (Andres Freund) - - - - This means that assertions can no longer be turned - off if they were enabled at compile time, allowing for more - efficient code optimization. This change also removes the postgres option. - - - - - - - Allow setting on - systems where it has no effect (Peter Eisentraut) - - - - - - - Add system view pg_file_settings - to show the contents of the server's configuration files - (Sawada Masahiko) - - - - - - - Add pending_restart to the system view pg_settings to - indicate a change has been made but will not take effect until a - database restart (Peter Eisentraut) - - - - - - - Allow ALTER SYSTEM - values to be reset with ALTER SYSTEM RESET (Vik - Fearing) - - - - This command removes the specified setting - from postgresql.auto.conf. - - - - - - - - - - - Replication and Recovery - - - - - - - Create mechanisms for tracking - the progress of replication, - including methods for identifying the origin of individual changes - during logical replication (Andres Freund) - - - - This is helpful when implementing replication solutions. - - - - - - - Rework truncation of the multixact commit log to be properly - WAL-logged (Andres Freund) - - - - This makes things substantially simpler and more robust. - - - - - - - Add recovery.conf - parameter recovery_target_action - to control post-recovery activity (Petr Jelínek) - - - - This replaces the old parameter pause_at_recovery_target. - - - - - - - Add new value - always to allow standbys to always archive received - WAL files (Fujii Masao) - - - - - - - Add configuration - parameter to - control WAL read retry after failure - (Alexey Vasiliev, Michael Paquier) - - - - This is particularly helpful for warm standbys. - - - - - - - Allow compression of full-page images stored in WAL - (Rahila Syed, Michael Paquier) - - - - This feature reduces WAL volume, at the cost of more CPU time spent - on WAL logging and WAL replay. It is controlled by a new - configuration parameter , which - currently is off by default. - - - - - - - Archive WAL files with suffix .partial - during standby promotion (Heikki Linnakangas) - - - - - - - Add configuration parameter - to log replication commands (Fujii Masao) - - - - By default, replication commands, e.g. IDENTIFY_SYSTEM, - are not logged, even when is set - to all. - - - - - - - Report the processes holding replication slots in pg_replication_slots - (Craig Ringer) - - - - The new output column is active_pid. - - - - - - - Allow recovery.conf's primary_conninfo setting to - use connection URIs, e.g. postgres:// - (Alexander Shulgin) - - - - - - - - - Queries - - - - - - - Allow INSERTs - that would generate constraint conflicts to be turned into - UPDATEs or ignored (Peter Geoghegan, Heikki - Linnakangas, Andres Freund) - - - - The syntax is INSERT ... ON CONFLICT DO NOTHING/UPDATE. - This is the Postgres implementation of the popular - UPSERT command. - - - - - - - Add GROUP BY analysis features GROUPING SETS, - CUBE and - ROLLUP - (Andrew Gierth, Atri Sharma) - - - - - - - Allow setting multiple target columns in - an UPDATE from the result of - a single sub-SELECT (Tom Lane) - - - - This is accomplished using the syntax UPDATE tab SET - (col1, col2, ...) = (SELECT ...). - - - - - - - Add SELECT option - SKIP LOCKED to skip locked rows (Thomas Munro) - - - - This does not throw an error for locked rows like - NOWAIT does. - - - - - - - Add SELECT option - TABLESAMPLE to return a subset of a table (Petr - Jelínek) - - - - This feature supports the SQL-standard table sampling methods. - In addition, there are provisions - for user-defined - table sampling methods. - - - - - - - Suggest possible matches for mistyped column names (Peter - Geoghegan, Robert Haas) - - - - - - - - - Utility Commands - - - - - - - Add more details about sort ordering in EXPLAIN output (Marius Timmer, - Lukas Kreft, Arne Scheffer) - - - - Details include COLLATE, DESC, - USING, and NULLS FIRST/LAST. - - - - - - - Make VACUUM log the - number of pages skipped due to pins (Jim Nasby) - - - - - - - Make TRUNCATE properly - update the pg_stat* tuple counters (Alexander Shulgin) - - - - - - - <xref linkend="sql-reindex"/> - - - - - - - Allow REINDEX to reindex an entire schema using the - SCHEMA option (Sawada Masahiko) - - - - - - - Add VERBOSE option to REINDEX (Sawada - Masahiko) - - - - - - - Prevent REINDEX DATABASE and SCHEMA - from outputting object names, unless VERBOSE is used - (Simon Riggs) - - - - - - - Remove obsolete FORCE option from REINDEX - (Fujii Masao) - - - - - - - - - - Object Manipulation - - - - - - - Add row-level security control - (Craig Ringer, KaiGai Kohei, Adam Brightwell, Dean Rasheed, - Stephen Frost) - - - - This feature allows row-by-row control over which users can add, - modify, or even see rows in a table. This is controlled by new - commands CREATE/ALTER/DROP POLICY and ALTER TABLE ... ENABLE/DISABLE - ROW SECURITY. - - - - - - - Allow changing of the WAL - logging status of a table after creation with ALTER TABLE ... SET LOGGED / - UNLOGGED (Fabrízio de Royes Mello) - - - - - - - Add IF NOT EXISTS clause to CREATE TABLE AS, - CREATE INDEX, - CREATE SEQUENCE, - and CREATE - MATERIALIZED VIEW (Fabrízio de Royes Mello) - - - - - - - Add support for IF EXISTS to ALTER TABLE ... RENAME - CONSTRAINT (Bruce Momjian) - - - - - - - Allow some DDL commands to accept CURRENT_USER - or SESSION_USER, meaning the current user or session - user, in place of a specific user name (Kyotaro Horiguchi, - Álvaro Herrera) - - - - This feature is now supported in - , , - , , - and ALTER object OWNER TO commands. - - - - - - - Support comments on domain - constraints (Álvaro Herrera) - - - - - - - Reduce lock levels of some create and alter trigger and foreign - key commands (Simon Riggs, Andreas Karlsson) - - - - - - - Allow LOCK TABLE ... ROW EXCLUSIVE - MODE for those with INSERT privileges on the - target table (Stephen Frost) - - - - Previously this command required UPDATE, DELETE, - or TRUNCATE privileges. - - - - - - - Apply table and domain CHECK constraints in order by name - (Tom Lane) - - - - The previous ordering was indeterminate. - - - - - - - Allow CREATE/ALTER DATABASE - to manipulate datistemplate and - datallowconn (Vik Fearing) - - - - This allows these per-database settings to be - changed without manually modifying the pg_database - system catalog. - - - - - - - <link linkend="ddl-foreign-data">Foreign Tables</link> - - - - - - - Add support for - (Ronan Dunklau, Michael Paquier, Tom Lane) - - - - This command allows automatic creation of local foreign tables - that match the structure of existing tables on a remote server. - - - - - - - Allow CHECK constraints to be placed on foreign tables - (Shigeru Hanada, Etsuro Fujita) - - - - Such constraints are assumed to be enforced on the remote server, - and are not enforced locally. However, they are assumed to hold for - purposes of query optimization, such - as constraint - exclusion. - - - - - - - Allow foreign tables to participate in inheritance (Shigeru Hanada, - Etsuro Fujita) - - - - To let this work naturally, foreign tables are now allowed to have - check constraints marked as not valid, and to set storage - and OID characteristics, even though these operations are - effectively no-ops for a foreign table. - - - - - - - Allow foreign data wrappers and custom scans to implement join - pushdown (KaiGai Kohei) - - - - - - - - - <link linkend="event-triggers">Event Triggers</link> - - - - - - - Whenever a ddl_command_end event trigger is installed, - capture details of DDL activity for it to inspect - (Álvaro Herrera) - - - - This information is available through a set-returning function pg_event_trigger_ddl_commands(), - or by inspection of C data structures if that function doesn't - provide enough detail. - - - - - - - Allow event triggers on table rewrites caused by ALTER TABLE (Dimitri - Fontaine) - - - - - - - Add event trigger support for database-level COMMENT, SECURITY LABEL, - and GRANT/REVOKE (Álvaro Herrera) - - - - - - - Add columns to the output of pg_event_trigger_dropped_objects - (Álvaro Herrera) - - - - This allows simpler processing of delete operations. - - - - - - - - - - - Data Types - - - - - - - Allow the xml data type - to accept empty or all-whitespace content values (Peter Eisentraut) - - - - This is required by the SQL/XML - specification. - - - - - - - Allow macaddr input - using the format xxxx-xxxx-xxxx (Herwin Weststrate) - - - - - - - Disallow non-SQL-standard syntax for interval with - both precision and field specifications (Bruce Momjian) - - - - Per the standard, such type specifications should be written as, - for example, INTERVAL MINUTE TO SECOND(2). - PostgreSQL formerly allowed this to be written as - INTERVAL(2) MINUTE TO SECOND, but it must now be - written in the standard way. - - - - - - - Add selectivity estimators for inet/cidr operators and improve - estimators for text search functions (Emre Hasegeli, Tom Lane) - - - - - - - Add data - types regrole - and regnamespace - to simplify entering and pretty-printing the OID of a role - or namespace (Kyotaro Horiguchi) - - - - - - - <link linkend="datatype-json"><acronym>JSON</acronym></link> - - - - - - - Add jsonb functions jsonb_set() - and jsonb_pretty() - (Dmitry Dolgov, Andrew Dunstan, Petr Jelínek) - - - - - - - Add jsonb generator functions to_jsonb(), - jsonb_object(), - jsonb_build_object(), - jsonb_build_array(), - jsonb_agg(), - and jsonb_object_agg() - (Andrew Dunstan) - - - - Equivalent functions already existed for type json. - - - - - - - Reduce casting requirements to/from json and jsonb (Tom Lane) - - - - - - - Allow text, text array, and integer - values to be subtracted - from jsonb documents (Dmitry Dolgov, Andrew Dunstan) - - - - - - - Add jsonb || operator - (Dmitry Dolgov, Andrew Dunstan) - - - - - - - Add json_strip_nulls() - and jsonb_strip_nulls() - functions to remove JSON null values from documents - (Andrew Dunstan) - - - - - - - - - - - Functions - - - - - - - Add generate_series() - for numeric values (Plato Malugin) - - - - - - - Allow array_agg() and - ARRAY() to take arrays as inputs (Ali Akbar, Tom Lane) - - - - - - - Add functions array_position() - and array_positions() - to return subscripts of array values (Pavel Stehule) - - - - - - - Add a point-to-polygon distance operator - <-> - (Alexander Korotkov) - - - - - - - Allow multibyte characters as escapes in SIMILAR TO - and SUBSTRING - (Jeff Davis) - - - - Previously, only a single-byte character was allowed as an escape. - - - - - - - Add a width_bucket() - variant that supports any sortable data type and non-uniform bucket - widths (Petr Jelínek) - - - - - - - Add an optional missing_ok argument to pg_read_file() - and related functions (Michael Paquier, Heikki Linnakangas) - - - - - - - Allow => - to specify named parameters in function calls (Pavel Stehule) - - - - Previously only := could be used. This requires removing - the possibility for => to be a user-defined operator. - Creation of user-defined => operators has been issuing - warnings since PostgreSQL 9.0. - - - - - - - Add POSIX-compliant rounding for platforms that use - PostgreSQL-supplied rounding functions (Pedro Gimeno Fortea) - - - - - - - System Information Functions and Views - - - - - - - Add function pg_get_object_address() - to return OIDs that uniquely - identify an object, and function pg_identify_object_as_address() - to return object information based on OIDs (Álvaro - Herrera) - - - - - - - Loosen security checks for viewing queries in pg_stat_activity, - executing pg_cancel_backend(), - and executing pg_terminate_backend() - (Stephen Frost) - - - - Previously, only the specific role owning the target session could - perform these operations; now membership in that role is sufficient. - - - - - - - Add pg_stat_get_snapshot_timestamp() - to output the time stamp of the statistics snapshot (Matt Kelly) - - - - This represents the last time the snapshot file was written to - the file system. - - - - - - - Add mxid_age() - to compute multi-xid age (Bruce Momjian) - - - - - - - - Aggregates - - - - - - - Add min()/max() aggregates - for inet/cidr data types (Haribabu - Kommi) - - - - - - - Use 128-bit integers, where supported, as accumulators for some - aggregate functions (Andreas Karlsson) - - - - - - - - - - - Server-Side Languages - - - - - - - Improve support for composite types in PL/Python (Ed Behn, Ronan - Dunklau) - - - - This allows PL/Python functions to return arrays - of composite types. - - - - - - - Reduce lossiness of PL/Python floating-point value - conversions (Marko Kreen) - - - - - - - Allow specification of conversion routines between SQL - data types and data types of procedural languages (Peter Eisentraut) - - - - This change adds new commands CREATE/DROP TRANSFORM. - This also adds optional transformations between the hstore and ltree types to/from PL/Perl and PL/Python. - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - - Improve PL/pgSQL array - performance (Tom Lane) - - - - - - - Add an ASSERT - statement in PL/pgSQL (Pavel Stehule) - - - - - - - Allow more PL/pgSQL - keywords to be used as identifiers (Tom Lane) - - - - - - - - - - - Client Applications - - - - - - - Move pg_archivecleanup, - pg_test_fsync, - pg_test_timing, - and pg_xlogdump - from contrib to src/bin (Peter Eisentraut) - - - - This should result in these programs being installed by default in - most installations. - - - - - - - Add pg_rewind, - which allows re-synchronizing a master server after failback - (Heikki Linnakangas) - - - - - - - Allow pg_receivexlog - to manage physical replication slots (Michael Paquier) - - - - This is controlled via new and - options. - - - - - - - Allow pg_receivexlog - to synchronously flush WAL to storage using new - option (Furuya Osamu, Fujii Masao) - - - - Without this, WAL files are fsync'ed only on close. - - - - - - - Allow vacuumdb to - vacuum in parallel using new option (Dilip Kumar) - - - - - - - In vacuumdb, do not - prompt for the same password repeatedly when multiple connections - are necessary (Haribabu Kommi, Michael Paquier) - - - - - - - Add option to reindexdb (Sawada - Masahiko) - - - - - - - Make pg_basebackup - use a tablespace mapping file when using tar format, - to support symbolic links and file paths of 100+ characters in length - on MS Windows (Amit Kapila) - - - - - - - Add pg_xlogdump option - to display summary statistics (Abhijit Menon-Sen) - - - - - - - <xref linkend="app-psql"/> - - - - - - - Allow psql to produce AsciiDoc output (Szymon Guz) - - - - - - - Add an errors mode that displays only failed commands - to psql's ECHO variable - (Pavel Stehule) - - - - This behavior can also be selected with psql's - option. - - - - - - - Provide separate column, header, and border linestyle control - in psql's unicode linestyle (Pavel Stehule) - - - - Single or double lines are supported; the default is - single. - - - - - - - Add new option %l in psql's PROMPT variables - to display the current multiline statement line number - (Sawada Masahiko) - - - - - - - Add \pset option pager_min_lines - to control pager invocation (Andrew Dunstan) - - - - - - - Improve psql line counting used when deciding - to invoke the pager (Andrew Dunstan) - - - - - - - psql now fails if the file specified by - an or switch cannot be - written (Tom Lane, Daniel Vérité) - - - - Previously, it effectively ignored the switch in such cases. - - - - - - - Add psql tab completion when setting the - variable (Jeff Janes) - - - - Currently only the first schema can be tab-completed. - - - - - - - Improve psql's tab completion for triggers and rules - (Andreas Karlsson) - - - - - - - <link linkend="app-psql-meta-commands">Backslash Commands</link> - - - - - - - Add psql \? help sections - variables and options (Pavel Stehule) - - - - \? variables shows psql's special - variables and \? options shows the command-line options. - \? commands shows the meta-commands, which is the - traditional output and remains the default. These help displays - can also be obtained with the command-line - option --help=section. - - - - - - - Show tablespace size in psql's \db+ - (Fabrízio de Royes Mello) - - - - - - - Show data type owners in psql's \dT+ - (Magnus Hagander) - - - - - - - Allow psql's \watch to output - \timing information (Fujii Masao) - - - - Also prevent from echoing - \watch queries, since that is generally unwanted. - - - - - - - Make psql's \sf and \ef - commands honor ECHO_HIDDEN (Andrew Dunstan) - - - - - - - Improve psql tab completion for \set, - \unset, and :variable names (Pavel - Stehule) - - - - - - - Allow tab completion of role names - in psql \c commands (Ian Barwick) - - - - - - - - - - - <xref linkend="app-pgdump"/> - - - - - - - Allow pg_dump to share a snapshot taken by another - session using (Simon Riggs, Michael Paquier) - - - - The remote snapshot must have been exported by - pg_export_snapshot() or logical replication slot - creation. This can be used to share a consistent snapshot - across multiple pg_dump processes. - - - - - - - Support table sizes exceeding 8GB in tar archive format (Tom Lane) - - - - The POSIX standard for tar format does not allow elements of a tar - archive to exceed 8GB, but most modern implementations of tar - support an extension that does allow it. Use the extension format - when necessary, rather than failing. - - - - - - - Make pg_dump always print the server and - pg_dump versions (Jing Wang) - - - - Previously, version information was only printed in - mode. - - - - - - - Remove the long-ignored / - option from pg_dump, pg_dumpall, - and pg_restore (Fujii Masao) - - - - - - - - - <xref linkend="app-pg-ctl"/> - - - - - - - Support multiple pg_ctl options, - concatenating their values (Bruce Momjian) - - - - - - - Allow control of pg_ctl's event source logging - on MS Windows (MauMau) - - - - This only controls pg_ctl, not the server, which - has separate settings in postgresql.conf. - - - - - - - If the server's listen address is set to a wildcard value - (0.0.0.0 in IPv4 or :: in IPv6), connect via - the loopback address rather than trying to use the wildcard address - literally (Kondo Yuta) - - - - This fix primarily affects Windows, since on other platforms - pg_ctl will prefer to use a Unix-domain socket. - - - - - - - - - <xref linkend="pgupgrade"/> - - - - - - - Move pg_upgrade from contrib to - src/bin (Peter Eisentraut) - - - - In connection with this change, the functionality previously - provided by the pg_upgrade_support module has been - moved into the core server. - - - - - - - Support multiple pg_upgrade - / options, - concatenating their values (Bruce Momjian) - - - - - - - Improve database collation comparisons in - pg_upgrade (Heikki Linnakangas) - - - - - - - Remove support for upgrading from 8.3 clusters (Bruce Momjian) - - - - - - - - - <xref linkend="pgbench"/> - - - - - - - Move pgbench from contrib to src/bin - (Peter Eisentraut) - - - - - - - Fix calculation of TPS number excluding connections - establishing (Tatsuo Ishii, Fabien Coelho) - - - - The overhead for connection establishment was miscalculated whenever - the number of pgbench threads was less than the number of client - connections. Although this is clearly a bug, we won't back-patch it - into pre-9.5 branches since it makes TPS numbers not comparable to - previous results. - - - - - - - Allow counting of pgbench transactions that take over a specified - amount of time (Fabien Coelho) - - - - This is controlled by a new option. - - - - - - - Allow pgbench to generate Gaussian/exponential distributions - using \setrandom (Kondo Mitsumasa, Fabien Coelho) - - - - - - - Allow pgbench's \set command to handle - arithmetic expressions containing more than one operator, and add - % (modulo) to the set of operators it supports - (Robert Haas, Fabien Coelho) - - - - - - - - - - - Source Code - - - - - - - Simplify WAL record format - (Heikki Linnakangas) - - - - This allows external tools to more easily track what blocks - are modified. - - - - - - - Improve the representation of transaction commit and abort WAL - records (Andres Freund) - - - - - - - Add atomic memory operations API (Andres Freund) - - - - - - - Allow custom path and scan methods (KaiGai Kohei, Tom Lane) - - - - This allows extensions greater control over the optimizer and - executor. - - - - - - - Allow foreign data wrappers to do post-filter locking (Etsuro - Fujita) - - - - - - - Foreign tables can now take part in INSERT ... ON CONFLICT - DO NOTHING queries (Peter Geoghegan, Heikki Linnakangas, - Andres Freund) - - - - Foreign data wrappers must be modified to handle this. - INSERT ... ON CONFLICT DO UPDATE is not supported on - foreign tables. - - - - - - - Improve hash_create()'s API for selecting - simple-binary-key hash functions (Teodor Sigaev, Tom Lane) - - - - - - - Improve parallel execution infrastructure (Robert Haas, Amit - Kapila, Noah Misch, Rushabh Lathia, Jeevan Chalke) - - - - - - - Remove Alpha (CPU) and Tru64 (OS) ports (Andres Freund) - - - - - - - Remove swap-byte-based spinlock implementation for - ARMv5 and earlier CPUs (Robert Haas) - - - - ARMv5's weak memory ordering made this locking - implementation unsafe. Spinlock support is still possible on - newer gcc implementations with atomics support. - - - - - - - Generate an error when excessively long (100+ character) file - paths are written to tar files (Peter Eisentraut) - - - - Tar does not support such overly-long paths. - - - - - - - Change index operator class for columns pg_seclabel.provider - and pg_shseclabel.provider - to be text_pattern_ops (Tom Lane) - - - - This avoids possible problems with these indexes when different - databases of a cluster have different default collations. - - - - - - - Change the spinlock primitives to function as compiler barriers - (Robert Haas) - - - - - - - MS Windows - - - - - - - Allow higher-precision time stamp resolution on Windows 8, Windows - Server 2012, and later Windows systems (Craig Ringer) - - - - - - - Install shared libraries to bin in MS Windows (Peter Eisentraut, Michael Paquier) - - - - - - - Install src/test/modules together with - contrib on MSVC builds (Michael - Paquier) - - - - - - - Allow configure's - option to be honored by the - MSVC build (Michael Paquier) - - - - - - - Pass PGFILEDESC into MSVC contrib builds - (Michael Paquier) - - - - - - - Add icons to all MSVC-built binaries and version - information to all MS Windows - binaries (Noah Misch) - - - - MinGW already had such icons. - - - - - - - Add optional-argument support to the internal - getopt_long() implementation (Michael Paquier, - Andres Freund) - - - - This is used by the MSVC build. - - - - - - - - - - - Additional Modules - - - - - - - Add statistics for minimum, maximum, - mean, and standard deviation times to pg_stat_statements - (Mitsumasa Kondo, Andrew Dunstan) - - - - - - - Add pgcrypto function - pgp_armor_headers() to extract PGP - armor headers (Marko Tiikkaja, Heikki Linnakangas) - - - - - - - Allow empty replacement strings in unaccent (Mohammad Alhashash) - - - - This is useful in languages where diacritic signs are represented - as separate characters. - - - - - - - Allow multicharacter source strings in unaccent (Tom Lane) - - - - This could be useful in languages where diacritic signs are - represented as separate characters. It also allows more complex - unaccent dictionaries. - - - - - - - Add contrib modules tsm_system_rows and - tsm_system_time - to allow additional table sampling methods (Petr Jelínek) - - - - - - - Add GIN - index inspection functions to pageinspect (Heikki - Linnakangas, Peter Geoghegan, Michael Paquier) - - - - - - - Add information about buffer pins to pg_buffercache display - (Andres Freund) - - - - - - - Allow pgstattuple - to report approximate answers with less overhead using - pgstattuple_approx() (Abhijit Menon-Sen) - - - - - - - Move dummy_seclabel, test_shm_mq, - test_parser, and worker_spi - from contrib to src/test/modules - (Álvaro Herrera) - - - - These modules are only meant for server testing, so they do not need - to be built or installed when packaging PostgreSQL. - - - - - - - - - - diff --git a/doc/src/sgml/release-9.6.sgml b/doc/src/sgml/release-9.6.sgml deleted file mode 100644 index acebcc6249..0000000000 --- a/doc/src/sgml/release-9.6.sgml +++ /dev/null @@ -1,11341 +0,0 @@ - - - - - Release 9.6.11 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 9.6.10. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.11 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you are upgrading from a version earlier than 9.6.9, - see . - - - - - Changes - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - Fix parsing of standard multi-character operators that are immediately - followed by a comment or + or - - (Andrew Gierth) - - - - This oversight could lead to parse errors, or to incorrect assignment - of precedence. - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - Disallow pushing sub-SELECTs containing window - functions, LIMIT, or OFFSET to - parallel workers (Amit Kapila) - - - - Such cases could result in inconsistent behavior due to different - workers getting different answers, as a result of indeterminacy - due to row-ordering variations. - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Ensure that the server will process - already-received NOTIFY - and SIGTERM interrupts before waiting for client - input (Jeff Janes, Tom Lane) - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - Ensure that ApplyLogicalMappingFile() closes the - mapping file when done with it (Tomas Vondra) - - - - Previously, the file descriptor was leaked, eventually resulting in - failures during logical decoding. - - - - - - Fix logical decoding to handle cases where a mapped catalog table is - repeatedly rewritten, e.g. by VACUUM FULL - (Andres Freund) - - - - - - Prevent starting the server with wal_level set - to too low a value to support an existing replication slot (Andres - Freund) - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - Fix event triggers to handle nested ALTER TABLE - commands (Michael Paquier, Álvaro Herrera) - - - - - - Propagate parent process's transaction and statement start timestamps - to parallel workers (Konstantin Knizhnik) - - - - This prevents misbehavior of functions such - as transaction_timestamp() when executed in a - worker. - - - - - - Fix transfer of expanded datums to parallel workers so that alignment - is preserved, preventing crashes on alignment-picky platforms - (Tom Lane, Amit Kapila) - - - - - - Fix WAL file recycling logic to work correctly on standby servers - (Michael Paquier) - - - - Depending on the setting of archive_mode, a standby - might fail to remove some WAL files that could be removed. - - - - - - Fix handling of commit-timestamp tracking during recovery - (Masahiko Sawada, Michael Paquier) - - - - If commit timestamp tracking has been turned on or off, recovery might - fail due to trying to fetch the commit timestamp for a transaction - that did not record it. - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - Allow DSM allocation to be interrupted (Chris Travers) - - - - - - Avoid failure in a parallel worker when loading an extension that - tries to access system caches within its init function (Thomas Munro) - - - - We don't consider that to be good extension coding practice, but it - mostly worked before parallel query, so continue to support it for - now. - - - - - - Properly handle turning full_page_writes on - dynamically (Kyotaro Horiguchi) - - - - - - Fix possible crash due to double free() during - SP-GiST rescan (Andrew Gierth) - - - - - - Avoid possible buffer overrun when replaying GIN page recompression - from WAL (Alexander Korotkov, Sivasubramanian Ramasubramanian) - - - - - - Fix missed fsync of a replication slot's directory (Konstantin - Knizhnik, Michael Paquier) - - - - - - Fix unexpected timeouts when - using wal_sender_timeout on a slow server - (Noah Misch) - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - Ensure background workers are stopped properly when the postmaster - receives a fast-shutdown request before completing database startup - (Alexander Kukushkin) - - - - - - Update the free space map during WAL replay of page all-visible/frozen - flag changes (Álvaro Herrera) - - - - Previously we were not careful about this, reasoning that the FSM is - not critical data anyway. However, if it's sufficiently out of date, - that can result in significant performance degradation after a standby - has been promoted to primary. The FSM will eventually be healed by - updates, but we'd like it to be good sooner, so work harder at - maintaining it during WAL replay. - - - - - - Avoid premature release of parallel-query resources when query end or - tuple count limit is reached (Amit Kapila) - - - - It's only okay to shut down the executor at this point if the caller - cannot demand backwards scan afterwards. - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - Fix psql, as well as documentation - examples, to call PQconsumeInput() before - each PQnotifies() call (Tom Lane) - - - - This fixes cases in which psql would not - report receipt of a NOTIFY message until after the - next command. - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - In contrib/postgres_fdw, don't try to ship a - variable-free ORDER BY clause to the remote server - (Andrew Gierth) - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - On Windows, allow the regression tests to be run by an Administrator - account (Andrew Dunstan) - - - - To do this safely, pg_regress now gives up - any such privileges at startup. - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 9.6.10 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 9.6.9. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.10 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you are upgrading from a version earlier than 9.6.9, - see . - - - - - Changes - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - Fix INSERT ... ON CONFLICT UPDATE through a view - that isn't just SELECT * FROM ... - (Dean Rasheed, Amit Langote) - - - - Erroneous expansion of an updatable view could lead to crashes - or attribute ... has the wrong type errors, if the - view's SELECT list doesn't match one-to-one with - the underlying table's columns. - Furthermore, this bug could be leveraged to allow updates of columns - that an attacking user lacks UPDATE privilege for, - if that user has INSERT and UPDATE - privileges for some other column(s) of the table. - Any user could also use it for disclosure of server memory. - (CVE-2018-10925) - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - During WAL replay, guard against corrupted record lengths exceeding - 1GB (Michael Paquier) - - - - Treat such a case as corrupt data. Previously, the code would try to - allocate space and get a hard error, making recovery impossible. - - - - - - When ending recovery, delay writing the timeline history file as long - as possible (Heikki Linnakangas) - - - - This avoids some situations where a failure during recovery cleanup - (such as a problem with a two-phase state file) led to inconsistent - timeline state on-disk. - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - Make logical WAL senders report streaming state correctly (Simon - Riggs, Sawada Masahiko) - - - - The code previously mis-detected whether or not it had caught up with - the upstream server. - - - - - - Fix bugs in snapshot handling during logical decoding, allowing wrong - decoding results in rare cases (Arseny Sher, Álvaro Herrera) - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - Fix mishandling of empty uncompressed posting list pages in GIN - indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov) - - - - This could result in an assertion failure after pg_upgrade of a - pre-9.4 GIN index (9.4 and later will not create such pages). - - - - - - Ensure that VACUUM will respond to signals - within btree page deletion loops (Andres Freund) - - - - Corrupted btree indexes could result in an infinite loop here, and - that previously wasn't interruptible without forcing a crash. - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - Fix planner to avoid ORDER/GROUP BY expression not found in - targetlist errors in some queries with set-returning functions - (Tom Lane) - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - Fix EXPLAIN's accounting for resource usage, - particularly buffer accesses, in parallel workers - (Amit Kapila, Robert Haas) - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, and text search objects - were not schema-qualified when they should be. - - - - - - Fix CREATE AGGREGATE type checking so that - parallelism support functions can be attached to variadic aggregates - (Alexey Bashtanov) - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - Fix pg_dump's failure to - dump REPLICA IDENTITY properties for constraint - indexes (Tom Lane) - - - - Manually created unique indexes were properly marked, but not those - created by declaring UNIQUE or PRIMARY - KEY constraints. - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - Fix contrib/hstore_plperl to look through Perl - scalar references, and to not crash if it doesn't find a hash - reference where it expects one (Tom Lane) - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 9.6.9 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 9.6.8. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.9 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you use the adminpack extension, - you should update it as per the first changelog entry below. - - - - Also, if the function marking mistakes mentioned in the second and - third changelog entries below affect you, you will want to take steps - to correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 9.6.8, - see . - - - - - Changes - - - - - - Remove public execute privilege - from contrib/adminpack's - pg_logfile_rotate() function (Stephen Frost) - - - - pg_logfile_rotate() is a deprecated wrapper - for the core function pg_rotate_logfile(). - When that function was changed to rely on SQL privileges for access - control rather than a hard-coded superuser - check, pg_logfile_rotate() should have been - updated as well, but the need for this was missed. Hence, - if adminpack is installed, any user could - request a logfile rotation, creating a minor security issue. - - - - After installing this update, administrators should - update adminpack by performing - ALTER EXTENSION adminpack UPDATE in each - database in which adminpack is installed. - (CVE-2018-1115) - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Fix incorrect parallel-safety markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - brin_summarize_new_values, - gin_clean_pending_list, - cursor_to_xml, - cursor_to_xmlschema, - ts_rewrite, - ts_stat, and - binary_upgrade_create_empty_extension - should be marked parallel-unsafe; some because they perform database - modifications directly, and others because they execute user-supplied - queries that might do so. They were marked parallel-restricted - instead, leading to a risk of unexpected query errors. This has been - repaired for new installations by correcting the initial catalog - data, but existing installations will continue to contain the - incorrect markings. Practical use of these functions seems to pose - little hazard unless force_parallel_mode is turned - on. In case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.brin_summarize_new_values(regclass) - PARALLEL UNSAFE. (Note that that will need to be done in - each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - Avoid deadlocks in concurrent CREATE INDEX - CONCURRENTLY commands that are run - under SERIALIZABLE or REPEATABLE - READ transaction isolation (Tom Lane) - - - - - - Fix possible slow execution of REFRESH MATERIALIZED VIEW - CONCURRENTLY (Thomas Munro) - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - Fix possibly incorrect generation of an index-only-scan plan when the - same table column appears in multiple index columns, and only some of - those index columns use operator classes that can return the column - value (Kyotaro Horiguchi) - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - Fix executor crash due to double free in some GROUPING - SET usages (Peter Geoghegan) - - - - - - Avoid crash if a table rewrite event trigger is added concurrently - with a command that could call such a trigger (Álvaro Herrera, - Andrew Gierth, Tom Lane) - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - Fix possible leak or double free of visibility map buffer pins - (Amit Kapila) - - - - - - Avoid spuriously marking pages as all-visible (Dan Wood, - Pavan Deolasee, Álvaro Herrera) - - - - This could happen if some tuples were locked (but not deleted). While - queries would still function correctly, vacuum would normally ignore - such pages, with the long-term effect that the tuples were never - frozen. In recent releases this would eventually result in errors - such as found multixact nnnnn from - before relminmxid nnnnn. - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - Prevent query-lifespan memory leakage with SP-GiST operator classes - that use traversal values (Anton Dignös) - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - Fix a corner case where a streaming standby gets stuck at a WAL - continuation record (Kyotaro Horiguchi) - - - - - - In logical decoding, avoid possible double processing of WAL data - when a walsender restarts (Craig Ringer) - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - Fix pg_recvlogical to not fail against - pre-v10 PostgreSQL servers - (Michael Paquier) - - - - A previous fix caused pg_recvlogical to - issue a command regardless of server version, but it should only be - issued to v10 and later servers. - - - - - - Ensure that pg_rewind deletes files on the - target server if they are deleted from the source server during the - run (Takayuki Tsunakawa) - - - - Failure to do this could result in data inconsistency on the target, - particularly if the file in question is a WAL segment. - - - - - - Fix pg_rewind to handle tables in - non-default tablespaces correctly (Takayuki Tsunakawa) - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - Fix errors in initial build of contrib/bloom - indexes (Tomas Vondra, Tom Lane) - - - - Fix possible omission of the table's last tuple from the index. - Count the number of index tuples correctly, in case it is a partial - index. - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 9.6.8 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 9.6.7. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.8 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 9.6.7, - see . - - - - - Changes - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - Mark assorted GUC variables as PGDLLIMPORT, to - ease porting extension modules to Windows (Metin Doslu) - - - - - - - - - - Release 9.6.7 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 9.6.6. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.7 - - - A dump/restore is not required for those running 9.6.X. - - - - However, - if you use contrib/cube's ~> - operator, see the entry below about that. - - - - Also, if you are upgrading from a version earlier than 9.6.6, - see . - - - - - Changes - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - Ensure that vacuum will always clean up the pending-insertions list of - a GIN index (Masahiko Sawada) - - - - This is necessary to ensure that dead index entries get removed. - The old code got it backwards, allowing vacuum to skip the cleanup if - some other process were running cleanup concurrently, thus risking - invalid entries being left behind in the index. - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - Fix incorrect query results from cases involving flattening of - subqueries whose outputs are used in GROUPING SETS - (Heikki Linnakangas) - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - Fix spurious deadlock failures when multiple sessions are - running CREATE INDEX CONCURRENTLY (Jeff Janes) - - - - - - Fix failures when an inheritance tree contains foreign child tables - (Etsuro Fujita) - - - - A mix of regular and foreign tables in an inheritance tree resulted in - creation of incorrect plans for UPDATE - and DELETE queries. This led to visible failures in - some cases, notably when there are row-level triggers on a foreign - child table. - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - Fix logical decoding to correctly clean up disk files for crashed - transactions (Atsushi Torikoshi) - - - - Logical decoding may spill WAL records to disk for transactions - generating many WAL records. Normally these files are cleaned up - after the transaction's commit or abort record arrives; but if - no such record is ever seen, the removal code misbehaved. - - - - - - Fix walsender timeout failure and failure to respond to interrupts - when processing a large transaction (Petr Jelinek) - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - Cope with failure to start a parallel worker process - (Amit Kapila, Robert Haas) - - - - Parallel query previously tended to hang indefinitely if a worker - could not be started, as the result of fork() - failure or other low-probability problems. - - - - - - Fix collection of EXPLAIN statistics from parallel - workers (Amit Kapila, Thomas Munro) - - - - - - Avoid unsafe alignment assumptions when working - with __int128 (Tom Lane) - - - - Typically, compilers assume that __int128 variables are - aligned on 16-byte boundaries, but our memory allocation - infrastructure isn't prepared to guarantee that, and increasing the - setting of MAXALIGN seems infeasible for multiple reasons. Adjust the - code to allow use of __int128 only when we can tell the - compiler to assume lesser alignment. The only known symptom of this - problem so far is crashes in some parallel aggregation queries. - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - Rename pg_rewind's - copy_file_range function to avoid conflict - with new Linux system call of that name (Andres Freund) - - - - This change prevents build failures with newer glibc versions. - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - Change the behavior of contrib/cube's - cube ~> int - operator to make it compatible with KNN search (Alexander Korotkov) - - - - The meaning of the second argument (the dimension selector) has been - changed to make it predictable which value is selected even when - dealing with cubes of varying dimensionalities. - - - - This is an incompatible change, but since the point of the operator - was to be used in KNN searches, it seems rather useless as-is. - After installing this update, any expression indexes or materialized - views using this operator will need to be reindexed/refreshed. - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - Fix incorrect display of tuples' null bitmaps - in contrib/pageinspect (Maksim Milyutin) - - - - - - In contrib/postgres_fdw, avoid - outer pathkeys do not match mergeclauses - planner error when constructing a plan involving a remote join - (Robert Haas) - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 9.6.6 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.6.5. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.6 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you use BRIN indexes, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.6.4, - see . - - - - - Changes - - - - - - Ensure that INSERT ... ON CONFLICT DO UPDATE checks - table permissions and RLS policies in all cases (Dean Rasheed) - - - - The update path of INSERT ... ON CONFLICT DO UPDATE - requires SELECT permission on the columns of the - arbiter index, but it failed to check for that in the case of an - arbiter specified by constraint name. - In addition, for a table with row level security enabled, it failed to - check updated rows against the table's SELECT - policies (regardless of how the arbiter index was specified). - (CVE-2017-15099) - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Fix BRIN index summarization to handle concurrent table extension - correctly (Álvaro Herrera) - - - - Previously, a race condition allowed some table rows to be omitted from - the index. It may be necessary to reindex existing BRIN indexes to - recover from past occurrences of this problem. - - - - - - Fix possible failures during concurrent updates of a BRIN index - (Tom Lane) - - - - These race conditions could result in errors like invalid index - offnum or inconsistent range map. - - - - - - Fix crash when logical decoding is invoked from a SPI-using function, - in particular any function written in a PL language - (Tom Lane) - - - - - - Fix incorrect query results when multiple GROUPING - SETS columns contain the same simple variable (Tom Lane) - - - - - - Fix incorrect parallelization decisions for nested queries - (Amit Kapila, Kuntal Ghosh) - - - - - - Fix parallel query handling to not fail when a recently-used role is - dropped (Amit Kapila) - - - - - - Fix json_build_array(), - json_build_object(), and their jsonb - equivalents to handle explicit VARIADIC arguments - correctly (Michael Paquier) - - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - - Correctly ignore RelabelType expression nodes - when determining relation distinctness (David Rowley) - - - - This allows the intended optimization to occur when a subquery has - a result column of type varchar. - - - - - - Prevent sharing transition states between ordered-set aggregates - (David Rowley) - - - - This causes a crash with the built-in ordered-set aggregates, and - probably with user-written ones as well. v11 and later will include - provisions for dealing with such cases safely, but in released - branches, just disable the optimization. - - - - - - Prevent idle_in_transaction_session_timeout from - being ignored when a statement_timeout occurred - earlier (Lukas Fittl) - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - - Avoid SIGBUS crash on Linux when a DSM memory - request exceeds the space available in tmpfs - (Thomas Munro) - - - - - - Reduce the frequency of data flush requests during bulk file copies to - avoid performance problems on macOS, particularly with its new APFS - file system (Tom Lane) - - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Allow COPY's FREEZE option to - work when the transaction isolation level is REPEATABLE - READ or higher (Noah Misch) - - - - This case was unintentionally broken by a previous bug fix. - - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - - Add missing cases in GetCommandLogLevel(), - preventing errors when certain SQL commands are used while - log_statement is set to ddl - (Michael Paquier) - - - - - - - Fix mis-parsing of the last line in a - non-newline-terminated pg_hba.conf file - (Tom Lane) - - - - - - Fix AggGetAggref() to return the - correct Aggref nodes to aggregate final - functions whose transition calculations have been merged (Tom Lane) - - - - - - - Fix pg_dump to ensure that it - emits GRANT commands in a valid order - (Stephen Frost) - - - - - - Fix pg_basebackup's matching of tablespace - paths to canonicalize both paths before comparing (Michael Paquier) - - - - This is particularly helpful on Windows. - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - - Fix ecpg's handling of out-of-scope cursor - declarations with pointer or array variables (Michael Meskes) - - - - - - In ecpglib, correctly handle backslashes in string literals depending - on whether standard_conforming_strings is set - (Tsunakawa Takayuki) - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - - Fix ecpg's regression tests to work reliably - on Windows (Christian Ullrich, Michael Meskes) - - - - - - Fix missing temp-install prerequisites - for check-like Make targets (Noah Misch) - - - - Some non-default test procedures that are meant to work - like make check failed to ensure that the temporary - installation was up to date. - - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.6.5 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.6.4. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.5 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you are upgrading from a version earlier than 9.6.4, - see . - - - - - Changes - - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - - Prevent crash when passing fixed-length pass-by-reference data types - to parallel worker processes (Tom Lane) - - - - - - - Fix crash in pg_restore when using parallel mode and - using a list file to select a subset of items to restore - (Fabrízio de Royes Mello) - - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - - Change ecpg's parser to recognize backslash - continuation of C preprocessor command lines (Michael Meskes) - - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - - Fix make check to behave correctly when invoked via a - non-GNU make program (Thomas Munro) - - - - - - - - - - Release 9.6.4 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.6.3. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.4 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.6.3, - see . - - - - - Changes - - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - - Make lo_put() check for UPDATE privilege on - the target large object (Tom Lane, Michael Paquier) - - - - lo_put() should surely require the same permissions - as lowrite(), but the check was missing, allowing any - user to change the data in a large object. - (CVE-2017-7548) - - - - - - - Correct the documentation about the process for upgrading standby - servers with pg_upgrade (Bruce Momjian) - - - - The previous documentation instructed users to start/stop the primary - server after running pg_upgrade but before syncing - the standby servers. This sequence is unsafe. - - - - - - - Fix concurrent locking of tuple update chains (Álvaro Herrera) - - - - If several sessions concurrently lock a tuple update chain with - nonconflicting lock modes using an old snapshot, and they all - succeed, it was possible for some of them to nonetheless fail (and - conclude there is no live tuple version) due to a race condition. - This had consequences such as foreign-key checks failing to see a - tuple that definitely exists but is being updated concurrently. - - - - - - - Fix potential data corruption when freezing a tuple whose XMAX is a - multixact with exactly one still-interesting member (Teodor Sigaev) - - - - - - - Avoid integer overflow and ensuing crash when sorting more than one - billion tuples in-memory (Sergey Koposov) - - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - - Fix walsender to exit promptly when client requests - shutdown (Tom Lane) - - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - - Prevent walsender-triggered panics during shutdown checkpoints - (Andres Freund, Michael Paquier) - - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - - Fix leakage of small subtransactions spilled to disk during logical - decoding (Andres Freund) - - - - This resulted in temporary files consuming excessive disk space. - - - - - - - Reduce the work needed to build snapshots during creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - The previous algorithm was infeasibly expensive on a server with a - lot of open transactions. - - - - - - - Fix race condition that could indefinitely delay creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - - - - Reduce overhead in processing syscache invalidation events (Tom Lane) - - - - This is particularly helpful for logical decoding, which triggers - frequent cache invalidation. - - - - - - - Remove incorrect heuristic used in some cases to estimate join - selectivity based on the presence of foreign-key constraints - (David Rowley) - - - - In some cases where a multi-column foreign key constraint existed but - did not exactly match a query's join structure, the planner used an - estimation heuristic that turns out not to work well at all. Revert - such cases to the way they were estimated before 9.6. - - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - - Allow window functions to be used in sub-SELECTs that - are within the arguments of an aggregate function (Tom Lane) - - - - - - - Ensure that a view's CHECK OPTIONS clause is enforced - properly when the underlying table is a foreign table (Etsuro Fujita) - - - - Previously, the update might get pushed entirely to the foreign - server, but the need to verify the view conditions was missed if so. - - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - - Fix dangling pointer in ALTER TABLE when there is a - comment on a constraint belonging to the table (David Rowley) - - - - Re-applying the comment to the reconstructed constraint could fail - with a weird error message, or even crash. - - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - - Allow a foreign table's CHECK constraints to be - initially NOT VALID (Amit Langote) - - - - CREATE TABLE silently drops NOT VALID - specifiers for CHECK constraints, reasoning that the - table must be empty so the constraint can be validated immediately. - But this is wrong for CREATE FOREIGN TABLE, where there's - no reason to suppose that the underlying table is empty, and even if - it is it's no business of ours to decide that the constraint can be - treated as valid going forward. Skip this optimization for - foreign tables. - - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - - Allow parallelism in the query plan when COPY copies from - a query's result (Andres Freund) - - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - - In libpq, reset GSS/SASL and SSPI authentication - state properly after a failed connection attempt (Michael Paquier) - - - - Failure to do this meant that when falling back from SSL to non-SSL - connections, a GSS/SASL failure in the SSL attempt would always cause - the non-SSL attempt to fail. SSPI did not fail, but it leaked memory. - - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - - Fix pg_dump and pg_restore to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane) - - - - This prevents errors during dump/restore when a materialized view - refers to tables owned by a different user. - - - - - - - Improve pg_dump/pg_restore's - reporting of error conditions originating in zlib - (Vladimir Kunschikov, Álvaro Herrera) - - - - - - - Fix pg_dump with the option to - drop event triggers as expected (Tom Lane) - - - - It also now correctly assigns ownership of event triggers; before, - they were restored as being owned by the superuser running the - restore script. - - - - - - - Fix pg_dump with the option to not - fail when the public schema doesn't exist (Stephen Frost) - - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - - Fix dumping of outer joins with empty constraints, such as the result - of a NATURAL LEFT JOIN with no common columns (Tom Lane) - - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - - Fix pg_rewind to correctly handle files exceeding 2GB - (Kuntal Ghosh, Michael Paquier) - - - - Ordinarily such files won't appear in PostgreSQL data - directories, but they could be present in some cases. - - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - - Fix pg_xlogdump's computation of WAL record length - (Andres Freund) - - - - - - - In postgres_fdw, re-establish connections to remote - servers after ALTER SERVER or ALTER USER - MAPPING commands (Kyotaro Horiguchi) - - - - This ensures that option changes affecting connection parameters will - be applied promptly. - - - - - - - In postgres_fdw, allow cancellation of remote - transaction control commands (Robert Haas, Rafia Sabih) - - - - This change allows us to quickly escape a wait for an unresponsive - remote server in many more cases than previously. - - - - - - - Increase MAX_SYSCACHE_CALLBACKS to provide more room for - extensions (Tom Lane) - - - - - - - Always use , not , when building - shared libraries with gcc (Tom Lane) - - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - - In MSVC builds, handle the case where the OpenSSL - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - - In MSVC builds, honor PROVE_FLAGS settings - on vcregress.pl's command line (Andrew Dunstan) - - - - - - - - - - Release 9.6.3 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.6.2. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.3 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are using third-party replication tools that depend - on logical decoding, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.6.2, - see . - - - - - Changes - - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - - Restore libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson) - - - - Processing of this environment variable was unintentionally dropped - in PostgreSQL 9.3, but its documentation remained. - This creates a security hazard, since users might be relying on the - environment variable to force SSL-encrypted connections, but that - would no longer be guaranteed. Restore handling of the variable, - but give it lower priority than PGSSLMODE, to avoid - breaking configurations that work correctly with post-9.3 code. - (CVE-2017-7485) - - - - - - - Fix possibly-invalid initial snapshot during logical decoding - (Petr Jelinek, Andres Freund) - - - - The initial snapshot created for a logical decoding replication slot - was potentially incorrect. This could cause third-party tools that - use logical decoding to copy incomplete/inconsistent initial data. - This was more likely to happen if the source server was busy at the - time of slot creation, or if another logical slot already existed. - - - - If you are using a replication tool that depends on logical decoding, - and it should have copied a nonempty data set at the start of - replication, it is advisable to recreate the replica after - installing this update, or to verify its contents against the source - server. - - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - - Avoid possible crash in walsender due to failure - to initialize a string buffer (Stas Kelvich, Fujii Masao) - - - - - - - Fix possible crash when rescanning a nearest-neighbor index-only scan - on a GiST index (Tom Lane) - - - - - - - Prevent delays in postmaster's launching of multiple parallel worker - processes (Tom Lane) - - - - There could be a significant delay (up to tens of seconds) before - satisfying a query's request for more than one worker process, or when - multiple queries requested workers simultaneously. On most platforms - this required unlucky timing, but on some it was the typical case. - - - - - - - Fix postmaster's handling of fork() failure for a - background worker process (Tom Lane) - - - - Previously, the postmaster updated portions of its state as though - the process had been launched successfully, resulting in subsequent - confusion. - - - - - - - Fix possible no relation entry for relid 0 error when - planning nested set operations (Tom Lane) - - - - - - - Fix assorted minor issues in planning of parallel queries (Robert Haas) - - - - - - - Avoid applying physical targetlist optimization to custom - scans (Dmitry Ivanov, Tom Lane) - - - - This optimization supposed that retrieving all columns of a tuple - is inexpensive, which is true for ordinary Postgres tuples; but it - might not be the case for a custom scan provider. - - - - - - - Use the correct sub-expression when applying a FOR ALL - row-level-security policy (Stephen Frost) - - - - In some cases the WITH CHECK restriction would be applied - when the USING restriction is more appropriate. - - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - - Avoid dangling pointer in COPY ... TO when row-level - security is active for the source table (Tom Lane) - - - - Usually this had no ill effects, but sometimes it would cause - unexpected errors or crashes. - - - - - - - Avoid accessing an already-closed relcache entry in CLUSTER - and VACUUM FULL (Tom Lane) - - - - With some bad luck, this could lead to indexes on the target - relation getting rebuilt with the wrong persistence setting. - - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - - Fix incorrect support for certain box operators in SP-GiST - (Nikita Glukhov) - - - - SP-GiST index scans using the operators &< - &> &<| and |&> - would yield incorrect answers. - - - - - - - Fix integer-overflow problems in interval comparison (Kyotaro - Horiguchi, Tom Lane) - - - - The comparison operators for type interval could yield wrong - answers for intervals larger than about 296000 years. Indexes on - columns containing such large values should be reindexed, since they - may be corrupt. - - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - - Fix roundoff problems in float8_timestamptz() - and make_interval() (Tom Lane) - - - - These functions truncated, rather than rounded, when converting a - floating-point value to integer microseconds; that could cause - unexpectedly off-by-one results. - - - - - - - Fix pg_get_object_address() to handle members of operator - families correctly (Álvaro Herrera) - - - - - - - Fix cancelling of pg_stop_backup() when attempting to stop - a non-exclusive backup (Michael Paquier, David Steele) - - - - If pg_stop_backup() was cancelled while waiting for a - non-exclusive backup to end, related state was left inconsistent; - a new exclusive backup could not be started, and there were other minor - problems. - - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - - Reduce memory management overhead for contexts containing many large - blocks (Tom Lane) - - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - - Fix pgbench to handle the combination - of and options correctly - (Fabien Coelho) - - - - - - - Fix pgbench to honor the long-form option - spelling , as per its documentation (Tom Lane) - - - - - - - Fix pg_dump/pg_restore to correctly - handle privileges for the public schema when - using option (Stephen Frost) - - - - Other schemas start out with no privileges granted, - but public does not; this requires special-case treatment - when it is dropped and restored due to the option. - - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - - Fix typo in pg_dump's query for initial privileges - of a procedural language (Peter Eisentraut) - - - - This resulted in pg_dump always believing that the - language had no initial privileges. Since that's true for most - procedural languages, ill effects from this bug are probably rare. - - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - - Fix contrib/pg_trgm's extraction of trigrams from regular - expressions (Tom Lane) - - - - In some cases it would produce a broken data structure that could never - match anything, leading to GIN or GiST indexscans that use a trigram - index not finding any matches to the regular expression. - - - - - - - In contrib/postgres_fdw, allow join conditions that - contain shippable extension-provided functions to be pushed to the - remote server (David Rowley, Ashutosh Bapat) - - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.6.2 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.6.1. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.2 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.6.1, - see . - - - - - Changes - - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - - Ensure that the special snapshot used for catalog scans is not - invalidated by premature data pruning (Tom Lane) - - - - Backends failed to account for this snapshot when advertising their - oldest xmin, potentially allowing concurrent vacuuming operations to - remove data that was still needed. This led to transient failures - along the lines of cache lookup failed for relation 1255. - - - - - - - Fix incorrect WAL logging for BRIN indexes (Kuntal Ghosh) - - - - The WAL record emitted for a BRIN revmap page when moving an - index tuple to a different page was incorrect. Replay would make the - related portion of the index useless, forcing it to be recomputed. - - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - - Ensure that hot standby feedback works correctly when it's enabled at - standby server start (Ants Aasma, Craig Ringer) - - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - - Disallow setting the num_sync field to zero in - (Fujii Masao) - - - - The correct way to disable synchronous standby is to set the whole - value to an empty string. - - - - - - - Don't count background worker processes against a user's connection - limit (David Rowley) - - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - - Fix tracking of initial privileges for extension member objects so - that it works correctly with ALTER EXTENSION ... ADD/DROP - (Stephen Frost) - - - - An object's current privileges at the time it is added to the - extension will now be considered its default privileges; only - later changes in its privileges will be dumped by - subsequent pg_dump runs. - - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - - Fix incorrect updating of trigger function properties when changing a - foreign-key constraint's deferrability properties with ALTER - TABLE ... ALTER CONSTRAINT (Tom Lane) - - - - This led to odd failures during subsequent exercise of the foreign - key, as the triggers were fired at the wrong times. - - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - - Fix ALTER TABLE ... SET DATA TYPE ... USING when child - table has different column ordering than the parent - (Álvaro Herrera) - - - - Failure to adjust the column numbering in the USING - expression led to errors, - typically attribute N has wrong type. - - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - - Ensure that CREATE TABLE ... LIKE ... WITH OIDS creates - a table with OIDs, whether or not the LIKE-referenced - table(s) have OIDs (Tom Lane) - - - - - - - Fix CREATE OR REPLACE VIEW to update the view query - before attempting to apply the new view options (Dean Rasheed) - - - - Previously the command would fail if the new options were - inconsistent with the old view definition. - - - - - - - Report correct object identity during ALTER TEXT SEARCH - CONFIGURATION (Artur Zakirov) - - - - The wrong catalog OID was reported to extensions such as logical - decoding. - - - - - - - Fix commit timestamp mechanism to not fail when queried about - the special XIDs FrozenTransactionId - and BootstrapTransactionId (Craig Ringer) - - - - - - - Fix incorrect use of view reloptions as regular table reloptions (Tom - Lane) - - - - The symptom was spurious ON CONFLICT is not supported on table - ... used as a catalog table errors when the target - of INSERT ... ON CONFLICT is a view with cascade option. - - - - - - - Fix incorrect target lists can have at most N - entries complaint when using ON CONFLICT with - wide tables (Tom Lane) - - - - - - - Fix spurious query provides a value for a dropped column - errors during INSERT or UPDATE on a table - with a dropped column (Tom Lane) - - - - - - - Prevent multicolumn expansion of foo.* in - an UPDATE source expression (Tom Lane) - - - - This led to UPDATE target count mismatch --- internal - error. Now the syntax is understood as a whole-row variable, - as it would be in other contexts. - - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - - Fix execution of DISTINCT and ordered aggregates when - multiple such aggregates are able to share the same transition state - (Heikki Linnakangas) - - - - - - - Fix implementation of phrase search operators in tsquery - (Tom Lane) - - - - Remove incorrect, and inconsistently-applied, rewrite rules that - tried to transform away AND/OR/NOT operators appearing below a PHRASE - operator; instead upgrade the execution engine to handle such cases - correctly. This fixes assorted strange behavior and possible crashes - for text search queries containing such combinations. Also fix - nested PHRASE operators to work sanely in combinations other than - simple left-deep trees, correct the behavior when removing stopwords - from a phrase search clause, and make sure that index searches behave - consistently with simple sequential-scan application of such queries. - - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - - Improve speed of user-defined aggregates that - use array_append() as transition function (Tom Lane) - - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - - Fix possible crash in array_position() - or array_positions() when processing arrays of records - (Junseok Yang) - - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - - Disable transform that attempted to remove no-op AT TIME - ZONE conversions (Tom Lane) - - - - This resulted in wrong answers when the simplified expression was - used in an index condition. - - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - - Fix crash if the number of workers available to a parallel query - decreases during a rescan (Andreas Seltenreich) - - - - - - - Fix bugs in transmitting GUC parameter values to parallel workers - (Michael Paquier, Tom Lane) - - - - - - - Allow statements prepared with PREPARE to be given - parallel plans (Amit Kapila, Tobias Bussmann) - - - - - - - Fix incorrect generation of parallel plans for semi-joins (Tom Lane) - - - - - - - Fix planner's cardinality estimates for parallel joins (Robert Haas) - - - - Ensure that these estimates reflect the number of rows predicted to - be seen by each worker, rather than the total. - - - - - - - Fix planner to avoid trying to parallelize plan nodes containing - initplans or subplans (Tom Lane, Amit Kapila) - - - - - - - Ensure that cached plans are invalidated by changes in foreign-table - options (Amit Langote, Etsuro Fujita, Ashutosh Bapat) - - - - - - - Fix the plan generated for sorted partial aggregation with a constant - GROUP BY clause (Tom Lane) - - - - - - - Fix could not find plan for CTE planner error when dealing - with a UNION ALL containing CTE references (Tom Lane) - - - - - - - Fix mishandling of initplans when forcibly adding a Material node to - a subplan (Tom Lane) - - - - The typical consequence of this mistake was a plan should not - reference subplan's variable error. - - - - - - - Fix foreign-key-based join selectivity estimation for semi-joins and - anti-joins, as well as inheritance cases (Tom Lane) - - - - The new code for taking the existence of a foreign key relationship - into account did the wrong thing in these cases, making the estimates - worse not better than the pre-9.6 code. - - - - - - - Fix pg_dump to emit the data of a sequence that is - marked as an extension configuration table (Michael Paquier) - - - - - - - Fix mishandling of ALTER DEFAULT PRIVILEGES ... REVOKE - in pg_dump (Stephen Frost) - - - - pg_dump missed issuing the - required REVOKE commands in cases where ALTER - DEFAULT PRIVILEGES had been used to reduce privileges to less than - they would normally be. - - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - - Fix pg_restore with - to behave more sanely if an archive contains - unrecognized DROP commands (Tom Lane) - - - - This doesn't fix any live bug, but it may improve the behavior in - future if pg_restore is used with an archive - generated by a later pg_dump version. - - - - - - - Fix pg_basebackup's rate limiting in the presence of - slow I/O (Antonin Houska) - - - - If disk I/O was transiently much slower than the specified rate - limit, the calculation overflowed, effectively disabling the rate - limit for the rest of the run. - - - - - - - Fix pg_basebackup's handling of - symlinked pg_stat_tmp and pg_replslot - subdirectories (Magnus Hagander, Michael Paquier) - - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - - Improve initdb to insert the correct - platform-specific default values for - the xxx_flush_after parameters - into postgresql.conf (Fabien Coelho, Tom Lane) - - - - This is a cleaner way of documenting the default values than was used - previously. - - - - - - - Fix possible mishandling of expanded arrays in domain check - constraints and CASE execution (Tom Lane) - - - - It was possible for a PL/pgSQL function invoked in these contexts to - modify or even delete an array value that needs to be preserved for - additional operations. - - - - - - - Fix nested uses of PL/pgSQL functions in contexts such as domain - check constraints evaluated during assignment to a PL/pgSQL variable - (Tom Lane) - - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - - Fix incorrect error reporting for duplicate data - in psql's \crosstabview (Tom Lane) - - - - psql sometimes quoted the wrong row and/or column - values when complaining about multiple entries for the same crosstab - cell. - - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - - Fix psql's tab completion for ALTER TABLE t - ALTER c DROP ... (Kyotaro Horiguchi) - - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - - Teach contrib/dblink to ignore irrelevant server options - when it uses a contrib/postgres_fdw foreign server as - the source of connection options (Corey Huinker) - - - - Previously, if the foreign server object had options that were not - also libpq connection options, an error occurred. - - - - - - - Fix portability problems in contrib/pageinspect's - functions for GIN indexes (Peter Eisentraut, Tom Lane) - - - - - - - Fix possible miss of socket read events while waiting on Windows - (Amit Kapila) - - - - This error was harmless for most uses, but it is known to cause hangs - when trying to use the pldebugger extension. - - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.6.1 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.6.0. - For information about new features in the 9.6 major release, see - . - - - - Migration to Version 9.6.1 - - - A dump/restore is not required for those running 9.6.X. - - - - However, if your installation has been affected by the bugs described in - the first two changelog entries below, then after updating you may need - to take action to repair corrupted free space maps and/or visibility - maps. - - - - - Changes - - - - - - - Fix WAL-logging of truncation of relation free space maps and - visibility maps (Pavan Deolasee, Heikki Linnakangas) - - - - It was possible for these files to not be correctly restored during - crash recovery, or to be written incorrectly on a standby server. - Bogus entries in a free space map could lead to attempts to access - pages that have been truncated away from the relation itself, typically - producing errors like could not read block XXX: - read only 0 of 8192 bytes. Checksum failures in the - visibility map are also possible, if checksumming is enabled. - - - - Procedures for determining whether there is a problem and repairing it - if so are discussed at - . - - - - - - - Fix possible data corruption when pg_upgrade rewrites - a relation visibility map into 9.6 format (Tom Lane) - - - - On big-endian machines, bytes of the new visibility map were written - in the wrong order, leading to a completely incorrect map. On - Windows, the old map was read using text mode, leading to incorrect - results if the map happened to contain consecutive bytes that matched - a carriage return/line feed sequence. The latter error would almost - always lead to a pg_upgrade failure due to the map - file appearing to be the wrong length. - - - - If you are using a big-endian machine (many non-Intel architectures - are big-endian) and have used pg_upgrade to upgrade - from a pre-9.6 release, you should assume that all visibility maps are - incorrect and need to be regenerated. It is sufficient to truncate - each relation's visibility map - with contrib/pg_visibility's - pg_truncate_visibility_map() function. - For more information see - . - - - - - - - Don't throw serialization errors for self-conflicting insertions - in INSERT ... ON CONFLICT (Thomas Munro, Peter Geoghegan) - - - - - - - Fix use-after-free hazard in execution of aggregate functions - using DISTINCT (Peter Geoghegan) - - - - This could lead to a crash or incorrect query results. - - - - - - - Fix incorrect handling of polymorphic aggregates used as window - functions (Tom Lane) - - - - The aggregate's transition function was told that its first argument - and result were of the aggregate's output type, rather than the - state type. This led to errors or crashes with - polymorphic transition functions. - - - - - - - Fix COPY with a column name list from a table that has - row-level security enabled (Adam Brightwell) - - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - - Fix statistics update for TRUNCATE in a prepared - transaction (Stas Kelvich) - - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - - Show a sensible value - in pg_settings.unit - for min_wal_size and max_wal_size (Tom Lane) - - - - - - - Fix replacement of array elements in jsonb_set() - (Tom Lane) - - - - If the target is an existing JSON array element, it got deleted - instead of being replaced with a new value. - - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - - Preserve commit timestamps across server restart - (Julien Rouhaud, Craig Ringer) - - - - With turned on, old - commit timestamps became inaccessible after a clean server restart. - - - - - - - Fix logical WAL decoding to work properly when a subtransaction's WAL - output is large enough to spill to disk (Andres Freund) - - - - - - - Fix dangling-pointer problem in logical WAL decoding (Stas Kelvich) - - - - - - - Round shared-memory allocation request to a multiple of the actual - huge page size when attempting to use huge pages on Linux (Tom Lane) - - - - This avoids possible failures during munmap() on systems - with atypical default huge page sizes. Except in crash-recovery - cases, there were no ill effects other than a log message. - - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - - In pg_upgrade, check library loadability in name order - (Tom Lane) - - - - This is a workaround to deal with cross-extension dependencies from - language transform modules to their base language and data type - modules. - - - - - - - Fix pg_upgrade to work correctly for extensions - containing index access methods (Tom Lane) - - - - To allow this, the server has been extended to support ALTER - EXTENSION ADD/DROP ACCESS METHOD. That functionality should have - been included in the original patch to support dynamic creation of - access methods, but it was overlooked. - - - - - - - Improve error reporting in pg_upgrade's file - copying/linking/rewriting steps (Tom Lane, Álvaro Herrera) - - - - - - - Fix pg_dump to work against pre-7.4 servers - (Amit Langote, Tom Lane) - - - - - - - Disallow specifying both - and options to pg_rewind - (Michael Banck) - - - - - - - Make pg_rewind turn off synchronous_commit - in its session on the source server (Michael Banck, Michael Paquier) - - - - This allows pg_rewind to work even when the source - server is using synchronous replication that is not working for some - reason. - - - - - - - In pg_xlogdump, retry opening new WAL segments when - using option (Magnus Hagander) - - - - This allows for a possible delay in the server's creation of the next - segment. - - - - - - - Fix contrib/pg_visibility to report the correct TID for - a corrupt tuple that has been the subject of a rolled-back update - (Tom Lane) - - - - - - - Fix makefile dependencies so that parallel make - of PL/Python by itself will succeed reliably - (Pavel Raiskup) - - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.6 - - - Release date: - 2016-09-29 - - - - Overview - - - Major enhancements in PostgreSQL 9.6 include: - - - - - - - - - Parallel execution of sequential scans, joins and aggregates - - - - - - Avoid scanning pages unnecessarily during vacuum freeze operations - - - - - - Synchronous replication now allows multiple standby servers for - increased reliability - - - - - - Full-text search can now search for phrases (multiple adjacent words) - - - - - - postgres_fdw now supports remote joins, sorts, - UPDATEs, and DELETEs - - - - - - Substantial performance improvements, especially in the area of - scalability on multi-CPU-socket servers - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.6 - - - A dump/restore using , or use of , is required for those wishing to migrate data - from any previous release. - - - - Version 9.6 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - - - - - Improve the pg_stat_activity - view's information about what a process is waiting for (Amit - Kapila, Ildus Kurbangaliev) - - - - Historically a process has only been shown as waiting if it was - waiting for a heavyweight lock. Now waits for lightweight locks - and buffer pins are also shown in pg_stat_activity. - Also, the type of lock being waited for is now visible. - These changes replace the waiting column with - wait_event_type and wait_event. - - - - - - - In to_char(), - do not count a minus sign (when needed) as part of the field - width for time-related fields (Bruce Momjian) - - - - For example, to_char('-4 years'::interval, 'YY') - now returns -04, rather than -4. - - - - - - - Make extract() behave - more reasonably with infinite inputs (Vitaly Burovoy) - - - - Historically the extract() function just returned - zero given an infinite timestamp, regardless of the given - field name. Make it return infinity - or -infinity as appropriate when the - requested field is one that is monotonically increasing (e.g, - year, epoch), or NULL when - it is not (e.g., day, hour). Also, - throw the expected error for bad field names. - - - - - - - Remove PL/pgSQL's feature that suppressed the - innermost line of CONTEXT for messages emitted by - RAISE commands (Pavel Stehule) - - - - This ancient backwards-compatibility hack was agreed to have - outlived its usefulness. - - - - - - - Fix the default text search parser to allow leading digits - in email and host tokens (Artur Zakirov) - - - - In most cases this will result in few changes in the parsing of - text. But if you have data where such addresses occur frequently, - it may be worth rebuilding dependent tsvector columns - and indexes so that addresses of this form will be found properly - by text searches. - - - - - - - Extend contrib/unaccent's - standard unaccent.rules file to handle all diacritics - known to Unicode, and to expand ligatures correctly (Thomas Munro, - Léonard Benedetti) - - - - The previous version neglected to convert some less-common letters - with diacritic marks. Also, ligatures are now expanded into - separate letters. Installations that use this rules file may wish - to rebuild tsvector columns and indexes that depend on the - result. - - - - - - - Remove the long-deprecated - CREATEUSER/NOCREATEUSER options from - CREATE ROLE and allied commands (Tom Lane) - - - - CREATEUSER actually meant SUPERUSER, - for ancient backwards-compatibility reasons. This has been a - constant source of confusion for people who (reasonably) expect - it to mean CREATEROLE. It has been deprecated for - ten years now, so fix the problem by removing it. - - - - - - - Treat role names beginning with pg_ as reserved - (Stephen Frost) - - - - User creation of such role names is now disallowed. This prevents - conflicts with built-in roles created by initdb. - - - - - - - Change a column name in the - information_schema.routines - view from result_cast_character_set_name - to result_cast_char_set_name (Clément - Prévost) - - - - The SQL:2011 standard specifies the longer name, but that appears - to be a mistake, because adjacent column names use the shorter - style, as do other information_schema views. - - - - - - - psql's option no longer implies - - (Pavel Stehule, Catalin Iacob) - - - - Write (or its - abbreviation ) explicitly to obtain the old - behavior. Scripts so modified will still work with old - versions of psql. - - - - - - - Improve pg_restore's option to - match all types of relations, not only plain tables (Craig Ringer) - - - - - - - Change the display format used for NextXID in - pg_controldata and related places (Joe Conway, - Bruce Momjian) - - - - Display epoch-and-transaction-ID values in the format - number:number. - The previous format - number/number was - confusingly similar to that used for LSNs. - - - - - - - Update extension functions to be marked parallel-safe where - appropriate (Andreas Karlsson) - - - - Many of the standard extensions have been updated to allow their - functions to be executed within parallel query worker processes. - These changes will not take effect in - databases pg_upgrade'd from prior versions unless - you apply ALTER EXTENSION UPDATE to each such extension - (in each database of a cluster). - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.6 and the previous major - release. - - - - Server - - - Parallel Queries - - - - - - - Parallel queries (Robert Haas, Amit Kapila, David Rowley, - many others) - - - - With 9.6, PostgreSQL introduces initial support - for parallel execution of large queries. Only strictly read-only - queries where the driving table is accessed via a sequential scan - can be parallelized. Hash joins and nested loops can be performed - in parallel, as can aggregation (for supported aggregates). - Much remains to be done, but this is already a useful set of - features. - - - - Parallel query execution is not (yet) enabled by default. - To allow it, set the new configuration - parameter to a - value larger than zero. Additional control over use of parallelism - is available through other new configuration parameters - , - , , and - min_parallel_relation_size. - - - - - - - Provide infrastructure for marking the parallel-safety status of - functions (Robert Haas, Amit Kapila) - - - - - - - - - Indexes - - - - - - - Allow GIN index builds to - make effective use of - settings larger than 1 GB (Robert Abraham, Teodor Sigaev) - - - - - - - Add pages deleted from a GIN index's pending list to the free space - map immediately - (Jeff Janes, Teodor Sigaev) - - - - This reduces bloat if the table is not vacuumed often. - - - - - - - Add gin_clean_pending_list() - function to allow manual invocation of pending-list cleanup for a - GIN index (Jeff Janes) - - - - Formerly, such cleanup happened only as a byproduct of vacuuming or - analyzing the parent table. - - - - - - - Improve handling of dead index tuples in GiST indexes (Anastasia Lubennikova) - - - - Dead index tuples are now marked as such when an index scan notices - that the corresponding heap tuple is dead. When inserting tuples, - marked-dead tuples will be removed if needed to make space on - the page. - - - - - - - Add an SP-GiST operator class for - type box (Alexander Lebedev) - - - - - - - - - Sorting - - - - - - - Improve sorting performance by using quicksort, not replacement - selection sort, when performing external sort steps (Peter - Geoghegan) - - - - The new approach makes better use of the CPU cache - for typical cache sizes and data volumes. Where necessary, - the behavior can be adjusted via the new configuration parameter - replacement_sort_tuples. - - - - - - - Speed up text sorts where the same string occurs multiple times - (Peter Geoghegan) - - - - - - - Speed up sorting of uuid, bytea, and - char(n) fields by using abbreviated keys - (Peter Geoghegan) - - - - Support for abbreviated keys has also been - added to the non-default operator classes text_pattern_ops, - varchar_pattern_ops, and - bpchar_pattern_ops. Processing of ordered-set - aggregates can also now exploit abbreviated keys. - - - - - - - Speed up CREATE INDEX CONCURRENTLY by treating - TIDs as 64-bit integers during sorting (Peter - Geoghegan) - - - - - - - - - Locking - - - - - - - Reduce contention for the ProcArrayLock (Amit Kapila, - Robert Haas) - - - - - - - Improve performance by moving buffer content locks into the buffer - descriptors (Andres Freund, Simon Riggs) - - - - - - - Replace shared-buffer header spinlocks with atomic operations to - improve scalability (Alexander Korotkov, Andres Freund) - - - - - - - Use atomic operations, rather than a spinlock, to protect an - LWLock's wait queue (Andres Freund) - - - - - - - Partition the shared hash table freelist to reduce contention on - multi-CPU-socket servers (Aleksander Alekseev) - - - - - - - Reduce interlocking on standby servers during the replay of btree - index vacuuming operations (Simon Riggs) - - - - This change avoids substantial replication delays that sometimes - occurred while replaying such operations. - - - - - - - - - Optimizer Statistics - - - - - - - Improve ANALYZE's estimates for columns with many nulls - (Tomas Vondra, Alex Shulgin) - - - - Previously ANALYZE tended to underestimate the number - of non-NULL distinct values in a column with many - NULLs, and was also inaccurate in computing the - most-common values. - - - - - - - Improve planner's estimate of the number of distinct values in - a query result (Tomas Vondra) - - - - - - - Use foreign key relationships to infer selectivity for join - predicates (Tomas Vondra, David Rowley) - - - - If a table t has a foreign key restriction, say - (a,b) REFERENCES r (x,y), then a WHERE - condition such as t.a = r.x AND t.b = r.y cannot - select more than one r row per t row. - The planner formerly considered these AND conditions - to be independent and would often drastically misestimate - selectivity as a result. Now it compares the WHERE - conditions to applicable foreign key constraints and produces - better estimates. - - - - - - - - - <command>VACUUM</command> - - - - - - - Avoid re-vacuuming pages containing only frozen tuples (Masahiko - Sawada, Robert Haas, Andres Freund) - - - - Formerly, anti-wraparound vacuum had to visit every page of - a table, even pages where there was nothing to do. Now, pages - containing only already-frozen tuples are identified in the table's - visibility map, and can be skipped by vacuum even when doing - transaction wraparound prevention. This should greatly reduce the - cost of maintaining large tables containing mostly-unchanging data. - - - - If necessary, vacuum can be forced to process all-frozen - pages using the new DISABLE_PAGE_SKIPPING option. - Normally this should never be needed, but it might help in - recovering from visibility-map corruption. - - - - - - - Avoid useless heap-truncation attempts during VACUUM - (Jeff Janes, Tom Lane) - - - - This change avoids taking an exclusive table lock in some cases - where no truncation is possible. The main benefit comes from - avoiding unnecessary query cancellations on standby servers. - - - - - - - - - General Performance - - - - - - - Allow old MVCC snapshots to be invalidated after a - configurable timeout (Kevin Grittner) - - - - Normally, deleted tuples cannot be physically removed by - vacuuming until the last transaction that could see - them is gone. A transaction that stays open for a long - time can thus cause considerable table bloat because - space cannot be recycled. This feature allows setting - a time-based limit, via the new configuration parameter - , on how long an - MVCC snapshot is guaranteed to be valid. After that, - dead tuples are candidates for removal. A transaction using an - outdated snapshot will get an error if it attempts to read a page - that potentially could have contained such data. - - - - - - - Ignore GROUP BY columns that are - functionally dependent on other columns (David Rowley) - - - - If a GROUP BY clause includes all columns of a - non-deferred primary key, as well as other columns of the same - table, those other columns are redundant and can be dropped - from the grouping. This saves computation in many common cases. - - - - - - - Allow use of an index-only - scan on a partial index when the index's WHERE - clause references columns that are not indexed (Tomas Vondra, - Kyotaro Horiguchi) - - - - For example, an index defined by CREATE INDEX tidx_partial - ON t(b) WHERE a > 0 can now be used for an index-only scan by - a query that specifies WHERE a > 0 and does not - otherwise use a. Previously this was disallowed - because a is not listed as an index column. - - - - - - - - Perform checkpoint writes in sorted order (Fabien Coelho, - Andres Freund) - - - - Previously, checkpoints wrote out dirty pages in whatever order - they happen to appear in shared buffers, which usually is nearly - random. That performs poorly, especially on rotating media. - This change causes checkpoint-driven writes to be done in order - by file and block number, and to be balanced across tablespaces. - - - - - - - Where feasible, trigger kernel writeback after a configurable - number of writes, to prevent accumulation of dirty data in kernel - disk buffers (Fabien Coelho, Andres Freund) - - - - PostgreSQL writes data to the kernel's disk cache, - from where it will be flushed to physical storage in due time. - Many operating systems are not smart about managing this and allow - large amounts of dirty data to accumulate before deciding to flush - it all at once, causing long delays for new I/O requests until the - flushing finishes. - This change attempts to alleviate this problem by explicitly - requesting data flushes after a configurable interval. - - - - On Linux, sync_file_range() is used for this purpose, - and the feature is on by default on Linux because that function has - few downsides. This flushing capability is also available on other - platforms if they have msync() - or posix_fadvise(), but those interfaces have some - undesirable side-effects so the feature is disabled by default on - non-Linux platforms. - - - - The new configuration parameters , , , and control this behavior. - - - - - - - Improve aggregate-function performance by sharing calculations - across multiple aggregates if they have the same arguments and - transition functions (David Rowley) - - - - For example, SELECT AVG(x), VARIANCE(x) FROM tab can use - a single per-row computation for both aggregates. - - - - - - - Speed up visibility tests for recently-created tuples by checking - the current transaction's snapshot, not pg_clog, to - decide if the source transaction should be considered committed - (Jeff Janes, Tom Lane) - - - - - - - Allow tuple hint bits to be set sooner than before (Andres Freund) - - - - - - - Improve performance of short-lived prepared transactions (Stas - Kelvich, Simon Riggs, Pavan Deolasee) - - - - Two-phase commit information is now written only to WAL - during PREPARE TRANSACTION, and will be read back from - WAL during COMMIT PREPARED if that happens - soon thereafter. A separate state file is created only if the - pending transaction does not get committed or aborted by the time - of the next checkpoint. - - - - - - - Improve performance of memory context destruction (Jan Wieck) - - - - - - - Improve performance of resource owners with many tracked objects - (Aleksander Alekseev) - - - - - - - Improve speed of the output functions for timestamp, - time, and date data types (David Rowley, - Andres Freund) - - - - - - - Avoid some unnecessary cancellations of hot-standby queries - during replay of actions that take AccessExclusive - locks (Jeff Janes) - - - - - - - Extend relations multiple blocks at a time when there is contention - for the relation's extension lock (Dilip Kumar) - - - - This improves scalability by decreasing contention. - - - - - - - Increase the number of clog buffers for better scalability (Amit - Kapila, Andres Freund) - - - - - - - Speed up expression evaluation in PL/pgSQL by - keeping ParamListInfo entries for simple variables - valid at all times (Tom Lane) - - - - - - - Avoid reducing the SO_SNDBUF setting below its default - on recent Windows versions (Chen Huajun) - - - - - - - Disable by default on - Windows (Takayuki Tsunakawa) - - - - The overhead of updating the process title is much larger on Windows - than most other platforms, and it is also less useful to do it since - most Windows users do not have tools that can display process titles. - - - - - - - - - Monitoring - - - - - - - Add pg_stat_progress_vacuum - system view to provide progress reporting for VACUUM - operations (Amit Langote, Robert Haas, Vinayak Pokale, Rahila Syed) - - - - - - - Add pg_control_system(), - pg_control_checkpoint(), - pg_control_recovery(), and - pg_control_init() functions to expose fields of - pg_control to SQL (Joe Conway, Michael - Paquier) - - - - - - - Add pg_config - system view (Joe Conway) - - - - This view exposes the same information available from - the pg_config command-line utility, - namely assorted compile-time configuration information for - PostgreSQL. - - - - - - - Add a confirmed_flush_lsn column to the pg_replication_slots - system view (Marko Tiikkaja) - - - - - - - Add pg_stat_wal_receiver - system view to provide information about the state of a hot-standby - server's WAL receiver process (Michael Paquier) - - - - - - - Add pg_blocking_pids() - function to reliably identify which sessions block which others - (Tom Lane) - - - - This function returns an array of the process IDs of any - sessions that are blocking the session with the given process ID. - Historically users have obtained such information using a self-join - on the pg_locks view. However, it is unreasonably - tedious to do it that way with any modicum of correctness, and - the addition of parallel queries has made the old approach entirely - impractical, since locks might be held or awaited by child worker - processes rather than the session's main process. - - - - - - - Add function pg_current_xlog_flush_location() - to expose the current transaction log flush location (Tomas Vondra) - - - - - - - Add function pg_notification_queue_usage() - to report how full the NOTIFY queue is (Brendan Jurd) - - - - - - - Limit the verbosity of memory context statistics dumps (Tom Lane) - - - - The memory usage dump that is output to the postmaster log during an - out-of-memory failure now summarizes statistics when there are a - large number of memory contexts, rather than possibly generating - a very large report. There is also a grand total - summary line now. - - - - - - - - - <acronym>Authentication</acronym> - - - - - - - Add a BSD authentication - method to allow use of - the BSD Authentication service for - PostgreSQL client authentication (Marisa Emerson) - - - - BSD Authentication is currently only available on OpenBSD. - - - - - - - When using PAM - authentication, provide the client IP address or host name - to PAM modules via the PAM_RHOST item - (Grzegorz Sampolski) - - - - - - - Provide detail in the postmaster log for more types of password - authentication failure (Tom Lane) - - - - All ordinarily-reachable password authentication failure cases - should now provide specific DETAIL fields in the log. - - - - - - - Support RADIUS passwords - up to 128 characters long (Marko Tiikkaja) - - - - - - - Add new SSPI - authentication parameters - compat_realm and upn_username to control - whether NetBIOS or Kerberos - realm names and user names are used during SSPI - authentication (Christian Ullrich) - - - - - - - - - Server Configuration - - - - - - - Allow sessions to be terminated automatically if they are in - idle-in-transaction state for too long (Vik Fearing) - - - - This behavior is controlled by the new configuration parameter - . It can - be useful to prevent forgotten transactions from holding locks - or preventing vacuum cleanup for too long. - - - - - - - Raise the maximum allowed value - of to 24 hours (Simon Riggs) - - - - - - - Allow effective_io_concurrency to be set per-tablespace - to support cases where different tablespaces have different I/O - characteristics (Julien Rouhaud) - - - - - - - Add option %n to - print the current time in Unix epoch form, with milliseconds (Tomas - Vondra, Jeff Davis) - - - - - - - Add and configuration parameters - to provide more control over the message format when logging to - syslog (Peter Eisentraut) - - - - - - - Merge the archive and hot_standby values - of the configuration parameter - into a single new value replica (Peter Eisentraut) - - - - Making a distinction between these settings is no longer useful, - and merging them is a step towards a planned future simplification - of replication setup. The old names are still accepted but are - converted to replica internally. - - - - - - - Add configure option to enable - calling sd_notify() at server start and stop (Peter - Eisentraut) - - - - This allows the use of systemd service units of - type notify, which greatly simplifies the management - of PostgreSQL under systemd. - - - - - - - Allow the server's SSL key file to have group read - access if it is owned by root (Christoph Berg) - - - - Formerly, we insisted the key file be owned by the - user running the PostgreSQL server, but - that is inconvenient on some systems (such as Debian) that are configured to manage - certificates centrally. Therefore, allow the case where the key - file is owned by root and has group read access. - It is up to the operating system administrator to ensure that - the group does not include any untrusted users. - - - - - - - - - Reliability - - - - - - - Force backends to exit if the postmaster dies (Rajeev Rastogi, - Robert Haas) - - - - Under normal circumstances the postmaster should always outlive - its child processes. If for some reason the postmaster dies, - force backend sessions to exit with an error. Formerly, existing - backends would continue to run until their clients disconnect, - but that is unsafe and inefficient. It also prevents a new - postmaster from being started until the last old backend has - exited. Backends will detect postmaster death when waiting for - client I/O, so the exit will not be instantaneous, but it should - happen no later than the end of the current query. - - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - - Ensure that invalidation messages are recorded in WAL - even when issued by a transaction that has no XID - assigned (Andres Freund) - - - - This fixes some corner cases in which transactions on standby - servers failed to notice changes, such as new indexes. - - - - - - - Prevent multiple processes from trying to clean a GIN - index's pending list concurrently (Teodor Sigaev, Jeff Janes) - - - - This had been intentionally allowed, but it causes race conditions - that can result in vacuum missing index entries it needs to delete. - - - - - - - - - - - Replication and Recovery - - - - - - - Allow synchronous replication to support multiple simultaneous - synchronous standby servers, not just one (Masahiko Sawada, - Beena Emerson, Michael Paquier, Fujii Masao, Kyotaro Horiguchi) - - - - The number of standby servers that must acknowledge a commit - before it is considered complete is now configurable as part of - the parameter. - - - - - - - Add new setting remote_apply for configuration - parameter (Thomas Munro) - - - - In this mode, the master waits for the transaction to be - applied on the standby server, not just written - to disk. That means that you can count on a transaction started - on the standby to see all commits previously acknowledged by - the master. - - - - - - - Add a feature to the replication - protocol, and a corresponding option to pg_create_physical_replication_slot(), - to allow reserving WAL immediately when creating a - replication slot (Gurjeet Singh, Michael Paquier) - - - - This allows the creation of a replication slot to guarantee - that all the WAL needed for a base backup will be - available. - - - - - - - Add a option to - pg_basebackup - (Peter Eisentraut) - - - - This lets pg_basebackup use a replication - slot defined for WAL streaming. After the base - backup completes, selecting the same slot for regular streaming - replication allows seamless startup of the new standby server. - - - - - - - Extend pg_start_backup() - and pg_stop_backup() to support non-exclusive backups - (Magnus Hagander) - - - - - - - - - Queries - - - - - - - Allow functions that return sets of tuples to return simple - NULLs (Andrew Gierth, Tom Lane) - - - - In the context of SELECT FROM function(...), a function - that returned a set of composite values was previously not allowed - to return a plain NULL value as part of the set. - Now that is allowed and interpreted as a row of NULLs. - This avoids corner-case errors with, for example, unnesting an - array of composite values. - - - - - - - Fully support array subscripts and field selections in the - target column list of an INSERT with multiple - VALUES rows (Tom Lane) - - - - Previously, such cases failed if the same target column was - mentioned more than once, e.g., INSERT INTO tab (x[1], - x[2]) VALUES (...). - - - - - - - When appropriate, postpone evaluation of SELECT - output expressions until after an ORDER BY sort - (Konstantin Knizhnik) - - - - This change ensures that volatile or expensive functions in the - output list are executed in the order suggested by ORDER - BY, and that they are not evaluated more times than required - when there is a LIMIT clause. Previously, these - properties held if the ordering was performed by an index scan or - pre-merge-join sort, but not if it was performed by a top-level - sort. - - - - - - - Widen counters recording the number of tuples processed to 64 bits - (Andreas Scherbaum) - - - - This change allows command tags, e.g. SELECT, to - correctly report tuple counts larger than 4 billion. This also - applies to PL/pgSQL's GET DIAGNOSTICS ... ROW_COUNT - command. - - - - - - - Avoid doing encoding conversions by converting through the - MULE_INTERNAL encoding (Tom Lane) - - - - Previously, many conversions for Cyrillic and Central - European single-byte encodings were done by converting to a - related MULE_INTERNAL coding scheme and then to the - destination encoding. Aside from being inefficient, this meant - that when the conversion encountered an untranslatable character, - the error message would confusingly complain about failure to - convert to or from MULE_INTERNAL, rather than the - user-visible encoding. - - - - - - - Consider performing joins of foreign tables remotely only when the - tables will be accessed under the same role ID (Shigeru Hanada, - Ashutosh Bapat, Etsuro Fujita) - - - - Previously, the foreign join pushdown infrastructure left the - question of security entirely up to individual foreign data - wrappers, but that made it too easy for an FDW to - inadvertently create subtle security holes. So, make it the core - code's job to determine which role ID will access each table, - and do not attempt join pushdown unless the role is the same for - all relevant relations. - - - - - - - - - Utility Commands - - - - - - - Allow COPY to copy the output of an - INSERT/UPDATE/DELETE - ... RETURNING query (Marko Tiikkaja) - - - - Previously, an intermediate CTE had to be written to - get this result. - - - - - - - Introduce ALTER object DEPENDS ON - EXTENSION (Abhijit Menon-Sen) - - - - This command allows a database object to be marked as depending - on an extension, so that it will be dropped automatically if - the extension is dropped (without needing CASCADE). - However, the object is not part of the extension, and thus will - be dumped separately by pg_dump. - - - - - - - Make ALTER object SET SCHEMA do nothing - when the object is already in the requested schema, rather than - throwing an error as it historically has for most object types - (Marti Raudsepp) - - - - - - - Add options to ALTER OPERATOR to allow changing - the selectivity functions associated with an existing operator - (Yury Zhuravlev) - - - - - - - Add an option to ALTER TABLE - ADD COLUMN (Fabrízio de Royes Mello) - - - - - - - Reduce the lock strength needed by ALTER TABLE - when setting fillfactor and autovacuum-related relation options - (Fabrízio de Royes Mello, Simon Riggs) - - - - - - - Introduce CREATE - ACCESS METHOD to allow extensions to create index access - methods (Alexander Korotkov, Petr Jelínek) - - - - - - - Add a CASCADE option to CREATE - EXTENSION to automatically create any extensions the - requested one depends on (Petr Jelínek) - - - - - - - Make CREATE TABLE ... LIKE include an OID - column if any source table has one (Bruce Momjian) - - - - - - - If a CHECK constraint is declared NOT VALID - in a table creation command, automatically mark it as valid - (Amit Langote, Amul Sul) - - - - This is safe because the table has no existing rows. This matches - the longstanding behavior of FOREIGN KEY constraints. - - - - - - - Fix DROP OPERATOR to clear - pg_operator.oprcom and - pg_operator.oprnegate links to - the dropped operator (Roma Sokolov) - - - - Formerly such links were left as-is, which could pose a problem - in the somewhat unlikely event that the dropped operator's - OID was reused for another operator. - - - - - - - Do not show the same subplan twice in EXPLAIN output - (Tom Lane) - - - - In certain cases, typically involving SubPlan nodes in index - conditions, EXPLAIN would print data for the same - subplan twice. - - - - - - - Disallow creation of indexes on system columns, except for - OID columns (David Rowley) - - - - Such indexes were never considered supported, and would very - possibly misbehave since the system might change the system-column - fields of a tuple without updating indexes. However, previously - there were no error checks to prevent them from being created. - - - - - - - - - Permissions Management - - - - - - - Use the privilege system to manage access to sensitive functions - (Stephen Frost) - - - - Formerly, many security-sensitive functions contained hard-wired - checks that would throw an error if they were called by a - non-superuser. This forced the use of superuser roles for - some relatively pedestrian tasks. The hard-wired error checks - are now gone in favor of making initdb revoke the - default public EXECUTE privilege on these functions. - This allows installations to choose to grant usage of such - functions to trusted roles that do not need all superuser - privileges. - - - - - - - Create some built-in roles - that can be used to grant access to what were previously - superuser-only functions (Stephen Frost) - - - - Currently the only such role is pg_signal_backend, - but more are expected to be added in future. - - - - - - - - - Data Types - - - - - - - Improve full-text search to support - searching for phrases, that is, lexemes appearing adjacent to each - other in a specific order, or with a specified distance between - them (Teodor Sigaev, Oleg Bartunov, Dmitry Ivanov) - - - - A phrase-search query can be specified in tsquery - input using the new operators <-> and - <N>. The former means - that the lexemes before and after it must appear adjacent to - each other in that order. The latter means they must be exactly - N lexemes apart. - - - - - - - Allow omitting one or both boundaries in an array slice specifier, - e.g. array_col[3:] (Yury Zhuravlev) - - - - Omitted boundaries are taken as the upper or lower limit of the - corresponding array subscript. This allows simpler specification - for many common use-cases. - - - - - - - Be more careful about out-of-range dates and timestamps (Vitaly - Burovoy) - - - - This change prevents unexpected out-of-range errors for - timestamp with time zone values very close to the - implementation limits. Previously, the same value might - be accepted or not depending on the timezone setting, - meaning that a dump and reload could fail on a value that had been - accepted when presented. Now the limits are enforced according - to the equivalent UTC time, not local time, so as to - be independent of timezone. - - - - Also, PostgreSQL is now more careful to detect - overflow in operations that compute new date or timestamp values, - such as date + integer. - - - - - - - For geometric data types, make sure infinity and - NaN component values are treated consistently during - input and output (Tom Lane) - - - - Such values will now always print the same as they would in - a simple float8 column, and be accepted the same way - on input. Previously the behavior was platform-dependent. - - - - - - - Upgrade - the ispell - dictionary type to handle modern Hunspell files and - support more languages (Artur Zakirov) - - - - - - - Implement look-behind constraints - in regular expressions - (Tom Lane) - - - - A look-behind constraint is like a lookahead constraint in that it - consumes no text; but it checks for existence (or nonexistence) - of a match ending at the current point in the string, rather - than one starting at the current point. Similar features exist - in many other regular-expression engines. - - - - - - - In regular expressions, if an apparent three-digit octal escape - \nnn would exceed 377 (255 decimal), - assume it is a two-digit octal escape instead (Tom Lane) - - - - This makes the behavior match current Tcl releases. - - - - - - - Add transaction ID operators xid <> - xid and xid <> int4, - for consistency with the corresponding equality operators - (Michael Paquier) - - - - - - - - - Functions - - - - - - - Add jsonb_insert() - function to insert a new element into a jsonb array, - or a not-previously-existing key into a jsonb object - (Dmitry Dolgov) - - - - - - - Improve the accuracy of the ln(), log(), - exp(), and pow() functions for type - numeric (Dean Rasheed) - - - - - - - Add a scale(numeric) - function to extract the display scale of a numeric value - (Marko Tiikkaja) - - - - - - - Add trigonometric functions that work in degrees (Dean Rasheed) - - - - For example, sind() - measures its argument in degrees, whereas sin() - measures in radians. These functions go to some lengths to - deliver exact results for values where an exact result can be - expected, for instance sind(30) = 0.5. - - - - - - - Ensure that trigonometric functions handle infinity - and NaN inputs per the POSIX standard - (Dean Rasheed) - - - - The POSIX standard says that these functions should - return NaN for NaN input, and should throw - an error for out-of-range inputs including infinity. - Previously our behavior varied across platforms. - - - - - - - Make to_timestamp(float8) - convert float infinity to - timestamp infinity (Vitaly Burovoy) - - - - Formerly it just failed on an infinite input. - - - - - - - Add new functions for tsvector data (Stas Kelvich) - - - - The new functions are ts_delete(), - ts_filter(), unnest(), - tsvector_to_array(), array_to_tsvector(), - and a variant of setweight() that sets the weight - only for specified lexeme(s). - - - - - - - Allow ts_stat() - and tsvector_update_trigger() - to operate on values that are of types binary-compatible with the - expected argument type, not just exactly that type; for example - allow citext where text is expected (Teodor - Sigaev) - - - - - - - Add variadic functions num_nulls() - and num_nonnulls() that count the number of their - arguments that are null or non-null (Marko Tiikkaja) - - - - An example usage is CHECK(num_nonnulls(a,b,c) = 1) - which asserts that exactly one of a,b,c is not NULL. - These functions can also be used to count the number of null or - nonnull elements in an array. - - - - - - - Add function parse_ident() - to split a qualified, possibly quoted SQL identifier - into its parts (Pavel Stehule) - - - - - - - In to_number(), - interpret a V format code as dividing by 10 to the - power of the number of digits following V (Bruce - Momjian) - - - - This makes it operate in an inverse fashion to - to_char(). - - - - - - - Make the to_reg*() - functions accept type text not cstring - (Petr Korobeinikov) - - - - This avoids the need to write an explicit cast in most cases - where the argument is not a simple literal constant. - - - - - - - Add pg_size_bytes() - function to convert human-readable size strings to numbers (Pavel - Stehule, Vitaly Burovoy, Dean Rasheed) - - - - This function converts strings like those produced by - pg_size_pretty() into bytes. An example - usage is SELECT oid::regclass FROM pg_class WHERE - pg_total_relation_size(oid) > pg_size_bytes('10 GB'). - - - - - - - In pg_size_pretty(), - format negative numbers similarly to positive ones (Adrian - Vondendriesch) - - - - Previously, negative numbers were never abbreviated, just printed - in bytes. - - - - - - - Add an optional missing_ok argument to the current_setting() - function (David Christensen) - - - - This allows avoiding an error for an unrecognized parameter - name, instead returning a NULL. - - - - - - - Change various catalog-inspection functions to return - NULL for invalid input (Michael Paquier) - - - - pg_get_viewdef() - now returns NULL if given an invalid view OID, - and several similar functions likewise return NULL for - bad input. Previously, such cases usually led to cache - lookup failed errors, which are not meant to occur in - user-facing cases. - - - - - - - Fix pg_replication_origin_xact_reset() - to not have any arguments (Fujii Masao) - - - - The documentation said that it has no arguments, and the C code did - not expect any arguments, but the entry in pg_proc - mistakenly specified two arguments. - - - - - - - - - Server-Side Languages - - - - - - - In PL/pgSQL, detect mismatched - CONTINUE and EXIT statements while - compiling a function, rather than at execution time - (Jim Nasby) - - - - - - - Extend PL/Python's error-reporting and - message-reporting functions to allow specifying additional message - fields besides the primary error message (Pavel Stehule) - - - - - - - Allow PL/Python functions to call themselves recursively - via SPI, and fix the behavior when multiple - set-returning PL/Python functions are called within one query - (Alexey Grishchenko, Tom Lane) - - - - - - - Fix session-lifespan memory leaks in PL/Python (Heikki Linnakangas, - Haribabu Kommi, Tom Lane) - - - - - - - Modernize PL/Tcl to use Tcl's object - APIs instead of simple strings (Jim Nasby, Karl - Lehenbauer) - - - - This can improve performance substantially in some cases. - Note that PL/Tcl now requires Tcl 8.4 or later. - - - - - - - In PL/Tcl, make database-reported errors return - additional information in Tcl's errorCode global - variable (Jim Nasby, Tom Lane) - - - - This feature follows the Tcl convention for returning auxiliary - data about an error. - - - - - - - Fix PL/Tcl to perform encoding conversion between - the database encoding and UTF-8, which is what Tcl - expects (Tom Lane) - - - - Previously, strings were passed through without conversion, - leading to misbehavior with non-ASCII characters when - the database encoding was not UTF-8. - - - - - - - - - Client Interfaces - - - - - - - Add a nonlocalized version of - the severity field in - error and notice messages (Tom Lane) - - - - This change allows client code to determine severity of an error or - notice without having to worry about localized variants of the - severity strings. - - - - - - - Introduce a feature in libpq whereby the - CONTEXT field of messages can be suppressed, either - always or only for non-error messages (Pavel Stehule) - - - - The default behavior of PQerrorMessage() - is now to print CONTEXT - only for errors. The new function PQsetErrorContextVisibility() - can be used to adjust this. - - - - - - - Add support in libpq for regenerating an error - message with a different verbosity level (Alex Shulgin) - - - - This is done with the new function PQresultVerboseErrorMessage(). - This supports psql's new \errverbose - feature, and may be useful for other clients as well. - - - - - - - Improve libpq's PQhost() function to return - useful data for default Unix-socket connections (Tom Lane) - - - - Previously it would return NULL if no explicit host - specification had been given; now it returns the default socket - directory path. - - - - - - - Fix ecpg's lexer to handle line breaks within - comments starting on preprocessor directive lines (Michael Meskes) - - - - - - - - - Client Applications - - - - - - - Add a option - to pg_dump - and pg_restore - (Pavel Stehule) - - - - This option causes the program to complain if there is no match - for a or option, rather - than silently doing nothing. - - - - - - - In pg_dump, dump locally-made changes of privilege - assignments for system objects (Stephen Frost) - - - - While it has always been possible for a superuser to change - the privilege assignments for built-in or extension-created - objects, such changes were formerly lost in a dump and reload. - Now, pg_dump recognizes and dumps such changes. - (This works only when dumping from a 9.6 or later server, however.) - - - - - - - Allow pg_dump to dump non-extension-owned objects - that are within an extension-owned schema - (Martín Marqués) - - - - Previously such objects were ignored because they were mistakenly - assumed to belong to the extension owning their schema. - - - - - - - In pg_dump output, include the table name in object - tags for object types that are only uniquely named per-table - (for example, triggers) (Peter Eisentraut) - - - - - - - <xref linkend="app-psql"/> - - - - - - - Support multiple and - command-line options (Pavel Stehule, Catalin Iacob) - - - - The specified operations are carried out in the order in which the - options are given, and then psql terminates. - - - - - - - Add a \crosstabview command that prints the results of - a query in a cross-tabulated display (Daniel Vérité) - - - - In the crosstab display, data values from one query result column - are placed in a grid whose column and row headers come from other - query result columns. - - - - - - - Add an \errverbose command that shows the last server - error at full verbosity (Alex Shulgin) - - - - This is useful after getting an unexpected error — you - no longer need to adjust the VERBOSITY variable and - recreate the failure in order to see error fields that are not - shown by default. - - - - - - - Add \ev and \sv commands for editing and - showing view definitions (Petr Korobeinikov) - - - - These are parallel to the existing \ef and - \sf commands for functions. - - - - - - - Add a \gexec command that executes a query and - re-submits the result(s) as new queries (Corey Huinker) - - - - - - - Allow \pset C string - to set the table title, for consistency with \C - string (Bruce Momjian) - - - - - - - In \pset expanded auto mode, do not use expanded - format for query results with only one column (Andreas Karlsson, - Robert Haas) - - - - - - - Improve the headers output by the \watch command - (Michael Paquier, Tom Lane) - - - - Include the \pset title string if one has - been set, and shorten the prefabricated part of the - header to be timestamp (every - Ns). Also, the timestamp format now - obeys psql's locale environment. - - - - - - - Improve tab-completion logic to consider the entire input query, - not only the current line (Tom Lane) - - - - Previously, breaking a command into multiple lines defeated any - tab completion rules that needed to see words on earlier lines. - - - - - - - Numerous minor improvements in tab-completion behavior (Peter - Eisentraut, Vik Fearing, Kevin Grittner, Kyotaro Horiguchi, Jeff - Janes, Andreas Karlsson, Fujii Masao, Thomas Munro, Masahiko - Sawada, Pavel Stehule) - - - - - - - Add a PROMPT option %p to insert the - process ID of the connected backend (Julien Rouhaud) - - - - - - - Introduce a feature whereby the CONTEXT field of - messages can be suppressed, either always or only for non-error - messages (Pavel Stehule) - - - - Printing CONTEXT only for errors is now the default - behavior. This can be changed by setting the special variable - SHOW_CONTEXT. - - - - - - - Make \df+ show function access privileges and - parallel-safety attributes (Michael Paquier) - - - - - - - - - <xref linkend="pgbench"/> - - - - - - - SQL commands in pgbench scripts are now ended by - semicolons, not newlines (Kyotaro Horiguchi, Tom Lane) - - - - This change allows SQL commands in scripts to span multiple lines. - Existing custom scripts will need to be modified to add a semicolon - at the end of each line that does not have one already. (Doing so - does not break the script for use with older versions - of pgbench.) - - - - - - - Support floating-point arithmetic, as well as some built-in functions, in - expressions in backslash commands (Fabien Coelho) - - - - - - - Replace \setrandom with built-in functions (Fabien - Coelho) - - - - The new built-in functions include random(), - random_exponential(), and - random_gaussian(), which perform the same work as - \setrandom, but are easier to use since they can be - embedded in larger expressions. Since these additions have made - \setrandom obsolete, remove it. - - - - - - - Allow invocation of multiple copies of the built-in scripts, - not only custom scripts (Fabien Coelho) - - - - This is done with the new switch, which works - similarly to for custom scripts. - - - - - - - Allow changing the selection probabilities (weights) for scripts - (Fabien Coelho) - - - - When multiple scripts are specified, each pgbench - transaction randomly chooses one to execute. Formerly this was - always done with uniform probability, but now different selection - probabilities can be specified for different scripts. - - - - - - - Collect statistics for each script in a multi-script run (Fabien - Coelho) - - - - This feature adds an intermediate level of detail to existing - global and per-command statistics printouts. - - - - - - - Add a option to report progress - with Unix epoch timestamps, instead of time since the run started - (Fabien Coelho) - - - - - - - Allow the number of client connections () to not - be an exact multiple of the number of threads () - (Fabien Coelho) - - - - - - - When the option is used, stop promptly at the end - of the specified time (Fabien Coelho) - - - - Previously, specifying a low transaction rate could cause - pgbench to wait significantly longer than - specified. - - - - - - - - - - - Server Applications - - - - - - - Improve error reporting during initdb's - post-bootstrap phase (Tom Lane) - - - - Previously, an error here led to reporting the entire input - file as the failing query; now just the current - query is reported. To get the desired behavior, queries in - initdb's input files must be separated by blank - lines. - - - - - - - Speed up initdb by using just one - standalone-backend session for all the post-bootstrap steps - (Tom Lane) - - - - - - - Improve pg_rewind - so that it can work when the target timeline changes (Alexander - Korotkov) - - - - This allows, for example, rewinding a promoted standby back to - some state of the old master's timeline. - - - - - - - - - Source Code - - - - - - - Remove obsolete - heap_formtuple/heap_modifytuple/heap_deformtuple - functions (Peter Geoghegan) - - - - - - - Add macros to make AllocSetContextCreate() calls simpler - and safer (Tom Lane) - - - - Writing out the individual sizing parameters for a memory context - is now deprecated in favor of using one of the new - macros ALLOCSET_DEFAULT_SIZES, - ALLOCSET_SMALL_SIZES, - or ALLOCSET_START_SMALL_SIZES. - Existing code continues to work, however. - - - - - - - Unconditionally use static inline functions in header - files (Andres Freund) - - - - This may result in warnings and/or wasted code space with very - old compilers, but the notational improvement seems worth it. - - - - - - - Improve TAP testing infrastructure (Michael - Paquier, Craig Ringer, Álvaro Herrera, Stephen Frost) - - - - Notably, it is now possible to test recovery scenarios using - this infrastructure. - - - - - - - Make trace_lwlocks identify individual locks by name - (Robert Haas) - - - - - - - Improve psql's tab-completion code infrastructure - (Thomas Munro, Michael Paquier) - - - - Tab-completion rules are now considerably easier to write, and - more compact. - - - - - - - Nail the pg_shseclabel system catalog into cache, - so that it is available for access during connection authentication - (Adam Brightwell) - - - - The core code does not use this catalog for authentication, - but extensions might wish to consult it. - - - - - - - Restructure index access - method API to hide most of it at - the C level (Alexander Korotkov, Andrew Gierth) - - - - This change modernizes the index AM API to look more - like the designs we have adopted for foreign data wrappers and - tablesample handlers. This simplifies the C code - and makes it much more practical to define index access methods in - installable extensions. A consequence is that most of the columns - of the pg_am system catalog have disappeared. - New inspection - functions have been added to allow SQL queries to determine - index AM properties that used to be discoverable - from pg_am. - - - - - - - Add pg_init_privs - system catalog to hold original privileges - of initdb-created and extension-created objects - (Stephen Frost) - - - - This infrastructure allows pg_dump to dump changes - that an installation may have made in privileges attached to - system objects. Formerly, such changes would be lost in a dump - and reload, but now they are preserved. - - - - - - - Change the way that extensions allocate custom LWLocks - (Amit Kapila, Robert Haas) - - - - The RequestAddinLWLocks() function is removed, - and replaced by RequestNamedLWLockTranche(). - This allows better identification of custom LWLocks, - and is less error-prone. - - - - - - - Improve the isolation tester to allow multiple sessions to wait - concurrently, allowing testing of deadlock scenarios (Robert Haas) - - - - - - - Introduce extensible node types (KaiGai Kohei) - - - - This change allows FDWs or custom scan providers - to store data in a plan tree in a more convenient format than - was previously possible. - - - - - - - Make the planner deal with post-scan/join query steps by generating - and comparing Paths, replacing a lot of ad-hoc logic - (Tom Lane) - - - - This change provides only marginal user-visible improvements today, - but it enables future work on a lot of upper-planner improvements - that were impractical to tackle using the old code structure. - - - - - - - Support partial aggregation (David Rowley, Simon Riggs) - - - - This change allows the computation of an aggregate function to be - split into separate parts, for example so that parallel worker - processes can cooperate on computing an aggregate. In future - it might allow aggregation across local and remote data to occur - partially on the remote end. - - - - - - - Add a generic command progress reporting facility (Vinayak Pokale, - Rahila Syed, Amit Langote, Robert Haas) - - - - - - - Separate out psql's flex lexer to - make it usable by other client programs (Tom Lane, Kyotaro - Horiguchi) - - - - This eliminates code duplication for programs that need to be able - to parse SQL commands well enough to identify command boundaries. - Doing that in full generality is more painful than one could - wish, and up to now only psql has really gotten - it right among our supported client programs. - - - - A new source-code subdirectory src/fe_utils/ has - been created to hold this and other code that is shared across - our client programs. Formerly such sharing was accomplished by - symbolic linking or copying source files at build time, which - was ugly and required duplicate compilation. - - - - - - - Introduce WaitEventSet API to allow - efficient waiting for event sets that usually do not change from - one wait to the next (Andres Freund, Amit Kapila) - - - - - - - Add a generic interface for writing WAL records - (Alexander Korotkov, Petr Jelínek, Markus Nullmeier) - - - - This change allows extensions to write WAL records for - changes to pages using a standard layout. The problem of needing to - replay WAL without access to the extension is solved by - having generic replay code. This allows extensions to implement, - for example, index access methods and have WAL - support for them. - - - - - - - Support generic WAL messages for logical decoding - (Petr Jelínek, Andres Freund) - - - - This feature allows extensions to insert data into the - WAL stream that can be read by logical-decoding - plugins, but is not connected to physical data restoration. - - - - - - - Allow SP-GiST operator classes to store an arbitrary - traversal value while descending the index (Alexander - Lebedev, Teodor Sigaev) - - - - This is somewhat like the reconstructed value, but it - could be any arbitrary chunk of data, not necessarily of the same - data type as the indexed column. - - - - - - - Introduce a LOG_SERVER_ONLY message level for - ereport() (David Steele) - - - - This level acts like LOG except that the message is - never sent to the client. It is meant for use in auditing and - similar applications. - - - - - - - Provide a Makefile target to build all generated - headers (Michael Paquier, Tom Lane) - - - - submake-generated-headers can now be invoked to ensure - that generated backend header files are up-to-date. This is - useful in subdirectories that might be built standalone. - - - - - - - Support OpenSSL 1.1.0 (Andreas Karlsson, Heikki Linnakangas) - - - - - - - - - Additional Modules - - - - - - - Add configuration parameter auto_explain.sample_rate to - allow contrib/auto_explain - to capture just a configurable fraction of all queries (Craig - Ringer, Julien Rouhaud) - - - - This allows reduction of overhead for heavy query traffic, while - still getting useful information on average. - - - - - - - Add contrib/bloom module that - implements an index access method based on Bloom filtering (Teodor - Sigaev, Alexander Korotkov) - - - - This is primarily a proof-of-concept for non-core index access - methods, but it could be useful in its own right for queries that - search many columns. - - - - - - - In contrib/cube, introduce - distance operators for cubes, and support kNN-style searches in - GiST indexes on cube columns (Stas Kelvich) - - - - - - - Make contrib/hstore's hstore_to_jsonb_loose() - and hstore_to_json_loose() functions agree on what - is a number (Tom Lane) - - - - Previously, hstore_to_jsonb_loose() would convert - numeric-looking strings to JSON numbers, rather than - strings, even if they did not exactly match the JSON - syntax specification for numbers. This was inconsistent with - hstore_to_json_loose(), so tighten the test to match - the JSON syntax. - - - - - - - Add selectivity estimation functions for - contrib/intarray operators - to improve plans for queries using those operators (Yury Zhuravlev, - Alexander Korotkov) - - - - - - - Make contrib/pageinspect's - heap_page_items() function show the raw data in each - tuple, and add new functions tuple_data_split() and - heap_page_item_attrs() for inspection of individual - tuple fields (Nikolay Shaplov) - - - - - - - Add an optional S2K iteration count parameter to - contrib/pgcrypto's - pgp_sym_encrypt() function (Jeff Janes) - - - - - - - Add support for word similarity to - contrib/pg_trgm - (Alexander Korotkov, Artur Zakirov) - - - - These functions and operators measure the similarity between one - string and the most similar single word of another string. - - - - - - - Add configuration parameter - pg_trgm.similarity_threshold for - contrib/pg_trgm's similarity threshold (Artur Zakirov) - - - - This threshold has always been configurable, but formerly it was - controlled by special-purpose functions set_limit() - and show_limit(). Those are now deprecated. - - - - - - - Improve contrib/pg_trgm's GIN operator class to - speed up index searches in which both common and rare keys appear - (Jeff Janes) - - - - - - - Improve performance of similarity searches in - contrib/pg_trgm GIN indexes (Christophe Fornaroli) - - - - - - - Add contrib/pg_visibility module - to allow examining table visibility maps (Robert Haas) - - - - - - - Add ssl_extension_info() - function to contrib/sslinfo, to print information - about SSL extensions present in the X509 - certificate used for the current connection (Dmitry Voronin) - - - - - - - <link linkend="postgres-fdw"><filename>postgres_fdw</filename></link> - - - - - - - Allow extension-provided operators and functions to be sent for - remote execution, if the extension is whitelisted in the foreign - server's options (Paul Ramsey) - - - - Users can enable this feature when the extension is known to exist - in a compatible version in the remote database. It allows more - efficient execution of queries involving extension operators. - - - - - - - Consider performing sorts on the remote server (Ashutosh Bapat) - - - - - - - Consider performing joins on the remote server (Shigeru Hanada, - Ashutosh Bapat) - - - - - - - When feasible, perform UPDATE or DELETE - entirely on the remote server (Etsuro Fujita) - - - - Formerly, remote updates involved sending a SELECT FOR UPDATE - command and then updating or deleting the selected rows one-by-one. - While that is still necessary if the operation requires any local - processing, it can now be done remotely if all elements of the - query are safe to send to the remote server. - - - - - - - Allow the fetch size to be set as a server or table option - (Corey Huinker) - - - - Formerly, postgres_fdw always fetched 100 rows at - a time from remote queries; now that behavior is configurable. - - - - - - - Use a single foreign-server connection for local user IDs that - all map to the same remote user (Ashutosh Bapat) - - - - - - - Transmit query cancellation requests to the remote server - (Michael Paquier, Etsuro Fujita) - - - - Previously, a local query cancellation request did not cause an - already-sent remote query to terminate early. - - - - - - - - - - - - diff --git a/doc/src/sgml/release-old.sgml b/doc/src/sgml/release-old.sgml deleted file mode 100644 index d55209d85b..0000000000 --- a/doc/src/sgml/release-old.sgml +++ /dev/null @@ -1,6557 +0,0 @@ - - - - - Release 7.3.21 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 7.3.20, - including fixes for significant security issues. - - - - This is expected to be the last PostgreSQL release - in the 7.3.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 7.3.21 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 7.3.20 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 7.3.20 - - - Release date: - 2007-09-17 - - - - This release contains fixes from 7.3.19. - - - - Migration to Version 7.3.20 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 7.3.19 - - - Release date: - 2007-04-23 - - - - This release contains fixes from 7.3.18, - including a security fix. - - - - Migration to Version 7.3.19 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - - - - - Release 7.3.18 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 7.3.17, including - a security fix. - - - - Migration to Version 7.3.18 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Remove security vulnerability that allowed connected users - to read backend memory (Tom) - - - The vulnerability involves changing the - data type of a table column used in a SQL function (CVE-2007-0555). - This error can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - - - - - Release 7.3.17 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 7.3.16. - - - - Migration to Version 7.3.17 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - - - - - Release 7.3.16 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 7.3.15. - - - - Migration to Version 7.3.16 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Back-port 7.4 spinlock code to improve performance and support -64-bit architectures better -Fix SSL-related memory leak in libpq -Fix backslash escaping in /contrib/dbmirror -Adjust regression tests for recent changes in US DST laws - - - - - - - - Release 7.3.15 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 7.3.14, - including patches for extremely serious security issues. - - - - Migration to Version 7.3.15 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, alt_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Fix various minor memory leaks - - - - - - - Release 7.3.14 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 7.3.13. - - - - Migration to Version 7.3.14 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - Changes - - - -Fix potential crash in SET -SESSION AUTHORIZATION (CVE-2006-0553) -An unprivileged user could crash the server process, resulting in -momentary denial of service to other users, if the server has been compiled -with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 7.3.11 release. - - -Fix race condition that could lead to file already -exists errors during pg_clog file creation -(Tom) - -Fix to allow restoring dumps that have cross-schema -references to custom operators (Tom) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - - - - - - - - Release 7.3.13 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 7.3.12. - - - - Migration to Version 7.3.13 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.10, - see . - Also, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 7.3.12 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 7.3.11. - - - - Migration to Version 7.3.12 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.10, - see . - - - - - Changes - - - -Fix race condition in transaction log management -There was a narrow window in which an I/O operation could be initiated -for the wrong page, leading to an Assert failure or data -corruption. - - -/contrib/ltree fixes (Teodor) - -Fix longstanding planning error for outer joins -This bug sometimes caused a bogus error RIGHT JOIN is -only supported with merge-joinable join conditions. - -Prevent core dump in pg_autovacuum when a -table has been dropped - - - - - - - - Release 7.3.11 - - - Release date: - 2005-10-04 - - - - This release contains a variety of fixes from 7.3.10. - - - - Migration to Version 7.3.11 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.10, - see . - - - - - Changes - - -Fix error that allowed VACUUM to remove -ctid chains too soon, and add more checking in code that follows -ctid links -This fixes a long-standing problem that could cause crashes in very rare -circumstances. -Fix CHAR() to properly pad spaces to the specified -length when using a multiple-byte character set (Yoshiyuki Asaba) -In prior releases, the padding of CHAR() was incorrect -because it only padded to the specified number of bytes without -considering how many characters were stored. -Fix missing rows in queries like UPDATE a=... WHERE -a... with GiST index on column a -Improve checking for partially-written WAL -pages -Improve robustness of signal handling when SSL is -enabled -Various memory leakage fixes -Various portability improvements -Fix PL/pgSQL to handle var := var correctly when -the variable is of pass-by-reference type - - - - - - - Release 7.3.10 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 7.3.9, including several - security-related issues. - - - - Migration to Version 7.3.10 - - - A dump/restore is not required for those running 7.3.X. However, - it is one possible way of handling a significant security problem - that has been found in the initial contents of 7.3.X system - catalogs. A dump/initdb/reload sequence using 7.3.10's initdb will - automatically correct this problem. - - - - The security problem is that the built-in character set encoding - conversion functions can be invoked from SQL commands by unprivileged - users, but the functions were not designed for such use and are not - secure against malicious choices of arguments. The fix involves changing - the declared parameter list of these functions so that they can no longer - be invoked from SQL commands. (This does not affect their normal use - by the encoding conversion machinery.) - It is strongly recommended that all installations repair this error, - either by initdb or by following the manual repair procedure given - below. The error at least allows unprivileged database users to crash - their server process, and might allow unprivileged users to gain the - privileges of a database superuser. - - - - If you wish not to do an initdb, perform the following procedure instead. - As the database superuser, do: - - -BEGIN; -UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype -WHERE pronamespace = 11 AND pronargs = 5 - AND proargtypes[2] = 'cstring'::regtype; --- The command should report having updated 90 rows; --- if not, rollback and investigate instead of committing! -COMMIT; - - - - - The above procedure must be carried out in each database - of an installation, including template1, and ideally - including template0 as well. If you do not fix the - template databases then any subsequently created databases will contain - the same error. template1 can be fixed in the same way - as any other database, but fixing template0 requires - additional steps. First, from any database issue: - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; - - Next connect to template0 and perform the above repair - procedure. Finally, do: - --- re-freeze template0: -VACUUM FREEZE; --- and protect it against future alterations: -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - Changes - - -Change encoding function signature to prevent -misuse -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix comparisons of TIME WITH TIME ZONE values - -The comparison code was wrong in the case where the ---enable-integer-datetimes configuration switch had been used. -NOTE: if you have an index on a TIME WITH TIME ZONE column, -it will need to be REINDEXed after installing this update, because -the fix corrects the sort order of column values. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Fix mis-display of negative fractional seconds in -INTERVAL values - -This error only occurred when the ---enable-integer-datetimes configuration switch had been used. - -Additional buffer overrun checks in plpgsql -(Neil) -Fix pg_dump to dump trigger names containing % -correctly (Neil) -Prevent to_char(interval) from dumping core for -month-related formats -Fix contrib/pgcrypto for newer OpenSSL builds -(Marko Kreen) -Still more 64-bit fixes for -contrib/intagg -Prevent incorrect optimization of functions returning -RECORD - - - - - - - Release 7.3.9 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 7.3.8, including several - security-related issues. - - - - Migration to Version 7.3.9 - - - A dump/restore is not required for those running 7.3.X. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Check that creator of an aggregate function has the right to -execute the specified transition functions - -This oversight made it possible to bypass denial of EXECUTE -permission on a function. -Fix security and 64-bit issues in -contrib/intagg -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Fix plperl for quote marks in tuple fields -Fix display of negative intervals in SQL and GERMAN -datestyles - - - - - - - Release 7.3.8 - - - Release date: - 2004-10-22 - - - - This release contains a variety of fixes from 7.3.7. - - - - - Migration to Version 7.3.8 - - - A dump/restore is not required for those running 7.3.X. - - - - - Changes - - -Repair possible failure to update hint bits on disk - -Under rare circumstances this oversight could lead to -could not access transaction status failures, which qualifies -it as a potential-data-loss bug. - -Ensure that hashed outer join does not miss tuples - -Very large left joins using a hash join plan could fail to output unmatched -left-side rows given just the right data distribution. - -Disallow running pg_ctl as root - -This is to guard against any possible security issues. - -Avoid using temp files in /tmp in make_oidjoins_check - -This has been reported as a security issue, though it's hardly worthy of -concern since there is no reason for non-developers to use this script anyway. - - - - - - - - Release 7.3.7 - - - Release date: - 2004-08-16 - - - - This release contains one critical fix over 7.3.6, and some minor items. - - - - - Migration to Version 7.3.7 - - - A dump/restore is not required for those running 7.3.X. - - - - - Changes - - -Prevent possible loss of committed transactions during crash - -Due to insufficient interlocking between transaction commit and checkpointing, -it was possible for transactions committed just before the most recent -checkpoint to be lost, in whole or in part, following a database crash and -restart. This is a serious bug that has existed -since PostgreSQL 7.1. - -Remove asymmetrical word processing in tsearch (Teodor) -Properly schema-qualify function names when pg_dump'ing a CAST - - - - - - - Release 7.3.6 - - - Release date: - 2004-03-02 - - - - This release contains a variety of fixes from 7.3.5. - - - - - Migration to Version 7.3.6 - - - A dump/restore is not required for those - running 7.3.*. - - - - - - Changes - - -Revert erroneous changes in rule permissions checking -A patch applied in 7.3.3 to fix a corner case in rule permissions checks -turns out to have disabled rule-related permissions checks in many -not-so-corner cases. This would for example allow users to insert into views -they weren't supposed to have permission to insert into. We have therefore -reverted the 7.3.3 patch. The original bug will be fixed in 8.0. - -Repair incorrect order of operations in -GetNewTransactionId() - -This bug could result in failure under out-of-disk-space conditions, including -inability to restart even after disk space is freed. - -Ensure configure selects -fno-strict-aliasing even when -an external value for CFLAGS is supplied - -On some platforms, building with -fstrict-aliasing causes bugs. - -Make pg_restore handle 64-bit off_t correctly - -This bug prevented proper restoration from archive files exceeding 4 GB. - -Make contrib/dblink not assume that local and remote type OIDs -match (Joe) -Quote connectby()'s start_with argument properly (Joe) -Don't crash when a rowtype argument to a plpgsql function is -NULL -Avoid generating invalid character encoding sequences in -corner cases when planning LIKE operations -Ensure text_position() cannot scan past end of source string -in multibyte cases (Korea PostgreSQL Users' Group) -Fix index optimization and selectivity estimates for LIKE -operations on bytea columns (Joe) - - - - - - - Release 7.3.5 - - - Release date: - 2003-12-03 - - - - This has a variety of fixes from 7.3.4. - - - - - Migration to Version 7.3.5 - - - A dump/restore is not required for those - running 7.3.*. - - - - - Changes - - -Force zero_damaged_pages to be on during recovery from WAL -Prevent some obscure cases of variable not in subplan target lists -Force stats processes to detach from shared memory, ensuring cleaner shutdown -Make PQescapeBytea and byteaout consistent with each other (Joe) -Added missing SPI_finish() calls to dblink's get_tuple_of_interest() (Joe) -Fix for possible foreign key violation when rule rewrites INSERT (Jan) -Support qualified type names in PL/Tcl's spi_prepare command (Jan) -Make pg_dump handle a procedural language handler located in pg_catalog -Make pg_dump handle cases where a custom opclass is in another schema -Make pg_dump dump binary-compatible casts correctly (Jan) -Fix insertion of expressions containing subqueries into rule bodies -Fix incorrect argument processing in clusterdb script (Anand Ranganathan) -Fix problems with dropped columns in plpython triggers -Repair problems with to_char() reading past end of its input string (Karel) -Fix GB18030 mapping errors (Tatsuo) -Fix several problems with SSL error handling and asynchronous SSL I/O -Remove ability to bind a list of values to a single parameter in JDBC -(prevents possible SQL-injection attacks) -Fix some errors in HAVE_INT64_TIMESTAMP code paths -Fix corner case for btree search in parallel with first root page split - - - - - - - Release 7.3.4 - - - Release date: - 2003-07-24 - - - - This has a variety of fixes from 7.3.3. - - - - - Migration to Version 7.3.4 - - - A dump/restore is not required for those - running 7.3.*. - - - - - Changes - - -Repair breakage in timestamp-to-date conversion for dates before 2000 -Prevent rare possibility of server startup failure (Tom) -Fix bugs in interval-to-time conversion (Tom) -Add constraint names in a few places in pg_dump (Rod) -Improve performance of functions with many parameters (Tom) -Fix to_ascii() buffer overruns (Tom) -Prevent restore of database comments from throwing an error (Tom) -Work around buggy strxfrm() present in some Solaris releases (Tom) -Properly escape jdbc setObject() strings to improve security (Barry) - - - - - - - Release 7.3.3 - - - Release date: - 2003-05-22 - - - - This release contains a variety of fixes for version 7.3.2. - - - - Migration to Version 7.3.3 - - - A dump/restore is not required for those - running version 7.3.*. - - - - - Changes - - -Repair sometimes-incorrect computation of StartUpID after a crash -Avoid slowness with lots of deferred triggers in one transaction (Stephan) -Don't lock referenced row when UPDATE doesn't change foreign key's value (Jan) -Use -fPIC not -fpic on Sparc (Tom Callaway) -Repair lack of schema-awareness in contrib/reindexdb -Fix contrib/intarray error for zero-element result array (Teodor) -Ensure createuser script will exit on control-C (Oliver) -Fix errors when the type of a dropped column has itself been dropped -CHECKPOINT does not cause database panic on failure in noncritical steps -Accept 60 in seconds fields of timestamp, time, interval input values -Issue notice, not error, if TIMESTAMP, - TIME, or INTERVAL precision too large -Fix abstime-to-time cast function (fix is - not applied unless you initdb) -Fix pg_proc entry for - timestampt_izone (fix is not applied unless you - initdb) -Make EXTRACT(EPOCH FROM timestamp without time zone) treat input as local time -'now'::timestamptz gave wrong answer if timezone changed earlier in transaction -HAVE_INT64_TIMESTAMP code for time with timezone overwrote its input -Accept GLOBAL TEMP/TEMPORARY as a - synonym for TEMPORARY -Avoid improper schema-privilege-check failure in foreign-key triggers -Fix bugs in foreign-key triggers for SET DEFAULT action -Fix incorrect time-qual check in row fetch for - UPDATE and DELETE triggers -Foreign-key clauses were parsed but ignored in - ALTER TABLE ADD COLUMN -Fix createlang script breakage for case where handler function already exists -Fix misbehavior on zero-column tables in pg_dump, COPY, ANALYZE, other places -Fix misbehavior of func_error() on type names containing '%' -Fix misbehavior of replace() on strings containing '%' -Regular-expression patterns containing certain multibyte characters failed -Account correctly for NULLs in more cases in join size estimation -Avoid conflict with system definition of isblank() function or macro -Fix failure to convert large code point values in EUC_TW conversions (Tatsuo) -Fix error recovery for SSL_read/SSL_write calls -Don't do early constant-folding of type coercion expressions -Validate page header fields immediately after reading in any page -Repair incorrect check for ungrouped variables in unnamed joins -Fix buffer overrun in to_ascii (Guido Notari) -contrib/ltree fixes (Teodor) -Fix core dump in deadlock detection on machines where char is unsigned -Avoid running out of buffers in many-way indexscan (bug introduced in 7.3) -Fix planner's selectivity estimation functions to handle domains properly -Fix dbmirror memory-allocation bug (Steven Singer) -Prevent infinite loop in ln(numeric) due to roundoff error -GROUP BY got confused if there were multiple equal GROUP BY items -Fix bad plan when inherited UPDATE/DELETE references another inherited table -Prevent clustering on incomplete (partial or non-NULL-storing) indexes -Service shutdown request at proper time if it arrives while still starting up -Fix left-links in temporary indexes (could make backwards scans miss entries) -Fix incorrect handling of client_encoding setting in postgresql.conf (Tatsuo) -Fix failure to respond to pg_ctl stop -m fast after Async_NotifyHandler runs -Fix SPI for case where rule contains multiple statements of the same type -Fix problem with checking for wrong type of access privilege in rule query -Fix problem with EXCEPT in CREATE RULE -Prevent problem with dropping temp tables having serial columns -Fix replace_vars_with_subplan_refs failure in complex views -Fix regexp slowness in single-byte encodings (Tatsuo) -Allow qualified type names in CREATE CAST - and DROP CAST -Accept SETOF type[], which formerly had to - be written SETOF _type -Fix pg_dump core dump in some cases with procedural languages -Force ISO datestyle in pg_dump output, for portability (Oliver) -pg_dump failed to handle error return - from lo_read (Oleg Drokin) -pg_dumpall failed with groups having no members (Nick Eskelinen) -pg_dumpall failed to recognize --globals-only switch -pg_restore failed to restore blobs if -X disable-triggers is specified -Repair intrafunction memory leak in plpgsql -pltcl's elog command dumped core if given wrong parameters (Ian Harding) -plpython used wrong value of atttypmod (Brad McLean) -Fix improper quoting of boolean values in Python interface (D'Arcy) -Added addDataType() method to PGConnection interface for JDBC -Fixed various problems with updateable ResultSets for JDBC (Shawn Green) -Fixed various problems with DatabaseMetaData for JDBC (Kris Jurka, Peter Royal) -Fixed problem with parsing table ACLs in JDBC -Better error message for character set conversion problems in JDBC - - - - - - - Release 7.3.2 - - - Release date: - 2003-02-04 - - - - This release contains a variety of fixes for version 7.3.1. - - - - - Migration to Version 7.3.2 - - - A dump/restore is not required for those - running version 7.3.*. - - - - - Changes - - -Restore creation of OID column in CREATE TABLE AS / SELECT INTO -Fix pg_dump core dump when dumping views having comments -Dump DEFERRABLE/INITIALLY DEFERRED constraints properly -Fix UPDATE when child table's column numbering differs from parent -Increase default value of max_fsm_relations -Fix problem when fetching backwards in a cursor for a single-row query -Make backward fetch work properly with cursor on SELECT DISTINCT query -Fix problems with loading pg_dump files containing contrib/lo usage -Fix problem with all-numeric user names -Fix possible memory leak and core dump during disconnect in libpgtcl -Make plpython's spi_execute command handle nulls properly (Andrew Bosma) -Adjust plpython error reporting so that its regression test passes again -Work with bison 1.875 -Handle mixed-case names properly in plpgsql's %type (Neil) -Fix core dump in pltcl when executing a query rewritten by a rule -Repair array subscript overruns (per report from Yichen Xie) -Reduce MAX_TIME_PRECISION from 13 to 10 in floating-point case -Correctly case-fold variable names in per-database and per-user settings -Fix coredump in plpgsql's RETURN NEXT when SELECT into record returns no rows -Fix outdated use of pg_type.typprtlen in python client interface -Correctly handle fractional seconds in timestamps in JDBC driver -Improve performance of getImportedKeys() in JDBC -Make shared-library symlinks work standardly on HPUX (Giles) -Repair inconsistent rounding behavior for timestamp, time, interval -SSL negotiation fixes (Nathan Mueller) -Make libpq's ~/.pgpass feature work when connecting with PQconnectDB -Update my2pg, ora2pg -Translation updates -Add casts between types lo and oid in contrib/lo -fastpath code now checks for privilege to call function - - - - - - - Release 7.3.1 - - - Release date: - 2002-12-18 - - - - This release contains a variety of fixes for version 7.3. - - - - - Migration to Version 7.3.1 - - - A dump/restore is not required for those - running version 7.3. However, it should be noted that the main - PostgreSQL interface library, libpq, - has a new major version number for this release, which might require - recompilation of client code in certain cases. - - - - - Changes - - -Fix a core dump of COPY TO when client/server encodings don't match (Tom) -Allow pg_dump to work with pre-7.2 servers (Philip) -contrib/adddepend fixes (Tom) -Fix problem with deletion of per-user/per-database config settings (Tom) -contrib/vacuumlo fix (Tom) -Allow 'password' encryption even when pg_shadow contains MD5 passwords (Bruce) -contrib/dbmirror fix (Steven Singer) -Optimizer fixes (Tom) -contrib/tsearch fixes (Teodor Sigaev, Magnus) -Allow locale names to be mixed case (Nicolai Tufar) -Increment libpq library's major version number (Bruce) -pg_hba.conf error reporting fixes (Bruce, Neil) -Add SCO Openserver 5.0.4 as a supported platform (Bruce) -Prevent EXPLAIN from crashing server (Tom) -SSL fixes (Nathan Mueller) -Prevent composite column creation via ALTER TABLE (Tom) - - - - - - - Release 7.3 - - - Release date: - 2002-11-27 - - - - Overview - - - Major changes in this release: - - - - - Schemas - - - Schemas allow users to create objects in separate namespaces, - so two people or applications can have tables with the same - name. There is also a public schema for shared tables. - Table/index creation can be restricted by removing privileges - on the public schema. - - - - - - Drop Column - - - PostgreSQL now supports the - ALTER TABLE ... DROP COLUMN functionality. - - - - - - Table Functions - - - Functions returning multiple rows and/or multiple columns are - now much easier to use than before. You can call such a - table function in the SELECT - FROM clause, treating its output like a - table. Also, PL/pgSQL functions can - now return sets. - - - - - - Prepared Queries - - - PostgreSQL now supports prepared - queries, for improved performance. - - - - - - Dependency Tracking - - - PostgreSQL now records object - dependencies, which allows improvements in many areas. - DROP statements now take either - CASCADE or RESTRICT to control whether - dependent objects are also dropped. - - - - - - Privileges - - - Functions and procedural languages now have privileges, and - functions can be defined to run with the privileges of their - creator. - - - - - - Internationalization - - - Both multibyte and locale support are now always enabled. - - - - - - Logging - - - A variety of logging options have been enhanced. - - - - - - Interfaces - - - A large number of interfaces have been moved to http://gborg.postgresql.org - where they can be developed and released independently. - - - - - - Functions/Identifiers - - - By default, functions can now take up to 32 parameters, and - identifiers can be up to 63 bytes long. Also, OPAQUE - is now deprecated: there are specific pseudo-datatypes - to represent each of the former meanings of OPAQUE - in function argument and result types. - - - - - - - - - Migration to Version 7.3 - - - A dump/restore using pg_dump is required for those - wishing to migrate data from any previous release. If your - application examines the system catalogs, additional changes will - be required due to the introduction of schemas in 7.3; for more - information, see: . - - - - Observe the following incompatibilities: - - - - - - Pre-6.3 clients are no longer supported. - - - - - - pg_hba.conf now has a column for the user - name and additional features. Existing files need to be - adjusted. - - - - - - Several postgresql.conf logging parameters - have been renamed. - - - - - - LIMIT #,# has been disabled; use - LIMIT # OFFSET #. - - - - - - INSERT statements with column lists must - specify a value for each specified column. For example, - INSERT INTO tab (col1, col2) VALUES ('val1') - is now invalid. It's still allowed to supply fewer columns than - expected if the INSERT does not have a column list. - - - - - - serial columns are no longer automatically - UNIQUE; thus, an index will not automatically be - created. - - - - - - A SET command inside an aborted transaction - is now rolled back. - - - - - - COPY no longer considers missing trailing - columns to be null. All columns need to be specified. - (However, one can achieve a similar effect by specifying a - column list in the COPY command.) - - - - - - The data type timestamp is now equivalent to - timestamp without time zone, instead of - timestamp with time zone. - - - - - - Pre-7.3 databases loaded into 7.3 will not have the new object - dependencies for serial columns, unique - constraints, and foreign keys. See the directory - contrib/adddepend/ for a detailed - description and a script that will add such dependencies. - - - - - - An empty string ('') is no longer allowed as - the input into an integer field. Formerly, it was silently - interpreted as 0. - - - - - - - - Changes - - - Server Operation - -Add pg_locks view to show locks (Neil) -Security fixes for password negotiation memory allocation (Neil) -Remove support for version 0 FE/BE protocol (PostgreSQL 6.2 and earlier) (Tom) -Reserve the last few backend slots for superusers, add parameter superuser_reserved_connections to control this (Nigel J. Andrews) - - - - - Performance - -Improve startup by calling localtime() only once (Tom) -Cache system catalog information in flat files for faster startup (Tom) -Improve caching of index information (Tom) -Optimizer improvements (Tom, Fernando Nasser) -Catalog caches now store failed lookups (Tom) -Hash function improvements (Neil) -Improve performance of query tokenization and network handling (Peter) -Speed improvement for large object restore (Mario Weilguni) -Mark expired index entries on first lookup, saving later heap fetches (Tom) -Avoid excessive NULL bitmap padding (Manfred Koizar) -Add BSD-licensed qsort() for Solaris, for performance (Bruce) -Reduce per-row overhead by four bytes (Manfred Koizar) -Fix GEQO optimizer bug (Neil Conway) -Make WITHOUT OID actually save four bytes per row (Manfred Koizar) -Add default_statistics_target variable to specify ANALYZE buckets (Neil) -Use local buffer cache for temporary tables so no WAL overhead (Tom) -Improve free space map performance on large tables (Stephen Marshall, Tom) -Improved WAL write concurrency (Tom) - - - - - Privileges - -Add privileges on functions and procedural languages (Peter) -Add OWNER to CREATE DATABASE so superusers can create databases on behalf of unprivileged users (Gavin Sherry, Tom) -Add new object privilege bits EXECUTE and USAGE (Tom) -Add SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION (Tom) -Allow functions to be executed with the privilege of the function owner (Peter) - - - - - Server Configuration - -Server log messages now tagged with LOG, not DEBUG (Bruce) -Add user column to pg_hba.conf (Bruce) -Have log_connections output two lines in log file (Tom) -Remove debug_level from postgresql.conf, now server_min_messages (Bruce) -New ALTER DATABASE/USER ... SET command for per-user/database initialization (Peter) -New parameters server_min_messages and client_min_messages to control which messages are sent to the server logs or client applications (Bruce) -Allow pg_hba.conf to specify lists of users/databases separated by commas, group names prepended with +, and file names prepended with @ (Bruce) -Remove secondary password file capability and pg_password utility (Bruce) -Add variable db_user_namespace for database-local user names (Bruce) -SSL improvements (Bear Giles) -Make encryption of stored passwords the default (Bruce) -Allow statistics collector to be reset by calling pg_stat_reset() (Christopher) -Add log_duration parameter (Bruce) -Rename debug_print_query to log_statement (Bruce) -Rename show_query_stats to show_statement_stats (Bruce) -Add param log_min_error_statement to print commands to logs on error (Gavin) - - - - - Queries - -Make cursors insensitive, meaning their contents do not change (Tom) -Disable LIMIT #,# syntax; now only LIMIT # OFFSET # supported (Bruce) -Increase identifier length to 63 (Neil, Bruce) -UNION fixes for merging >= 3 columns of different lengths (Tom) -Add DEFAULT key word to INSERT, e.g., INSERT ... (..., DEFAULT, ...) (Rod) -Allow views to have default values using ALTER COLUMN ... SET DEFAULT (Neil) -Fail on INSERTs with column lists that don't supply all column values, e.g., INSERT INTO tab (col1, col2) VALUES ('val1'); (Rod) -Fix for join aliases (Tom) -Fix for FULL OUTER JOINs (Tom) -Improve reporting of invalid identifier and location (Tom, Gavin) -Fix OPEN cursor(args) (Tom) -Allow 'ctid' to be used in a view and currtid(viewname) (Hiroshi) -Fix for CREATE TABLE AS with UNION (Tom) -SQL99 syntax improvements (Thomas) -Add statement_timeout variable to cancel queries (Bruce) -Allow prepared queries with PREPARE/EXECUTE (Neil) -Allow FOR UPDATE to appear after LIMIT/OFFSET (Bruce) -Add variable autocommit (Tom, David Van Wie) - - - - - Object Manipulation - -Make equals signs optional in CREATE DATABASE (Gavin Sherry) -Make ALTER TABLE OWNER change index ownership too (Neil) -New ALTER TABLE tabname ALTER COLUMN colname SET STORAGE controls TOAST storage, compression (John Gray) -Add schema support, CREATE/DROP SCHEMA (Tom) -Create schema for temporary tables (Tom) -Add variable search_path for schema search (Tom) -Add ALTER TABLE SET/DROP NOT NULL (Christopher) -New CREATE FUNCTION volatility levels (Tom) -Make rule names unique only per table (Tom) -Add 'ON tablename' clause to DROP RULE and COMMENT ON RULE (Tom) -Add ALTER TRIGGER RENAME (Joe) -New current_schema() and current_schemas() inquiry functions (Tom) -Allow functions to return multiple rows (table functions) (Joe) -Make WITH optional in CREATE DATABASE, for consistency (Bruce) -Add object dependency tracking (Rod, Tom) -Add RESTRICT/CASCADE to DROP commands (Rod) -Add ALTER TABLE DROP for non-CHECK CONSTRAINT (Rod) -Autodestroy sequence on DROP of table with SERIAL (Rod) -Prevent column dropping if column is used by foreign key (Rod) -Automatically drop constraints/functions when object is dropped (Rod) -Add CREATE/DROP OPERATOR CLASS (Bill Studenmund, Tom) -Add ALTER TABLE DROP COLUMN (Christopher, Tom, Hiroshi) -Prevent inherited columns from being removed or renamed (Alvaro Herrera) -Fix foreign key constraints to not error on intermediate database states (Stephan) -Propagate column or table renaming to foreign key constraints -Add CREATE OR REPLACE VIEW (Gavin, Neil, Tom) -Add CREATE OR REPLACE RULE (Gavin, Neil, Tom) -Have rules execute alphabetically, returning more predictable values (Tom) -Triggers are now fired in alphabetical order (Tom) -Add /contrib/adddepend to handle pre-7.3 object dependencies (Rod) -Allow better casting when inserting/updating values (Tom) - - - - - Utility Commands - -Have COPY TO output embedded carriage returns and newlines as \r and \n (Tom) -Allow DELIMITER in COPY FROM to be 8-bit clean (Tatsuo) -Make pg_dump use ALTER TABLE ADD PRIMARY KEY, for performance (Neil) -Disable brackets in multistatement rules (Bruce) -Disable VACUUM from being called inside a function (Bruce) -Allow dropdb and other scripts to use identifiers with spaces (Bruce) -Restrict database comment changes to the current database -Allow comments on operators, independent of the underlying function (Rod) -Rollback SET commands in aborted transactions (Tom) -EXPLAIN now outputs as a query (Tom) -Display condition expressions and sort keys in EXPLAIN (Tom) -Add 'SET LOCAL var = value' to set configuration variables for a single transaction (Tom) -Allow ANALYZE to run in a transaction (Bruce) -Improve COPY syntax using new WITH clauses, keep backward compatibility (Bruce) -Fix pg_dump to consistently output tags in non-ASCII dumps (Bruce) -Make foreign key constraints clearer in dump file (Rod) -Add COMMENT ON CONSTRAINT (Rod) -Allow COPY TO/FROM to specify column names (Brent Verner) -Dump UNIQUE and PRIMARY KEY constraints as ALTER TABLE (Rod) -Have SHOW output a query result (Joe) -Generate failure on short COPY lines rather than pad NULLs (Neil) -Fix CLUSTER to preserve all table attributes (Alvaro Herrera) -New pg_settings table to view/modify GUC settings (Joe) -Add smart quoting, portability improvements to pg_dump output (Peter) -Dump serial columns out as SERIAL (Tom) -Enable large file support, >2G for pg_dump (Peter, Philip Warner, Bruce) -Disallow TRUNCATE on tables that are involved in referential constraints (Rod) -Have TRUNCATE also auto-truncate the toast table of the relation (Tom) -Add clusterdb utility that will auto-cluster an entire database based on previous CLUSTER operations (Alvaro Herrera) -Overhaul pg_dumpall (Peter) -Allow REINDEX of TOAST tables (Tom) -Implemented START TRANSACTION, per SQL99 (Neil) -Fix rare index corruption when a page split affects bulk delete (Tom) -Fix ALTER TABLE ... ADD COLUMN for inheritance (Alvaro Herrera) - - - - - Data Types and Functions - -Fix factorial(0) to return 1 (Bruce) -Date/time/timezone improvements (Thomas) -Fix for array slice extraction (Tom) -Fix extract/date_part to report proper microseconds for timestamp (Tatsuo) -Allow text_substr() and bytea_substr() to read TOAST values more efficiently (John Gray) -Add domain support (Rod) -Make WITHOUT TIME ZONE the default for TIMESTAMP and TIME data types (Thomas) -Allow alternate storage scheme of 64-bit integers for date/time types using --enable-integer-datetimes in configure (Thomas) -Make timezone(timestamptz) return timestamp rather than a string (Thomas) -Allow fractional seconds in date/time types for dates prior to 1BC (Thomas) -Limit timestamp data types to 6 decimal places of precision (Thomas) -Change timezone conversion functions from timetz() to timezone() (Thomas) -Add configuration variables datestyle and timezone (Tom) -Add OVERLAY(), which allows substitution of a substring in a string (Thomas) -Add SIMILAR TO (Thomas, Tom) -Add regular expression SUBSTRING(string FROM pat FOR escape) (Thomas) -Add LOCALTIME and LOCALTIMESTAMP functions (Thomas) -Add named composite types using CREATE TYPE typename AS (column) (Joe) -Allow composite type definition in the table alias clause (Joe) -Add new API to simplify creation of C language table functions (Joe) -Remove ODBC-compatible empty parentheses from calls to SQL99 functions for which these parentheses do not match the standard (Thomas) -Allow macaddr data type to accept 12 hex digits with no separators (Mike Wyer) -Add CREATE/DROP CAST (Peter) -Add IS DISTINCT FROM operator (Thomas) -Add SQL99 TREAT() function, synonym for CAST() (Thomas) -Add pg_backend_pid() to output backend pid (Bruce) -Add IS OF / IS NOT OF type predicate (Thomas) -Allow bit string constants without fully-specified length (Thomas) -Allow conversion between 8-byte integers and bit strings (Thomas) -Implement hex literal conversion to bit string literal (Thomas) -Allow table functions to appear in the FROM clause (Joe) -Increase maximum number of function parameters to 32 (Bruce) -No longer automatically create index for SERIAL column (Tom) -Add current_database() (Rod) -Fix cash_words() to not overflow buffer (Tom) -Add functions replace(), split_part(), to_hex() (Joe) -Fix LIKE for bytea as a right-hand argument (Joe) -Prevent crashes caused by SELECT cash_out(2) (Tom) -Fix to_char(1,'FM999.99') to return a period (Karel) -Fix trigger/type/language functions returning OPAQUE to return proper type (Tom) - - - - - Internationalization - -Add additional encodings: Korean (JOHAB), Thai (WIN874), Vietnamese (TCVN), Arabic (WIN1256), Simplified Chinese (GBK), Korean (UHC) (Eiji Tokuya) -Enable locale support by default (Peter) -Add locale variables (Peter) -Escape byes >= 0x7f for multibyte in PQescapeBytea/PQunescapeBytea (Tatsuo) -Add locale awareness to regular expression character classes -Enable multibyte support by default (Tatsuo) -Add GB18030 multibyte support (Bill Huang) -Add CREATE/DROP CONVERSION, allowing loadable encodings (Tatsuo, Kaori) -Add pg_conversion table (Tatsuo) -Add SQL99 CONVERT() function (Tatsuo) -pg_dumpall, pg_controldata, and pg_resetxlog now national-language aware (Peter) -New and updated translations - - - - - Server-side Languages - -Allow recursive SQL function (Peter) -Change PL/Tcl build to use configured compiler and Makefile.shlib (Peter) -Overhaul the PL/pgSQL FOUND variable to be more Oracle-compatible (Neil, Tom) -Allow PL/pgSQL to handle quoted identifiers (Tom) -Allow set-returning PL/pgSQL functions (Neil) -Make PL/pgSQL schema-aware (Joe) -Remove some memory leaks (Nigel J. Andrews, Tom) - - - - - psql - -Don't lowercase psql \connect database name for 7.2.0 compatibility (Tom) -Add psql \timing to time user queries (Greg Sabino Mullane) -Have psql \d show index information (Greg Sabino Mullane) -New psql \dD shows domains (Jonathan Eisler) -Allow psql to show rules on views (Paul ?) -Fix for psql variable substitution (Tom) -Allow psql \d to show temporary table structure (Tom) -Allow psql \d to show foreign keys (Rod) -Fix \? to honor \pset pager (Bruce) -Have psql reports its version number on startup (Tom) -Allow \copy to specify column names (Tom) - - - - - libpq - -Add ~/.pgpass to store host/user password combinations (Alvaro Herrera) -Add PQunescapeBytea() function to libpq (Patrick Welche) -Fix for sending large queries over non-blocking connections (Bernhard Herzog) -Fix for libpq using timers on Win9X (David Ford) -Allow libpq notify to handle servers with different-length identifiers (Tom) -Add libpq PQescapeString() and PQescapeBytea() to Windows (Bruce) -Fix for SSL with non-blocking connections (Jack Bates) -Add libpq connection timeout parameter (Denis A Ustimenko) - - - - - JDBC - -Allow JDBC to compile with JDK 1.4 (Dave) -Add JDBC 3 support (Barry) -Allows JDBC to set loglevel by adding ?loglevel=X to the connection URL (Barry) -Add Driver.info() message that prints out the version number (Barry) -Add updateable result sets (Raghu Nidagal, Dave) -Add support for callable statements (Paul Bethe) -Add query cancel capability -Add refresh row (Dave) -Fix MD5 encryption handling for multibyte servers (Jun Kawai) -Add support for prepared statements (Barry) - - - - - Miscellaneous Interfaces - -Fixed ECPG bug concerning octal numbers in single quotes (Michael) -Move src/interfaces/libpgeasy to http://gborg.postgresql.org (Marc, Bruce) -Improve Python interface (Elliot Lee, Andrew Johnson, Greg Copeland) -Add libpgtcl connection close event (Gerhard Hintermayer) -Move src/interfaces/libpq++ to http://gborg.postgresql.org (Marc, Bruce) -Move src/interfaces/odbc to http://gborg.postgresql.org (Marc) -Move src/interfaces/libpgeasy to http://gborg.postgresql.org (Marc, Bruce) -Move src/interfaces/perl5 to http://gborg.postgresql.org (Marc, Bruce) -Remove src/bin/pgaccess from main tree, now at http://www.pgaccess.org (Bruce) -Add pg_on_connection_loss command to libpgtcl (Gerhard Hintermayer, Tom) - - - - - Source Code - -Fix for parallel make (Peter) -AIX fixes for linking Tcl (Andreas Zeugswetter) -Allow PL/Perl to build under Cygwin (Jason Tishler) -Improve MIPS compiles (Peter, Oliver Elphick) -Require Autoconf version 2.53 (Peter) -Require readline and zlib by default in configure (Peter) -Allow Solaris to use Intimate Shared Memory (ISM), for performance (Scott Brunza, P.J. Josh Rovero) -Always enable syslog in compile, remove --enable-syslog option (Tatsuo) -Always enable multibyte in compile, remove --enable-multibyte option (Tatsuo) -Always enable locale in compile, remove --enable-locale option (Peter) -Fix for Win9x DLL creation (Magnus Naeslund) -Fix for link() usage by WAL code on Windows, BeOS (Jason Tishler) -Add sys/types.h to c.h, remove from main files (Peter, Bruce) -Fix AIX hang on SMP machines (Tomoyuki Niijima) -AIX SMP hang fix (Tomoyuki Niijima) -Fix pre-1970 date handling on newer glibc libraries (Tom) -Fix PowerPC SMP locking (Tom) -Prevent gcc -ffast-math from being used (Peter, Tom) -Bison >= 1.50 now required for developer builds -Kerberos 5 support now builds with Heimdal (Peter) -Add appendix in the User's Guide which lists SQL features (Thomas) -Improve loadable module linking to use RTLD_NOW (Tom) -New error levels WARNING, INFO, LOG, DEBUG[1-5] (Bruce) -New src/port directory holds replaced libc functions (Peter, Bruce) -New pg_namespace system catalog for schemas (Tom) -Add pg_class.relnamespace for schemas (Tom) -Add pg_type.typnamespace for schemas (Tom) -Add pg_proc.pronamespace for schemas (Tom) -Restructure aggregates to have pg_proc entries (Tom) -System relations now have their own namespace, pg_* test not required (Fernando Nasser) -Rename TOAST index names to be *_index rather than *_idx (Neil) -Add namespaces for operators, opclasses (Tom) -Add additional checks to server control file (Thomas) -New Polish FAQ (Marcin Mazurek) -Add Posix semaphore support (Tom) -Document need for reindex (Bruce) -Rename some internal identifiers to simplify Windows compile (Jan, Katherine Ward) -Add documentation on computing disk space (Bruce) -Remove KSQO from GUC (Bruce) -Fix memory leak in rtree (Kenneth Been) -Modify a few error messages for consistency (Bruce) -Remove unused system table columns (Peter) -Make system columns NOT NULL where appropriate (Tom) -Clean up use of sprintf in favor of snprintf() (Neil, Jukka Holappa) -Remove OPAQUE and create specific subtypes (Tom) -Cleanups in array internal handling (Joe, Tom) -Disallow pg_atoi('') (Bruce) -Remove parameter wal_files because WAL files are now recycled (Bruce) -Add version numbers to heap pages (Tom) - - - - - Contrib - -Allow inet arrays in /contrib/array (Neil) -GiST fixes (Teodor Sigaev, Neil) -Upgrade /contrib/mysql -Add /contrib/dbsize which shows table sizes without vacuum (Peter) -Add /contrib/intagg, integer aggregator routines (mlw) -Improve /contrib/oid2name (Neil, Bruce) -Improve /contrib/tsearch (Oleg, Teodor Sigaev) -Cleanups of /contrib/rserver (Alexey V. Borzov) -Update /contrib/oracle conversion utility (Gilles Darold) -Update /contrib/dblink (Joe) -Improve options supported by /contrib/vacuumlo (Mario Weilguni) -Improvements to /contrib/intarray (Oleg, Teodor Sigaev, Andrey Oktyabrski) -Add /contrib/reindexdb utility (Shaun Thomas) -Add indexing to /contrib/isbn_issn (Dan Weston) -Add /contrib/dbmirror (Steven Singer) -Improve /contrib/pgbench (Neil) -Add /contrib/tablefunc table function examples (Joe) -Add /contrib/ltree data type for tree structures (Teodor Sigaev, Oleg Bartunov) -Move /contrib/pg_controldata, pg_resetxlog into main tree (Bruce) -Fixes to /contrib/cube (Bruno Wolff) -Improve /contrib/fulltextindex (Christopher) - - - - - - - - Release 7.2.8 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 7.2.7, including one - security-related issue. - - - - Migration to Version 7.2.8 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Additional buffer overrun checks in plpgsql -(Neil) -Fix pg_dump to dump index names and trigger names containing -% correctly (Neil) -Prevent to_char(interval) from dumping core for -month-related formats -Fix contrib/pgcrypto for newer OpenSSL builds -(Marko Kreen) - - - - - - - Release 7.2.7 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 7.2.6, including several - security-related issues. - - - - Migration to Version 7.2.7 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Fix display of negative intervals in SQL and GERMAN -datestyles - - - - - - - Release 7.2.6 - - - Release date: - 2004-10-22 - - - - This release contains a variety of fixes from 7.2.5. - - - - - Migration to Version 7.2.6 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Repair possible failure to update hint bits on disk - -Under rare circumstances this oversight could lead to -could not access transaction status failures, which qualifies -it as a potential-data-loss bug. - -Ensure that hashed outer join does not miss tuples - -Very large left joins using a hash join plan could fail to output unmatched -left-side rows given just the right data distribution. - -Disallow running pg_ctl as root - -This is to guard against any possible security issues. - -Avoid using temp files in /tmp in make_oidjoins_check - -This has been reported as a security issue, though it's hardly worthy of -concern since there is no reason for non-developers to use this script anyway. - -Update to newer versions of Bison - - - - - - - Release 7.2.5 - - - Release date: - 2004-08-16 - - - - This release contains a variety of fixes from 7.2.4. - - - - - Migration to Version 7.2.5 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Prevent possible loss of committed transactions during crash - -Due to insufficient interlocking between transaction commit and checkpointing, -it was possible for transactions committed just before the most recent -checkpoint to be lost, in whole or in part, following a database crash and -restart. This is a serious bug that has existed -since PostgreSQL 7.1. - -Fix corner case for btree search in parallel with first root page split -Fix buffer overrun in to_ascii (Guido Notari) -Fix core dump in deadlock detection on machines where char is unsigned -Fix failure to respond to pg_ctl stop -m fast after Async_NotifyHandler runs -Repair memory leaks in pg_dump -Avoid conflict with system definition of isblank() function or macro - - - - - - Release 7.2.4 - - - Release date: - 2003-01-30 - - - - This release contains a variety of fixes for version 7.2.3, - including fixes to prevent possible data loss. - - - - Migration to Version 7.2.4 - - - A dump/restore is not required for those - running version 7.2.*. - - - - - Changes - - -Fix some additional cases of VACUUM "No one parent tuple was found" error -Prevent VACUUM from being called inside a function (Bruce) -Ensure pg_clog updates are sync'd to disk before marking checkpoint complete -Avoid integer overflow during large hash joins -Make GROUP commands work when pg_group.grolist is large enough to be toasted -Fix errors in datetime tables; some timezone names weren't being recognized -Fix integer overflows in circle_poly(), path_encode(), path_add() (Neil) -Repair long-standing logic errors in lseg_eq(), lseg_ne(), lseg_center() - - - - - - - Release 7.2.3 - - - Release date: - 2002-10-01 - - - - This release contains a variety of fixes for version 7.2.2, - including fixes to prevent possible data loss. - - - - Migration to Version 7.2.3 - - - A dump/restore is not required for those - running version 7.2.*. - - - - - Changes - - -Prevent possible compressed transaction log loss (Tom) -Prevent non-superuser from increasing most recent vacuum info (Tom) -Handle pre-1970 date values in newer versions of glibc (Tom) -Fix possible hang during server shutdown -Prevent spinlock hangs on SMP PPC machines (Tomoyuki Niijima) -Fix pg_dump to properly dump FULL JOIN USING (Tom) - - - - - - - Release 7.2.2 - - - Release date: - 2002-08-23 - - - - This release contains a variety of fixes for version 7.2.1. - - - - Migration to Version 7.2.2 - - - A dump/restore is not required for those - running version 7.2.*. - - - - - Changes - - -Allow EXECUTE of "CREATE TABLE AS ... SELECT" in PL/pgSQL (Tom) -Fix for compressed transaction log id wraparound (Tom) -Fix PQescapeBytea/PQunescapeBytea so that they handle bytes > 0x7f (Tatsuo) -Fix for psql and pg_dump crashing when invoked with non-existent long options (Tatsuo) -Fix crash when invoking geometric operators (Tom) -Allow OPEN cursor(args) (Tom) -Fix for rtree_gist index build (Teodor) -Fix for dumping user-defined aggregates (Tom) -contrib/intarray fixes (Oleg) -Fix for complex UNION/EXCEPT/INTERSECT queries using parens (Tom) -Fix to pg_convert (Tatsuo) -Fix for crash with long DATA strings (Thomas, Neil) -Fix for repeat(), lpad(), rpad() and long strings (Neil) - - - - - - - Release 7.2.1 - - - Release date: - 2002-03-21 - - - - This release contains a variety of fixes for version 7.2. - - - - Migration to Version 7.2.1 - - - A dump/restore is not required for those - running version 7.2. - - - - - Changes - - -Ensure that sequence counters do not go backwards after a crash (Tom) -Fix pgaccess kanji-conversion key binding (Tatsuo) -Optimizer improvements (Tom) -Cash I/O improvements (Tom) -New Russian FAQ -Compile fix for missing AuthBlockSig (Heiko) -Additional time zones and time zone fixes (Thomas) -Allow psql \connect to handle mixed case database and user names (Tom) -Return proper OID on command completion even with ON INSERT rules (Tom) -Allow COPY FROM to use 8-bit DELIMITERS (Tatsuo) -Fix bug in extract/date_part for milliseconds/microseconds (Tatsuo) -Improve handling of multiple UNIONs with different lengths (Tom) -contrib/btree_gist improvements (Teodor Sigaev) -contrib/tsearch dictionary improvements, see README.tsearch for an additional installation step (Thomas T. Thai, Teodor Sigaev) -Fix for array subscripts handling (Tom) -Allow EXECUTE of "CREATE TABLE AS ... SELECT" in PL/pgSQL (Tom) - - - - - - - Release 7.2 - - - Release date: - 2002-02-04 - - - - Overview - - - This release improves PostgreSQL for use in - high-volume applications. - - - - Major changes in this release: - - - - - VACUUM - - - Vacuuming no longer locks tables, thus allowing normal user - access during the vacuum. A new VACUUM FULL - command does old-style vacuum by locking the table and - shrinking the on-disk copy of the table. - - - - - - Transactions - - - There is no longer a problem with installations that exceed - four billion transactions. - - - - - - OIDs - - - OIDs are now optional. Users can now create tables without - OIDs for cases where OID usage is excessive. - - - - - - Optimizer - - - The system now computes histogram column statistics during - ANALYZE, allowing much better optimizer choices. - - - - - - Security - - - A new MD5 encryption option allows more secure storage and - transfer of passwords. A new Unix-domain socket - authentication option is available on Linux and BSD systems. - - - - - - Statistics - - - Administrators can use the new table access statistics module - to get fine-grained information about table and index usage. - - - - - - Internationalization - - - Program and library messages can now be displayed in several - languages. - - - - - - - - - Migration to Version 7.2 - - - A dump/restore using pg_dump is required for - those wishing to migrate data from any previous release. - - - - Observe the following incompatibilities: - - - - - - The semantics of the VACUUM command have - changed in this release. You might wish to update your - maintenance procedures accordingly. - - - - - - In this release, comparisons using = NULL - will always return false (or NULL, more precisely). Previous - releases automatically transformed this syntax to IS - NULL. The old behavior can be re-enabled using a - postgresql.conf parameter. - - - - - - The pg_hba.conf and pg_ident.conf - configuration is now only reloaded after receiving a - SIGHUP signal, not with each connection. - - - - - - The function octet_length() now returns the uncompressed data length. - - - - - - The date/time value 'current' is no longer - available. You will need to rewrite your applications. - - - - - - The timestamp(), time(), - and interval() functions are no longer - available. Instead of timestamp(), use - timestamp 'string' or CAST. - - - - - - - The SELECT ... LIMIT #,# syntax will be removed - in the next release. You should change your queries to use - separate LIMIT and OFFSET clauses, e.g. LIMIT 10 OFFSET - 20. - - - - - Changes - - - Server Operation - -Create temporary files in a separate directory (Bruce) -Delete orphaned temporary files on postmaster startup (Bruce) -Added unique indexes to some system tables (Tom) -System table operator reorganization (Oleg Bartunov, Teodor Sigaev, Tom) -Renamed pg_log to pg_clog (Tom) -Enable SIGTERM, SIGQUIT to kill backends (Jan) -Removed compile-time limit on number of backends (Tom) -Better cleanup for semaphore resource failure (Tatsuo, Tom) -Allow safe transaction ID wraparound (Tom) -Removed OIDs from some system tables (Tom) -Removed "triggered data change violation" error check (Tom) -SPI portal creation of prepared/saved plans (Jan) -Allow SPI column functions to work for system columns (Tom) -Long value compression improvement (Tom) -Statistics collector for table, index access (Jan) -Truncate extra-long sequence names to a reasonable value (Tom) -Measure transaction times in milliseconds (Thomas) -Fix TID sequential scans (Hiroshi) -Superuser ID now fixed at 1 (Peter E) -New pg_ctl "reload" option (Tom) - - - - - Performance - -Optimizer improvements (Tom) -New histogram column statistics for optimizer (Tom) -Reuse write-ahead log files rather than discarding them (Tom) -Cache improvements (Tom) -IS NULL, IS NOT NULL optimizer improvement (Tom) -Improve lock manager to reduce lock contention (Tom) -Keep relcache entries for index access support functions (Tom) -Allow better selectivity with NaN and infinities in NUMERIC (Tom) -R-tree performance improvements (Kenneth Been) -B-tree splits more efficient (Tom) - - - - - Privileges - -Change UPDATE, DELETE privileges to be distinct (Peter E) -New REFERENCES, TRIGGER privileges (Peter E) -Allow GRANT/REVOKE to/from more than one user at a time (Peter E) -New has_table_privilege() function (Joe Conway) -Allow non-superuser to vacuum database (Tom) -New SET SESSION AUTHORIZATION command (Peter E) -Fix bug in privilege modifications on newly created tables (Tom) -Disallow access to pg_statistic for non-superuser, add user-accessible views (Tom) - - - - - Client Authentication - -Fork postmaster before doing authentication to prevent hangs (Peter E) -Add ident authentication over Unix domain sockets on Linux, *BSD (Helge Bahmann, Oliver Elphick, Teodor Sigaev, Bruce) -Add a password authentication method that uses MD5 encryption (Bruce) -Allow encryption of stored passwords using MD5 (Bruce) -PAM authentication (Dominic J. Eidson) -Load pg_hba.conf and pg_ident.conf only on startup and SIGHUP (Bruce) - - - - - Server Configuration - -Interpretation of some time zone abbreviations as Australian rather than North American now settable at run time (Bruce) -New parameter to set default transaction isolation level (Peter E) -New parameter to enable conversion of "expr = NULL" into "expr IS NULL", off by default (Peter E) -New parameter to control memory usage by VACUUM (Tom) -New parameter to set client authentication timeout (Tom) -New parameter to set maximum number of open files (Tom) - - - - - Queries - -Statements added by INSERT rules now execute after the INSERT (Jan) -Prevent unadorned relation names in target list (Bruce) -NULLs now sort after all normal values in ORDER BY (Tom) -New IS UNKNOWN, IS NOT UNKNOWN Boolean tests (Tom) -New SHARE UPDATE EXCLUSIVE lock mode (Tom) -New EXPLAIN ANALYZE command that shows run times and row counts (Martijn van Oosterhout) -Fix problem with LIMIT and subqueries (Tom) -Fix for LIMIT, DISTINCT ON pushed into subqueries (Tom) -Fix nested EXCEPT/INTERSECT (Tom) - - - - - Schema Manipulation - -Fix SERIAL in temporary tables (Bruce) -Allow temporary sequences (Bruce) -Sequences now use int8 internally (Tom) -New SERIAL8 creates int8 columns with sequences, default still SERIAL4 (Tom) -Make OIDs optional using WITHOUT OIDS (Tom) -Add %TYPE syntax to CREATE TYPE (Ian Lance Taylor) -Add ALTER TABLE / DROP CONSTRAINT for CHECK constraints (Christopher Kings-Lynne) -New CREATE OR REPLACE FUNCTION to alter existing function (preserving the function OID) (Gavin Sherry) -Add ALTER TABLE / ADD [ UNIQUE | PRIMARY ] (Christopher Kings-Lynne) -Allow column renaming in views -Make ALTER TABLE / RENAME COLUMN update column names of indexes (Brent Verner) -Fix for ALTER TABLE / ADD CONSTRAINT ... CHECK with inherited tables (Stephan Szabo) -ALTER TABLE RENAME update foreign-key trigger arguments correctly (Brent Verner) -DROP AGGREGATE and COMMENT ON AGGREGATE now accept an aggtype (Tom) -Add automatic return type data casting for SQL functions (Tom) -Allow GiST indexes to handle NULLs and multikey indexes (Oleg Bartunov, Teodor Sigaev, Tom) -Enable partial indexes (Martijn van Oosterhout) - - - - - Utility Commands - -Add RESET ALL, SHOW ALL (Marko Kreen) -CREATE/ALTER USER/GROUP now allow options in any order (Vince) -Add LOCK A, B, C functionality (Neil Padgett) -New ENCRYPTED/UNENCRYPTED option to CREATE/ALTER USER (Bruce) -New light-weight VACUUM does not lock table; old semantics are available as VACUUM FULL (Tom) -Disable COPY TO/FROM on views (Bruce) -COPY DELIMITERS string must be exactly one character (Tom) -VACUUM warning about index tuples fewer than heap now only appears when appropriate (Martijn van Oosterhout) -Fix privilege checks for CREATE INDEX (Tom) -Disallow inappropriate use of CREATE/DROP INDEX/TRIGGER/VIEW (Tom) - - - - - Data Types and Functions - -SUM(), AVG(), COUNT() now uses int8 internally for speed (Tom) -Add convert(), convert2() (Tatsuo) -New function bit_length() (Peter E) -Make the "n" in CHAR(n)/VARCHAR(n) represents letters, not bytes (Tatsuo) -CHAR(), VARCHAR() now reject strings that are too long (Peter E) -BIT VARYING now rejects bit strings that are too long (Peter E) -BIT now rejects bit strings that do not match declared size (Peter E) -INET, CIDR text conversion functions (Alex Pilosov) -INET, CIDR operators << and <<= indexable (Alex Pilosov) -Bytea \### now requires valid three digit octal number -Bytea comparison improvements, now supports =, <>, >, >=, <, and <= -Bytea now supports B-tree indexes -Bytea now supports LIKE, LIKE...ESCAPE, NOT LIKE, NOT LIKE...ESCAPE -Bytea now supports concatenation -New bytea functions: position, substring, trim, btrim, and length -New encode() function mode, "escaped", converts minimally escaped bytea to/from text -Add pg_database_encoding_max_length() (Tatsuo) -Add pg_client_encoding() function (Tatsuo) -now() returns time with millisecond precision (Thomas) -New TIMESTAMP WITHOUT TIMEZONE data type (Thomas) -Add ISO date/time specification with "T", yyyy-mm-ddThh:mm:ss (Thomas) -New xid/int comparison functions (Hiroshi) -Add precision to TIME, TIMESTAMP, and INTERVAL data types (Thomas) -Modify type coercion logic to attempt binary-compatible functions first (Tom) -New encode() function installed by default (Marko Kreen) -Improved to_*() conversion functions (Karel Zak) -Optimize LIKE/ILIKE when using single-byte encodings (Tatsuo) -New functions in contrib/pgcrypto: crypt(), hmac(), encrypt(), gen_salt() (Marko Kreen) -Correct description of translate() function (Bruce) -Add INTERVAL argument for SET TIME ZONE (Thomas) -Add INTERVAL YEAR TO MONTH (etc.) syntax (Thomas) -Optimize length functions when using single-byte encodings (Tatsuo) -Fix path_inter, path_distance, path_length, dist_ppath to handle closed paths (Curtis Barrett, Tom) -octet_length(text) now returns non-compressed length (Tatsuo, Bruce) -Handle "July" full name in date/time literals (Greg Sabino Mullane) -Some datatype() function calls now evaluated differently -Add support for Julian and ISO time specifications (Thomas) - - - - - Internationalization - -National language support in psql, pg_dump, libpq, and server (Peter E) -Message translations in Chinese (simplified, traditional), Czech, French, German, Hungarian, Russian, Swedish (Peter E, Serguei A. Mokhov, Karel Zak, Weiping He, Zhenbang Wei, Kovacs Zoltan) -Make trim, ltrim, rtrim, btrim, lpad, rpad, translate multibyte aware (Tatsuo) -Add LATIN5,6,7,8,9,10 support (Tatsuo) -Add ISO 8859-5,6,7,8 support (Tatsuo) -Correct LATIN5 to mean ISO-8859-9, not ISO-8859-5 (Tatsuo) -Make mic2ascii() non-ASCII aware (Tatsuo) -Reject invalid multibyte character sequences (Tatsuo) - - - - - <application>PL/pgSQL</application> - -Now uses portals for SELECT loops, allowing huge result sets (Jan) -CURSOR and REFCURSOR support (Jan) -Can now return open cursors (Jan) -Add ELSEIF (Klaus Reger) -Improve PL/pgSQL error reporting, including location of error (Tom) -Allow IS or FOR key words in cursor declaration, for compatibility (Bruce) -Fix for SELECT ... FOR UPDATE (Tom) -Fix for PERFORM returning multiple rows (Tom) -Make PL/pgSQL use the server's type coercion code (Tom) -Memory leak fix (Jan, Tom) -Make trailing semicolon optional (Tom) - - - - - PL/Perl - -New untrusted PL/Perl (Alex Pilosov) -PL/Perl is now built on some platforms even if libperl is not shared (Peter E) - - - - - PL/Tcl - -Now reports errorInfo (Vsevolod Lobko) -Add spi_lastoid function (bob@redivi.com) - - - - - PL/Python - -...is new (Andrew Bosma) - - - - - <application>psql</application> - -\d displays indexes in unique, primary groupings (Christopher Kings-Lynne) -Allow trailing semicolons in backslash commands (Greg Sabino Mullane) -Read password from /dev/tty if possible -Force new password prompt when changing user and database (Tatsuo, Tom) -Format the correct number of columns for Unicode (Patrice) - - - - - <application>libpq</application> - -New function PQescapeString() to escape quotes in command strings (Florian Weimer) -New function PQescapeBytea() escapes binary strings for use as SQL string literals - - - - - JDBC - -Return OID of INSERT (Ken K) -Handle more data types (Ken K) -Handle single quotes and newlines in strings (Ken K) -Handle NULL variables (Ken K) -Fix for time zone handling (Barry Lind) -Improved Druid support -Allow eight-bit characters with non-multibyte server (Barry Lind) -Support BIT, BINARY types (Ned Wolpert) -Reduce memory usage (Michael Stephens, Dave Cramer) -Update DatabaseMetaData (Peter E) -Add DatabaseMetaData.getCatalogs() (Peter E) -Encoding fixes (Anders Bengtsson) -Get/setCatalog methods (Jason Davies) -DatabaseMetaData.getColumns() now returns column defaults (Jason Davies) -DatabaseMetaData.getColumns() performance improvement (Jeroen van Vianen) -Some JDBC1 and JDBC2 merging (Anders Bengtsson) -Transaction performance improvements (Barry Lind) -Array fixes (Greg Zoller) -Serialize addition -Fix batch processing (Rene Pijlman) -ExecSQL method reorganization (Anders Bengtsson) -GetColumn() fixes (Jeroen van Vianen) -Fix isWriteable() function (Rene Pijlman) -Improved passage of JDBC2 conformance tests (Rene Pijlman) -Add bytea type capability (Barry Lind) -Add isNullable() (Rene Pijlman) -JDBC date/time test suite fixes (Liam Stewart) -Fix for SELECT 'id' AS xxx FROM table (Dave Cramer) -Fix DatabaseMetaData to show precision properly (Mark Lillywhite) -New getImported/getExported keys (Jason Davies) -MD5 password encryption support (Jeremy Wohl) -Fix to actually use type cache (Ned Wolpert) - - - - - ODBC - -Remove query size limit (Hiroshi) -Remove text field size limit (Hiroshi) -Fix for SQLPrimaryKeys in multibyte mode (Hiroshi) -Allow ODBC procedure calls (Hiroshi) -Improve boolean handing (Aidan Mountford) -Most configuration options now settable via DSN (Hiroshi) -Multibyte, performance fixes (Hiroshi) -Allow driver to be used with iODBC or unixODBC (Peter E) -MD5 password encryption support (Bruce) -Add more compatibility functions to odbc.sql (Peter E) - - - - - <application>ECPG</application> - -EXECUTE ... INTO implemented (Christof Petig) -Multiple row descriptor support (e.g. CARDINALITY) (Christof Petig) -Fix for GRANT parameters (Lee Kindness) -Fix INITIALLY DEFERRED bug -Various bug fixes (Michael, Christof Petig) -Auto allocation for indicator variable arrays (int *ind_p=NULL) -Auto allocation for string arrays (char **foo_pp=NULL) -ECPGfree_auto_mem fixed -All function names with external linkage are now prefixed by ECPG -Fixes for arrays of structures (Michael) - - - - - Misc. Interfaces - -Python fix fetchone() (Gerhard Haring) -Use UTF, Unicode in Tcl where appropriate (Vsevolod Lobko, Reinhard Max) -Add Tcl COPY TO/FROM (ljb) -Prevent output of default index op class in pg_dump (Tom) -Fix libpgeasy memory leak (Bruce) - - - - - Build and Install - -Configure, dynamic loader, and shared library fixes (Peter E) -Fixes in QNX 4 port (Bernd Tegge) -Fixes in Cygwin and Windows ports (Jason Tishler, Gerhard Haring, Dmitry Yurtaev, Darko Prenosil, Mikhail Terekhov) -Fix for Windows socket communication failures (Magnus, Mikhail Terekhov) -Hurd compile fix (Oliver Elphick) -BeOS fixes (Cyril Velter) -Remove configure --enable-unicode-conversion, now enabled by multibyte (Tatsuo) -AIX fixes (Tatsuo, Andreas) -Fix parallel make (Peter E) -Install SQL language manual pages into OS-specific directories (Peter E) -Rename config.h to pg_config.h (Peter E) -Reorganize installation layout of header files (Peter E) - - - - - Source Code - -Remove SEP_CHAR (Bruce) -New GUC hooks (Tom) -Merge GUC and command line handling (Marko Kreen) -Remove EXTEND INDEX (Martijn van Oosterhout, Tom) -New pgjindent utility to indent java code (Bruce) -Remove define of true/false when compiling under C++ (Leandro Fanzone, Tom) -pgindent fixes (Bruce, Tom) -Replace strcasecmp() with strcmp() where appropriate (Peter E) -Dynahash portability improvements (Tom) -Add 'volatile' usage in spinlock structures -Improve signal handling logic (Tom) - - - - - Contrib - -New contrib/rtree_gist (Oleg Bartunov, Teodor Sigaev) -New contrib/tsearch full-text indexing (Oleg, Teodor Sigaev) -Add contrib/dblink for remote database access (Joe Conway) -contrib/ora2pg Oracle conversion utility (Gilles Darold) -contrib/xml XML conversion utility (John Gray) -contrib/fulltextindex fixes (Christopher Kings-Lynne) -New contrib/fuzzystrmatch with levenshtein and metaphone, soundex merged (Joe Conway) -Add contrib/intarray boolean queries, binary search, fixes (Oleg Bartunov) -New pg_upgrade utility (Bruce) -Add new pg_resetxlog options (Bruce, Tom) - - - - - - - - Release 7.1.3 - - - Release date: - 2001-08-15 - - - - Migration to Version 7.1.3 - - - A dump/restore is not required for those running - 7.1.X. - - - - - Changes - - - -Remove unused WAL segments of large transactions (Tom) -Multiaction rule fix (Tom) -PL/pgSQL memory allocation fix (Jan) -VACUUM buffer fix (Tom) -Regression test fixes (Tom) -pg_dump fixes for GRANT/REVOKE/comments on views, user-defined types (Tom) -Fix subselects with DISTINCT ON or LIMIT (Tom) -BeOS fix -Disable COPY TO/FROM a view (Tom) -Cygwin build (Jason Tishler) - - - - - - - - Release 7.1.2 - - - Release date: - 2001-05-11 - - - - This has one fix from 7.1.1. - - - - - Migration to Version 7.1.2 - - - A dump/restore is not required for those running - 7.1.X. - - - - - Changes - - - -Fix PL/pgSQL SELECTs when returning no rows -Fix for psql backslash core dump -Referential integrity privilege fix -Optimizer fixes -pg_dump cleanups - - - - - - - - Release 7.1.1 - - - Release date: - 2001-05-05 - - - - This has a variety of fixes from 7.1. - - - - - Migration to Version 7.1.1 - - - A dump/restore is not required for those running - 7.1. - - - - - Changes - - - -Fix for numeric MODULO operator (Tom) -pg_dump fixes (Philip) -pg_dump can dump 7.0 databases (Philip) -readline 4.2 fixes (Peter E) -JOIN fixes (Tom) -AIX, MSWIN, VAX, N32K fixes (Tom) -Multibytes fixes (Tom) -Unicode fixes (Tatsuo) -Optimizer improvements (Tom) -Fix for whole rows in functions (Tom) -Fix for pg_ctl and option strings with spaces (Peter E) -ODBC fixes (Hiroshi) -EXTRACT can now take string argument (Thomas) -Python fixes (Darcy) - - - - - - - - Release 7.1 - - - Release date: - 2001-04-13 - - - - This release focuses on removing limitations that have existed in the - PostgreSQL code for many years. - - - - Major changes in this release: - - - - - - Write-ahead Log (WAL) - - - -To maintain database consistency in case of an operating system crash, -previous releases of PostgreSQL have forced -all data modifications to disk before each transaction commit. With -WAL, only one log file must be flushed to disk, greatly improving -performance. If you have been using -F in previous releases to -disable disk flushes, you might want to consider discontinuing its use. - - - - - - - TOAST - - - - TOAST - Previous releases had a compiled-in row length limit, -typically 8k - 32k. This limit made storage of long text fields -difficult. With TOAST, long rows of any length can be stored with good -performance. - - - - - - - Outer Joins - - - -We now support outer joins. The UNION/NOT IN -workaround for outer joins is no longer required. We use the SQL92 -outer join syntax. - - - - - - - Function Manager - - - -The previous C function manager did not -handle null values properly, nor did it support 64-bit CPU's (Alpha). The new -function manager does. You can continue using your old custom -functions, but you might want to rewrite them in the future to use the new -function manager call interface. - - - - - - - Complex Queries - - - -A large number of complex queries that were -unsupported in previous releases now work. Many combinations of views, -aggregates, UNION, LIMIT, cursors, subqueries, and inherited tables -now work properly. Inherited tables are now accessed by default. -Subqueries in FROM are now supported. - - - - - - - - Migration to Version 7.1 - - - A dump/restore using pg_dump is required for those wishing to migrate - data from any previous release. - - - - - Changes - - - -Bug Fixes ---------- -Many multibyte/Unicode/locale fixes (Tatsuo and others) -More reliable ALTER TABLE RENAME (Tom) -Kerberos V fixes (David Wragg) -Fix for INSERT INTO...SELECT where targetlist has subqueries (Tom) -Prompt username/password on standard error (Bruce) -Large objects inv_read/inv_write fixes (Tom) -Fixes for to_char(), to_date(), to_ascii(), and to_timestamp() (Karel, - Daniel Baldoni) -Prevent query expressions from leaking memory (Tom) -Allow UPDATE of arrays elements (Tom) -Wake up lock waiters during cancel (Hiroshi) -Fix rare cursor crash when using hash join (Tom) -Fix for DROP TABLE/INDEX in rolled-back transaction (Hiroshi) -Fix psql crash from \l+ if MULTIBYTE enabled (Peter E) -Fix truncation of rule names during CREATE VIEW (Ross Reedstrom) -Fix PL/Perl (Alex Kapranoff) -Disallow LOCK on views (Mark Hollomon) -Disallow INSERT/UPDATE/DELETE on views (Mark Hollomon) -Disallow DROP RULE, CREATE INDEX, TRUNCATE on views (Mark Hollomon) -Allow PL/pgSQL accept non-ASCII identifiers (Tatsuo) -Allow views to proper handle GROUP BY, aggregates, DISTINCT (Tom) -Fix rare failure with TRUNCATE command (Tom) -Allow UNION/INTERSECT/EXCEPT to be used with ALL, subqueries, views, - DISTINCT, ORDER BY, SELECT...INTO (Tom) -Fix parser failures during aborted transactions (Tom) -Allow temporary relations to properly clean up indexes (Bruce) -Fix VACUUM problem with moving rows in same page (Tom) -Modify pg_dump to better handle user-defined items in template1 (Philip) -Allow LIMIT in VIEW (Tom) -Require cursor FETCH to honor LIMIT (Tom) -Allow PRIMARY/FOREIGN Key definitions on inherited columns (Stephan) -Allow ORDER BY, LIMIT in subqueries (Tom) -Allow UNION in CREATE RULE (Tom) -Make ALTER/DROP TABLE rollback-able (Vadim, Tom) -Store initdb collation in pg_control so collation cannot be changed (Tom) -Fix INSERT...SELECT with rules (Tom) -Fix FOR UPDATE inside views and subselects (Tom) -Fix OVERLAPS operators conform to SQL92 spec regarding NULLs (Tom) -Fix lpad() and rpad() to handle length less than input string (Tom) -Fix use of NOTIFY in some rules (Tom) -Overhaul btree code (Tom) -Fix NOT NULL use in PL/pgSQL variables (Tom) -Overhaul GIST code (Oleg) -Fix CLUSTER to preserve constraints and column default (Tom) -Improved deadlock detection handling (Tom) -Allow multiple SERIAL columns in a table (Tom) -Prevent occasional index corruption (Vadim) - -Enhancements ------------- -Add OUTER JOINs (Tom) -Function manager overhaul (Tom) -Allow ALTER TABLE RENAME on indexes (Tom) -Improve CLUSTER (Tom) -Improve ps status display for more platforms (Peter E, Marc) -Improve CREATE FUNCTION failure message (Ross) -JDBC improvements (Peter, Travis Bauer, Christopher Cain, William Webber, - Gunnar) -Grand Unified Configuration scheme/GUC. Many options can now be set in - data/postgresql.conf, postmaster/postgres flags, or SET commands (Peter E) -Improved handling of file descriptor cache (Tom) -New warning code about auto-created table alias entries (Bruce) -Overhaul initdb process (Tom, Peter E) -Overhaul of inherited tables; inherited tables now accessed by default; - new ONLY key word prevents it (Chris Bitmead, Tom) -ODBC cleanups/improvements (Nick Gorham, Stephan Szabo, Zoltan Kovacs, - Michael Fork) -Allow renaming of temp tables (Tom) -Overhaul memory manager contexts (Tom) -pg_dumpall uses CREATE USER or CREATE GROUP rather using COPY (Peter E) -Overhaul pg_dump (Philip Warner) -Allow pg_hba.conf secondary password file to specify only username (Peter E) -Allow TEMPORARY or TEMP key word when creating temporary tables (Bruce) -New memory leak checker (Karel) -New SET SESSION CHARACTERISTICS (Thomas) -Allow nested block comments (Thomas) -Add WITHOUT TIME ZONE type qualifier (Thomas) -New ALTER TABLE ADD CONSTRAINT (Stephan) -Use NUMERIC accumulators for INTEGER aggregates (Tom) -Overhaul aggregate code (Tom) -New VARIANCE and STDDEV() aggregates -Improve dependency ordering of pg_dump (Philip) -New pg_restore command (Philip) -New pg_dump tar output option (Philip) -New pg_dump of large objects (Philip) -New ESCAPE option to LIKE (Thomas) -New case-insensitive LIKE - ILIKE (Thomas) -Allow functional indexes to use binary-compatible type (Tom) -Allow SQL functions to be used in more contexts (Tom) -New pg_config utility (Peter E) -New PL/pgSQL EXECUTE command which allows dynamic SQL and utility statements - (Jan) -New PL/pgSQL GET DIAGNOSTICS statement for SPI value access (Jan) -New quote_identifiers() and quote_literal() functions (Jan) -New ALTER TABLE table OWNER TO user command (Mark Hollomon) -Allow subselects in FROM, i.e. FROM (SELECT ...) [AS] alias (Tom) -Update PyGreSQL to version 3.1 (D'Arcy) -Store tables as files named by OID (Vadim) -New SQL function setval(seq,val,bool) for use in pg_dump (Philip) -Require DROP VIEW to remove views, no DROP TABLE (Mark) -Allow DROP VIEW view1, view2 (Mark) -Allow multiple objects in DROP INDEX, DROP RULE, and DROP TYPE (Tom) -Allow automatic conversion to/from Unicode (Tatsuo, Eiji) -New /contrib/pgcrypto hashing functions (Marko Kreen) -New pg_dumpall --globals-only option (Peter E) -New CHECKPOINT command for WAL which creates new WAL log file (Vadim) -New AT TIME ZONE syntax (Thomas) -Allow location of Unix domain socket to be configurable (David J. MacKenzie) -Allow postmaster to listen on a specific IP address (David J. MacKenzie) -Allow socket path name to be specified in hostname by using leading slash - (David J. MacKenzie) -Allow CREATE DATABASE to specify template database (Tom) -New utility to convert MySQL schema dumps to SQL92 and PostgreSQL (Thomas) -New /contrib/rserv replication toolkit (Vadim) -New file format for COPY BINARY (Tom) -New /contrib/oid2name to map numeric files to table names (B Palmer) -New "idle in transaction" ps status message (Marc) -Update to pgaccess 0.98.7 (Constantin Teodorescu) -pg_ctl now defaults to -w (wait) on shutdown, new -l (log) option -Add rudimentary dependency checking to pg_dump (Philip) - -Types ------ -Fix INET/CIDR type ordering and add new functions (Tom) -Make OID behave as an unsigned type (Tom) -Allow BIGINT as synonym for INT8 (Peter E) -New int2 and int8 comparison operators (Tom) -New BIT and BIT VARYING types (Adriaan Joubert, Tom, Peter E) -CHAR() no longer faster than VARCHAR() because of TOAST (Tom) -New GIST seg/cube examples (Gene Selkov) -Improved round(numeric) handling (Tom) -Fix CIDR output formatting (Tom) -New CIDR abbrev() function (Tom) - -Performance ------------ -Write-Ahead Log (WAL) to provide crash recovery with less performance - overhead (Vadim) -ANALYZE stage of VACUUM no longer exclusively locks table (Bruce) -Reduced file seeks (Denis Perchine) -Improve BTREE code for duplicate keys (Tom) -Store all large objects in a single table (Denis Perchine, Tom) -Improve memory allocation performance (Karel, Tom) - -Source Code ------------ -New function manager call conventions (Tom) -SGI portability fixes (David Kaelbling) -New configure --enable-syslog option (Peter E) -New BSDI README (Bruce) -configure script moved to top level, not /src (Peter E) -Makefile/configuration/compilation overhaul (Peter E) -New configure --with-python option (Peter E) -Solaris cleanups (Peter E) -Overhaul /contrib Makefiles (Karel) -New OpenSSL configuration option (Magnus, Peter E) -AIX fixes (Andreas) -QNX fixes (Maurizio) -New heap_open(), heap_openr() API (Tom) -Remove colon and semi-colon operators (Thomas) -New pg_class.relkind value for views (Mark Hollomon) -Rename ichar() to chr() (Karel) -New documentation for btrim(), ascii(), chr(), repeat() (Karel) -Fixes for NT/Cygwin (Pete Forman) -AIX port fixes (Andreas) -New BeOS port (David Reid, Cyril Velter) -Add proofreader's changes to docs (Addison-Wesley, Bruce) -New Alpha spinlock code (Adriaan Joubert, Compaq) -UnixWare port overhaul (Peter E) -New macOS (Darwin) port (Peter Bierman, Bruce Hartzler) -New FreeBSD Alpha port (Alfred) -Overhaul shared memory segments (Tom) -Add IBM S/390 support (Neale Ferguson) -Moved macmanuf to /contrib (Larry Rosenman) -Syslog improvements (Larry Rosenman) -New template0 database that contains no user additions (Tom) -New /contrib/cube and /contrib/seg GIST sample code (Gene Selkov) -Allow NetBSD's libedit instead of readline (Peter) -Improved assembly language source code format (Bruce) -New contrib/pg_logger -New --template option to createdb -New contrib/pg_control utility (Oliver) -New FreeBSD tools ipc_check, start-scripts/freebsd - - - - - - - - Release 7.0.3 - - - Release date: - 2000-11-11 - - - - This has a variety of fixes from 7.0.2. - - - - - Migration to Version 7.0.3 - - - A dump/restore is not required for those running - 7.0.*. - - - - - Changes - - - -Jdbc fixes (Peter) -Large object fix (Tom) -Fix lean in COPY WITH OIDS leak (Tom) -Fix backwards-index-scan (Tom) -Fix SELECT ... FOR UPDATE so it checks for duplicate keys (Hiroshi) -Add --enable-syslog to configure (Marc) -Fix abort transaction at backend exit in rare cases (Tom) -Fix for psql \l+ when multibyte enabled (Tatsuo) -Allow PL/pgSQL to accept non ascii identifiers (Tatsuo) -Make vacuum always flush buffers (Tom) -Fix to allow cancel while waiting for a lock (Hiroshi) -Fix for memory allocation problem in user authentication code (Tom) -Remove bogus use of int4out() (Tom) -Fixes for multiple subqueries in COALESCE or BETWEEN (Tom) -Fix for failure of triggers on heap open in certain cases (Jeroen van - Vianen) -Fix for erroneous selectivity of not-equals (Tom) -Fix for erroneous use of strcmp() (Tom) -Fix for bug where storage manager accesses items beyond end of file - (Tom) -Fix to include kernel errno message in all smgr elog messages (Tom) -Fix for '.' not in PATH at build time (SL Baur) -Fix for out-of-file-descriptors error (Tom) -Fix to make pg_dump dump 'iscachable' flag for functions (Tom) -Fix for subselect in targetlist of Append node (Tom) -Fix for mergejoin plans (Tom) -Fix TRUNCATE failure on relations with indexes (Tom) -Avoid database-wide restart on write error (Hiroshi) -Fix nodeMaterial to honor chgParam by recomputing its output (Tom) -Fix VACUUM problem with moving chain of update row versions when source - and destination of a row version lie on the same page (Tom) -Fix user.c CommandCounterIncrement (Tom) -Fix for AM/PM boundary problem in to_char() (Karel Zak) -Fix TIME aggregate handling (Tom) -Fix to_char() to avoid coredump on NULL input (Tom) -Buffer fix (Tom) -Fix for inserting/copying longer multibyte strings into char() data - types (Tatsuo) -Fix for crash of backend, on abort (Tom) - - - - - - - - Release 7.0.2 - - - Release date: - 2000-06-05 - - - - This is a repackaging of 7.0.1 with added documentation. - - - - - Migration to Version 7.0.2 - - - A dump/restore is not required for those running - 7.*. - - - - - Changes - - - -Added documentation to tarball. - - - - - - - - Release 7.0.1 - - - Release date: - 2000-06-01 - - - - This is a cleanup release for 7.0. - - - - Migration to Version 7.0.1 - - - A dump/restore is not required for those running - 7.0. - - - - - Changes - - - -Fix many CLUSTER failures (Tom) -Allow ALTER TABLE RENAME works on indexes (Tom) -Fix plpgsql to handle datetime->timestamp and timespan->interval (Bruce) -New configure --with-setproctitle switch to use setproctitle() (Marc, Bruce) -Fix the off by one errors in ResultSet from 6.5.3, and more. -jdbc ResultSet fixes (Joseph Shraibman) -optimizer tunings (Tom) -Fix create user for pgaccess -Fix for UNLISTEN failure -IRIX fixes (David Kaelbling) -QNX fixes (Andreas Kardos) -Reduce COPY IN lock level (Tom) -Change libpqeasy to use PQconnectdb() style parameters (Bruce) -Fix pg_dump to handle OID indexes (Tom) -Fix small memory leak (Tom) -Solaris fix for createdb/dropdb (Tatsuo) -Fix for non-blocking connections (Alfred Perlstein) -Fix improper recovery after RENAME TABLE failures (Tom) -Copy pg_ident.conf.sample into /lib directory in install (Bruce) -Add SJIS UDC (NEC selection IBM kanji) support (Eiji Tokuya) -Fix too long syslog message (Tatsuo) -Fix problem with quoted indexes that are too long (Tom) -JDBC ResultSet.getTimestamp() fix (Gregory Krasnow & Floyd Marinescu) -ecpg changes (Michael) - - - - - - - Release 7.0 - - - Release date: - 2000-05-08 - - - - This release contains improvements in many areas, demonstrating - the continued growth of PostgreSQL. - There are more improvements and fixes in 7.0 than in any previous - release. The developers have confidence that this is the best - release yet; we do our best to put out only solid releases, and - this one is no exception. - - - - Major changes in this release: - - - - - - Foreign Keys - - - - Foreign keys are now implemented, with the exception of PARTIAL MATCH - foreign keys. Many users have been asking for this feature, and we are - pleased to offer it. - - - - - - - Optimizer Overhaul - - - - Continuing on work started a year ago, the optimizer has been - improved, allowing better query plan selection and faster performance - with less memory usage. - - - - - - - Updated psql - - - - psql, our interactive terminal monitor, has been - updated with a variety of new features. See the psql manual page for details. - - - - - - - Join Syntax - - - - SQL92 join syntax is now supported, though only as - INNER JOIN for this release. JOIN, - NATURAL JOIN, JOIN/USING, - and JOIN/ON are available, as are - column correlation names. - - - - - - - - Migration to Version 7.0 - - - A dump/restore using pg_dump - is required for those wishing to migrate data from any - previous release of PostgreSQL. - For those upgrading from 6.5.*, you can instead use - pg_upgrade to upgrade to this - release; however, a full dump/reload installation is always the - most robust method for upgrades. - - - - Interface and compatibility issues to consider for the new - release include: - - - - - - The date/time types datetime and - timespan have been superseded by the - SQL92-defined types timestamp and - interval. Although there has been some effort to - ease the transition by allowing - PostgreSQL to recognize - the deprecated type names and translate them to the new type - names, this mechanism cannot be completely transparent to - your existing application. - - - - - - The optimizer has been substantially improved in the area of - query cost estimation. In some cases, this will result in - decreased query times as the optimizer makes a better choice - for the preferred plan. However, in a small number of cases, - usually involving pathological distributions of data, your - query times might go up. If you are dealing with large amounts - of data, you might want to check your queries to verify - performance. - - - - - - The JDBC and ODBC - interfaces have been upgraded and extended. - - - - - - The string function CHAR_LENGTH is now a - native function. Previous versions translated this into a call - to LENGTH, which could result in - ambiguity with other types implementing - LENGTH such as the geometric types. - - - - - - - Changes - - - -Bug Fixes ---------- -Prevent function calls exceeding maximum number of arguments (Tom) -Improve CASE construct (Tom) -Fix SELECT coalesce(f1,0) FROM int4_tbl GROUP BY f1 (Tom) -Fix SELECT sentence.words[0] FROM sentence GROUP BY sentence.words[0] (Tom) -Fix GROUP BY scan bug (Tom) -Improvements in SQL grammar processing (Tom) -Fix for views involved in INSERT ... SELECT ... (Tom) -Fix for SELECT a/2, a/2 FROM test_missing_target GROUP BY a/2 (Tom) -Fix for subselects in INSERT ... SELECT (Tom) -Prevent INSERT ... SELECT ... ORDER BY (Tom) -Fixes for relations greater than 2GB, including vacuum -Improve propagating system table changes to other backends (Tom) -Improve propagating user table changes to other backends (Tom) -Fix handling of temp tables in complex situations (Bruce, Tom) -Allow table locking at table open, improving concurrent reliability (Tom) -Properly quote sequence names in pg_dump (Ross J. Reedstrom) -Prevent DROP DATABASE while others accessing -Prevent any rows from being returned by GROUP BY if no rows processed (Tom) -Fix SELECT COUNT(1) FROM table WHERE ...' if no rows matching WHERE (Tom) -Fix pg_upgrade so it works for MVCC (Tom) -Fix for SELECT ... WHERE x IN (SELECT ... HAVING SUM(x) > 1) (Tom) -Fix for "f1 datetime DEFAULT 'now'" (Tom) -Fix problems with CURRENT_DATE used in DEFAULT (Tom) -Allow comment-only lines, and ;;; lines too. (Tom) -Improve recovery after failed disk writes, disk full (Hiroshi) -Fix cases where table is mentioned in FROM but not joined (Tom) -Allow HAVING clause without aggregate functions (Tom) -Fix for "--" comment and no trailing newline, as seen in perl interface -Improve pg_dump failure error reports (Bruce) -Allow sorts and hashes to exceed 2GB file sizes (Tom) -Fix for pg_dump dumping of inherited rules (Tom) -Fix for NULL handling comparisons (Tom) -Fix inconsistent state caused by failed CREATE/DROP commands (Hiroshi) -Fix for dbname with dash -Prevent DROP INDEX from interfering with other backends (Tom) -Fix file descriptor leak in verify_password() -Fix for "Unable to identify an operator =$" problem -Fix ODBC so no segfault if CommLog and Debug enabled (Dirk Niggemann) -Fix for recursive exit call (Massimo) -Fix for extra-long timezones (Jeroen van Vianen) -Make pg_dump preserve primary key information (Peter E) -Prevent databases with single quotes (Peter E) -Prevent DROP DATABASE inside transaction (Peter E) -ecpg memory leak fixes (Stephen Birch) -Fix for SELECT null::text, SELECT int4fac(null) and SELECT 2 + (null) (Tom) -Y2K timestamp fix (Massimo) -Fix for VACUUM 'HEAP_MOVED_IN was not expected' errors (Tom) -Fix for views with tables/columns containing spaces (Tom) -Prevent privileges on indexes (Peter E) -Fix for spinlock stuck problem when error is generated (Hiroshi) -Fix ipcclean on Linux -Fix handling of NULL constraint conditions (Tom) -Fix memory leak in odbc driver (Nick Gorham) -Fix for privilege check on UNION tables (Tom) -Fix to allow SELECT 'a' LIKE 'a' (Tom) -Fix for SELECT 1 + NULL (Tom) -Fixes to CHAR -Fix log() on numeric type (Tom) -Deprecate ':' and ';' operators -Allow vacuum of temporary tables -Disallow inherited columns with the same name as new columns -Recover or force failure when disk space is exhausted (Hiroshi) -Fix INSERT INTO ... SELECT with AS columns matching result columns -Fix INSERT ... SELECT ... GROUP BY groups by target columns not source columns (Tom) -Fix CREATE TABLE test (a char(5) DEFAULT text '', b int4) with INSERT (Tom) -Fix UNION with LIMIT -Fix CREATE TABLE x AS SELECT 1 UNION SELECT 2 -Fix CREATE TABLE test(col char(2) DEFAULT user) -Fix mismatched types in CREATE TABLE ... DEFAULT -Fix SELECT * FROM pg_class where oid in (0,-1) -Fix SELECT COUNT('asdf') FROM pg_class WHERE oid=12 -Prevent user who can create databases can modifying pg_database table (Peter E) -Fix btree to give a useful elog when key > 1/2 (page - overhead) (Tom) -Fix INSERT of 0.0 into DECIMAL(4,4) field (Tom) - -Enhancements ------------- -New CLI interface include file sqlcli.h, based on SQL3/SQL98 -Remove all limits on query length, row length limit still exists (Tom) -Update jdbc protocol to 2.0 (Jens Glaser jens@jens.de) -Add TRUNCATE command to quickly truncate relation (Mike Mascari) -Fix to give super user and createdb user proper update catalog rights (Peter E) -Allow ecpg bool variables to have NULL values (Christof) -Issue ecpg error if NULL value for variable with no NULL indicator (Christof) -Allow ^C to cancel COPY command (Massimo) -Add SET FSYNC and SHOW PG_OPTIONS commands(Massimo) -Function name overloading for dynamically-loaded C functions (Frankpitt) -Add CmdTuples() to libpq++(Vince) -New CREATE CONSTRAINT TRIGGER and SET CONSTRAINTS commands(Jan) -Allow CREATE FUNCTION/WITH clause to be used for all language types -configure --enable-debug adds -g (Peter E) -configure --disable-debug removes -g (Peter E) -Allow more complex default expressions (Tom) -First real FOREIGN KEY constraint trigger functionality (Jan) -Add FOREIGN KEY ... MATCH FULL ... ON DELETE CASCADE (Jan) -Add FOREIGN KEY ... MATCH <unspecified> referential actions (Don Baccus) -Allow WHERE restriction on ctid (physical heap location) (Hiroshi) -Move pginterface from contrib to interface directory, rename to pgeasy (Bruce) -Change pgeasy connectdb() parameter ordering (Bruce) -Require SELECT DISTINCT target list to have all ORDER BY columns (Tom) -Add Oracle's COMMENT ON command (Mike Mascari mascarim@yahoo.com) -libpq's PQsetNoticeProcessor function now returns previous hook(Peter E) -Prevent PQsetNoticeProcessor from being set to NULL (Peter E) -Make USING in COPY optional (Bruce) -Allow subselects in the target list (Tom) -Allow subselects on the left side of comparison operators (Tom) -New parallel regression test (Jan) -Change backend-side COPY to write files with permissions 644 not 666 (Tom) -Force permissions on PGDATA directory to be secure, even if it exists (Tom) -Added psql LASTOID variable to return last inserted oid (Peter E) -Allow concurrent vacuum and remove pg_vlock vacuum lock file (Tom) -Add privilege check for vacuum (Peter E) -New libpq functions to allow asynchronous connections: PQconnectStart(), - PQconnectPoll(), PQresetStart(), PQresetPoll(), PQsetenvStart(), - PQsetenvPoll(), PQsetenvAbort (Ewan Mellor) -New libpq PQsetenv() function (Ewan Mellor) -create/alter user extension (Peter E) -New postmaster.pid and postmaster.opts under $PGDATA (Tatsuo) -New scripts for create/drop user/db (Peter E) -Major psql overhaul (Peter E) -Add const to libpq interface (Peter E) -New libpq function PQoidValue (Peter E) -Show specific non-aggregate causing problem with GROUP BY (Tom) -Make changes to pg_shadow recreate pg_pwd file (Peter E) -Add aggregate(DISTINCT ...) (Tom) -Allow flag to control COPY input/output of NULLs (Peter E) -Make postgres user have a password by default (Peter E) -Add CREATE/ALTER/DROP GROUP (Peter E) -All administration scripts now support --long options (Peter E, Karel) -Vacuumdb script now supports --all option (Peter E) -ecpg new portable FETCH syntax -Add ecpg EXEC SQL IFDEF, EXEC SQL IFNDEF, EXEC SQL ELSE, EXEC SQL ELIF - and EXEC SQL ENDIF directives -Add pg_ctl script to control backend start-up (Tatsuo) -Add postmaster.opts.default file to store start-up flags (Tatsuo) -Allow --with-mb=SQL_ASCII -Increase maximum number of index keys to 16 (Bruce) -Increase maximum number of function arguments to 16 (Bruce) -Allow configuration of maximum number of index keys and arguments (Bruce) -Allow unprivileged users to change their passwords (Peter E) -Password authentication enabled; required for new users (Peter E) -Disallow dropping a user who owns a database (Peter E) -Change initdb option --with-mb to --enable-multibyte -Add option for initdb to prompts for superuser password (Peter E) -Allow complex type casts like col::numeric(9,2) and col::int2::float8 (Tom) -Updated user interfaces on initdb, initlocation, pg_dump, ipcclean (Peter E) -New pg_char_to_encoding() and pg_encoding_to_char() functions (Tatsuo) -libpq non-blocking mode (Alfred Perlstein) -Improve conversion of types in casts that don't specify a length -New plperl internal programming language (Mark Hollomon) -Allow COPY IN to read file that do not end with a newline (Tom) -Indicate when long identifiers are truncated (Tom) -Allow aggregates to use type equivalency (Peter E) -Add Oracle's to_char(), to_date(), to_datetime(), to_timestamp(), to_number() - conversion functions (Karel Zak <zakkr@zf.jcu.cz>) -Add SELECT DISTINCT ON (expr [, expr ...]) targetlist ... (Tom) -Check to be sure ORDER BY is compatible with the DISTINCT operation (Tom) -Add NUMERIC and int8 types to ODBC -Improve EXPLAIN results for Append, Group, Agg, Unique (Tom) -Add ALTER TABLE ... ADD FOREIGN KEY (Stephan Szabo) -Allow SELECT .. FOR UPDATE in PL/pgSQL (Hiroshi) -Enable backward sequential scan even after reaching EOF (Hiroshi) -Add btree indexing of boolean values, >= and <= (Don Baccus) -Print current line number when COPY FROM fails (Massimo) -Recognize POSIX time zone e.g. "PST+8" and "GMT-8" (Thomas) -Add DEC as synonym for DECIMAL (Thomas) -Add SESSION_USER as SQL92 key word, same as CURRENT_USER (Thomas) -Implement SQL92 column aliases (aka correlation names) (Thomas) -Implement SQL92 join syntax (Thomas) -Make INTERVAL reserved word allowed as a column identifier (Thomas) -Implement REINDEX command (Hiroshi) -Accept ALL in aggregate function SUM(ALL col) (Tom) -Prevent GROUP BY from using column aliases (Tom) -New psql \encoding option (Tatsuo) -Allow PQrequestCancel() to terminate when in waiting-for-lock state (Hiroshi) -Allow negation of a negative number in all cases -Add ecpg descriptors (Christof, Michael) -Allow CREATE VIEW v AS SELECT f1::char(8) FROM tbl -Allow casts with length, like foo::char(8) -New libpq functions PQsetClientEncoding(), PQclientEncoding() (Tatsuo) -Add support for SJIS user defined characters (Tatsuo) -Larger views/rules supported -Make libpq's PQconndefaults() thread-safe (Tom) -Disable // as comment to be ANSI conforming, should use -- (Tom) -Allow column aliases on views CREATE VIEW name (collist) -Fixes for views with subqueries (Tom) -Allow UPDATE table SET fld = (SELECT ...) (Tom) -SET command options no longer require quotes -Update pgaccess to 0.98.6 -New SET SEED command -New pg_options.sample file -New SET FSYNC command (Massimo) -Allow pg_descriptions when creating tables -Allow pg_descriptions when creating types, columns, and functions -Allow psql \copy to allow delimiters (Peter E) -Allow psql to print nulls as distinct from "" [null] (Peter E) - -Types ------ -Many array fixes (Tom) -Allow bare column names to be subscripted as arrays (Tom) -Improve type casting of int and float constants (Tom) -Cleanups for int8 inputs, range checking, and type conversion (Tom) -Fix for SELECT timespan('21:11:26'::time) (Tom) -netmask('x.x.x.x/0') is 255.255.255.255 instead of 0.0.0.0 (Oleg Sharoiko) -Add btree index on NUMERIC (Jan) -Perl fix for large objects containing NUL characters (Douglas Thomson) -ODBC fix for large objects (free) -Fix indexing of cidr data type -Fix for Ethernet MAC addresses (macaddr type) comparisons -Fix for date/time types when overflows happened in computations (Tom) -Allow array on int8 (Peter E) -Fix for rounding/overflow of NUMERIC type, like NUMERIC(4,4) (Tom) -Allow NUMERIC arrays -Fix bugs in NUMERIC ceil() and floor() functions (Tom) -Make char_length()/octet_length including trailing blanks (Tom) -Made abstime/reltime use int4 instead of time_t (Peter E) -New lztext data type for compressed text fields -Revise code to handle coercion of int and float constants (Tom) -Start at new code to implement a BIT and BIT VARYING type (Adriaan Joubert) -NUMERIC now accepts scientific notation (Tom) -NUMERIC to int4 rounds (Tom) -Convert float4/8 to NUMERIC properly (Tom) -Allow type conversion with NUMERIC (Thomas) -Make ISO date style (2000-02-16 09:33) the default (Thomas) -Add NATIONAL CHAR [ VARYING ] (Thomas) -Allow NUMERIC round and trunc to accept negative scales (Tom) -New TIME WITH TIME ZONE type (Thomas) -Add MAX()/MIN() on time type (Thomas) -Add abs(), mod(), fac() for int8 (Thomas) -Rename functions to round(), sqrt(), cbrt(), pow() for float8 (Thomas) -Add transcendental math functions (e.g. sin(), acos()) for float8 (Thomas) -Add exp() and ln() for NUMERIC type -Rename NUMERIC power() to pow() (Thomas) -Improved TRANSLATE() function (Edwin Ramirez, Tom) -Allow X=-Y operators (Tom) -Allow SELECT float8(COUNT(*))/(SELECT COUNT(*) FROM t) FROM t GROUP BY f1; (Tom) -Allow LOCALE to use indexes in regular expression searches (Tom) -Allow creation of functional indexes to use default types - -Performance ------------ -Prevent exponential space consumption with many AND's and OR's (Tom) -Collect attribute selectivity values for system columns (Tom) -Reduce memory usage of aggregates (Tom) -Fix for LIKE optimization to use indexes with multibyte encodings (Tom) -Fix r-tree index optimizer selectivity (Thomas) -Improve optimizer selectivity computations and functions (Tom) -Optimize btree searching for cases where many equal keys exist (Tom) -Enable fast LIKE index processing only if index present (Tom) -Re-use free space on index pages with duplicates (Tom) -Improve hash join processing (Tom) -Prevent descending sort if result is already sorted(Hiroshi) -Allow commuting of index scan query qualifications (Tom) -Prefer index scans in cases where ORDER BY/GROUP BY is required (Tom) -Allocate large memory requests in fix-sized chunks for performance (Tom) -Fix vacuum's performance by reducing memory allocation requests (Tom) -Implement constant-expression simplification (Bernard Frankpitt, Tom) -Use secondary columns to be used to determine start of index scan (Hiroshi) -Prevent quadruple use of disk space when doing internal sorting (Tom) -Faster sorting by calling fewer functions (Tom) -Create system indexes to match all system caches (Bruce, Hiroshi) -Make system caches use system indexes (Bruce) -Make all system indexes unique (Bruce) -Improve pg_statistic management for VACUUM speed improvement (Tom) -Flush backend cache less frequently (Tom, Hiroshi) -COPY now reuses previous memory allocation, improving performance (Tom) -Improve optimization cost estimation (Tom) -Improve optimizer estimate of range queries x > lowbound AND x < highbound (Tom) -Use DNF instead of CNF where appropriate (Tom, Taral) -Further cleanup for OR-of-AND WHERE-clauses (Tom) -Make use of index in OR clauses (x = 1 AND y = 2) OR (x = 2 AND y = 4) (Tom) -Smarter optimizer computations for random index page access (Tom) -New SET variable to control optimizer costs (Tom) -Optimizer queries based on LIMIT, OFFSET, and EXISTS qualifications (Tom) -Reduce optimizer internal housekeeping of join paths for speedup (Tom) -Major subquery speedup (Tom) -Fewer fsync writes when fsync is not disabled (Tom) -Improved LIKE optimizer estimates (Tom) -Prevent fsync in SELECT-only queries (Vadim) -Make index creation use psort code, because it is now faster (Tom) -Allow creation of sort temp tables > 1 Gig - -Source Tree Changes -------------------- -Fix for linux PPC compile -New generic expression-tree-walker subroutine (Tom) -Change form() to varargform() to prevent portability problems -Improved range checking for large integers on Alphas -Clean up #include in /include directory (Bruce) -Add scripts for checking includes (Bruce) -Remove un-needed #include's from *.c files (Bruce) -Change #include's to use <> and "" as appropriate (Bruce) -Enable Windows compilation of libpq -Alpha spinlock fix from Uncle George gatgul@voicenet.com -Overhaul of optimizer data structures (Tom) -Fix to cygipc library (Yutaka Tanida) -Allow pgsql to work on newer Cygwin snapshots (Dan) -New catalog version number (Tom) -Add Linux ARM -Rename heap_replace to heap_update -Update for QNX (Dr. Andreas Kardos) -New platform-specific regression handling (Tom) -Rename oid8 -> oidvector and int28 -> int2vector (Bruce) -Included all yacc and lex files into the distribution (Peter E.) -Remove lextest, no longer needed (Peter E) -Fix for libpq and psql on Windows (Magnus) -Internally change datetime and timespan into timestamp and interval (Thomas) -Fix for plpgsql on BSD/OS -Add SQL_ASCII test case to the regression test (Tatsuo) -configure --with-mb now deprecated (Tatsuo) -NT fixes -NetBSD fixes (Johnny C. Lam lamj@stat.cmu.edu) -Fixes for Alpha compiles -New multibyte encodings - - - - - - - Release 6.5.3 - - - Release date: - 1999-10-13 - - - - This is basically a cleanup release for 6.5.2. We have added a new - PgAccess that was missing in 6.5.2, and installed an NT-specific fix. - - - - - Migration to Version 6.5.3 - - - A dump/restore is not required for those running - 6.5.*. - - - - Changes - - - -Updated version of pgaccess 0.98 -NT-specific patch -Fix dumping rules on inherited tables - - - - - - - - Release 6.5.2 - - - Release date: - 1999-09-15 - - - - This is basically a cleanup release for 6.5.1. We have fixed a variety of - problems reported by 6.5.1 users. - - - - - Migration to Version 6.5.2 - - - A dump/restore is not required for those running - 6.5.*. - - - - - Changes - - - -subselect+CASE fixes(Tom) -Add SHLIB_LINK setting for solaris_i386 and solaris_sparc ports(Daren Sefcik) -Fixes for CASE in WHERE join clauses(Tom) -Fix BTScan abort(Tom) -Repair the check for redundant UNIQUE and PRIMARY KEY indexes(Thomas) -Improve it so that it checks for multicolumn constraints(Thomas) -Fix for Windows making problem with MB enabled(Hiroki Kataoka) -Allow BSD yacc and bison to compile pl code(Bruce) -Fix SET NAMES working -int8 fixes(Thomas) -Fix vacuum's memory consumption(Hiroshi,Tatsuo) -Reduce the total memory consumption of vacuum(Tom) -Fix for timestamp(datetime) -Rule deparsing bugfixes(Tom) -Fix quoting problems in mkMakefile.tcldefs.sh.in and mkMakefile.tkdefs.sh.in(Tom) -This is to re-use space on index pages freed by vacuum(Vadim) -document -x for pg_dump(Bruce) -Fix for unary operators in rule deparser(Tom) -Comment out FileUnlink of excess segments during mdtruncate()(Tom) -IRIX linking fix from Yu Cao >yucao@falcon.kla-tencor.com< -Repair logic error in LIKE: should not return LIKE_ABORT - when reach end of pattern before end of text(Tom) -Repair incorrect cleanup of heap memory allocation during transaction abort(Tom) -Updated version of pgaccess 0.98 - - - - - - - Release 6.5.1 - - - Release date: - 1999-07-15 - - - - This is basically a cleanup release for 6.5. We have fixed a variety of - problems reported by 6.5 users. - - - - Migration to Version 6.5.1 - - - A dump/restore is not required for those running - 6.5. - - - - - Changes - - - -Add NT README file -Portability fixes for linux_ppc, IRIX, linux_alpha, OpenBSD, alpha -Remove QUERY_LIMIT, use SELECT...LIMIT -Fix for EXPLAIN on inheritance(Tom) -Patch to allow vacuum on multisegment tables(Hiroshi) -R-Tree optimizer selectivity fix(Tom) -ACL file descriptor leak fix(Atsushi Ogawa) -New expression subtree code(Tom) -Avoid disk writes for read-only transactions(Vadim) -Fix for removal of temp tables if last transaction was aborted(Bruce) -Fix to prevent too large row from being created(Bruce) -plpgsql fixes -Allow port numbers 32k - 64k(Bruce) -Add ^ precedence(Bruce) -Rename sort files called pg_temp to pg_sorttemp(Bruce) -Fix for microseconds in time values(Tom) -Tutorial source cleanup -New linux_m68k port -Fix for sorting of NULL's in some cases(Tom) -Shared library dependencies fixed (Tom) -Fixed glitches affecting GROUP BY in subselects(Tom) -Fix some compiler warnings (Tomoaki Nishiyama) -Add Win1250 (Czech) support (Pavel Behal) - - - - - - - Release 6.5 - - - Release date: - 1999-06-09 - - - - This release marks a major step in the development team's mastery of the source - code we inherited from Berkeley. You will see we are now easily adding - major features, thanks to the increasing size and experience of our - world-wide development team. - - - - Here is a brief summary of the more notable changes: - - - - - Multiversion concurrency control(MVCC) - - - - This removes our old table-level locking, and replaces it with - a locking system that is superior to most commercial database - systems. In a traditional system, each row that is modified - is locked until committed, preventing reads by other users. - MVCC uses the natural multiversion nature of - PostgreSQL to allow readers to - continue reading consistent data during writer activity. - Writers continue to use the compact pg_log transaction system. - This is all performed without having to allocate a lock for - every row like traditional database systems. So, basically, - we no longer are restricted by simple table-level locking; we - have something better than row-level locking. - - - - - - - Hot backups from pg_dump - - - - pg_dump takes advantage of the new - MVCC features to give a consistent database dump/backup while - the database stays online and available for queries. - - - - - - - Numeric data type - - - - We now have a true numeric data type, with - user-specified precision. - - - - - - - Temporary tables - - - - Temporary tables are guaranteed to have unique names - within a database session, and are destroyed on session exit. - - - - - - - New SQL features - - - - We now have CASE, INTERSECT, and EXCEPT statement - support. We have new LIMIT/OFFSET, SET TRANSACTION ISOLATION LEVEL, - SELECT ... FOR UPDATE, and an improved LOCK TABLE command. - - - - - - - Speedups - - - - We continue to speed up PostgreSQL, - thanks to the variety of talents within our team. We have - sped up memory allocation, optimization, table joins, and row - transfer routines. - - - - - - - Ports - - - - We continue to expand our port list, this time including - Windows NT/ix86 and NetBSD/arm32. - - - - - - - Interfaces - - - - Most interfaces have new versions, and existing functionality - has been improved. - - - - - - - Documentation - - - - New and updated material is present throughout the - documentation. New FAQs have been - contributed for SGI and AIX platforms. - The Tutorial has introductory information - on SQL from Stefan Simkovics. - For the User's Guide, there are - reference pages covering the postmaster and more utility - programs, and a new appendix - contains details on date/time behavior. - The Administrator's Guide has a new - chapter on troubleshooting from Tom Lane. - And the Programmer's Guide has a - description of query processing, also from Stefan, and details - on obtaining the PostgreSQL source - tree via anonymous CVS and - CVSup. - - - - - - - - Migration to Version 6.5 - - - A dump/restore using pg_dump - is required for those wishing to migrate data from any - previous release of PostgreSQL. - pg_upgrade can not - be used to upgrade to this release because the on-disk structure - of the tables has changed compared to previous releases. - - - - The new Multiversion Concurrency Control (MVCC) features can - give somewhat different behaviors in multiuser - environments. Read and understand the following section - to ensure that your existing applications will give you the - behavior you need. - - - - Multiversion Concurrency Control - - - Because readers in 6.5 don't lock data, regardless of transaction - isolation level, data read by one transaction can be overwritten by - another. In other words, if a row is returned by - SELECT it doesn't mean that this row really exists - at the time it is returned (i.e. sometime after the statement or - transaction began) nor that the row is protected from being deleted or - updated by concurrent transactions before the current transaction does - a commit or rollback. - - - - To ensure the actual existence of a row and protect it against - concurrent updates one must use SELECT FOR UPDATE or - an appropriate LOCK TABLE statement. This should be - taken into account when porting applications from previous releases of - PostgreSQL and other environments. - - - - Keep the above in mind if you are using - contrib/refint.* triggers for - referential integrity. Additional techniques are required now. One way is - to use LOCK parent_table IN SHARE ROW EXCLUSIVE MODE - command if a transaction is going to update/delete a primary key and - use LOCK parent_table IN SHARE MODE command if a - transaction is going to update/insert a foreign key. - - - - Note that if you run a transaction in SERIALIZABLE mode then you must - execute the LOCK commands above before execution of any - DML statement - (SELECT/INSERT/DELETE/UPDATE/FETCH/COPY_TO) in the - transaction. - - - - - - These inconveniences will disappear in the future - when the ability to read dirty - (uncommitted) data (regardless of isolation level) and true referential - integrity will be implemented. - - - - - - Changes - - - -Bug Fixes ---------- -Fix text<->float8 and text<->float4 conversion functions(Thomas) -Fix for creating tables with mixed-case constraints(Billy) -Change exp()/pow() behavior to generate error on underflow/overflow(Jan) -Fix bug in pg_dump -z -Memory overrun cleanups(Tatsuo) -Fix for lo_import crash(Tatsuo) -Adjust handling of data type names to suppress double quotes(Thomas) -Use type coercion for matching columns and DEFAULT(Thomas) -Fix deadlock so it only checks once after one second of sleep(Bruce) -Fixes for aggregates and PL/pgSQL(Hiroshi) -Fix for subquery crash(Vadim) -Fix for libpq function PQfnumber and case-insensitive names(Bahman Rafatjoo) -Fix for large object write-in-middle, no extra block, memory consumption(Tatsuo) -Fix for pg_dump -d or -D and quote special characters in INSERT -Repair serious problems with dynahash(Tom) -Fix INET/CIDR portability problems -Fix problem with selectivity error in ALTER TABLE ADD COLUMN(Bruce) -Fix executor so mergejoin of different column types works(Tom) -Fix for Alpha OR selectivity bug -Fix OR index selectivity problem(Bruce) -Fix so \d shows proper length for char()/varchar()(Ryan) -Fix tutorial code(Clark) -Improve destroyuser checking(Oliver) -Fix for Kerberos(Rodney McDuff) -Fix for dropping database while dirty buffers(Bruce) -Fix so sequence nextval() can be case-sensitive(Bruce) -Fix !!= operator -Drop buffers before destroying database files(Bruce) -Fix case where executor evaluates functions twice(Tatsuo) -Allow sequence nextval actions to be case-sensitive(Bruce) -Fix optimizer indexing not working for negative numbers(Bruce) -Fix for memory leak in executor with fjIsNull -Fix for aggregate memory leaks(Erik Riedel) -Allow user name containing a dash to grant privileges -Cleanup of NULL in inet types -Clean up system table bugs(Tom) -Fix problems of PAGER and \? command(Masaaki Sakaida) -Reduce default multisegment file size limit to 1GB(Peter) -Fix for dumping of CREATE OPERATOR(Tom) -Fix for backward scanning of cursors(Hiroshi Inoue) -Fix for COPY FROM STDIN when using \i(Tom) -Fix for subselect is compared inside an expression(Jan) -Fix handling of error reporting while returning rows(Tom) -Fix problems with reference to array types(Tom,Jan) -Prevent UPDATE SET oid(Jan) -Fix pg_dump so -t option can handle case-sensitive tablenames -Fixes for GROUP BY in special cases(Tom, Jan) -Fix for memory leak in failed queries(Tom) -DEFAULT now supports mixed-case identifiers(Tom) -Fix for multisegment uses of DROP/RENAME table, indexes(Ole Gjerde) -Disable use of pg_dump with both -o and -d options(Bruce) -Allow pg_dump to properly dump group privileges(Bruce) -Fix GROUP BY in INSERT INTO table SELECT * FROM table2(Jan) -Fix for computations in views(Jan) -Fix for aggregates on array indexes(Tom) -Fix for DEFAULT handles single quotes in value requiring too many quotes -Fix security problem with non-super users importing/exporting large objects(Tom) -Rollback of transaction that creates table cleaned up properly(Tom) -Fix to allow long table and column names to generate proper serial names(Tom) - -Enhancements ------------- -Add "vacuumdb" utility -Speed up libpq by allocating memory better(Tom) -EXPLAIN all indexes used(Tom) -Implement CASE, COALESCE, NULLIF expression(Thomas) -New pg_dump table output format(Constantin) -Add string min()/max() functions(Thomas) -Extend new type coercion techniques to aggregates(Thomas) -New moddatetime contrib(Terry) -Update to pgaccess 0.96(Constantin) -Add routines for single-byte "char" type(Thomas) -Improved substr() function(Thomas) -Improved multibyte handling(Tatsuo) -Multiversion concurrency control/MVCC(Vadim) -New Serialized mode(Vadim) -Fix for tables over 2gigs(Peter) -New SET TRANSACTION ISOLATION LEVEL(Vadim) -New LOCK TABLE IN ... MODE(Vadim) -Update ODBC driver(Byron) -New NUMERIC data type(Jan) -New SELECT FOR UPDATE(Vadim) -Handle "NaN" and "Infinity" for input values(Jan) -Improved date/year handling(Thomas) -Improved handling of backend connections(Magnus) -New options ELOG_TIMESTAMPS and USE_SYSLOG options for log files(Massimo) -New TCL_ARRAYS option(Massimo) -New INTERSECT and EXCEPT(Stefan) -New pg_index.indisprimary for primary key tracking(D'Arcy) -New pg_dump option to allow dropping of tables before creation(Brook) -Speedup of row output routines(Tom) -New READ COMMITTED isolation level(Vadim) -New TEMP tables/indexes(Bruce) -Prevent sorting if result is already sorted(Jan) -New memory allocation optimization(Jan) -Allow psql to do \p\g(Bruce) -Allow multiple rule actions(Jan) -Added LIMIT/OFFSET functionality(Jan) -Improve optimizer when joining a large number of tables(Bruce) -New intro to SQL from S. Simkovics' Master's Thesis (Stefan, Thomas) -New intro to backend processing from S. Simkovics' Master's Thesis (Stefan) -Improved int8 support(Ryan Bradetich, Thomas, Tom) -New routines to convert between int8 and text/varchar types(Thomas) -New bushy plans, where meta-tables are joined(Bruce) -Enable right-hand queries by default(Bruce) -Allow reliable maximum number of backends to be set at configure time - (--with-maxbackends and postmaster switch (-N backends))(Tom) -GEQO default now 10 tables because of optimizer speedups(Tom) -Allow NULL=Var for MS-SQL portability(Michael, Bruce) -Modify contrib check_primary_key() so either "automatic" or "dependent"(Anand) -Allow psql \d on a view show query(Ryan) -Speedup for LIKE(Bruce) -Ecpg fixes/features, see src/interfaces/ecpg/ChangeLog file(Michael) -JDBC fixes/features, see src/interfaces/jdbc/CHANGELOG(Peter) -Make % operator have precedence like /(Bruce) -Add new postgres -O option to allow system table structure changes(Bruce) -Update contrib/pginterface/findoidjoins script(Tom) -Major speedup in vacuum of deleted rows with indexes(Vadim) -Allow non-SQL functions to run different versions based on arguments(Tom) -Add -E option that shows actual queries sent by \dt and friends(Masaaki Sakaida) -Add version number in start-up banners for psql(Masaaki Sakaida) -New contrib/vacuumlo removes large objects not referenced(Peter) -New initialization for table sizes so non-vacuumed tables perform better(Tom) -Improve error messages when a connection is rejected(Tom) -Support for arrays of char() and varchar() fields(Massimo) -Overhaul of hash code to increase reliability and performance(Tom) -Update to PyGreSQL 2.4(D'Arcy) -Changed debug options so -d4 and -d5 produce different node displays(Jan) -New pg_options: pretty_plan, pretty_parse, pretty_rewritten(Jan) -Better optimization statistics for system table access(Tom) -Better handling of non-default block sizes(Massimo) -Improve GEQO optimizer memory consumption(Tom) -UNION now supports ORDER BY of columns not in target list(Jan) -Major libpq++ improvements(Vince Vielhaber) -pg_dump now uses -z(ACL's) as default(Bruce) -backend cache, memory speedups(Tom) -have pg_dump do everything in one snapshot transaction(Vadim) -fix for large object memory leakage, fix for pg_dumping(Tom) -INET type now respects netmask for comparisons -Make VACUUM ANALYZE only use a readlock(Vadim) -Allow VIEWs on UNIONS(Jan) -pg_dump now can generate consistent snapshots on active databases(Vadim) - -Source Tree Changes -------------------- -Improve port matching(Tom) -Portability fixes for SunOS -Add Windows NT backend port and enable dynamic loading(Magnus and Daniel Horak) -New port to Cobalt Qube(Mips) running Linux(Tatsuo) -Port to NetBSD/m68k(Mr. Mutsuki Nakajima) -Port to NetBSD/sun3(Mr. Mutsuki Nakajima) -Port to NetBSD/macppc(Toshimi Aoki) -Fix for tcl/tk configuration(Vince) -Removed CURRENT key word for rule queries(Jan) -NT dynamic loading now works(Daniel Horak) -Add ARM32 support(Andrew McMurry) -Better support for HP-UX 11 and UnixWare -Improve file handling to be more uniform, prevent file descriptor leak(Tom) -New install commands for plpgsql(Jan) - - - - - - - -Release 6.4.2 - - - Release date: - 1998-12-20 - - - -The 6.4.1 release was improperly packaged. This also has one additional -bug fix. - - - - -Migration to Version 6.4.2 - - -A dump/restore is not required for those running -6.4.*. - - - -Changes - - - -Fix for datetime constant problem on some platforms(Thomas) - - - - - - - - -Release 6.4.1 - - - Release date: - 1998-12-18 - - - -This is basically a cleanup release for 6.4. We have fixed a variety of -problems reported by 6.4 users. - - - - -Migration to Version 6.4.1 - - -A dump/restore is not required for those running -6.4. - - - -Changes - - - -Add pg_dump -N flag to force double quotes around identifiers. This is - the default(Thomas) -Fix for NOT in where clause causing crash(Bruce) -EXPLAIN VERBOSE coredump fix(Vadim) -Fix shared-library problems on Linux -Fix test for table existence to allow mixed-case and whitespace in - the table name(Thomas) -Fix a couple of pg_dump bugs -Configure matches template/.similar entries better(Tom) -Change builtin function names from SPI_* to spi_* -OR WHERE clause fix(Vadim) -Fixes for mixed-case table names(Billy) -contrib/linux/postgres.init.csh/sh fix(Thomas) -libpq memory overrun fix -SunOS fixes(Tom) -Change exp() behavior to generate error on underflow(Thomas) -pg_dump fixes for memory leak, inheritance constraints, layout change -update pgaccess to 0.93 -Fix prototype for 64-bit platforms -Multibyte fixes(Tatsuo) -New ecpg man page -Fix memory overruns(Tatsuo) -Fix for lo_import() crash(Bruce) -Better search for install program(Tom) -Timezone fixes(Tom) -HP-UX fixes(Tom) -Use implicit type coercion for matching DEFAULT values(Thomas) -Add routines to help with single-byte (internal) character type(Thomas) -Compilation of libpq for Windows fixes(Magnus) -Upgrade to PyGreSQL 2.2(D'Arcy) - - - - - - - - -Release 6.4 - - - Release date: - 1998-10-30 - - - -There are many new features and improvements in this release. -Thanks to our developers and maintainers, nearly every aspect of the system -has received some attention since the previous release. -Here is a brief, incomplete summary: - - - - -Views and rules are now functional thanks to extensive new code in the -rewrite rules system from Jan Wieck. He also wrote a chapter on it -for the Programmer's Guide. - - - - -Jan also contributed a second procedural language, PL/pgSQL, to go with the -original PL/pgTCL procedural language he contributed last release. - - - - - -We have optional multiple-byte character set support from Tatsuo Ishii -to complement our existing locale support. - - - - - -Client/server communications has been cleaned up, with better support for -asynchronous messages and interrupts thanks to Tom Lane. - - - - - -The parser will now perform automatic type coercion to match arguments -to available operators and functions, and to match columns and expressions -with target columns. This uses a generic mechanism which supports -the type extensibility features of PostgreSQL. -There is a new chapter in the User's Guide -which covers this topic. - - - - - -Three new data types have been added. -Two types, inet and cidr, support various forms -of IP network, subnet, and machine addressing. There is now an 8-byte integer -type available on some platforms. See the chapter on data types -in the User's Guide for details. -A fourth type, serial, is now supported by the parser as an -amalgam of the int4 type, a sequence, and a unique index. - - - - - -Several more SQL92-compatible syntax features have been -added, including INSERT DEFAULT VALUES - - - - - -The automatic configuration and installation system has received some -attention, and should be more robust for more platforms than it has ever -been. - - - - - - - -Migration to Version 6.4 - - -A dump/restore using pg_dump -or pg_dumpall -is required for those wishing to migrate data from any -previous release of PostgreSQL. - - - - -Changes - - - -Bug Fixes ---------- -Fix for a tiny memory leak in PQsetdb/PQfinish(Bryan) -Remove char2-16 data types, use char/varchar(Darren) -Pqfn not handles a NOTICE message(Anders) -Reduced busywaiting overhead for spinlocks with many backends (dg) -Stuck spinlock detection (dg) -Fix up "ISO-style" timespan decoding and encoding(Thomas) -Fix problem with table drop after rollback of transaction(Vadim) -Change error message and remove non-functional update message(Vadim) -Fix for COPY array checking -Fix for SELECT 1 UNION SELECT NULL -Fix for buffer leaks in large object calls(Pascal) -Change owner from oid to int4 type(Bruce) -Fix a bug in the oracle compatibility functions btrim() ltrim() and rtrim() -Fix for shared invalidation cache overflow(Massimo) -Prevent file descriptor leaks in failed COPY's(Bruce) -Fix memory leak in libpgtcl's pg_select(Constantin) -Fix problems with username/passwords over 8 characters(Tom) -Fix problems with handling of asynchronous NOTIFY in backend(Tom) -Fix of many bad system table entries(Tom) - -Enhancements ------------- -Upgrade ecpg and ecpglib,see src/interfaces/ecpc/ChangeLog(Michael) -Show the index used in an EXPLAIN(Zeugswetter) -EXPLAIN invokes rule system and shows plan(s) for rewritten queries(Jan) -Multibyte awareness of many data types and functions, via configure(Tatsuo) -New configure --with-mb option(Tatsuo) -New initdb --pgencoding option(Tatsuo) -New createdb -E multibyte option(Tatsuo) -Select version(); now returns PostgreSQL version(Jeroen) -libpq now allows asynchronous clients(Tom) -Allow cancel from client of backend query(Tom) -psql now cancels query with Control-C(Tom) -libpq users need not issue dummy queries to get NOTIFY messages(Tom) -NOTIFY now sends sender's PID, so you can tell whether it was your own(Tom) -PGresult struct now includes associated error message, if any(Tom) -Define "tz_hour" and "tz_minute" arguments to date_part()(Thomas) -Add routines to convert between varchar and bpchar(Thomas) -Add routines to allow sizing of varchar and bpchar into target columns(Thomas) -Add bit flags to support timezonehour and minute in data retrieval(Thomas) -Allow more variations on valid floating point numbers (e.g. ".1", "1e6")(Thomas) -Fixes for unary minus parsing with leading spaces(Thomas) -Implement TIMEZONE_HOUR, TIMEZONE_MINUTE per SQL92 specs(Thomas) -Check for and properly ignore FOREIGN KEY column constraints(Thomas) -Define USER as synonym for CURRENT_USER per SQL92 specs(Thomas) -Enable HAVING clause but no fixes elsewhere yet. -Make "char" type a synonym for "char(1)" (actually implemented as bpchar)(Thomas) -Save string type if specified for DEFAULT clause handling(Thomas) -Coerce operations involving different data types(Thomas) -Allow some index use for columns of different types(Thomas) -Add capabilities for automatic type conversion(Thomas) -Cleanups for large objects, so file is truncated on open(Peter) -Readline cleanups(Tom) -Allow psql \f \ to make spaces as delimiter(Bruce) -Pass pg_attribute.atttypmod to the frontend for column field lengths(Tom,Bruce) -Msql compatibility library in /contrib(Aldrin) -Remove the requirement that ORDER/GROUP BY clause identifiers be -included in the target list(David) -Convert columns to match columns in UNION clauses(Thomas) -Remove fork()/exec() and only do fork()(Bruce) -Jdbc cleanups(Peter) -Show backend status on ps command line(only works on some platforms)(Bruce) -Pg_hba.conf now has a sameuser option in the database field -Make lo_unlink take oid param, not int4 -New DISABLE_COMPLEX_MACRO for compilers that cannot handle our macros(Bruce) -Libpgtcl now handles NOTIFY as a Tcl event, need not send dummy queries(Tom) -libpgtcl cleanups(Tom) -Add -error option to libpgtcl's pg_result command(Tom) -New locale patch, see docs/README/locale(Oleg) -Fix for pg_dump so CONSTRAINT and CHECK syntax is correct(ccb) -New contrib/lo code for large object orphan removal(Peter) -New psql command "SET CLIENT_ENCODING TO 'encoding'" for multibytes -feature, see /doc/README.mb(Tatsuo) -contrib/noupdate code to revoke update permission on a column -libpq can now be compiled on Windows(Magnus) -Add PQsetdbLogin() in libpq -New 8-byte integer type, checked by configure for OS support(Thomas) -Better support for quoted table/column names(Thomas) -Surround table and column names with double-quotes in pg_dump(Thomas) -PQreset() now works with passwords(Tom) -Handle case of GROUP BY target list column number out of range(David) -Allow UNION in subselects -Add auto-size to screen to \d? commands(Bruce) -Use UNION to show all \d? results in one query(Bruce) -Add \d? field search feature(Bruce) -Pg_dump issues fewer \connect requests(Tom) -Make pg_dump -z flag work better, document it in manual page(Tom) -Add HAVING clause with full support for subselects and unions(Stephan) -Full text indexing routines in contrib/fulltextindex(Maarten) -Transaction ids now stored in shared memory(Vadim) -New PGCLIENTENCODING when issuing COPY command(Tatsuo) -Support for SQL92 syntax "SET NAMES"(Tatsuo) -Support for LATIN2-5(Tatsuo) -Add UNICODE regression test case(Tatsuo) -Lock manager cleanup, new locking modes for LLL(Vadim) -Allow index use with OR clauses(Bruce) -Allows "SELECT NULL ORDER BY 1;" -Explain VERBOSE prints the plan, and now pretty-prints the plan to -the postmaster log file(Bruce) -Add indexes display to \d command(Bruce) -Allow GROUP BY on functions(David) -New pg_class.relkind for large objects(Bruce) -New way to send libpq NOTICE messages to a different location(Tom) -New \w write command to psql(Bruce) -New /contrib/findoidjoins scans oid columns to find join relationships(Bruce) -Allow binary-compatible indexes to be considered when checking for valid -Indexes for restriction clauses containing a constant(Thomas) -New ISBN/ISSN code in /contrib/isbn_issn -Allow NOT LIKE, IN, NOT IN, BETWEEN, and NOT BETWEEN constraint(Thomas) -New rewrite system fixes many problems with rules and views(Jan) - * Rules on relations work - * Event qualifications on insert/update/delete work - * New OLD variable to reference CURRENT, CURRENT will be remove in future - * Update rules can reference NEW and OLD in rule qualifications/actions - * Insert/update/delete rules on views work - * Multiple rule actions are now supported, surrounded by parentheses - * Regular users can create views/rules on tables they have RULE permits - * Rules and views inherit the privileges of the creator - * No rules at the column level - * No UPDATE NEW/OLD rules - * New pg_tables, pg_indexes, pg_rules and pg_views system views - * Only a single action on SELECT rules - * Total rewrite overhaul, perhaps for 6.5 - * handle subselects - * handle aggregates on views - * handle insert into select from view works -System indexes are now multikey(Bruce) -Oidint2, oidint4, and oidname types are removed(Bruce) -Use system cache for more system table lookups(Bruce) -New backend programming language PL/pgSQL in backend/pl(Jan) -New SERIAL data type, auto-creates sequence/index(Thomas) -Enable assert checking without a recompile(Massimo) -User lock enhancements(Massimo) -New setval() command to set sequence value(Massimo) -Auto-remove unix socket file on start-up if no postmaster running(Massimo) -Conditional trace package(Massimo) -New UNLISTEN command(Massimo) -psql and libpq now compile under Windows using win32.mak(Magnus) -Lo_read no longer stores trailing NULL(Bruce) -Identifiers are now truncated to 31 characters internally(Bruce) -Createuser options now available on the command line -Code for 64-bit integer supported added, configure tested, int8 type(Thomas) -Prevent file descriptor leaf from failed COPY(Bruce) -New pg_upgrade command(Bruce) -Updated /contrib directories(Massimo) -New CREATE TABLE DEFAULT VALUES statement available(Thomas) -New INSERT INTO TABLE DEFAULT VALUES statement available(Thomas) -New DECLARE and FETCH feature(Thomas) -libpq's internal structures now not exported(Tom) -Allow up to 8 key indexes(Bruce) -Remove ARCHIVE key word, that is no longer used(Thomas) -pg_dump -n flag to suppress quotes around identifiers -disable system columns for views(Jan) -new INET and CIDR types for network addresses(TomH, Paul) -no more double quotes in psql output -pg_dump now dumps views(Terry) -new SET QUERY_LIMIT(Tatsuo,Jan) - -Source Tree Changes -------------------- -/contrib cleanup(Jun) -Inline some small functions called for every row(Bruce) -Alpha/linux fixes -HP-UX cleanups(Tom) -Multibyte regression tests(Soonmyung.) -Remove --disabled options from configure -Define PGDOC to use POSTGRESDIR by default -Make regression optional -Remove extra braces code to pgindent(Bruce) -Add bsdi shared library support(Bruce) -New --without-CXX support configure option(Brook) -New FAQ_CVS -Update backend flowchart in tools/backend(Bruce) -Change atttypmod from int16 to int32(Bruce, Tom) -Getrusage() fix for platforms that do not have it(Tom) -Add PQconnectdb, PGUSER, PGPASSWORD to libpq man page -NS32K platform fixes(Phil Nelson, John Buller) -SCO 7/UnixWare 2.x fixes(Billy,others) -Sparc/Solaris 2.5 fixes(Ryan) -Pgbuiltin.3 is obsolete, move to doc files(Thomas) -Even more documentation(Thomas) -Nextstep support(Jacek) -Aix support(David) -pginterface manual page(Bruce) -shared libraries all have version numbers -merged all OS-specific shared library defines into one file -smarter TCL/TK configuration checking(Billy) -smarter perl configuration(Brook) -configure uses supplied install-sh if no install script found(Tom) -new Makefile.shlib for shared library configuration(Tom) - - - - - - -Release 6.3.2 - - - Release date: - 1998-04-07 - - - -This is a bug-fix release for 6.3.x. -Refer to the release notes for version 6.3 for a more complete summary of new features. - - -Summary: - - - - -Repairs automatic configuration support for some platforms, including Linux, -from breakage inadvertently introduced in version 6.3.1. - - - - - -Correctly handles function calls on the left side of BETWEEN and LIKE clauses. - - - - - - -A dump/restore is NOT required for those running 6.3 or 6.3.1. A -make distclean, make, and make install is all that is required. -This last step should be performed while the postmaster is not running. -You should re-link any custom applications that use PostgreSQL libraries. - - -For upgrades from pre-6.3 installations, -refer to the installation and migration instructions for version 6.3. - - - - Changes - - - -Configure detection improvements for tcl/tk(Brook Milligan, Alvin) -Manual page improvements(Bruce) -BETWEEN and LIKE fix(Thomas) -fix for psql \connect used by pg_dump(Oliver Elphick) -New odbc driver -pgaccess, version 0.86 -qsort removed, now uses libc version, cleanups(Jeroen) -fix for buffer over-runs detected(Maurice Gittens) -fix for buffer overrun in libpgtcl(Randy Kunkee) -fix for UNION with DISTINCT or ORDER BY(Bruce) -gettimeofday configure check(Doug Winterburn) -Fix "indexes not used" bug(Vadim) -docs additions(Thomas) -Fix for backend memory leak(Bruce) -libreadline cleanup(Erwan MAS) -Remove DISTDIR(Bruce) -Makefile dependency cleanup(Jeroen van Vianen) -ASSERT fixes(Bruce) - - - - - - - Release 6.3.1 - - - Release date: - 1998-03-23 - - - - Summary: - - - - -Additional support for multibyte character sets. - - - - - -Repair byte ordering for mixed-endian clients and servers. - - - - - -Minor updates to allowed SQL syntax. - - - - - -Improvements to the configuration autodetection for installation. - - - - - - -A dump/restore is NOT required for those running 6.3. A -make distclean, make, and make install is all that is required. -This last step should be performed while the postmaster is not running. -You should re-link any custom applications that use PostgreSQL libraries. - - -For upgrades from pre-6.3 installations, -refer to the installation and migration instructions for version 6.3. - - - - Changes - - - -ecpg cleanup/fixes, now version 1.1(Michael Meskes) -pg_user cleanup(Bruce) -large object fix for pg_dump and tclsh (alvin) -LIKE fix for multiple adjacent underscores -fix for redefining builtin functions(Thomas) -ultrix4 cleanup -upgrade to pg_access 0.83 -updated CLUSTER manual page -multibyte character set support, see doc/README.mb(Tatsuo) -configure --with-pgport fix -pg_ident fix -big-endian fix for backend communications(Kataoka) -SUBSTR() and substring() fix(Jan) -several jdbc fixes(Peter) -libpgtcl improvements, see libptcl/README(Randy Kunkee) -Fix for "Datasize = 0" error(Vadim) -Prevent \do from wrapping(Bruce) -Remove duplicate Russian character set entries -Sunos4 cleanup -Allow optional TABLE key word in LOCK and SELECT INTO(Thomas) -CREATE SEQUENCE options to allow a negative integer(Thomas) -Add "PASSWORD" as an allowed column identifier(Thomas) -Add checks for UNION target fields(Bruce) -Fix Alpha port(Dwayne Bailey) -Fix for text arrays containing quotes(Doug Gibson) -Solaris compile fix(Albert Chin-A-Young) -Better identify tcl and tk libs and includes(Bruce) - - - - - - - Release 6.3 - - - Release date: - 1998-03-01 - - - - There are many new features and improvements in this release. - Here is a brief, incomplete summary: - - - - - Many new SQL features, including - full SQL92 subselect capability - (everything is here but target-list subselects). - - - - - - Support for client-side environment variables to specify time zone and date style. - - - - - - Socket interface for client/server connection. This is the default now - so you might need to start postmaster with the - flag. - - - - - - Better password authorization mechanisms. Default table privileges have changed. - - - - - - Old-style time travel - has been removed. Performance has been improved. - - - - - - - - Bruce Momjian wrote the following notes to introduce the new release. - - - - - There are some general 6.3 issues that I want to mention. These are - only the big items that cannot be described in one sentence. A review - of the detailed changes list is still needed. - - - First, we now have subselects. Now that we have them, I would like to - mention that without subselects, SQL is a very limited language. - Subselects are a major feature, and you should review your code for - places where subselects provide a better solution for your queries. I - think you will find that there are more uses for subselects than you might - think. Vadim has put us on the big SQL map with subselects, and fully - functional ones too. The only thing you cannot do with subselects is to - use them in the target list. - - - Second, 6.3 uses Unix domain sockets rather than TCP/IP by default. To - enable connections from other machines, you have to use the new - postmaster -i option, and of course edit pg_hba.conf. Also, for this - reason, the format of pg_hba.conf has changed. - - - Third, char() fields will now allow faster access than varchar() or - text. Specifically, the text and varchar() have a penalty for access to - any columns after the first column of this type. char() used to also - have this access penalty, but it no longer does. This might suggest that - you redesign some of your tables, especially if you have short character - columns that you have defined as varchar() or text. This and other - changes make 6.3 even faster than earlier releases. - - - We now have passwords definable independent of any Unix file. There are - new SQL USER commands. - See the Administrator's Guide for more - information. There is a new table, pg_shadow, which is used to store - user information and user passwords, and it by default only SELECT-able - by the postgres super-user. pg_user is now a view of pg_shadow, and is - SELECT-able by PUBLIC. You should keep using pg_user in your - application without changes. - - - User-created tables now no longer have SELECT privilege to PUBLIC by - default. This was done because the ANSI standard requires it. You can - of course GRANT any privileges you want after the table is created. - System tables continue to be SELECT-able by PUBLIC. - - - We also have real deadlock detection code. No more sixty-second - timeouts. And the new locking code implements a FIFO better, so there - should be less resource starvation during heavy use. - - - Many complaints have been made about inadequate documentation in previous - releases. Thomas has put much effort into many new manuals for this - release. Check out the doc/ directory. - - - For performance reasons, time travel is gone, but can be implemented - using triggers (see pgsql/contrib/spi/README). Please check out the new - \d command for types, operators, etc. Also, views have their own - privileges now, not based on the underlying tables, so privileges on - them have to be set separately. Check /pgsql/interfaces for some new - ways to talk to PostgreSQL. - - - This is the first release that really required an explanation for - existing users. In many ways, this was necessary because the new - release removes many limitations, and the work-arounds people were using - are no longer needed. - - - - Migration to Version 6.3 - - - A dump/restore using pg_dump - or pg_dumpall - is required for those wishing to migrate data from any - previous release of PostgreSQL. - - - - - Changes - - - -Bug Fixes ---------- -Fix binary cursors broken by MOVE implementation(Vadim) -Fix for tcl library crash(Jan) -Fix for array handling, from Gerhard Hintermayer -Fix acl error, and remove duplicate pqtrace(Bruce) -Fix psql \e for empty file(Bruce) -Fix for textcat on varchar() fields(Bruce) -Fix for DBT Sendproc (Zeugswetter Andres) -Fix vacuum analyze syntax problem(Bruce) -Fix for international identifiers(Tatsuo) -Fix aggregates on inherited tables(Bruce) -Fix substr() for out-of-bounds data -Fix for select 1=1 or 2=2, select 1=1 and 2=2, and select sum(2+2)(Bruce) -Fix notty output to show status result. -q option still turns it off(Bruce) -Fix for count(*), aggs with views and multiple tables and sum(3)(Bruce) -Fix cluster(Bruce) -Fix for PQtrace start/stop several times(Bruce) -Fix a variety of locking problems like newer lock waiters getting - lock before older waiters, and having readlock people not share - locks if a writer is waiting for a lock, and waiting writers not - getting priority over waiting readers(Bruce) -Fix crashes in psql when executing queries from external files(James) -Fix problem with multiple order by columns, with the first one having - NULL values(Jeroen) -Use correct hash table support functions for float8 and int4(Thomas) -Re-enable JOIN= option in CREATE OPERATOR statement (Thomas) -Change precedence for boolean operators to match expected behavior(Thomas) -Generate elog(ERROR) on over-large integer(Bruce) -Allow multiple-argument functions in constraint clauses(Thomas) -Check boolean input literals for 'true','false','yes','no','1','0' - and throw elog(ERROR) if unrecognized(Thomas) -Major large objects fix -Fix for GROUP BY showing duplicates(Vadim) -Fix for index scans in MergeJoin(Vadim) - -Enhancements ------------- -Subselects with EXISTS, IN, ALL, ANY key words (Vadim, Bruce, Thomas) -New User Manual(Thomas, others) -Speedup by inlining some frequently-called functions -Real deadlock detection, no more timeouts(Bruce) -Add SQL92 "constants" CURRENT_DATE, CURRENT_TIME, CURRENT_TIMESTAMP, - CURRENT_USER(Thomas) -Modify constraint syntax to be SQL92-compliant(Thomas) -Implement SQL92 PRIMARY KEY and UNIQUE clauses using indexes(Thomas) -Recognize SQL92 syntax for FOREIGN KEY. Throw elog notice(Thomas) -Allow NOT NULL UNIQUE constraint clause (each allowed separately before)(Thomas) -Allow PostgreSQL-style casting ("::") of non-constants(Thomas) -Add support for SQL3 TRUE and FALSE boolean constants(Thomas) -Support SQL92 syntax for IS TRUE/IS FALSE/IS NOT TRUE/IS NOT FALSE(Thomas) -Allow shorter strings for boolean literals (e.g. "t", "tr", "tru")(Thomas) -Allow SQL92 delimited identifiers(Thomas) -Implement SQL92 binary and hexadecimal string decoding (b'10' and x'1F')(Thomas) -Support SQL92 syntax for type coercion of literal strings - (e.g. "DATETIME 'now'")(Thomas) -Add conversions for int2, int4, and OID types to and from text(Thomas) -Use shared lock when building indexes(Vadim) -Free memory allocated for a user query inside transaction block after - this query is done, was turned off in <= 6.2.1(Vadim) -New SQL statement CREATE PROCEDURAL LANGUAGE(Jan) -New PostgreSQL Procedural Language (PL) backend interface(Jan) -Rename pg_dump -H option to -h(Bruce) -Add Java support for passwords, European dates(Peter) -Use indexes for LIKE and ~, !~ operations(Bruce) -Add hash functions for datetime and timespan(Thomas) -Time Travel removed(Vadim, Bruce) -Add paging for \d and \z, and fix \i(Bruce) -Add Unix domain socket support to backend and to frontend library(Goran) -Implement CREATE DATABASE/WITH LOCATION and initlocation utility(Thomas) -Allow more SQL92 and/or PostgreSQL reserved words as column identifiers(Thomas) -Augment support for SQL92 SET TIME ZONE...(Thomas) -SET/SHOW/RESET TIME ZONE uses TZ backend environment variable(Thomas) -Implement SET keyword = DEFAULT and SET TIME ZONE DEFAULT(Thomas) -Enable SET TIME ZONE using TZ environment variable(Thomas) -Add PGDATESTYLE environment variable to frontend and backend initialization(Thomas) -Add PGTZ, PGCOSTHEAP, PGCOSTINDEX, PGRPLANS, PGGEQO - frontend library initialization environment variables(Thomas) -Regression tests time zone automatically set with "setenv PGTZ PST8PDT"(Thomas) -Add pg_description table for info on tables, columns, operators, types, and - aggregates(Bruce) -Increase 16 char limit on system table/index names to 32 characters(Bruce) -Rename system indexes(Bruce) -Add 'GERMAN' option to SET DATESTYLE(Thomas) -Define an "ISO-style" timespan output format with "hh:mm:ss" fields(Thomas) -Allow fractional values for delta times (e.g. '2.5 days')(Thomas) -Validate numeric input more carefully for delta times(Thomas) -Implement day of year as possible input to date_part()(Thomas) -Define timespan_finite() and text_timespan() functions(Thomas) -Remove archive stuff(Bruce) -Allow for a pg_password authentication database that is separate from - the system password file(Todd) -Dump ACLs, GRANT, REVOKE privileges(Matt) -Define text, varchar, and bpchar string length functions(Thomas) -Fix Query handling for inheritance, and cost computations(Bruce) -Implement CREATE TABLE/AS SELECT (alternative to SELECT/INTO)(Thomas) -Allow NOT, IS NULL, IS NOT NULL in constraints(Thomas) -Implement UNIONs for SELECT(Bruce) -Add UNION, GROUP, DISTINCT to INSERT(Bruce) -varchar() stores only necessary bytes on disk(Bruce) -Fix for BLOBs(Peter) -Mega-Patch for JDBC...see README_6.3 for list of changes(Peter) -Remove unused "option" from PQconnectdb() -New LOCK command and lock manual page describing deadlocks(Bruce) -Add new psql \da, \dd, \df, \do, \dS, and \dT commands(Bruce) -Enhance psql \z to show sequences(Bruce) -Show NOT NULL and DEFAULT in psql \d table(Bruce) -New psql .psqlrc file start-up(Andrew) -Modify sample start-up script in contrib/linux to show syslog(Thomas) -New types for IP and MAC addresses in contrib/ip_and_mac(TomH) -Unix system time conversions with date/time types in contrib/unixdate(Thomas) -Update of contrib stuff(Massimo) -Add Unix socket support to DBD::Pg(Goran) -New python interface (PyGreSQL 2.0)(D'Arcy) -New frontend/backend protocol has a version number, network byte order(Phil) -Security features in pg_hba.conf enhanced and documented, many cleanups(Phil) -CHAR() now faster access than VARCHAR() or TEXT -ecpg embedded SQL preprocessor -Reduce system column overhead(Vadmin) -Remove pg_time table(Vadim) -Add pg_type attribute to identify types that need length (bpchar, varchar) -Add report of offending line when COPY command fails -Allow VIEW privileges to be set separately from the underlying tables. - For security, use GRANT/REVOKE on views as appropriate(Jan) -Tables now have no default GRANT SELECT TO PUBLIC. You must - explicitly grant such privileges. -Clean up tutorial examples(Darren) - -Source Tree Changes -------------------- -Add new html development tools, and flow chart in /tools/backend -Fix for SCO compiles -Stratus computer port Robert Gillies -Added support for shlib for BSD44_derived & i386_solaris -Make configure more automated(Brook) -Add script to check regression test results -Break parser functions into smaller files, group together(Bruce) -Rename heap_create to heap_create_and_catalog, rename heap_creatr - to heap_create()(Bruce) -Sparc/Linux patch for locking(TomS) -Remove PORTNAME and reorganize port-specific stuff(Marc) -Add optimizer README file(Bruce) -Remove some recursion in optimizer and clean up some code there(Bruce) -Fix for NetBSD locking(Henry) -Fix for libptcl make(Tatsuo) -AIX patch(Darren) -Change IS TRUE, IS FALSE, ... to expressions using "=" rather than - function calls to istrue() or isfalse() to allow optimization(Thomas) -Various fixes NetBSD/Sparc related(TomH) -Alpha linux locking(Travis,Ryan) -Change elog(WARN) to elog(ERROR)(Bruce) -FAQ for FreeBSD(Marc) -Bring in the PostODBC source tree as part of our standard distribution(Marc) -A minor patch for HP/UX 10 vs 9(Stan) -New pg_attribute.atttypmod for type-specific info like varchar length(Bruce) -UnixWare patches(Billy) -New i386 'lock' for spinlock asm(Billy) -Support for multiplexed backends is removed -Start an OpenBSD port -Start an AUX port -Start a Cygnus port -Add string functions to regression suite(Thomas) -Expand a few function names formerly truncated to 16 characters(Thomas) -Remove un-needed malloc() calls and replace with palloc()(Bruce) - - - - - - -Release 6.2.1 - - - Release date: - 1997-10-17 - - - -6.2.1 is a bug-fix and usability release on 6.2. - - -Summary: - - - - -Allow strings to span lines, per SQL92. - - - - - -Include example trigger function for inserting user names on table updates. - - - - - - -This is a minor bug-fix release on 6.2. -For upgrades from pre-6.2 systems, a full dump/reload is required. -Refer to the 6.2 release notes for instructions. - - - -Migration from version 6.2 to version 6.2.1 - - -This is a minor bug-fix release. A dump/reload is not required from version 6.2, -but is required from any release prior to 6.2. - - -In upgrading from version 6.2, if you choose to dump/reload you will find that -avg(money) is now calculated correctly. All other bug fixes take effect -upon updating the executables. - - -Another way to avoid dump/reload is to use the following SQL command -from psql to update the existing system table: - - -update pg_aggregate set aggfinalfn = 'cash_div_flt8' - where aggname = 'avg' and aggbasetype = 790; - - - -This will need to be done to every existing database, including template1. - - - - - Changes - - - -Allow TIME and TYPE column names(Thomas) -Allow larger range of true/false as boolean values(Thomas) -Support output of "now" and "current"(Thomas) -Handle DEFAULT with INSERT of NULL properly(Vadim) -Fix for relation reference counts problem in buffer manager(Vadim) -Allow strings to span lines, like ANSI(Thomas) -Fix for backward cursor with ORDER BY(Vadim) -Fix avg(cash) computation(Thomas) -Fix for specifying a column twice in ORDER/GROUP BY(Vadim) -Documented new libpq function to return affected rows, PQcmdTuples(Bruce) -Trigger function for inserting user names for INSERT/UPDATE(Brook Milligan) - - - - - - -Release 6.2 - - - Release date: - 1997-10-02 - - - -A dump/restore is required for those wishing to migrate data from -previous releases of PostgreSQL. - - - -Migration from version 6.1 to version 6.2 - - -This migration requires a complete dump of the 6.1 database and a -restore of the database in 6.2. - - -Note that the pg_dump and pg_dumpall utility from 6.2 should be used -to dump the 6.1 database. - - - - -Migration from version 1.<replaceable>x</replaceable> to version 6.2 - - -Those migrating from earlier 1.* releases should first upgrade to 1.09 -because the COPY output format was improved from the 1.02 release. - - - - - Changes - - - -Bug Fixes ---------- -Fix problems with pg_dump for inheritance, sequences, archive tables(Bruce) -Fix compile errors on overflow due to shifts, unsigned, and bad prototypes - from Solaris(Diab Jerius) -Fix bugs in geometric line arithmetic (bad intersection calculations)(Thomas) -Check for geometric intersections at endpoints to avoid rounding ugliness(Thomas) -Catch non-functional delete attempts(Vadim) -Change time function names to be more consistent(Michael Reifenberg) -Check for zero divides(Michael Reifenberg) -Fix very old bug which made rows changed/inserted by a command - visible to the command itself (so we had multiple update of - updated rows, etc.)(Vadim) -Fix for SELECT null, 'fail' FROM pg_am (Patrick) -SELECT NULL as EMPTY_FIELD now allowed(Patrick) -Remove un-needed signal stuff from contrib/pginterface -Fix OR (where x != 1 or x isnull didn't return rows with x NULL) (Vadim) -Fix time_cmp function (Vadim) -Fix handling of functions with non-attribute first argument in - WHERE clauses (Vadim) -Fix GROUP BY when order of entries is different from order - in target list (Vadim) -Fix pg_dump for aggregates without sfunc1 (Vadim) - -Enhancements ------------- -Default genetic optimizer GEQO parameter is now 8(Bruce) -Allow use parameters in target list having aggregates in functions(Vadim) -Added JDBC driver as an interface(Adrian & Peter) -pg_password utility -Return number of rows inserted/affected by INSERT/UPDATE/DELETE etc.(Vadim) -Triggers implemented with CREATE TRIGGER (SQL3)(Vadim) -SPI (Server Programming Interface) allows execution of queries inside - C-functions (Vadim) -NOT NULL implemented (SQL92)(Robson Paniago de Miranda) -Include reserved words for string handling, outer joins, and unions(Thomas) -Implement extended comments ("/* ... */") using exclusive states(Thomas) -Add "//" single-line comments(Bruce) -Remove some restrictions on characters in operator names(Thomas) -DEFAULT and CONSTRAINT for tables implemented (SQL92)(Vadim & Thomas) -Add text concatenation operator and function (SQL92)(Thomas) -Support WITH TIME ZONE syntax (SQL92)(Thomas) -Support INTERVAL unit TO unit syntax (SQL92)(Thomas) -Define types DOUBLE PRECISION, INTERVAL, CHARACTER, - and CHARACTER VARYING (SQL92)(Thomas) -Define type FLOAT(p) and rudimentary DECIMAL(p,s), NUMERIC(p,s) (SQL92)(Thomas) -Define EXTRACT(), POSITION(), SUBSTRING(), and TRIM() (SQL92)(Thomas) -Define CURRENT_DATE, CURRENT_TIME, CURRENT_TIMESTAMP (SQL92)(Thomas) -Add syntax and warnings for UNION, HAVING, INNER and OUTER JOIN (SQL92)(Thomas) -Add more reserved words, mostly for SQL92 compliance(Thomas) -Allow hh:mm:ss time entry for timespan/reltime types(Thomas) -Add center() routines for lseg, path, polygon(Thomas) -Add distance() routines for circle-polygon, polygon-polygon(Thomas) -Check explicitly for points and polygons contained within polygons - using an axis-crossing algorithm(Thomas) -Add routine to convert circle-box(Thomas) -Merge conflicting operators for different geometric data types(Thomas) -Replace distance operator "<===>" with "<->"(Thomas) -Replace "above" operator "!^" with ">^" and "below" operator "!|" with "<^"(Thomas) -Add routines for text trimming on both ends, substring, and string position(Thomas) -Added conversion routines circle(box) and poly(circle)(Thomas) -Allow internal sorts to be stored in memory rather than in files(Bruce & Vadim) -Allow functions and operators on internally-identical types to succeed(Bruce) -Speed up backend start-up after profiling analysis(Bruce) -Inline frequently called functions for performance(Bruce) -Reduce open() calls(Bruce) -psql: Add PAGER for \h and \?,\C fix -Fix for psql pager when no tty(Bruce) -New entab utility(Bruce) -General trigger functions for referential integrity (Vadim) -General trigger functions for time travel (Vadim) -General trigger functions for AUTOINCREMENT/IDENTITY feature (Vadim) -MOVE implementation (Vadim) - -Source Tree Changes -------------------- -HP-UX 10 patches (Vladimir Turin) -Added SCO support, (Daniel Harris) -MkLinux patches (Tatsuo Ishii) -Change geometric box terminology from "length" to "width"(Thomas) -Deprecate temporary unstored slope fields in geometric code(Thomas) -Remove restart instructions from INSTALL(Bruce) -Look in /usr/ucb first for install(Bruce) -Fix c++ copy example code(Thomas) -Add -o to psql manual page(Bruce) -Prevent relname unallocated string length from being copied into database(Bruce) -Cleanup for NAMEDATALEN use(Bruce) -Fix pg_proc names over 15 chars in output(Bruce) -Add strNcpy() function(Bruce) -remove some (void) casts that are unnecessary(Bruce) -new interfaces directory(Marc) -Replace fopen() calls with calls to fd.c functions(Bruce) -Make functions static where possible(Bruce) -enclose unused functions in #ifdef NOT_USED(Bruce) -Remove call to difftime() in timestamp support to fix SunOS(Bruce & Thomas) -Changes for Digital Unix -Portability fix for pg_dumpall(Bruce) -Rename pg_attribute.attnvals to attdispersion(Bruce) -"intro/unix" manual page now "pgintro"(Bruce) -"built-in" manual page now "pgbuiltin"(Bruce) -"drop" manual page now "drop_table"(Bruce) -Add "create_trigger", "drop_trigger" manual pages(Thomas) -Add constraints regression test(Vadim & Thomas) -Add comments syntax regression test(Thomas) -Add PGINDENT and support program(Bruce) -Massive commit to run PGINDENT on all *.c and *.h files(Bruce) -Files moved to /src/tools directory(Bruce) -SPI and Trigger programming guides (Vadim & D'Arcy) - - - - - - -Release 6.1.1 - - - Release date: - 1997-07-22 - - - -Migration from version 6.1 to version 6.1.1 - - -This is a minor bug-fix release. A dump/reload is not required from version 6.1, -but is required from any release prior to 6.1. -Refer to the release notes for 6.1 for more details. - - - - - Changes - - - -fix for SET with options (Thomas) -allow pg_dump/pg_dumpall to preserve ownership of all tables/objects(Bruce) -new psql \connect option allows changing usernames without changing databases -fix for initdb --debug option(Yoshihiko Ichikawa)) -lextest cleanup(Bruce) -hash fixes(Vadim) -fix date/time month boundary arithmetic(Thomas) -fix timezone daylight handling for some ports(Thomas, Bruce, Tatsuo) -timestamp overhauled to use standard functions(Thomas) -other code cleanup in date/time routines(Thomas) -psql's \d now case-insensitive(Bruce) -psql's backslash commands can now have trailing semicolon(Bruce) -fix memory leak in psql when using \g(Bruce) -major fix for endian handling of communication to server(Thomas, Tatsuo) -Fix for Solaris assembler and include files(Yoshihiko Ichikawa) -allow underscores in usernames(Bruce) -pg_dumpall now returns proper status, portability fix(Bruce) - - - - - - -Release 6.1 - - - Release date: - 1997-06-08 - - - - The regression tests have been adapted and extensively modified for the - 6.1 release of PostgreSQL. - - - - Three new data types (datetime, timespan, and circle) have been added to - the native set of PostgreSQL types. Points, boxes, paths, and polygons - have had their output formats made consistent across the data types. - The polygon output in misc.out has only been spot-checked for correctness - relative to the original regression output. - - - - PostgreSQL 6.1 introduces a new, alternate -optimizer which uses genetic - algorithms. These algorithms introduce a random behavior in the ordering - of query results when the query contains multiple qualifiers or multiple - tables (giving the optimizer a choice on order of evaluation). Several - regression tests have been modified to explicitly order the results, and - hence are insensitive to optimizer choices. A few regression tests are - for data types which are inherently unordered (e.g. points and time - intervals) and tests involving those types are explicitly bracketed with - set geqo to 'off' and reset geqo. - - - - The interpretation of array specifiers (the curly braces around atomic - values) appears to have changed sometime after the original regression - tests were generated. The current ./expected/*.out files reflect this - new interpretation, which might not be correct! - - - - The float8 regression test fails on at least some platforms. This is due - to differences in implementations of pow() and exp() and the signaling - mechanisms used for overflow and underflow conditions. - - - - The random results in the random test should cause the - random test to be failed, since the - regression tests are evaluated using a simple diff. However, - random does not seem to produce random results on my test - machine (Linux/gcc/i686). - - - -Migration to Version 6.1 - - -This migration requires a complete dump of the 6.0 database and a -restore of the database in 6.1. - - -Those migrating from earlier 1.* releases should first upgrade to 1.09 -because the COPY output format was improved from the 1.02 release. - - - - - Changes - - - -Bug Fixes ---------- -packet length checking in library routines -lock manager priority patch -check for under/over flow of float8(Bruce) -multitable join fix(Vadim) -SIGPIPE crash fix(Darren) -large object fixes(Sven) -allow btree indexes to handle NULLs(Vadim) -timezone fixes(D'Arcy) -select SUM(x) can return NULL on no rows(Thomas) -internal optimizer, executor bug fixes(Vadim) -fix problem where inner loop in < or <= has no rows(Vadim) -prevent re-commuting join index clauses(Vadim) -fix join clauses for multiple tables(Vadim) -fix hash, hashjoin for arrays(Vadim) -fix btree for abstime type(Vadim) -large object fixes(Raymond) -fix buffer leak in hash indexes (Vadim) -fix rtree for use in inner scan (Vadim) -fix gist for use in inner scan, cleanups (Vadim, Andrea) -avoid unnecessary local buffers allocation (Vadim, Massimo) -fix local buffers leak in transaction aborts (Vadim) -fix file manager memory leaks, cleanups (Vadim, Massimo) -fix storage manager memory leaks (Vadim) -fix btree duplicates handling (Vadim) -fix deleted rows reincarnation caused by vacuum (Vadim) -fix SELECT varchar()/char() INTO TABLE made zero-length fields(Bruce) -many psql, pg_dump, and libpq memory leaks fixed using Purify (Igor) - -Enhancements ------------- -attribute optimization statistics(Bruce) -much faster new btree bulk load code(Paul) -BTREE UNIQUE added to bulk load code(Vadim) -new lock debug code(Massimo) -massive changes to libpg++(Leo) -new GEQO optimizer speeds table multitable optimization(Martin) -new WARN message for non-unique insert into unique key(Marc) -update x=-3, no spaces, now valid(Bruce) -remove case-sensitive identifier handling(Bruce,Thomas,Dan) -debug backend now pretty-prints tree(Darren) -new Oracle character functions(Edmund) -new plaintext password functions(Dan) -no such class or insufficient privilege changed to distinct messages(Dan) -new ANSI timestamp function(Dan) -new ANSI Time and Date types (Thomas) -move large chunks of data in backend(Martin) -multicolumn btree indexes(Vadim) -new SET var TO value command(Martin) -update transaction status on reads(Dan) -new locale settings for character types(Oleg) -new SEQUENCE serial number generator(Vadim) -GROUP BY function now possible(Vadim) -re-organize regression test(Thomas,Marc) -new optimizer operation weights(Vadim) -new psql \z grant/permit option(Marc) -new MONEY data type(D'Arcy,Thomas) -tcp socket communication speed improved(Vadim) -new VACUUM option for attribute statistics, and for certain columns (Vadim) -many geometric type improvements(Thomas,Keith) -additional regression tests(Thomas) -new datestyle variable(Thomas,Vadim,Martin) -more comparison operators for sorting types(Thomas) -new conversion functions(Thomas) -new more compact btree format(Vadim) -allow pg_dumpall to preserve database ownership(Bruce) -new SET GEQO=# and R_PLANS variable(Vadim) -old (!GEQO) optimizer can use right-sided plans (Vadim) -typechecking improvement in SQL parser(Bruce) -new SET, SHOW, RESET commands(Thomas,Vadim) -new \connect database USER option -new destroydb -i option (Igor) -new \dt and \di psql commands (Darren) -SELECT "\n" now escapes newline (A. Duursma) -new geometry conversion functions from old format (Thomas) - -Source tree changes -------------------- -new configuration script(Marc) -readline configuration option added(Marc) -OS-specific configuration options removed(Marc) -new OS-specific template files(Marc) -no more need to edit Makefile.global(Marc) -re-arrange include files(Marc) -nextstep patches (Gregor Hoffleit) -removed Windows-specific code(Bruce) -removed postmaster -e option, now only postgres -e option (Bruce) -merge duplicate library code in front/backends(Martin) -now works with eBones, international Kerberos(Jun) -more shared library support -c++ include file cleanup(Bruce) -warn about buggy flex(Bruce) -DG/UX, Ultrix, IRIX, AIX portability fixes - - - - - - -Release 6.0 - - - Release date: - 1997-01-29 - - - -A dump/restore is required for those wishing to migrate data from -previous releases of PostgreSQL. - - - -Migration from version 1.09 to version 6.0 - - -This migration requires a complete dump of the 1.09 database and a -restore of the database in 6.0. - - - - -Migration from pre-1.09 to version 6.0 - - -Those migrating from earlier 1.* releases should first upgrade to 1.09 -because the COPY output format was improved from the 1.02 release. - - - - - Changes - - - -Bug Fixes ---------- -ALTER TABLE bug - running postgres process needs to re-read table definition -Allow vacuum to be run on one table or entire database(Bruce) -Array fixes -Fix array over-runs of memory writes(Kurt) -Fix elusive btree range/non-range bug(Dan) -Fix for hash indexes on some types like time and date -Fix for pg_log size explosion -Fix permissions on lo_export()(Bruce) -Fix uninitialized reads of memory(Kurt) -Fixed ALTER TABLE ... char(3) bug(Bruce) -Fixed a few small memory leaks -Fixed EXPLAIN handling of options and changed full_path option name -Fixed output of group acl privileges -Memory leaks (hunt and destroy with tools like Purify(Kurt) -Minor improvements to rules system -NOTIFY fixes -New asserts for run-checking -Overhauled parser/analyze code to properly report errors and increase speed -Pg_dump -d now handles NULL's properly(Bruce) -Prevent SELECT NULL from crashing server (Bruce) -Properly report errors when INSERT ... SELECT columns did not match -Properly report errors when insert column names were not correct -psql \g filename now works(Bruce) -psql fixed problem with multiple statements on one line with multiple outputs -Removed duplicate system OIDs -SELECT * INTO TABLE . GROUP/ORDER BY gives unlink error if table exists(Bruce) -Several fixes for queries that crashed the backend -Starting quote in insert string errors(Bruce) -Submitting an empty query now returns empty status, not just " " query(Bruce) - -Enhancements ------------- -Add EXPLAIN manual page(Bruce) -Add UNIQUE index capability(Dan) -Add hostname/user level access control rather than just hostname and user -Add synonym of != for <>(Bruce) -Allow "select oid,* from table" -Allow BY,ORDER BY to specify columns by number, or by non-alias table.column(Bruce) -Allow COPY from the frontend(Bryan) -Allow GROUP BY to use alias column name(Bruce) -Allow actual compression, not just reuse on the same page(Vadim) -Allow installation-configuration option to auto-add all local users(Bryan) -Allow libpq to distinguish between text value '' and null(Bruce) -Allow non-postgres users with createdb privs to destroydb's -Allow restriction on who can create C functions(Bryan) -Allow restriction on who can do backend COPY(Bryan) -Can shrink tables, pg_time and pg_log(Vadim & Erich) -Change debug level 2 to print queries only, changed debug heading layout(Bruce) -Change default decimal constant representation from float4 to float8(Bruce) -European date format now set when postmaster is started -Execute lowercase function names if not found with exact case -Fixes for aggregate/GROUP processing, allow 'select sum(func(x),sum(x+y) from z' -Gist now included in the distribution(Marc) -Ident authentication of local users(Bryan) -Implement BETWEEN qualifier(Bruce) -Implement IN qualifier(Bruce) -libpq has PQgetisnull()(Bruce) -libpq++ improvements -New options to initdb(Bryan) -Pg_dump allow dump of OIDs(Bruce) -Pg_dump create indexes after tables are loaded for speed(Bruce) -Pg_dumpall dumps all databases, and the user table -Pginterface additions for NULL values(Bruce) -Prevent postmaster from being run as root -psql \h and \? is now readable(Bruce) -psql allow backslashed, semicolons anywhere on the line(Bruce) -psql changed command prompt for lines in query or in quotes(Bruce) -psql char(3) now displays as (bp)char in \d output(Bruce) -psql return code now more accurate(Bryan?) -psql updated help syntax(Bruce) -Re-visit and fix vacuum(Vadim) -Reduce size of regression diffs, remove timezone name difference(Bruce) -Remove compile-time parameters to enable binary distributions(Bryan) -Reverse meaning of HBA masks(Bryan) -Secure Authentication of local users(Bryan) -Speed up vacuum(Vadim) -Vacuum now had VERBOSE option(Bruce) - -Source tree changes -------------------- -All functions now have prototypes that are compared against the calls -Allow asserts to be disabled easily from Makefile.global(Bruce) -Change oid constants used in code to #define names -Decoupled sparc and solaris defines(Kurt) -Gcc -Wall compiles cleanly with warnings only from unfixable constructs -Major include file reorganization/reduction(Marc) -Make now stops on compile failure(Bryan) -Makefile restructuring(Bryan, Marc) -Merge bsdi_2_1 to bsdi(Bruce) -Monitor program removed -Name change from Postgres95 to PostgreSQL -New config.h file(Marc, Bryan) -PG_VERSION now set to 6.0 and used by postmaster -Portability additions, including Ultrix, DG/UX, AIX, and Solaris -Reduced the number of #define's, centralized #define's -Remove duplicate OIDS in system tables(Dan) -Remove duplicate system catalog info or report mismatches(Dan) -Removed many os-specific #define's -Restructured object file generation/location(Bryan, Marc) -Restructured port-specific file locations(Bryan, Marc) -Unused/uninitialized variables corrected - - - - - - -Release 1.09 - - - Release date: - 1996-11-04 - - - -Sorry, we didn't keep track of changes from 1.02 to 1.09. Some of -the changes listed in 6.0 were actually included in the 1.02.1 to 1.09 -releases. - - - - -Release 1.02 - - - Release date: - 1996-08-01 - - - -Migration from version 1.02 to version 1.02.1 - - -Here is a new migration file for 1.02.1. It includes the 'copy' change -and a script to convert old ASCII files. - - - -The following notes are for the benefit of users who want to migrate -databases from Postgres95 1.01 and 1.02 to Postgres95 1.02.1. - - -If you are starting afresh with Postgres95 1.02.1 and do not need -to migrate old databases, you do not need to read any further. - - - - -In order to upgrade older Postgres95 version 1.01 or 1.02 databases to -version 1.02.1, the following steps are required: - - - - -Start up a new 1.02.1 postmaster - - - - -Add the new built-in functions and operators of 1.02.1 to 1.01 or 1.02 - databases. This is done by running the new 1.02.1 server against - your own 1.01 or 1.02 database and applying the queries attached at - the end of the file. This can be done easily through psql. If your - 1.01 or 1.02 database is named testdb and you have cut the commands - from the end of this file and saved them in addfunc.sql: - -% psql testdb -f addfunc.sql - - -Those upgrading 1.02 databases will get a warning when executing the -last two statements in the file because they are already present in 1.02. This is -not a cause for concern. - - - - - - -Dump/Reload Procedure - - -If you are trying to reload a pg_dump or text-mode, copy tablename to -stdout generated with a previous version, you will need to run the -attached sed script on the ASCII file before loading it into the -database. The old format used '.' as end-of-data, while '\.' is now the -end-of-data marker. Also, empty strings are now loaded in as '' rather -than NULL. See the copy manual page for full details. - - -sed 's/^\.$/\\./g' <in_file >out_file - - - -If you are loading an older binary copy or non-stdout copy, there is no -end-of-data character, and hence no conversion necessary. - - --- following lines added by agc to reflect the case-insensitive --- regexp searching for varchar (in 1.02), and bpchar (in 1.02.1) -create operator ~* (leftarg = bpchar, rightarg = text, procedure = texticregexeq); -create operator !~* (leftarg = bpchar, rightarg = text, procedure = texticregexne); -create operator ~* (leftarg = varchar, rightarg = text, procedure = texticregexeq); -create operator !~* (leftarg = varchar, rightarg = text, procedure = texticregexne); - - - - - -Changes - - - -Source code maintenance and development - * worldwide team of volunteers - * the source tree now in CVS at ftp.ki.net - -Enhancements - * psql (and underlying libpq library) now has many more options for - formatting output, including HTML - * pg_dump now output the schema and/or the data, with many fixes to - enhance completeness. - * psql used in place of monitor in administration shell scripts. - monitor to be deprecated in next release. - * date/time functions enhanced - * NULL insert/update/comparison fixed/enhanced - * TCL/TK lib and shell fixed to work with both tck7.4/tk4.0 and tcl7.5/tk4.1 - -Bug Fixes (almost too numerous to mention) - * indexes - * storage management - * check for NULL pointer before dereferencing - * Makefile fixes - -New Ports - * added SolarisX86 port - * added BSD/OS 2.1 port - * added DG/UX port - - - - - - - -Release 1.01 - - - Release date: - 1996-02-23 - - - - -Migration from version 1.0 to version 1.01 - - -The following notes are for the benefit of users who want to migrate -databases from Postgres95 1.0 to Postgres95 1.01. - - -If you are starting afresh with Postgres95 1.01 and do not need -to migrate old databases, you do not need to read any further. - - -In order to Postgres95 version 1.01 with databases created with -Postgres95 version 1.0, the following steps are required: - - - - -Set the definition of NAMEDATALEN in src/Makefile.global to 16 - and OIDNAMELEN to 20. - - - - -Decide whether you want to use Host based authentication. - - - - -If you do, you must create a file name pg_hba in your top-level data - directory (typically the value of your $PGDATA). src/libpq/pg_hba - shows an example syntax. - - - - -If you do not want host-based authentication, you can comment out - the line: - -HBA = 1 - - in src/Makefile.global - - - Note that host-based authentication is turned on by default, and if - you do not take steps A or B above, the out-of-the-box 1.01 will - not allow you to connect to 1.0 databases. - - - - - - - -Compile and install 1.01, but DO NOT do the initdb step. - - - - -Before doing anything else, terminate your 1.0 postmaster, and - backup your existing $PGDATA directory. - - - - -Set your PGDATA environment variable to your 1.0 databases, but set up - path up so that 1.01 binaries are being used. - - - - -Modify the file $PGDATA/PG_VERSION from 5.0 to 5.1 - - - - -Start up a new 1.01 postmaster - - - - -Add the new built-in functions and operators of 1.01 to 1.0 - databases. This is done by running the new 1.01 server against - your own 1.0 database and applying the queries attached and saving - in the file 1.0_to_1.01.sql. This can be done easily through psql. - If your 1.0 database is name testdb: - - -% psql testdb -f 1.0_to_1.01.sql - - -and then execute the following commands (cut and paste from here): - - --- add builtin functions that are new to 1.01 - -create function int4eqoid (int4, oid) returns bool as 'foo' -language 'internal'; -create function oideqint4 (oid, int4) returns bool as 'foo' -language 'internal'; -create function char2icregexeq (char2, text) returns bool as 'foo' -language 'internal'; -create function char2icregexne (char2, text) returns bool as 'foo' -language 'internal'; -create function char4icregexeq (char4, text) returns bool as 'foo' -language 'internal'; -create function char4icregexne (char4, text) returns bool as 'foo' -language 'internal'; -create function char8icregexeq (char8, text) returns bool as 'foo' -language 'internal'; -create function char8icregexne (char8, text) returns bool as 'foo' -language 'internal'; -create function char16icregexeq (char16, text) returns bool as 'foo' -language 'internal'; -create function char16icregexne (char16, text) returns bool as 'foo' -language 'internal'; -create function texticregexeq (text, text) returns bool as 'foo' -language 'internal'; -create function texticregexne (text, text) returns bool as 'foo' -language 'internal'; - --- add builtin functions that are new to 1.01 - -create operator = (leftarg = int4, rightarg = oid, procedure = int4eqoid); -create operator = (leftarg = oid, rightarg = int4, procedure = oideqint4); -create operator ~* (leftarg = char2, rightarg = text, procedure = char2icregexeq); -create operator !~* (leftarg = char2, rightarg = text, procedure = char2icregexne); -create operator ~* (leftarg = char4, rightarg = text, procedure = char4icregexeq); -create operator !~* (leftarg = char4, rightarg = text, procedure = char4icregexne); -create operator ~* (leftarg = char8, rightarg = text, procedure = char8icregexeq); -create operator !~* (leftarg = char8, rightarg = text, procedure = char8icregexne); -create operator ~* (leftarg = char16, rightarg = text, procedure = char16icregexeq); -create operator !~* (leftarg = char16, rightarg = text, procedure = char16icregexne); -create operator ~* (leftarg = text, rightarg = text, procedure = texticregexeq); -create operator !~* (leftarg = text, rightarg = text, procedure = texticregexne); - - - - - - - -Changes - - - -Incompatibilities: - * 1.01 is backwards compatible with 1.0 database provided the user - follow the steps outlined in the MIGRATION_from_1.0_to_1.01 file. - If those steps are not taken, 1.01 is not compatible with 1.0 database. - -Enhancements: - * added PQdisplayTuples() to libpq and changed monitor and psql to use it - * added NeXT port (requires SysVIPC implementation) - * added CAST .. AS ... syntax - * added ASC and DESC key words - * added 'internal' as a possible language for CREATE FUNCTION - internal functions are C functions which have been statically linked - into the postgres backend. - * a new type "name" has been added for system identifiers (table names, - attribute names, etc.) This replaces the old char16 type. The - of name is set by the NAMEDATALEN #define in src/Makefile.global - * a readable reference manual that describes the query language. - * added host-based access control. A configuration file ($PGDATA/pg_hba) - is used to hold the configuration data. If host-based access control - is not desired, comment out HBA=1 in src/Makefile.global. - * changed regex handling to be uniform use of Henry Spencer's regex code - regardless of platform. The regex code is included in the distribution - * added functions and operators for case-insensitive regular expressions. - The operators are ~* and !~*. - * pg_dump uses COPY instead of SELECT loop for better performance - -Bug fixes: - * fixed an optimizer bug that was causing core dumps when - functions calls were used in comparisons in the WHERE clause - * changed all uses of getuid to geteuid so that effective uids are used - * psql now returns non-zero status on errors when using -c - * applied public patches 1-14 - - - - - - -Release 1.0 - - - Release date: - 1995-09-05 - - - -Changes - - - -Copyright change: - * The copyright of Postgres 1.0 has been loosened to be freely modifiable - and modifiable for any purpose. Please read the COPYRIGHT file. - Thanks to Professor Michael Stonebraker for making this possible. - -Incompatibilities: - * date formats have to be MM-DD-YYYY (or DD-MM-YYYY if you're using - EUROPEAN STYLE). This follows SQL-92 specs. - * "delimiters" is now a key word - -Enhancements: - * sql LIKE syntax has been added - * copy command now takes an optional USING DELIMITER specification. - delimiters can be any single-character string. - * IRIX 5.3 port has been added. - Thanks to Paul Walmsley and others. - * updated pg_dump to work with new libpq - * \d has been added psql - Thanks to Keith Parks - * regexp performance for architectures that use POSIX regex has been - improved due to caching of precompiled patterns. - Thanks to Alistair Crooks - * a new version of libpq++ - Thanks to William Wanders - -Bug fixes: - * arbitrary userids can be specified in the createuser script - * \c to connect to other databases in psql now works. - * bad pg_proc entry for float4inc() is fixed - * users with usecreatedb field set can now create databases without - having to be usesuper - * remove access control entries when the entry no longer has any - privileges - * fixed non-portable datetimes implementation - * added kerberos flags to the src/backend/Makefile - * libpq now works with kerberos - * typographic errors in the user manual have been corrected. - * btrees with multiple index never worked, now we tell you they don't - work when you try to use them - - - - - - -<productname>Postgres95</productname> Release 0.03 - - - Release date: - 1995-07-21 - - - -Changes - - -Incompatible changes: - * BETA-0.3 IS INCOMPATIBLE WITH DATABASES CREATED WITH PREVIOUS VERSIONS - (due to system catalog changes and indexing structure changes). - * double-quote (") is deprecated as a quoting character for string literals; - you need to convert them to single quotes ('). - * name of aggregates (eg. int4sum) are renamed in accordance with the - SQL standard (eg. sum). - * CHANGE ACL syntax is replaced by GRANT/REVOKE syntax. - * float literals (eg. 3.14) are now of type float4 (instead of float8 in - previous releases); you might have to do typecasting if you depend on it - being of type float8. If you neglect to do the typecasting and you assign - a float literal to a field of type float8, you might get incorrect values - stored! - * LIBPQ has been totally revamped so that frontend applications - can connect to multiple backends - * the usesysid field in pg_user has been changed from int2 to int4 to - allow wider range of Unix user ids. - * the netbsd/freebsd/bsd o/s ports have been consolidated into a - single BSD44_derived port. (thanks to Alistair Crooks) - -SQL standard-compliance (the following details changes that makes postgres95 -more compliant to the SQL-92 standard): - * the following SQL types are now built-in: smallint, int(eger), float, real, - char(N), varchar(N), date and time. - - The following are aliases to existing postgres types: - smallint -> int2 - integer, int -> int4 - float, real -> float4 - char(N) and varchar(N) are implemented as truncated text types. In - addition, char(N) does blank-padding. - * single-quote (') is used for quoting string literals; '' (in addition to - \') is supported as means of inserting a single quote in a string - * SQL standard aggregate names (MAX, MIN, AVG, SUM, COUNT) are used - (Also, aggregates can now be overloaded, i.e. you can define your - own MAX aggregate to take in a user-defined type.) - * CHANGE ACL removed. GRANT/REVOKE syntax added. - - Privileges can be given to a group using the "GROUP" key word. - For example: - GRANT SELECT ON foobar TO GROUP my_group; - The key word 'PUBLIC' is also supported to mean all users. - - Privileges can only be granted or revoked to one user or group - at a time. - - "WITH GRANT OPTION" is not supported. Only class owners can change - access control - - The default access control is to grant users readonly access. - You must explicitly grant insert/update access to users. To change - this, modify the line in - src/backend/utils/acl.h - that defines ACL_WORLD_DEFAULT - -Bug fixes: - * the bug where aggregates of empty tables were not run has been fixed. Now, - aggregates run on empty tables will return the initial conditions of the - aggregates. Thus, COUNT of an empty table will now properly return 0. - MAX/MIN of an empty table will return a row of value NULL. - * allow the use of \; inside the monitor - * the LISTEN/NOTIFY asynchronous notification mechanism now work - * NOTIFY in rule action bodies now work - * hash indexes work, and access methods in general should perform better. - creation of large btree indexes should be much faster. (thanks to Paul - Aoki) - -Other changes and enhancements: - * addition of an EXPLAIN statement used for explaining the query execution - plan (eg. "EXPLAIN SELECT * FROM EMP" prints out the execution plan for - the query). - * WARN and NOTICE messages no longer have timestamps on them. To turn on - timestamps of error messages, uncomment the line in - src/backend/utils/elog.h: - /* define ELOG_TIMESTAMPS */ - * On an access control violation, the message - "Either no such class or insufficient privilege" - will be given. This is the same message that is returned when - a class is not found. This dissuades non-privileged users from - guessing the existence of privileged classes. - * some additional system catalog changes have been made that are not - visible to the user. - -libpgtcl changes: - * The -oid option has been added to the "pg_result" tcl command. - pg_result -oid returns oid of the last row inserted. If the - last command was not an INSERT, then pg_result -oid returns "". - * the large object interface is available as pg_lo* tcl commands: - pg_lo_open, pg_lo_close, pg_lo_creat, etc. - -Portability enhancements and New Ports: - * flex/lex problems have been cleared up. Now, you should be able to use - flex instead of lex on any platforms. We no longer make assumptions of - what lexer you use based on the platform you use. - * The Linux-ELF port is now supported. Various configuration have been - tested: The following configuration is known to work: - kernel 1.2.10, gcc 2.6.3, libc 4.7.2, flex 2.5.2, bison 1.24 - with everything in ELF format, - -New utilities: - * ipcclean added to the distribution - ipcclean usually does not need to be run, but if your backend crashes - and leaves shared memory segments hanging around, ipcclean will - clean them up for you. - -New documentation: - * the user manual has been revised and libpq documentation added. - - - - - - -<productname>Postgres95</productname> Release 0.02 - - - Release date: - 1995-05-25 - - - -Changes - - - -Incompatible changes: - * The SQL statement for creating a database is 'CREATE DATABASE' instead - of 'CREATEDB'. Similarly, dropping a database is 'DROP DATABASE' instead - of 'DESTROYDB'. However, the names of the executables 'createdb' and - 'destroydb' remain the same. - -New tools: - * pgperl - a Perl (4.036) interface to Postgres95 - * pg_dump - a utility for dumping out a postgres database into a - script file containing query commands. The script files are in an ASCII - format and can be used to reconstruct the database, even on other - machines and other architectures. (Also good for converting - a Postgres 4.2 database to Postgres95 database.) - -The following ports have been incorporated into postgres95-beta-0.02: - * the NetBSD port by Alistair Crooks - * the AIX port by Mike Tung - * the Windows NT port by Jon Forrest (more stuff but not done yet) - * the Linux ELF port by Brian Gallew - -The following bugs have been fixed in postgres95-beta-0.02: - * new lines not escaped in COPY OUT and problem with COPY OUT when first - attribute is a '.' - * cannot type return to use the default user id in createuser - * SELECT DISTINCT on big tables crashes - * Linux installation problems - * monitor doesn't allow use of 'localhost' as PGHOST - * psql core dumps when doing \c or \l - * the "pgtclsh" target missing from src/bin/pgtclsh/Makefile - * libpgtcl has a hard-wired default port number - * SELECT DISTINCT INTO TABLE hangs - * CREATE TYPE doesn't accept 'variable' as the internallength - * wrong result using more than 1 aggregate in a SELECT - - - - - - -<productname>Postgres95</productname> Release 0.01 - - - Release date: - 1995-05-01 - - - -Initial release. - - diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index b78a942bcd..7678be4d43 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -71,26 +71,81 @@ For new features, add links to the documentation sections. + &release-11; -&release-10; -&release-9.6; -&release-9.5; -&release-9.4; -&release-9.3; -&release-9.2; -&release-9.1; -&release-9.0; -&release-8.4; -&release-8.3; -&release-8.2; -&release-8.1; -&release-8.0; -&release-7.4; -&release-old; + + + Prior Releases + + + Release notes for prior release branches can be found on the + PostgreSQL + web site. At the time of release of version 11, + these were the supported prior release branches: + + + + + PostgreSQL 10: + + https://www.postgresql.org/docs/10/release.html + + + + + + + PostgreSQL 9.6: + + https://www.postgresql.org/docs/9.6/release.html + + + + + + + PostgreSQL 9.5: + + https://www.postgresql.org/docs/9.5/release.html + + + + + + + PostgreSQL 9.4: + + https://www.postgresql.org/docs/9.4/release.html + + + + + + + PostgreSQL 9.3: + + https://www.postgresql.org/docs/9.3/release.html + + + + + + + + Release notes for older release branches can be found at + + https://www.postgresql.org/docs/manuals/archive/ + + +