Release 8.4.16Release Date2013-02-07
This release contains a variety of fixes from 8.4.15.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.16
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.10,
see the release notes for 8.4.10.
Changes
Update minimum recovery point when truncating a relation file (Heikki
Linnakangas)
Once data has been discarded, it's no longer safe to stop recovery at
an earlier point in the timeline.
Fix SQL grammar to allow subscripting or field selection from a
sub-SELECT result (Tom Lane)
Protect against race conditions when scanning
pg_tablespace> (Stephen Frost, Tom Lane)
CREATE DATABASE> and DROP DATABASE> could
misbehave if there were concurrent updates of
pg_tablespace> entries.
Prevent DROP OWNED> from trying to drop whole databases or
tablespaces (Álvaro Herrera)
For safety, ownership of these objects must be reassigned, not dropped.
Fix error in vacuum_freeze_table_age>
implementation (Andres Freund)
The main consequence of this mistake is that lowering vacuum_freeze_min_age>
would cause full-table vacuuming scans to occur much more frequently
than intended.
Prevent misbehavior when a RowExpr> or XmlExpr>
is parse-analyzed twice (Andres Freund, Tom Lane)
This mistake could be user-visible in contexts such as
CREATE TABLE LIKE INCLUDING INDEXES>.
Improve defenses against integer overflow in hashtable sizing
calculations (Jeff Davis)
Reject out-of-range dates in to_date()> (Hitoshi Harada)
Ensure that non-ASCII prompt strings are translated to the correct
code page on Windows (Alexander Law, Noah Misch)
This bug affected psql> and some other client programs.
Fix possible crash in psql>'s \?> command
when not connected to a database (Meng Qingzhong)
Fix one-byte buffer overrun in libpq>'s
PQprintTuples> (Xi Wang)
This ancient function is not used anywhere by
PostgreSQL> itself, but it might still be used by some
client code.
Make ecpglib> use translated messages properly
(Chen Huajun)
Properly install ecpg_compat> and
pgtypes> libraries on MSVC (Jiang Guiqing)
Rearrange configure's tests for supplied functions so it is not
fooled by bogus exports from libedit/libreadline (Christoph Berg)
Ensure Windows build number increases over time (Magnus Hagander)
Make pgxs> build executables with the right
.exe> suffix when cross-compiling for Windows
(Zoltan Boszormenyi)
Add new timezone abbreviation FET> (Tom Lane)
This is now used in some eastern-European time zones.
Release 8.4.15Release Date2012-12-06
This release contains a variety of fixes from 8.4.14.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.15
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.10,
see the release notes for 8.4.10.
Changes
Fix multiple bugs associated with CREATE INDEX
CONCURRENTLY> (Andres Freund, Tom Lane)
Fix CREATE INDEX CONCURRENTLY> to use
in-place updates when changing the state of an index's
pg_index> row. This prevents race conditions that could
cause concurrent sessions to miss updating the target index, thus
resulting in corrupt concurrently-created indexes.
Also, fix various other operations to ensure that they ignore
invalid indexes resulting from a failed CREATE INDEX
CONCURRENTLY> command. The most important of these is
VACUUM>, because an auto-vacuum could easily be launched
on the table before corrective action can be taken to fix or remove
the invalid index.
Avoid corruption of internal hash tables when out of memory
(Hitoshi Harada)
Fix planning of non-strict equivalence clauses above outer joins
(Tom Lane)
The planner could derive incorrect constraints from a clause equating
a non-strict construct to something else, for example
WHERE COALESCE(foo, 0) = 0>
when foo> is coming from the nullable side of an outer join.
Improve planner's ability to prove exclusion constraints from
equivalence classes (Tom Lane)
Fix partial-row matching in hashed subplans to handle cross-type cases
correctly (Tom Lane)
This affects multicolumn NOT IN> subplans, such as
WHERE (a, b) NOT IN (SELECT x, y FROM ...)>
when for instance b> and y> are int4>
and int8> respectively. This mistake led to wrong answers
or crashes depending on the specific datatypes involved.
Acquire buffer lock when re-fetching the old tuple for an
AFTER ROW UPDATE/DELETE> trigger (Andres Freund)
In very unusual circumstances, this oversight could result in passing
incorrect data to the precheck logic for a foreign-key enforcement
trigger. That could result in a crash, or in an incorrect decision
about whether to fire the trigger.
Fix ALTER COLUMN TYPE> to handle inherited check
constraints properly (Pavan Deolasee)
This worked correctly in pre-8.4 releases, and now works correctly
in 8.4 and later.
Fix REASSIGN OWNED> to handle grants on tablespaces
(Álvaro Herrera)
Ignore incorrect pg_attribute> entries for system
columns for views (Tom Lane)
Views do not have any system columns. However, we forgot to
remove such entries when converting a table to a view. That's fixed
properly for 9.3 and later, but in previous branches we need to defend
against existing mis-converted views.
Fix rule printing to dump INSERT INTO table>
DEFAULT VALUES correctly (Tom Lane)
Guard against stack overflow when there are too many
UNION>/INTERSECT>/EXCEPT> clauses
in a query (Tom Lane)
Prevent platform-dependent failures when dividing the minimum possible
integer value by -1 (Xi Wang, Tom Lane)
Fix possible access past end of string in date parsing
(Hitoshi Harada)
Produce an understandable error message if the length of the path name
for a Unix-domain socket exceeds the platform-specific limit
(Tom Lane, Andrew Dunstan)
Formerly, this would result in something quite unhelpful, such as
Non-recoverable failure in name resolution>.
Fix memory leaks when sending composite column values to the client
(Tom Lane)
Make pg_ctl> more robust about reading the
postmaster.pid> file (Heikki Linnakangas)
Fix race conditions and possible file descriptor leakage.
Fix possible crash in psql> if incorrectly-encoded data
is presented and the client_encoding> setting is a
client-only encoding, such as SJIS (Jiang Guiqing)
Fix bugs in the restore.sql> script emitted by
pg_dump> in tar> output format (Tom Lane)
The script would fail outright on tables whose names include
upper-case characters. Also, make the script capable of restoring
data in
Fix pg_restore> to accept POSIX-conformant
tar> files (Brian Weaver, Tom Lane)
The original coding of pg_dump>'s tar>
output mode produced files that are not fully conformant with the
POSIX standard. This has been corrected for version 9.3. This
patch updates previous branches so that they will accept both the
incorrect and the corrected formats, in hopes of avoiding
compatibility problems when 9.3 comes out.
Fix pg_resetxlog> to locate postmaster.pid>
correctly when given a relative path to the data directory (Tom Lane)
This mistake could lead to pg_resetxlog> not noticing
that there is an active postmaster using the data directory.
Fix libpq>'s lo_import()> and
lo_export()> functions to report file I/O errors properly
(Tom Lane)
Fix ecpg>'s processing of nested structure pointer
variables (Muhammad Usama)
Make contrib/pageinspect>'s btree page inspection
functions take buffer locks while examining pages (Tom Lane)
Fix pgxs> support for building loadable modules on AIX
(Tom Lane)
Building modules outside the original source tree didn't work on AIX.
Update time zone data files to tzdata> release 2012j
for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western
Samoa, and portions of Brazil.
Release 8.4.14Release Date2012-09-24
This release contains a variety of fixes from 8.4.13.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.14
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.10,
see the release notes for 8.4.10.
Changes
Fix planner's assignment of executor parameters, and fix executor's
rescan logic for CTE plan nodes (Tom Lane)
These errors could result in wrong answers from queries that scan the
same WITH> subquery multiple times.
Improve page-splitting decisions in GiST indexes (Alexander Korotkov,
Robert Haas, Tom Lane)
Multi-column GiST indexes might suffer unexpected bloat due to this
error.
Fix cascading privilege revoke to stop if privileges are still held
(Tom Lane)
If we revoke a grant option from some role X>, but
X> still holds that option via a grant from someone
else, we should not recursively revoke the corresponding privilege
from role(s) Y> that X> had granted it
to.
Fix handling of SIGFPE> when PL/Perl is in use (Andres Freund)
Perl resets the process's SIGFPE> handler to
SIG_IGN>, which could result in crashes later on. Restore
the normal Postgres signal handler after initializing PL/Perl.
Prevent PL/Perl from crashing if a recursive PL/Perl function is
redefined while being executed (Tom Lane)
Work around possible misoptimization in PL/Perl (Tom Lane)
Some Linux distributions contain an incorrect version of
pthread.h> that results in incorrect compiled code in
PL/Perl, leading to crashes if a PL/Perl function calls another one
that throws an error.
Update time zone data files to tzdata> release 2012f
for DST law changes in Fiji
Release 8.4.13Release Date2012-08-17
This release contains a variety of fixes from 8.4.12.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.13
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.10,
see the release notes for 8.4.10.
Changes
Prevent access to external files/URLs via XML entity references
(Noah Misch, Tom Lane)
xml_parse()> would attempt to fetch external files or
URLs as needed to resolve DTD and entity references in an XML value,
thus allowing unprivileged database users to attempt to fetch data
with the privileges of the database server. While the external data
wouldn't get returned directly to the user, portions of it could be
exposed in error messages if the data didn't parse as valid XML; and
in any case the mere ability to check existence of a file might be
useful to an attacker. (CVE-2012-3489)
Prevent access to external files/URLs via contrib/xml2>'s
xslt_process()> (Peter Eisentraut)
libxslt> offers the ability to read and write both
files and URLs through stylesheet commands, thus allowing
unprivileged database users to both read and write data with the
privileges of the database server. Disable that through proper use
of libxslt>'s security options. (CVE-2012-3488)
Also, remove xslt_process()>'s ability to fetch documents
and stylesheets from external files/URLs. While this was a
documented feature>, it was long regarded as a bad idea.
The fix for CVE-2012-3489 broke that capability, and rather than
expend effort on trying to fix it, we're just going to summarily
remove it.
Prevent too-early recycling of btree index pages (Noah Misch)
When we allowed read-only transactions to skip assigning XIDs, we
introduced the possibility that a deleted btree page could be
recycled while a read-only transaction was still in flight to it.
This would result in incorrect index search results. The probability
of such an error occurring in the field seems very low because of the
timing requirements, but nonetheless it should be fixed.
Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane)
If ALTER SEQUENCE> was executed on a freshly created or
reset sequence, and then precisely one nextval()> call
was made on it, and then the server crashed, WAL replay would restore
the sequence to a state in which it appeared that no
nextval()> had been done, thus allowing the first
sequence value to be returned again by the next
nextval()> call. In particular this could manifest for
serial> columns, since creation of a serial column's sequence
includes an ALTER SEQUENCE OWNED BY> step.
Ensure the backup_label> file is fsync'd after
pg_start_backup()> (Dave Kerr)
Back-patch 9.1 improvement to compress the fsync request queue
(Robert Haas)
This improves performance during checkpoints. The 9.1 change
has now seen enough field testing to seem safe to back-patch.
Only allow autovacuum to be auto-canceled by a directly blocked
process (Tom Lane)
The original coding could allow inconsistent behavior in some cases;
in particular, an autovacuum could get canceled after less than
deadlock_timeout> grace period.
Improve logging of autovacuum cancels (Robert Haas)
Fix log collector so that log_truncate_on_rotation> works
during the very first log rotation after server start (Tom Lane)
Fix WITH> attached to a nested set operation
(UNION>/INTERSECT>/EXCEPT>)
(Tom Lane)
Ensure that a whole-row reference to a subquery doesn't include any
extra GROUP BY> or ORDER BY> columns (Tom Lane)
Disallow copying whole-row references in CHECK>
constraints and index definitions during CREATE TABLE>
(Tom Lane)
This situation can arise in CREATE TABLE> with
LIKE> or INHERITS>. The copied whole-row
variable was incorrectly labeled with the row type of the original
table not the new one. Rejecting the case seems reasonable for
LIKE>, since the row types might well diverge later. For
INHERITS> we should ideally allow it, with an implicit
coercion to the parent table's row type; but that will require more
work than seems safe to back-patch.
Fix memory leak in ARRAY(SELECT ...)> subqueries (Heikki
Linnakangas, Tom Lane)
Fix extraction of common prefixes from regular expressions (Tom Lane)
The code could get confused by quantified parenthesized
subexpressions, such as ^(foo)?bar>. This would lead to
incorrect index optimization of searches for such patterns.
Fix bugs with parsing signed
hh>:>mm> and
hh>:>mm>:>ss>
fields in interval> constants (Amit Kapila, Tom Lane)
Report errors properly in contrib/xml2>'s
xslt_process()> (Tom Lane)
Update time zone data files to tzdata> release 2012e
for DST law changes in Morocco and Tokelau
Release 8.4.12Release Date2012-06-04
This release contains a variety of fixes from 8.4.11.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.12
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.10,
see the release notes for 8.4.10.
Changes
Fix incorrect password transformation in
contrib/pgcrypto>'s DES crypt()> function
(Solar Designer)
If a password string contained the byte value 0x80>, the
remainder of the password was ignored, causing the password to be much
weaker than it appeared. With this fix, the rest of the string is
properly included in the DES hash. Any stored password values that are
affected by this bug will thus no longer match, so the stored values may
need to be updated. (CVE-2012-2143)
Ignore SECURITY DEFINER> and SET> attributes for
a procedural language's call handler (Tom Lane)
Applying such attributes to a call handler could crash the server.
(CVE-2012-2655)
Allow numeric timezone offsets in timestamp> input to be up to
16 hours away from UTC (Tom Lane)
Some historical time zones have offsets larger than 15 hours, the
previous limit. This could result in dumped data values being rejected
during reload.
Fix timestamp conversion to cope when the given time is exactly the
last DST transition time for the current timezone (Tom Lane)
This oversight has been there a long time, but was not noticed
previously because most DST-using zones are presumed to have an
indefinite sequence of future DST transitions.
Fix text> to name> and char> to name>
casts to perform string truncation correctly in multibyte encodings
(Karl Schnaitter)
Fix memory copying bug in to_tsquery()> (Heikki Linnakangas)
Fix planner's handling of outer PlaceHolderVars within subqueries (Tom
Lane)
This bug concerns sub-SELECTs that reference variables coming from the
nullable side of an outer join of the surrounding query.
In 9.1, queries affected by this bug would fail with ERROR:
Upper-level PlaceHolderVar found where not expected>. But in 9.0 and
8.4, you'd silently get possibly-wrong answers, since the value
transmitted into the subquery wouldn't go to null when it should.
Fix slow session startup when pg_attribute> is very large
(Tom Lane)
If pg_attribute> exceeds one-fourth of
shared_buffers>, cache rebuilding code that is sometimes
needed during session start would trigger the synchronized-scan logic,
causing it to take many times longer than normal. The problem was
particularly acute if many new sessions were starting at once.
Ensure sequential scans check for query cancel reasonably often (Merlin
Moncure)
A scan encountering many consecutive pages that contain no live tuples
would not respond to interrupts meanwhile.
Ensure the Windows implementation of PGSemaphoreLock()>
clears ImmediateInterruptOK> before returning (Tom Lane)
This oversight meant that a query-cancel interrupt received later
in the same query could be accepted at an unsafe time, with
unpredictable but not good consequences.
Show whole-row variables safely when printing views or rules
(Abbas Butt, Tom Lane)
Corner cases involving ambiguous names (that is, the name could be
either a table or column name of the query) were printed in an
ambiguous way, risking that the view or rule would be interpreted
differently after dump and reload. Avoid the ambiguous case by
attaching a no-op cast.
Fix COPY FROM> to properly handle null marker strings that
correspond to invalid encoding (Tom Lane)
A null marker string such as E'\\0'> should work, and did
work in the past, but the case got broken in 8.4.
Ensure autovacuum worker processes perform stack depth checking
properly (Heikki Linnakangas)
Previously, infinite recursion in a function invoked by
auto-ANALYZE> could crash worker processes.
Fix logging collector to not lose log coherency under high load (Andrew
Dunstan)
The collector previously could fail to reassemble large messages if it
got too busy.
Fix logging collector to ensure it will restart file rotation
after receiving SIGHUP> (Tom Lane)
Fix WAL replay logic for GIN indexes to not fail if the index was
subsequently dropped (Tom Lane)
Fix memory leak in PL/pgSQL's RETURN NEXT> command (Joe
Conway)
Fix PL/pgSQL's GET DIAGNOSTICS> command when the target
is the function's first variable (Tom Lane)
Fix potential access off the end of memory in psql>'s
expanded display (\x>) mode (Peter Eisentraut)
Fix several performance problems in pg_dump> when
the database contains many objects (Jeff Janes, Tom Lane)
pg_dump> could get very slow if the database contained
many schemas, or if many objects are in dependency loops, or if there
are many owned sequences.
Fix contrib/dblink>'s dblink_exec()> to not leak
temporary database connections upon error (Tom Lane)
Fix contrib/dblink> to report the correct connection name in
error messages (Kyotaro Horiguchi)
Update time zone data files to tzdata> release 2012c
for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland
Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands;
also historical corrections for Canada.
Release 8.4.11Release Date2012-02-27
This release contains a variety of fixes from 8.4.10.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.11
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.10,
see the release notes for 8.4.10.
Changes
Require execute permission on the trigger function for
CREATE TRIGGER> (Robert Haas)
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he owns.
This is only of significance for trigger functions marked
SECURITY DEFINER>, since otherwise trigger functions run
as the table owner anyway. (CVE-2012-0866)
Remove arbitrary limitation on length of common name in SSL
certificates (Heikki Linnakangas)
Both libpq> and the server truncated the common name
extracted from an SSL certificate at 32 bytes. Normally this would
cause nothing worse than an unexpected verification failure, but there
are some rather-implausible scenarios in which it might allow one
certificate holder to impersonate another. The victim would have to
have a common name exactly 32 bytes long, and the attacker would have
to persuade a trusted CA to issue a certificate in which the common
name has that string as a prefix. Impersonating a server would also
require some additional exploit to redirect client connections.
(CVE-2012-0867)
Convert newlines to spaces in names written in pg_dump>
comments (Robert Haas)
pg_dump> was incautious about sanitizing object names
that are emitted within SQL comments in its output script. A name
containing a newline would at least render the script syntactically
incorrect. Maliciously crafted object names could present a SQL
injection risk when the script is reloaded. (CVE-2012-0868)
Fix btree index corruption from insertions concurrent with vacuuming
(Tom Lane)
An index page split caused by an insertion could sometimes cause a
concurrently-running VACUUM> to miss removing index entries
that it should remove. After the corresponding table rows are removed,
the dangling index entries would cause errors (such as could not
read block N in file ...>) or worse, silently wrong query results
after unrelated rows are re-inserted at the now-free table locations.
This bug has been present since release 8.2, but occurs so infrequently
that it was not diagnosed until now. If you have reason to suspect
that it has happened in your database, reindexing the affected index
will fix things.
Update per-column permissions, not only per-table permissions, when
changing table owner (Tom Lane)
Failure to do this meant that any previously granted column permissions
were still shown as having been granted by the old owner. This meant
that neither the new owner nor a superuser could revoke the
now-untraceable-to-table-owner permissions.
Allow non-existent values for some settings in ALTER
USER/DATABASE SET> (Heikki Linnakangas)
Allow default_text_search_config>,
default_tablespace>, and temp_tablespaces> to be
set to names that are not known. This is because they might be known
in another database where the setting is intended to be used, or for the
tablespace cases because the tablespace might not be created yet. The
same issue was previously recognized for search_path>, and
these settings now act like that one.
Avoid crashing when we have problems deleting table files post-commit
(Tom Lane)
Dropping a table should lead to deleting the underlying disk files only
after the transaction commits. In event of failure then (for instance,
because of wrong file permissions) the code is supposed to just emit a
warning message and go on, since it's too late to abort the
transaction. This logic got broken as of release 8.4, causing such
situations to result in a PANIC and an unrestartable database.
Track the OID counter correctly during WAL replay, even when it wraps
around (Tom Lane)
Previously the OID counter would remain stuck at a high value until the
system exited replay mode. The practical consequences of that are
usually nil, but there are scenarios wherein a standby server that's
been promoted to master might take a long time to advance the OID
counter to a reasonable value once values are needed.
Fix regular expression back-references with *> attached
(Tom Lane)
Rather than enforcing an exact string match, the code would effectively
accept any string that satisfies the pattern sub-expression referenced
by the back-reference symbol.
A similar problem still afflicts back-references that are embedded in a
larger quantified expression, rather than being the immediate subject
of the quantifier. This will be addressed in a future
PostgreSQL> release.
Fix recently-introduced memory leak in processing of
inet>/cidr> values (Heikki Linnakangas)
A patch in the December 2011 releases of PostgreSQL>
caused memory leakage in these operations, which could be significant
in scenarios such as building a btree index on such a column.
Fix dangling pointer after CREATE TABLE AS>/SELECT
INTO> in a SQL-language function (Tom Lane)
In most cases this only led to an assertion failure in assert-enabled
builds, but worse consequences seem possible.
Avoid double close of file handle in syslogger on Windows (MauMau)
Ordinarily this error was invisible, but it would cause an exception
when running on a debug version of Windows.
Fix I/O-conversion-related memory leaks in plpgsql
(Andres Freund, Jan Urbanski, Tom Lane)
Certain operations would leak memory until the end of the current
function.
Improve pg_dump>'s handling of inherited table columns
(Tom Lane)
pg_dump> mishandled situations where a child column has
a different default expression than its parent column. If the default
is textually identical to the parent's default, but not actually the
same (for instance, because of schema search path differences) it would
not be recognized as different, so that after dump and restore the
child would be allowed to inherit the parent's default. Child columns
that are NOT NULL> where their parent is not could also be
restored subtly incorrectly.
Fix pg_restore>'s direct-to-database mode for
INSERT-style table data (Tom Lane)
Direct-to-database restores from archive files made with
Allow AT> option in ecpg>
DEALLOCATE> statements (Michael Meskes)
The infrastructure to support this has been there for awhile, but
through an oversight there was still an error check rejecting the case.
Fix error in contrib/intarray>'s int[] &
int[]> operator (Guillaume Lelarge)
If the smallest integer the two input arrays have in common is 1,
and there are smaller values in either array, then 1 would be
incorrectly omitted from the result.
Fix error detection in contrib/pgcrypto>'s
encrypt_iv()> and decrypt_iv()>
(Marko Kreen)
These functions failed to report certain types of invalid-input errors,
and would instead return random garbage values for incorrect input.
Fix one-byte buffer overrun in contrib/test_parser>
(Paul Guyot)
The code would try to read one more byte than it should, which would
crash in corner cases.
Since contrib/test_parser> is only example code, this is
not a security issue in itself, but bad example code is still bad.
Use __sync_lock_test_and_set()> for spinlocks on ARM, if
available (Martin Pitt)
This function replaces our previous use of the SWPB>
instruction, which is deprecated and not available on ARMv6 and later.
Reports suggest that the old code doesn't fail in an obvious way on
recent ARM boards, but simply doesn't interlock concurrent accesses,
leading to bizarre failures in multiprocess operation.
Use
This prevents assorted scenarios wherein recent versions of gcc will
produce creative results.
Allow use of threaded Python on FreeBSD (Chris Rees)
Our configure script previously believed that this combination wouldn't
work; but FreeBSD fixed the problem, so remove that error check.
Release 8.4.10Release Date2011-12-05
This release contains a variety of fixes from 8.4.9.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.10
A dump/restore is not required for those running 8.4.X.
However, a longstanding error was discovered in the definition of the
information_schema.referential_constraints> view. If you
rely on correct results from that view, you should replace its
definition as explained in the first changelog item below.
Also, if you are upgrading from a version earlier than 8.4.8,
see the release notes for 8.4.8.
Changes
Fix bugs in information_schema.referential_constraints> view
(Tom Lane)
This view was being insufficiently careful about matching the
foreign-key constraint to the depended-on primary or unique key
constraint. That could result in failure to show a foreign key
constraint at all, or showing it multiple times, or claiming that it
depends on a different constraint than the one it really does.
Since the view definition is installed by initdb>,
merely upgrading will not fix the problem. If you need to fix this
in an existing installation, you can (as a superuser) drop the
information_schema> schema then re-create it by sourcing
SHAREDIR>/information_schema.sql.
(Run pg_config --sharedir> if you're uncertain where
SHAREDIR> is.) This must be repeated in each database
to be fixed.
Fix incorrect replay of WAL records for GIN index updates
(Tom Lane)
This could result in transiently failing to find index entries after
a crash, or on a hot-standby server. The problem would be repaired
by the next VACUUM> of the index, however.
Fix TOAST-related data corruption during CREATE TABLE dest AS
SELECT * FROM src> or INSERT INTO dest SELECT * FROM src>
(Tom Lane)
If a table has been modified by ALTER TABLE ADD COLUMN>,
attempts to copy its data verbatim to another table could produce
corrupt results in certain corner cases.
The problem can only manifest in this precise form in 8.4 and later,
but we patched earlier versions as well in case there are other code
paths that could trigger the same bug.
Fix race condition during toast table access from stale syscache entries
(Tom Lane)
The typical symptom was transient errors like missing chunk
number 0 for toast value NNNNN in pg_toast_2619>, where the cited
toast table would always belong to a system catalog.
Track dependencies of functions on items used in parameter default
expressions (Tom Lane)
Previously, a referenced object could be dropped without having dropped
or modified the function, leading to misbehavior when the function was
used. Note that merely installing this update will not fix the missing
dependency entries; to do that, you'd need to CREATE OR
REPLACE> each such function afterwards. If you have functions whose
defaults depend on non-built-in objects, doing so is recommended.
Allow inlining of set-returning SQL functions with multiple OUT
parameters (Tom Lane)
Make DatumGetInetP()> unpack inet datums that have a 1-byte
header, and add a new macro, DatumGetInetPP()>, that does
not (Heikki Linnakangas)
This change affects no core code, but might prevent crashes in add-on
code that expects DatumGetInetP()> to produce an unpacked
datum as per usual convention.
Improve locale support in money> type's input and output
(Tom Lane)
Aside from not supporting all standard
lc_monetary>
formatting options, the input and output functions were inconsistent,
meaning there were locales in which dumped money> values could
not be re-read.
Don't let transform_null_equals>
affect CASE foo WHEN NULL ...> constructs
(Heikki Linnakangas)
transform_null_equals> is only supposed to affect
foo = NULL> expressions written directly by the user, not
equality checks generated internally by this form of CASE>.
Change foreign-key trigger creation order to better support
self-referential foreign keys (Tom Lane)
For a cascading foreign key that references its own table, a row update
will fire both the ON UPDATE> trigger and the
CHECK> trigger as one event. The ON UPDATE>
trigger must execute first, else the CHECK> will check a
non-final state of the row and possibly throw an inappropriate error.
However, the firing order of these triggers is determined by their
names, which generally sort in creation order since the triggers have
auto-generated names following the convention
RI_ConstraintTrigger_NNNN>. A proper fix would require
modifying that convention, which we will do in 9.2, but it seems risky
to change it in existing releases. So this patch just changes the
creation order of the triggers. Users encountering this type of error
should drop and re-create the foreign key constraint to get its
triggers into the right order.
Avoid floating-point underflow while tracking buffer allocation rate
(Greg Matthews)
While harmless in itself, on certain platforms this would result in
annoying kernel log messages.
Preserve configuration file name and line number values when starting
child processes under Windows (Tom Lane)
Formerly, these would not be displayed correctly in the
pg_settings> view.
Preserve blank lines within commands in psql>'s command
history (Robert Haas)
The former behavior could cause problems if an empty line was removed
from within a string literal, for example.
Fix pg_dump> to dump user-defined casts between
auto-generated types, such as table rowtypes (Tom Lane)
Use the preferred version of xsubpp> to build PL/Perl,
not necessarily the operating system's main copy
(David Wheeler and Alex Hunsaker)
Fix incorrect coding in contrib/dict_int> and
contrib/dict_xsyn> (Tom Lane)
Some functions incorrectly assumed that memory returned by
palloc()> is guaranteed zeroed.
Honor query cancel interrupts promptly in pgstatindex()>
(Robert Haas)
Ensure VPATH builds properly install all server header files
(Peter Eisentraut)
Shorten file names reported in verbose error messages (Peter Eisentraut)
Regular builds have always reported just the name of the C file
containing the error message call, but VPATH builds formerly
reported an absolute path name.
Fix interpretation of Windows timezone names for Central America
(Tom Lane)
Map Central America Standard Time> to CST6>, not
CST6CDT>, because DST is generally not observed anywhere in
Central America.
Update time zone data files to tzdata> release 2011n
for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa;
also historical corrections for Alaska and British East Africa.
Release 8.4.9Release Date2011-09-26
This release contains a variety of fixes from 8.4.8.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.9
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.8,
see the release notes for 8.4.8.
Changes
Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane)
These bugs could result in index corruption after reindexing a system
catalog. They are not believed to affect user indexes.
Fix multiple bugs in GiST index page split processing (Heikki
Linnakangas)
The probability of occurrence was low, but these could lead to index
corruption.
Fix possible buffer overrun in tsvector_concat()>
(Tom Lane)
The function could underestimate the amount of memory needed for its
result, leading to server crashes.
Fix crash in xml_recv> when processing a
standalone> parameter (Tom Lane)
Make pg_options_to_table> return NULL for an option with no
value (Tom Lane)
Previously such cases would result in a server crash.
Avoid possibly accessing off the end of memory in ANALYZE>
and in SJIS-2004 encoding conversion (Noah Misch)
This fixes some very-low-probability server crash scenarios.
Prevent intermittent hang in interactions of startup process with
bgwriter process (Simon Riggs)
This affected recovery in non-hot-standby cases.
Fix race condition in relcache init file invalidation (Tom Lane)
There was a window wherein a new backend process could read a stale init
file but miss the inval messages that would tell it the data is stale.
The result would be bizarre failures in catalog accesses, typically
could not read block 0 in file ...> later during startup.
Fix memory leak at end of a GiST index scan (Tom Lane)
Commands that perform many separate GiST index scans, such as
verification of a new GiST-based exclusion constraint on a table
already containing many rows, could transiently require large amounts of
memory due to this leak.
Fix incorrect memory accounting (leading to possible memory bloat) in
tuplestores supporting holdable cursors and plpgsql's RETURN
NEXT> command (Tom Lane)
Fix performance problem when constructing a large, lossy bitmap
(Tom Lane)
Fix join selectivity estimation for unique columns (Tom Lane)
This fixes an erroneous planner heuristic that could lead to poor
estimates of the result size of a join.
Fix nested PlaceHolderVar expressions that appear only in sub-select
target lists (Tom Lane)
This mistake could result in outputs of an outer join incorrectly
appearing as NULL.
Allow nested EXISTS> queries to be optimized properly (Tom
Lane)
Fix array- and path-creating functions to ensure padding bytes are
zeroes (Tom Lane)
This avoids some situations where the planner will think that
semantically-equal constants are not equal, resulting in poor
optimization.
Fix EXPLAIN> to handle gating Result nodes within
inner-indexscan subplans (Tom Lane)
The usual symptom of this oversight was bogus varno> errors.
Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane)
This could lead to loss of committed transactions after a server crash.
Fix dump bug for VALUES> in a view (Tom Lane)
Disallow SELECT FOR UPDATE/SHARE> on sequences (Tom Lane)
This operation doesn't work as expected and can lead to failures.
Fix VACUUM> so that it always updates
pg_class>.reltuples>/relpages> (Tom
Lane)
This fixes some scenarios where autovacuum could make increasingly poor
decisions about when to vacuum tables.
Defend against integer overflow when computing size of a hash table (Tom
Lane)
Fix cases where CLUSTER> might attempt to access
already-removed TOAST data (Tom Lane)
Fix portability bugs in use of credentials control messages for
peer> authentication (Tom Lane)
Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari,
Magnus Hagander)
The typical symptom of this problem was The function requested is
not supported> errors during SSPI login.
Throw an error if pg_hba.conf> contains hostssl>
but SSL is disabled (Tom Lane)
This was concluded to be more user-friendly than the previous behavior
of silently ignoring such lines.
Fix typo in pg_srand48> seed initialization (Andres Freund)
This led to failure to use all bits of the provided seed. This function
is not used on most platforms (only those without srandom>),
and the potential security exposure from a less-random-than-expected
seed seems minimal in any case.
Avoid integer overflow when the sum of LIMIT> and
OFFSET> values exceeds 2^63 (Heikki Linnakangas)
Add overflow checks to int4> and int8> versions of
generate_series()> (Robert Haas)
Fix trailing-zero removal in to_char()> (Marti Raudsepp)
In a format with FM> and no digit positions
after the decimal point, zeroes to the left of the decimal point could
be removed incorrectly.
Fix pg_size_pretty()> to avoid overflow for inputs close to
2^63 (Tom Lane)
Weaken plpgsql's check for typmod matching in record values (Tom Lane)
An overly enthusiastic check could lead to discarding length modifiers
that should have been kept.
Correctly handle quotes in locale names during initdb>
(Heikki Linnakangas)
The case can arise with some Windows locales, such as People's
Republic of China>.
Fix pg_upgrade> to preserve toast tables' relfrozenxids
during an upgrade from 8.3 (Bruce Momjian)
Failure to do this could lead to pg_clog> files being
removed too soon after the upgrade.
In pg_ctl>, support silent mode for service registrations
on Windows (MauMau)
Fix psql>'s counting of script file line numbers during
COPY> from a different file (Tom Lane)
Fix pg_restore>'s direct-to-database mode for
standard_conforming_strings> (Tom Lane)
pg_restore> could emit incorrect commands when restoring
directly to a database server from an archive file that had been made
with standard_conforming_strings> set to on>.
Be more user-friendly about unsupported cases for parallel
pg_restore> (Tom Lane)
This change ensures that such cases are detected and reported before
any restore actions have been taken.
Fix write-past-buffer-end and memory leak in libpq>'s
LDAP service lookup code (Albe Laurenz)
In libpq>, avoid failures when using nonblocking I/O
and an SSL connection (Martin Pihlak, Tom Lane)
Improve libpq's handling of failures during connection startup
(Tom Lane)
In particular, the response to a server report of fork()>
failure during SSL connection startup is now saner.
Improve libpq>'s error reporting for SSL failures (Tom
Lane)
Fix PQsetvalue()> to avoid possible crash when adding a new
tuple to a PGresult> originally obtained from a server
query (Andrew Chernow)
Make ecpglib> write double> values with 15 digits
precision (Akira Kurosawa)
In ecpglib>, be sure LC_NUMERIC> setting is
restored after an error (Michael Meskes)
Apply upstream fix for blowfish signed-character bug (CVE-2011-2483)
(Tom Lane)
contrib/pg_crypto>'s blowfish encryption code could give
wrong results on platforms where char is signed (which is most),
leading to encrypted passwords being weaker than they should be.
Fix memory leak in contrib/seg> (Heikki Linnakangas)
Fix pgstatindex()> to give consistent results for empty
indexes (Tom Lane)
Allow building with perl 5.14 (Alex Hunsaker)
Update configure script's method for probing existence of system
functions (Tom Lane)
The version of autoconf we used in 8.3 and 8.2 could be fooled by
compilers that perform link-time optimization.
Fix assorted issues with build and install file paths containing spaces
(Tom Lane)
Update time zone data files to tzdata> release 2011i
for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan.
Release 8.4.8Release Date2011-04-18
This release contains a variety of fixes from 8.4.7.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.8
A dump/restore is not required for those running 8.4.X.
However, if your installation was upgraded from a previous major
release by running pg_upgrade>, you should take
action to prevent possible data loss due to a now-fixed bug in
pg_upgrade>. The recommended solution is to run
VACUUM FREEZE> on all TOAST tables.
More information is available at
http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix.
Also, if you are upgrading from a version earlier than 8.4.2,
see the release notes for 8.4.2.
Changes
Fix pg_upgrade>'s handling of TOAST tables
(Bruce Momjian)
The pg_class>.relfrozenxid> value for
TOAST tables was not correctly copied into the new installation
during pg_upgrade>. This could later result in
pg_clog> files being discarded while they were still
needed to validate tuples in the TOAST tables, leading to
could not access status of transaction> failures.
This error poses a significant risk of data loss for installations
that have been upgraded with pg_upgrade>. This patch
corrects the problem for future uses of pg_upgrade>,
but does not in itself cure the issue in installations that have been
processed with a buggy version of pg_upgrade>.
Suppress incorrect PD_ALL_VISIBLE flag was incorrectly set>
warning (Heikki Linnakangas)
VACUUM> would sometimes issue this warning in cases that
are actually valid.
Disallow including a composite type in itself (Tom Lane)
This prevents scenarios wherein the server could recurse infinitely
while processing the composite type. While there are some possible
uses for such a structure, they don't seem compelling enough to
justify the effort required to make sure it always works safely.
Avoid potential deadlock during catalog cache initialization
(Nikhil Sontakke)
In some cases the cache loading code would acquire share lock on a
system index before locking the index's catalog. This could deadlock
against processes trying to acquire exclusive locks in the other,
more standard order.
Fix dangling-pointer problem in BEFORE ROW UPDATE> trigger
handling when there was a concurrent update to the target tuple
(Tom Lane)
This bug has been observed to result in intermittent cannot
extract system attribute from virtual tuple> failures while trying to
do UPDATE RETURNING ctid>. There is a very small probability
of more serious errors, such as generating incorrect index entries for
the updated tuple.
Disallow DROP TABLE> when there are pending deferred trigger
events for the table (Tom Lane)
Formerly the DROP> would go through, leading to
could not open relation with OID nnn> errors when the
triggers were eventually fired.
Prevent crash triggered by constant-false WHERE conditions during
GEQO optimization (Tom Lane)
Improve planner's handling of semi-join and anti-join cases
(Tom Lane)
Fix selectivity estimation for text search to account for NULLs
(Jesper Krogh)
Improve PL/pgSQL's ability to handle row types with dropped columns
(Pavel Stehule)
This is a back-patch of fixes previously made in 9.0.
Fix PL/Python memory leak involving array slices (Daniel Popowich)
Fix pg_restore> to cope with long lines (over 1KB) in
TOC files (Tom Lane)
Put in more safeguards against crashing due to division-by-zero
with overly enthusiastic compiler optimization (Aurelien Jarno)
Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane)
There was a hard-wired assumption that this system function was not
available on MIPS hardware on these systems. Use a compile-time test
instead, since more recent versions have it.
Fix compilation failures on HP-UX (Heikki Linnakangas)
Fix version-incompatibility problem with libintl> on
Windows (Hiroshi Inoue)
Fix usage of xcopy> in Windows build scripts to
work correctly under Windows 7 (Andrew Dunstan)
This affects the build scripts only, not installation or usage.
Fix path separator used by pg_regress> on Cygwin
(Andrew Dunstan)
Update time zone data files to tzdata> release 2011f
for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa,
and Turkey; also historical corrections for South Australia, Alaska,
and Hawaii.
Release 8.4.7Release Date2011-01-31
This release contains a variety of fixes from 8.4.6.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.7
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.2,
see the release notes for 8.4.2.
Changes
Avoid failures when EXPLAIN> tries to display a simple-form
CASE> expression (Tom Lane)
If the CASE>'s test expression was a constant, the planner
could simplify the CASE> into a form that confused the
expression-display code, resulting in unexpected CASE WHEN
clause> errors.
Fix assignment to an array slice that is before the existing range
of subscripts (Tom Lane)
If there was a gap between the newly added subscripts and the first
pre-existing subscript, the code miscalculated how many entries needed
to be copied from the old array's null bitmap, potentially leading to
data corruption or crash.
Avoid unexpected conversion overflow in planner for very distant date
values (Tom Lane)
The date> type supports a wider range of dates than can be
represented by the timestamp> types, but the planner assumed it
could always convert a date to timestamp with impunity.
Fix pg_restore>'s text output for large objects (BLOBs)
when standard_conforming_strings> is on (Tom Lane)
Although restoring directly to a database worked correctly, string
escaping was incorrect if pg_restore> was asked for
SQL text output and standard_conforming_strings> had been
enabled in the source database.
Fix erroneous parsing of tsquery> values containing
... & !(subexpression) | ... (Tom Lane)
Queries containing this combination of operators were not executed
correctly. The same error existed in contrib/intarray>'s
query_int> type and contrib/ltree>'s
ltxtquery> type.
Fix buffer overrun in contrib/intarray>'s input function
for the query_int> type (Apple)
This bug is a security risk since the function's return address could
be overwritten. Thanks to Apple Inc's security team for reporting this
issue and supplying the fix. (CVE-2010-4015)
Fix bug in contrib/seg>'s GiST picksplit algorithm
(Alexander Korotkov)
This could result in considerable inefficiency, though not actually
incorrect answers, in a GiST index on a seg> column.
If you have such an index, consider REINDEX>ing it after
installing this update. (This is identical to the bug that was fixed in
contrib/cube> in the previous update.)
Release 8.4.6Release Date2010-12-16
This release contains a variety of fixes from 8.4.5.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.6
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.2,
see the release notes for 8.4.2.
Changes
Force the default
wal_sync_method>
to be fdatasync> on Linux (Tom Lane, Marti Raudsepp)
The default on Linux has actually been fdatasync> for many
years, but recent kernel changes caused PostgreSQL> to
choose open_datasync> instead. This choice did not result
in any performance improvement, and caused outright failures on
certain filesystems, notably ext4> with the
data=journal> mount option.
Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane)
This could result in bad buffer id: 0> failures or
corruption of index contents during replication.
Fix recovery from base backup when the starting checkpoint WAL record
is not in the same WAL segment as its redo point (Jeff Davis)
Fix persistent slowdown of autovacuum workers when multiple workers
remain active for a long time (Tom Lane)
The effective vacuum_cost_limit> for an autovacuum worker
could drop to nearly zero if it processed enough tables, causing it
to run extremely slowly.
Add support for detecting register-stack overrun on IA64>
(Tom Lane)
The IA64> architecture has two hardware stacks. Full
prevention of stack-overrun failures requires checking both.
Add a check for stack overflow in copyObject()> (Tom Lane)
Certain code paths could crash due to stack overflow given a
sufficiently complex query.
Fix detection of page splits in temporary GiST indexes (Heikki
Linnakangas)
It is possible to have a concurrent> page split in a
temporary index, if for example there is an open cursor scanning the
index when an insertion is done. GiST failed to detect this case and
hence could deliver wrong results when execution of the cursor
continued.
Fix error checking during early connection processing (Tom Lane)
The check for too many child processes was skipped in some cases,
possibly leading to postmaster crash when attempting to add the new
child process to fixed-size arrays.
Improve efficiency of window functions (Tom Lane)
Certain cases where a large number of tuples needed to be read in
advance, but work_mem> was large enough to allow them all
to be held in memory, were unexpectedly slow.
percent_rank()>, cume_dist()> and
ntile()> in particular were subject to this problem.
Avoid memory leakage while ANALYZE>'ing complex index
expressions (Tom Lane)
Ensure an index that uses a whole-row Var still depends on its table
(Tom Lane)
An index declared like create index i on t (foo(t.*))>
would not automatically get dropped when its table was dropped.
Do not inline> a SQL function with multiple OUT>
parameters (Tom Lane)
This avoids a possible crash due to loss of information about the
expected result rowtype.
Behave correctly if ORDER BY>, LIMIT>,
FOR UPDATE>, or WITH> is attached to the
VALUES> part of INSERT ... VALUES> (Tom Lane)
Fix constant-folding of COALESCE()> expressions (Tom Lane)
The planner would sometimes attempt to evaluate sub-expressions that
in fact could never be reached, possibly leading to unexpected errors.
Fix postmaster crash when connection acceptance
(accept()> or one of the calls made immediately after it)
fails, and the postmaster was compiled with GSSAPI support (Alexander
Chernikov)
Fix missed unlink of temporary files when log_temp_files>
is active (Tom Lane)
If an error occurred while attempting to emit the log message, the
unlink was not done, resulting in accumulation of temp files.
Add print functionality for InhRelation> nodes (Tom Lane)
This avoids a failure when debug_print_parse> is enabled
and certain types of query are executed.
Fix incorrect calculation of distance from a point to a horizontal
line segment (Tom Lane)
This bug affected several different geometric distance-measurement
operators.
Fix incorrect calculation of transaction status in
ecpg> (Itagaki Takahiro)
Fix PL/pgSQL>'s handling of simple>
expressions to not fail in recursion or error-recovery cases (Tom Lane)
Fix PL/Python>'s handling of set-returning functions
(Jan Urbanski)
Attempts to call SPI functions within the iterator generating a set
result would fail.
Fix bug in contrib/cube>'s GiST picksplit algorithm
(Alexander Korotkov)
This could result in considerable inefficiency, though not actually
incorrect answers, in a GiST index on a cube> column.
If you have such an index, consider REINDEX>ing it after
installing this update.
Don't emit identifier will be truncated> notices in
contrib/dblink> except when creating new connections
(Itagaki Takahiro)
Fix potential coredump on missing public key in
contrib/pgcrypto> (Marti Raudsepp)
Fix memory leak in contrib/xml2>'s XPath query functions
(Tom Lane)
Update time zone data files to tzdata> release 2010o
for DST law changes in Fiji and Samoa;
also historical corrections for Hong Kong.
Release 8.4.5Release Date2010-10-04
This release contains a variety of fixes from 8.4.4.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.5
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.2,
see the release notes for 8.4.2.
Changes
Use a separate interpreter for each calling SQL userid in PL/Perl and
PL/Tcl (Tom Lane)
This change prevents security problems that can be caused by subverting
Perl or Tcl code that will be executed later in the same session under
another SQL user identity (for example, within a SECURITY
DEFINER> function). Most scripting languages offer numerous ways that
that might be done, such as redefining standard functions or operators
called by the target function. Without this change, any SQL user with
Perl or Tcl language usage rights can do essentially anything with the
SQL privileges of the target function's owner.
The cost of this change is that intentional communication among Perl
and Tcl functions becomes more difficult. To provide an escape hatch,
PL/PerlU and PL/TclU functions continue to use only one interpreter
per session. This is not considered a security issue since all such
functions execute at the trust level of a database superuser already.
It is likely that third-party procedural languages that claim to offer
trusted execution have similar security issues. We advise contacting
the authors of any PL you are depending on for security-critical
purposes.
Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
Prevent possible crashes in pg_get_expr()> by disallowing
it from being called with an argument that is not one of the system
catalog columns it's intended to be used with
(Heikki Linnakangas, Tom Lane)
Treat exit code 128 (ERROR_WAIT_NO_CHILDREN>) as non-fatal on
Windows (Magnus Hagander)
Under high load, Windows processes will sometimes fail at startup with
this error code. Formerly the postmaster treated this as a panic
condition and restarted the whole database, but that seems to be
an overreaction.
Fix incorrect placement of placeholder evaluation (Tom Lane)
This bug could result in query outputs being non-null when they
should be null, in cases where the inner side of an outer join
is a sub-select with non-strict expressions in its output list.
Fix possible duplicate scans of UNION ALL> member relations
(Tom Lane)
Fix cannot handle unplanned sub-select error (Tom Lane)
This occurred when a sub-select contains a join alias reference that
expands into an expression containing another sub-select.
Fix mishandling of whole-row Vars that reference a view or sub-select
and appear within a nested sub-select (Tom Lane)
Fix mishandling of cross-type IN> comparisons (Tom Lane)
This could result in failures if the planner tried to implement an
IN> join with a sort-then-unique-then-plain-join plan.
Fix computation of ANALYZE> statistics for tsvector>
columns (Jan Urbanski)
The original coding could produce incorrect statistics, leading to
poor plan choices later.
Improve planner's estimate of memory used by array_agg()>,
string_agg()>, and similar aggregate functions
(Hitoshi Harada)
The previous drastic underestimate could lead to out-of-memory failures
due to inappropriate choice of a hash-aggregation plan.
Fix failure to mark cached plans as transient (Tom Lane)
If a plan is prepared while CREATE INDEX CONCURRENTLY> is
in progress for one of the referenced tables, it is supposed to be
re-planned once the index is ready for use. This was not happening
reliably.
Reduce PANIC to ERROR in some occasionally-reported btree failure cases,
and provide additional detail in the resulting error messages
(Tom Lane)
This should improve the system's robustness with corrupted indexes.
Fix incorrect search logic for partial-match queries with GIN indexes
(Tom Lane)
Cases involving AND/OR combination of several GIN index conditions
didn't always give the right answer, and were sometimes much slower
than necessary.
Prevent show_session_authorization() from crashing within autovacuum
processes (Tom Lane)
Defend against functions returning setof record where not all the
returned rows are actually of the same rowtype (Tom Lane)
Fix possible corruption of pending trigger event lists during
subtransaction rollback (Tom Lane)
This could lead to a crash or incorrect firing of triggers.
Fix possible failure when hashing a pass-by-reference function result
(Tao Ma, Tom Lane)
Improve merge join's handling of NULLs in the join columns (Tom Lane)
A merge join can now stop entirely upon reaching the first NULL,
if the sort order is such that NULLs sort high.
Take care to fsync the contents of lockfiles (both
postmaster.pid> and the socket lockfile) while writing them
(Tom Lane)
This omission could result in corrupted lockfile contents if the
machine crashes shortly after postmaster start. That could in turn
prevent subsequent attempts to start the postmaster from succeeding,
until the lockfile is manually removed.
Avoid recursion while assigning XIDs to heavily-nested
subtransactions (Andres Freund, Robert Haas)
The original coding could result in a crash if there was limited
stack space.
Avoid holding open old WAL segments in the walwriter process
(Magnus Hagander, Heikki Linnakangas)
The previous coding would prevent removal of no-longer-needed segments.
Fix log_line_prefix>'s %i> escape,
which could produce junk early in backend startup (Tom Lane)
Prevent misinterpretation of partially-specified relation options
for TOAST tables (Itagaki Takahiro)
In particular, fillfactor> would be read as zero if any
other reloption had been set for the table, leading to serious bloat.
Fix inheritance count tracking in ALTER TABLE ... ADD
CONSTRAINT> (Robert Haas)
Fix possible data corruption in ALTER TABLE ... SET
TABLESPACE> when archiving is enabled (Jeff Davis)
Allow CREATE DATABASE> and ALTER DATABASE ... SET
TABLESPACE> to be interrupted by query-cancel (Guillaume Lelarge)
Improve CREATE INDEX>'s checking of whether proposed index
expressions are immutable (Tom Lane)
Fix REASSIGN OWNED> to handle operator classes and families
(Asko Tiidumaa)
Fix possible core dump when comparing two empty tsquery> values
(Tom Lane)
Fix LIKE>'s handling of patterns containing %>
followed by _> (Tom Lane)
We've fixed this before, but there were still some incorrectly-handled
cases.
Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane)
Input such as 'J100000'::date> worked before 8.4,
but was unintentionally broken by added error-checking.
Fix PL/pgSQL to throw an error, not crash, if a cursor is closed within
a FOR> loop that is iterating over that cursor
(Heikki Linnakangas)
In PL/Python, defend against null pointer results from
PyCObject_AsVoidPtr> and PyCObject_FromVoidPtr>
(Peter Eisentraut)
In libpq>, fix full SSL certificate verification for the
case where both host> and hostaddr> are specified
(Tom Lane)
Make psql recognize DISCARD ALL> as a command that should
not be encased in a transaction block in autocommit-off mode
(Itagaki Takahiro)
Fix some issues in pg_dump>'s handling of SQL/MED objects
(Tom Lane)
Notably, pg_dump> would always fail if run by a
non-superuser, which was not intended.
Improve pg_dump> and pg_restore>'s
handling of non-seekable archive files (Tom Lane, Robert Haas)
This is important for proper functioning of parallel restore.
Improve parallel pg_restore's ability to cope with selective restore
(-L> option) (Tom Lane)
The original code tended to fail if the -L> file commanded
a non-default restore ordering.
Fix ecpg> to process data from RETURNING>
clauses correctly (Michael Meskes)
Fix some memory leaks in ecpg> (Zoltan Boszormenyi)
Improve contrib/dblink>'s handling of tables containing
dropped columns (Tom Lane)
Fix connection leak after duplicate connection name
errors in contrib/dblink> (Itagaki Takahiro)
Fix contrib/dblink> to handle connection names longer than
62 bytes correctly (Itagaki Takahiro)
Add hstore(text, text)>
function to contrib/hstore> (Robert Haas)
This function is the recommended substitute for the now-deprecated
=>> operator. It was back-patched so that future-proofed
code can be used with older server versions. Note that the patch will
be effective only after contrib/hstore> is installed or
reinstalled in a particular database. Users might prefer to execute
the CREATE FUNCTION> command by hand, instead.
Update build infrastructure and documentation to reflect the source code
repository's move from CVS to Git (Magnus Hagander and others)
Update time zone data files to tzdata> release 2010l
for DST law changes in Egypt and Palestine; also historical corrections
for Finland.
This change also adds new names for two Micronesian timezones:
Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred
abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over
Pacific/Ponape.
Make Windows' N. Central Asia Standard Time> timezone map to
Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander)
Microsoft changed the DST behavior of this zone in the timezone update
from KB976098. Asia/Novosibirsk is a better match to its new behavior.
Release 8.4.4Release Date2010-05-17
This release contains a variety of fixes from 8.4.3.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.4
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.2,
see the release notes for 8.4.2.
Changes
Enforce restrictions in plperl> using an opmask applied to
the whole interpreter, instead of using Safe.pm>
(Tim Bunce, Andrew Dunstan)
Recent developments have convinced us that Safe.pm> is too
insecure to rely on for making plperl> trustable. This
change removes use of Safe.pm> altogether, in favor of using
a separate interpreter with an opcode mask that is always applied.
Pleasant side effects of the change include that it is now possible to
use Perl's strict> pragma in a natural way in
plperl>, and that Perl's $a> and $b>
variables work as expected in sort routines, and that function
compilation is significantly faster. (CVE-2010-1169)
Prevent PL/Tcl from executing untrustworthy code from
pltcl_modules> (Tom)
PL/Tcl's feature for autoloading Tcl code from a database table
could be exploited for trojan-horse attacks, because there was no
restriction on who could create or insert into that table. This change
disables the feature unless pltcl_modules> is owned by a
superuser. (However, the permissions on the table are not checked, so
installations that really need a less-than-secure modules table can
still grant suitable privileges to trusted non-superusers.) Also,
prevent loading code into the unrestricted normal> Tcl
interpreter unless we are really going to execute a pltclu>
function. (CVE-2010-1170)
Fix data corruption during WAL replay of
ALTER ... SET TABLESPACE> (Tom)
When archive_mode> is on, ALTER ... SET TABLESPACE>
generates a WAL record whose replay logic was incorrect. It could write
the data to the wrong place, leading to possibly-unrecoverable data
corruption. Data corruption would be observed on standby slaves, and
could occur on the master as well if a database crash and recovery
occurred after committing the ALTER> and before the next
checkpoint.
Fix possible crash if a cache reset message is received during
rebuild of a relcache entry (Heikki)
This error was introduced in 8.4.3 while fixing a related failure.
Apply per-function GUC settings while running the language validator
for the function (Itagaki Takahiro)
This avoids failures if the function's code is invalid without the
setting; an example is that SQL functions may not parse if the
search_path> is not correct.
Do constraint exclusion for inherited UPDATE> and
DELETE> target tables when
constraint_exclusion> = partition> (Tom)
Due to an oversight, this setting previously only caused constraint
exclusion to be checked in SELECT> commands.
Do not allow an unprivileged user to reset superuser-only parameter
settings (Alvaro)
Previously, if an unprivileged user ran ALTER USER ... RESET
ALL> for himself, or ALTER DATABASE ... RESET ALL> for
a database he owns, this would remove all special parameter settings
for the user or database, even ones that are only supposed to be
changeable by a superuser. Now, the ALTER> will only
remove the parameters that the user has permission to change.
Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT> addition would be made to log entries (Tom)
In some cases the context-printing function would fail because the
current transaction had already been rolled back when it came time
to print a log message.
Fix erroneous handling of %r> parameter in
recovery_end_command> (Heikki)
The value always came out zero.
Ensure the archiver process responds to changes in
archive_command> as soon as possible (Tom)
Fix pl/pgsql's CASE> statement to not fail when the
case expression is a query that returns no rows (Tom)
Update pl/perl's ppport.h> for modern Perl versions
(Andrew)
Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
Handle empty-string connect parameters properly in ecpg (Michael)
Prevent infinite recursion in psql> when expanding
a variable that refers to itself (Tom)
Fix psql>'s \copy> to not add spaces around
a dot within \copy (select ...)> (Tom)
Addition of spaces around the decimal point in a numeric literal would
result in a syntax error.
Avoid formatting failure in psql> when running in a
locale context that doesn't match the client_encoding>
(Tom)
Fix unnecessary GIN indexes do not support whole-index scans>
errors for unsatisfiable queries using contrib/intarray>
operators (Tom)
Ensure that contrib/pgstattuple> functions respond to cancel
interrupts promptly (Tatsuhito Kasahara)
Make server startup deal properly with the case that
shmget()> returns EINVAL> for an existing
shared memory segment (Tom)
This behavior has been observed on BSD-derived kernels including OS X.
It resulted in an entirely-misleading startup failure complaining that
the shared memory request size was too large.
Avoid possible crashes in syslogger process on Windows (Heikki)
Deal more robustly with incomplete time zone information in the
Windows registry (Magnus)
Update the set of known Windows time zone names (Magnus)
Update time zone data files to tzdata> release 2010j
for DST law changes in Argentina, Australian Antarctic, Bangladesh,
Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
also historical corrections for Taiwan.
Also, add PKST> (Pakistan Summer Time) to the default set of
timezone abbreviations.
Release 8.4.3Release Date2010-03-15
This release contains a variety of fixes from 8.4.2.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.3
A dump/restore is not required for those running 8.4.X.
However, if you are upgrading from a version earlier than 8.4.2,
see the release notes for 8.4.2.
Changes
Add new configuration parameter ssl_renegotiation_limit> to
control how often we do session key renegotiation for an SSL connection
(Magnus)
This can be set to zero to disable renegotiation completely, which may
be required if a broken SSL library is used. In particular, some
vendors are shipping stopgap patches for CVE-2009-3555 that cause
renegotiation attempts to fail.
Fix possible deadlock during backend startup (Tom)
Fix possible crashes due to not handling errors during relcache reload
cleanly (Tom)
Fix possible crash due to use of dangling pointer to a cached plan
(Tatsuo)
Fix possible crash due to overenthusiastic invalidation of cached
plan for ROLLBACK> (Tom)
Fix possible crashes when trying to recover from a failure in
subtransaction start (Tom)
Fix server memory leak associated with use of savepoints and a client
encoding different from server's encoding (Tom)
Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST
index page split (Yoichi Hirai)
This would result in index corruption, or even more likely an error
during WAL replay, if we were unlucky enough to crash during
end-of-recovery cleanup after having completed an incomplete GIST
insertion.
Fix bug in WAL redo cleanup method for GIN indexes (Heikki)
Fix incorrect comparison of scan key in GIN index search (Teodor)
Make substring()> for bit> types treat any negative
length as meaning all the rest of the string> (Tom)
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
Fix integer-to-bit-string conversions to handle the first fractional
byte correctly when the output bit width is wider than the given
integer by something other than a multiple of 8 bits (Tom)
Fix some cases of pathologically slow regular expression matching (Tom)
Fix bug occurring when trying to inline a SQL function that returns
a set of a composite type that contains dropped columns (Tom)
Fix bug with trying to update a field of an element of a
composite-type array column (Tom)
Avoid failure when EXPLAIN> has to print a FieldStore or
assignment ArrayRef expression (Tom)
These cases can arise now that EXPLAIN VERBOSE> tries to
print plan node target lists.
Avoid an unnecessary coercion failure in some cases where an undecorated
literal string appears in a subquery within
UNION>/INTERSECT>/EXCEPT> (Tom)
This fixes a regression for some cases that worked before 8.4.
Avoid undesirable rowtype compatibility check failures in some cases
where a whole-row Var has a rowtype that contains dropped columns (Tom)
Fix the STOP WAL LOCATION> entry in backup history files to
report the next WAL segment's name when the end location is exactly at a
segment boundary (Itagaki Takahiro)
Always pass the catalog ID to an option validator function specified in
CREATE FOREIGN DATA WRAPPER> (Martin Pihlak)
Fix some more cases of temporary-file leakage (Heikki)
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
Add support for doing FULL JOIN ON FALSE> (Tom)
This prevents a regression from pre-8.4 releases for some queries that
can now be simplified to a constant-false join condition.
Improve constraint exclusion processing of boolean-variable cases,
in particular make it possible to exclude a partition that has a
bool_column = false> constraint (Tom)
Prevent treating an INOUT> cast as representing binary
compatibility (Heikki)
Include column name in the message when warning about inability to
grant or revoke column-level privileges (Stephen Frost)
This is more useful than before and helps to prevent confusion when
a REVOKE> generates multiple messages, which formerly
appeared to be duplicates.
When reading pg_hba.conf> and related files, do not treat
@something> as a file inclusion request if the @>
appears inside quote marks; also, never treat @> by itself
as a file inclusion request (Tom)
This prevents erratic behavior if a role or database name starts with
@>. If you need to include a file whose path name
contains spaces, you can still do so, but you must write
@"/path to/file"> rather than putting the quotes around
the whole construct.
Prevent infinite loop on some platforms if a directory is named as
an inclusion target in pg_hba.conf> and related files
(Tom)
Fix possible infinite loop if SSL_read> or
SSL_write> fails without setting errno> (Tom)
This is reportedly possible with some Windows versions of
openssl>.
Disallow GSSAPI> authentication on local connections,
since it requires a hostname to function correctly (Magnus)
Protect ecpg> against applications freeing strings
unexpectedly (Michael)
Make ecpg> report the proper SQLSTATE if the connection
disappears (Michael)
Fix translation of cell contents in psql> \d>
output (Heikki)
Fix psql>'s numericlocale> option to not
format strings it shouldn't in latex and troff output formats (Heikki)
Fix a small per-query memory leak in psql> (Tom)
Make psql> return the correct exit status (3) when
ON_ERROR_STOP> and --single-transaction> are
both specified and an error occurs during the implied COMMIT>
(Bruce)
Fix pg_dump>'s output of permissions for foreign servers
(Heikki)
Fix possible crash in parallel pg_restore> due to
out-of-range dependency IDs (Tom)
Fix plpgsql failure in one case where a composite column is set to NULL
(Tom)
Fix possible failure when calling PL/Perl functions from PL/PerlU
or vice versa (Tim Bunce)
Add volatile> markings in PL/Python to avoid possible
compiler-specific misbehavior (Zdenek Kotala)
Ensure PL/Tcl initializes the Tcl interpreter fully (Tom)
The only known symptom of this oversight is that the Tcl
clock> command misbehaves if using Tcl 8.5 or later.
Prevent ExecutorEnd> from being run on portals created
within a failed transaction or subtransaction (Tom)
This is known to cause issues when using
contrib/auto_explain>.
Prevent crash in contrib/dblink> when too many key
columns are specified to a dblink_build_sql_*> function
(Rushabh Lathia, Joe Conway)
Allow zero-dimensional arrays in contrib/ltree> operations
(Tom)
This case was formerly rejected as an error, but it's more convenient to
treat it the same as a zero-element array. In particular this avoids
unnecessary failures when an ltree> operation is applied to the
result of ARRAY(SELECT ...)> and the sub-select returns no
rows.
Fix assorted crashes in contrib/xml2> caused by sloppy
memory management (Tom)
Make building of contrib/xml2> more robust on Windows
(Andrew)
Fix race condition in Windows signal handling (Radu Ilie)
One known symptom of this bug is that rows in pg_listener>
could be dropped under heavy load.
Make the configure script report failure if the C compiler does
not provide a working 64-bit integer datatype (Tom)
This case has been broken for some time, and no longer seems worth
supporting, so just reject it at configure time instead.
Update time zone data files to tzdata> release 2010e
for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa.
Release 8.4.2Release Date2009-12-14
This release contains a variety of fixes from 8.4.1.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.2
A dump/restore is not required for those running 8.4.X.
However, if you have any hash indexes,
you should REINDEX> them after updating to 8.4.2,
to repair possible damage.
Changes
Protect against indirect security threats caused by index functions
changing session-local state (Gurjeet Singh, Tom)
This change prevents allegedly-immutable index functions from possibly
subverting a superuser's session (CVE-2009-4136).
Reject SSL certificates containing an embedded null byte in the common
name (CN) field (Magnus)
This prevents unintended matching of a certificate to a server or client
name during SSL validation (CVE-2009-4034).
Fix hash index corruption (Tom)
The 8.4 change that made hash indexes keep entries sorted by hash value
failed to update the bucket splitting and compaction routines to
preserve the ordering. So application of either of those operations
could lead to permanent corruption of an index, in the sense that
searches might fail to find entries that are present. To deal with
this, it is recommended to REINDEX> any hash indexes you may
have after installing this update.
Fix possible crash during backend-startup-time cache initialization (Tom)
Avoid crash on empty thesaurus dictionary (Tom)
Prevent signals from interrupting VACUUM> at unsafe times
(Alvaro)
This fix prevents a PANIC if a VACUUM FULL> is canceled
after it's already committed its tuple movements, as well as transient
errors if a plain VACUUM> is interrupted after having
truncated the table.
Fix possible crash due to integer overflow in hash table size
calculation (Tom)
This could occur with extremely large planner estimates for the size of
a hashjoin's result.
Fix crash if a DROP> is attempted on an internally-dependent
object (Tom)
Fix very rare crash in inet>/cidr> comparisons (Chris
Mikkelson)
Ensure that shared tuple-level locks held by prepared transactions are
not ignored (Heikki)
Fix premature drop of temporary files used for a cursor that is accessed
within a subtransaction (Heikki)
Fix memory leak in syslogger process when rotating to a new CSV logfile
(Tom)
Fix memory leak in postmaster when re-parsing pg_hba.conf>
(Tom)
Fix Windows permission-downgrade logic (Jesse Morris)
This fixes some cases where the database failed to start on Windows,
often with misleading error messages such as could not locate
matching postgres executable.
Make FOR UPDATE/SHARE> in the primary query not propagate
into WITH> queries (Tom)
For example, in
WITH w AS (SELECT * FROM foo) SELECT * FROM w, bar ... FOR UPDATE
the FOR UPDATE> will now affect bar> but not
foo>. This is more useful and consistent than the original
8.4 behavior, which tried to propagate FOR UPDATE> into the
WITH> query but always failed due to assorted implementation
restrictions. It also follows the design rule that WITH>
queries are executed as if independent of the main query.
Fix bug with a WITH RECURSIVE> query immediately inside
another one (Tom)
Fix concurrency bug in hash indexes (Tom)
Concurrent insertions could cause index scans to transiently report
wrong results.
Fix incorrect logic for GiST index page splits, when the split depends
on a non-first column of the index (Paul Ramsey)
Fix wrong search results for a multi-column GIN index with
fastupdate> enabled (Teodor)
Fix bugs in WAL entry creation for GIN indexes (Tom)
These bugs were masked when full_page_writes> was on, but
with it off a WAL replay failure was certain if a crash occurred before
the next checkpoint.
Don't error out if recycling or removing an old WAL file fails at the
end of checkpoint (Heikki)
It's better to treat the problem as non-fatal and allow the checkpoint
to complete. Future checkpoints will retry the removal. Such problems
are not expected in normal operation, but have been seen to be
caused by misdesigned Windows anti-virus and backup software.
Ensure WAL files aren't repeatedly archived on Windows (Heikki)
This is another symptom that could happen if some other process
interfered with deletion of a no-longer-needed file.
Fix PAM password processing to be more robust (Tom)
The previous code is known to fail with the combination of the Linux
pam_krb5> PAM module with Microsoft Active Directory as the
domain controller. It might have problems elsewhere too, since it was
making unjustified assumptions about what arguments the PAM stack would
pass to it.
Raise the maximum authentication token (Kerberos ticket) size in GSSAPI
and SSPI authentication methods (Ian Turner)
While the old 2000-byte limit was more than enough for Unix Kerberos
implementations, tickets issued by Windows Domain Controllers can be
much larger.
Ensure that domain constraints are enforced in constructs like
ARRAY[...]::domain>, where the domain is over an array type
(Heikki)
Fix foreign-key logic for some cases involving composite-type columns
as foreign keys (Tom)
Ensure that a cursor's snapshot is not modified after it is created
(Alvaro)
This could lead to a cursor delivering wrong results if later operations
in the same transaction modify the data the cursor is supposed to return.
Fix CREATE TABLE> to properly merge default expressions
coming from different inheritance parent tables (Tom)
This used to work but was broken in 8.4.
Re-enable collection of access statistics for sequences (Akira Kurosawa)
This used to work but was broken in 8.3.
Fix processing of ownership dependencies during CREATE OR
REPLACE FUNCTION> (Tom)
Fix incorrect handling of WHERE>
x>=x> conditions (Tom)
In some cases these could get ignored as redundant, but they aren't
— they're equivalent to x> IS NOT NULL>.
Fix incorrect plan construction when using hash aggregation to implement
DISTINCT> for textually identical volatile expressions (Tom)
Fix Assert failure for a volatile SELECT DISTINCT ON>
expression (Tom)
Fix ts_stat()> to not fail on an empty tsvector>
value (Tom)
Make text search parser accept underscores in XML attributes (Peter)
Fix encoding handling in xml> binary input (Heikki)
If the XML header doesn't specify an encoding, we now assume UTF-8 by
default; the previous handling was inconsistent.
Fix bug with calling plperl> from plperlu> or vice
versa (Tom)
An error exit from the inner function could result in crashes due to
failure to re-select the correct Perl interpreter for the outer function.
Fix session-lifespan memory leak when a PL/Perl function is redefined
(Tom)
Ensure that Perl arrays are properly converted to
PostgreSQL> arrays when returned by a set-returning
PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen)
This worked correctly already for non-set-returning functions.
Fix rare crash in exception processing in PL/Python (Peter)
Fix ecpg> problem with comments in DECLARE
CURSOR> statements (Michael)
Fix ecpg> to not treat recently-added keywords as
reserved words (Tom)
This affected the keywords CALLED>, CATALOG>,
DEFINER>, ENUM>, FOLLOWING>,
INVOKER>, OPTIONS>, PARTITION>,
PRECEDING>, RANGE>, SECURITY>,
SERVER>, UNBOUNDED>, and WRAPPER>.
Re-allow regular expression special characters in psql>'s
\df> function name parameter (Tom)
In contrib/fuzzystrmatch>, correct the calculation of
levenshtein> distances with non-default costs (Marcin Mank)
In contrib/pg_standby>, disable triggering failover with a
signal on Windows (Fujii Masao)
This never did anything useful, because Windows doesn't have Unix-style
signals, but recent changes made it actually crash.
Put FREEZE> and VERBOSE> options in the right
order in the VACUUM> command that
contrib/vacuumdb> produces (Heikki)
Fix possible leak of connections when contrib/dblink>
encounters an error (Tatsuhito Kasahara)
Ensure psql>'s flex module is compiled with the correct
system header definitions (Tom)
This fixes build failures on platforms where
--enable-largefile> causes incompatible changes in the
generated code.
Make the postmaster ignore any application_name> parameter in
connection request packets, to improve compatibility with future libpq
versions (Tom)
Update the timezone abbreviation files to match current reality (Joachim
Wieland)
This includes adding IDT> to the default
timezone abbreviation set.
Update time zone data files to tzdata> release 2009s
for DST law changes in Antarctica, Argentina, Bangladesh, Fiji,
Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical
corrections for Hong Kong.
Release 8.4.1Release Date2009-09-09
This release contains a variety of fixes from 8.4.
For information about new features in the 8.4 major release, see
.
Migration to Version 8.4.1
A dump/restore is not required for those running 8.4.X.
Changes
Fix WAL page header initialization at the end of archive recovery
(Heikki)
This could lead to failure to process the WAL in a subsequent
archive recovery.
Fix cannot make new WAL entries during recovery> error (Tom)
Fix problem that could make expired rows visible after a crash (Tom)
This bug involved a page status bit potentially not being set
correctly after a server crash.
Disallow RESET ROLE> and RESET SESSION
AUTHORIZATION> inside security-definer functions (Tom, Heikki)
This covers a case that was missed in the previous patch that
disallowed SET ROLE> and SET SESSION
AUTHORIZATION> inside security-definer functions.
(See CVE-2007-6600)
Make LOAD> of an already-loaded loadable module
into a no-op (Tom)
Formerly, LOAD> would attempt to unload and re-load the
module, but this is unsafe and not all that useful.
Make window function PARTITION BY> and ORDER BY>
items always be interpreted as simple expressions (Tom)
In 8.4.0 these lists were parsed following the rules used for
top-level GROUP BY> and ORDER BY> lists.
But this was not correct per the SQL standard, and it led to possible
circularity.
Fix several errors in planning of semi-joins (Tom)
These led to wrong query results in some cases where IN>
or EXISTS> was used together with another join.
Fix handling of whole-row references to subqueries that are within
an outer join (Tom)
An example is
SELECT COUNT(ss.*) FROM ... LEFT JOIN (SELECT ...) ss ON ...>.
Here, ss.*> would be treated as ROW(NULL,NULL,...)>
for null-extended join rows, which is not the same as a simple NULL.
Now it is treated as a simple NULL.
Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus)
This bug led to the often-reported could not reattach
to shared memory> error message.
Fix locale handling with plperl (Heikki)
This bug could cause the server's locale setting to change when a
plperl function is called, leading to data corruption.
Fix handling of reloptions to ensure setting one option doesn't
force default values for others (Itagaki Takahiro)
Ensure that a fast shutdown> request will forcibly terminate
open sessions, even if a smart shutdown> was already in progress
(Fujii Masao)
Avoid memory leak for array_agg()> in GROUP BY>
queries (Tom)
Treat to_char(..., 'TH')> as an uppercase ordinal
suffix with 'HH'>/'HH12'> (Heikki)
It was previously handled as 'th'> (lowercase).
Include the fractional part in the result of
EXTRACT(second)> and
EXTRACT(milliseconds)> for
time> and time with time zone> inputs (Tom)
This has always worked for floating-point datetime configurations,
but was broken in the integer datetime code.
Fix overflow for INTERVAL 'x> ms'
when x> is more than 2 million and integer
datetimes are in use (Alex Hunsaker)
Improve performance when processing toasted values in index scans (Tom)
This is particularly useful for PostGIS.
Fix a typo that disabled commit_delay> (Jeff Janes)
Output early-startup messages to postmaster.log> if the
server is started in silent mode (Tom)
Previously such error messages were discarded, leading to
difficulty in debugging.
Remove translated FAQs (Peter)
They are now on the wiki. The
main FAQ was moved to the wiki some time ago.
Fix pg_ctl> to not go into an infinite loop if
postgresql.conf> is empty (Jeff Davis)
Fix several errors in pg_dump>'s
--binary-upgrade> mode (Bruce, Tom)
pg_dump --binary-upgrade> is used by pg_migrator.
Fix contrib/xml2>'s xslt_process()> to
properly handle the maximum number of parameters (twenty) (Tom)
Improve robustness of libpq>'s code to recover
from errors during COPY FROM STDIN> (Tom)
Avoid including conflicting readline and editline header files
when both libraries are installed (Zdenek Kotala)
Work around gcc bug that causes floating-point exception>
instead of division by zero> on some platforms (Tom)
Update time zone data files to tzdata> release 2009l
for DST law changes in Bangladesh, Egypt, Mauritius.
Release 8.4Release Date2009-07-01Overview
After many years of development, PostgreSQL> has
become feature-complete in many areas. This release shows a
targeted approach to adding features (e.g., authentication,
monitoring, space reuse), and adds capabilities defined in the
later SQL standards. The major areas of enhancement are:
Windowing Functions
Common Table Expressions and Recursive Queries
Default and variadic parameters for functions
Parallel Restore
Column Permissions
Per-database locale settings
Improved hash indexes
Improved join performance for EXISTS> and NOT EXISTS> queries
Easier-to-use Warm Standby
Automatic sizing of the Free Space Map
Visibility Map (greatly reduces vacuum overhead for slowly-changing tables)
Version-aware psql (backslash commands work against older servers)
Support SSL certificates for user authentication
Per-function runtime statistics
Easy editing of functions in psql
New contrib modules: pg_stat_statements, auto_explain, citext, btree_gin
The above items are explained in more detail in the sections below.
Migration to Version 8.4
A dump/restore using pg_dump is
required for those wishing to migrate data from any previous
release.
Observe the following incompatibilities:
General
Use 64-bit integer datetimes by default (Neil Conway)
Previously this was selected by configure>'s
Remove ipcclean> utility command (Bruce)
The utility only worked on a few platforms. Users should use
their operating system tools instead.
Server Settings
Change default setting for
log_min_messages> to warning> (previously
it was notice>) to reduce log file volume (Tom)
Change default setting for max_prepared_transactions> to
zero (previously it was 5) (Tom)
Make debug_print_parse>, debug_print_rewritten>,
and debug_print_plan>
output appear at LOG> message level, not
DEBUG1> as formerly (Tom)
Make debug_pretty_print> default to on> (Tom)
Remove explain_pretty_print> parameter (no longer needed) (Tom)
Make log_temp_files> settable by superusers only, like other
logging options (Simon Riggs)
Remove automatic appending of the epoch timestamp when no %>
escapes are present in log_filename> (Robert Haas)
This change was made because some users wanted a fixed log filename,
for use with an external log rotation tool.
Remove log_restartpoints> from recovery.conf>;
instead use log_checkpoints> (Simon)
Remove krb_realm> and krb_server_hostname>;
these are now set in pg_hba.conf> instead (Magnus)
There are also significant changes in pg_hba.conf>,
as described below.
Queries
Change TRUNCATE> and LOCK> to
apply to child tables of the specified table(s) (Peter)
These commands now accept an ONLY> option that prevents
processing child tables; this option must be used if the old
behavior is needed.
SELECT DISTINCT> and
UNION>/INTERSECT>/EXCEPT>
no longer always produce sorted output (Tom)
Previously, these types of queries always removed duplicate rows
by means of Sort/Unique processing (i.e., sort then remove adjacent
duplicates). Now they can be implemented by hashing, which will not
produce sorted output. If an application relied on the output being
in sorted order, the recommended fix is to add an ORDER BY>
clause. As a short-term workaround, the previous behavior can be
restored by disabling enable_hashagg>, but that is a very
performance-expensive fix. SELECT DISTINCT ON> never uses
hashing, however, so its behavior is unchanged.
Force child tables to inherit CHECK> constraints from parents
(Alex Hunsaker, Nikhil Sontakke, Tom)
Formerly it was possible to drop such a constraint from a child
table, allowing rows that violate the constraint to be visible
when scanning the parent table. This was deemed inconsistent,
as well as contrary to SQL standard.
Disallow negative LIMIT> or OFFSET>
values, rather than treating them as zero (Simon)
Disallow LOCK TABLE> outside a transaction block
(Tom)
Such an operation is useless because the lock would be released
immediately.
Sequences now contain an additional start_value> column
(Zoltan Boszormenyi)
This supports ALTER SEQUENCE ... RESTART>.
Functions and Operators
Make numeric> zero raised to a fractional power return
0>, rather than throwing an error, and make
numeric> zero raised to the zero power return 1>,
rather than error (Bruce)
This matches the longstanding float8> behavior.
Allow unary minus of floating-point values to produce minus zero (Tom)
The changed behavior is more IEEE>-standard
compliant.
Throw an error if an escape character is the last character in
a LIKE> pattern (i.e., it has nothing to escape) (Tom)
Previously, such an escape character was silently ignored,
thus possibly masking application logic errors.
Remove ~=~> and ~<>~> operators
formerly used for LIKE> index comparisons (Tom)
Pattern indexes now use the regular equality operator.
xpath()> now passes its arguments to libxml>
without any changes (Andrew)
This means that the XML argument must be a well-formed XML document.
The previous coding attempted to allow XML fragments, but it did not
work well.
Make xmlelement()> format attribute values just like
content values (Peter)
Previously, attribute values were formatted according to the
normal SQL output behavior, which is sometimes at odds with
XML rules.
Rewrite memory management for libxml>-using functions
(Tom)
This change should avoid some compatibility problems with use of
libxml> in PL/Perl and other add-on code.
Adopt a faster algorithm for hash functions (Kenneth Marshall,
based on work of Bob Jenkins)
Many of the built-in hash functions now deliver different results on
little-endian and big-endian platforms.
Temporal Functions and OperatorsDateStyle> no longer controls interval> output
formatting; instead there is a new variable IntervalStyle>
(Ron Mayer)
Improve consistency of handling of fractional seconds in
timestamp> and interval> output (Ron Mayer)
This may result in displaying a different number of fractional
digits than before, or rounding instead of truncating.
Make to_char()>'s localized month/day names depend
on LC_TIME>, not LC_MESSAGES> (Euler
Taveira de Oliveira)
Cause to_date()> and to_timestamp()>
to more consistently report errors for invalid input (Brendan
Jurd)
Previous versions would often ignore or silently misread input
that did not match the format string. Such cases will now
result in an error.
Fix to_timestamp()> to not require upper/lower case
matching for meridian (AM>/PM>) and era
(BC>/AD>) format designations (Brendan
Jurd)
For example, input value ad> now matches the format
string AD>.
Changes
Below you will find a detailed account of the changes between
PostgreSQL 8.4 and the previous major
release.
Performance
Improve optimizer statistics calculations (Jan Urbanski, Tom)
In particular, estimates for full-text-search operators are
greatly improved.
Allow SELECT DISTINCT> and
UNION>/INTERSECT>/EXCEPT> to
use hashing (Tom)
This means that these types of queries no longer automatically
produce sorted output.
Create explicit concepts of semi-joins and anti-joins (Tom)
This work formalizes our previous ad-hoc treatment of IN
(SELECT ...)> clauses, and extends it to EXISTS> and
NOT EXISTS> clauses. It should result in significantly
better planning of EXISTS> and NOT EXISTS>
queries. In general, logically equivalent IN> and
EXISTS> clauses should now have similar performance,
whereas previously IN> often won.
Improve optimization of sub-selects beneath outer joins (Tom)
Formerly, a sub-select or view could not be optimized very well if it
appeared within the nullable side of an outer join and contained
non-strict expressions (for instance, constants) in its result list.
Improve the performance of text_position()> and
related functions by using Boyer-Moore-Horspool searching (David
Rowley)
This is particularly helpful for long search patterns.
Reduce I/O load of writing the statistics collection file
by writing the file only when requested (Martin Pihlak)
Improve performance for bulk inserts (Robert Haas, Simon)
Increase the default value of default_statistics_target>
from 10> to 100> (Greg Sabino Mullane,
Tom)
The maximum value was also increased from 1000> to
10000>.
Perform constraint_exclusion> checking by default
in queries involving inheritance or UNION ALL> (Tom)
A new constraint_exclusion> setting,
partition>, was added to specify this behavior.
Allow I/O read-ahead for bitmap index scans (Greg Stark)
The amount of read-ahead is controlled by
effective_io_concurrency>. This feature is available only
if the kernel has posix_fadvise()> support.
Inline simple set-returning SQL> functions in
FROM> clauses (Richard Rowell)
Improve performance of multi-batch hash joins by providing a special
case for join key values that are especially common in the outer
relation (Bryce Cutt, Ramon Lawrence)
Reduce volume of temporary data in multi-batch hash joins
by suppressing physical tlist> optimization (Michael
Henderson, Ramon Lawrence)
Avoid waiting for idle-in-transaction sessions during
CREATE INDEX CONCURRENTLY> (Simon)
Improve performance of shared cache invalidation (Tom)
ServerSettings
Convert many postgresql.conf> settings to enumerated
values so that pg_settings> can display the valid
values (Magnus)
Add cursor_tuple_fraction> parameter to control the
fraction of a cursor's rows that the planner assumes will be
fetched (Robert Hell)
Allow underscores in the names of custom variable
classes in postgresql.conf> (Tom)
Authentication and security
Remove support for the (insecure) crypt> authentication method
(Magnus)
This effectively obsoletes pre-PostgreSQL> 7.2 client
libraries, as there is no longer any non-plaintext password method that
they can use.
Support regular expressions in pg_ident.conf>
(Magnus)
Allow Kerberos>/GSSAPI> parameters
to be changed without restarting the postmaster (Magnus)
Support SSL> certificate chains in server certificate
file (Andrew Gierth)
Including the full certificate chain makes the client able
to verify the certificate without having all intermediate CA
certificates present in the local store, which is often the case for
commercial CAs.
Report appropriate error message for combination of MD5>
authentication and db_user_namespace> enabled (Bruce)
pg_hba.conf>
Change all authentication options to use name=value>
syntax (Magnus)
This makes incompatible changes to the ldap>,
pam> and ident> authentication methods. All
pg_hba.conf> entries with these methods need to be
rewritten using the new format.
Remove the ident sameuser> option, instead making that
behavior the default if no usermap is specified (Magnus)
Allow a usermap parameter for all external authentication methods
(Magnus)
Previously a usermap was only supported for ident>
authentication.
Add clientcert> option to control requesting of a
client certificate (Magnus)
Previously this was controlled by the presence of a root
certificate file in the server's data directory.
Add cert> authentication method to allow
user> authentication via SSL> certificates
(Magnus)
Previously SSL> certificates could only verify that
the client had access to a certificate, not authenticate a
user.
Allow krb5>, gssapi> and sspi>
realm and krb5> host settings to be specified in
pg_hba.conf> (Magnus)
These override the settings in postgresql.conf>.
Add include_realm> parameter for krb5>,
gssapi>, and sspi> methods (Magnus)
This allows identical usernames from different realms to be
authenticated as different database users using usermaps.
Parse pg_hba.conf> fully when it is loaded,
so that errors are reported immediately (Magnus)
Previously, most errors in the file wouldn't be detected until clients
tried to connect, so an erroneous file could render the system
unusable. With the new behavior, if an error is detected during
reload then the bad file is rejected and the postmaster continues
to use its old copy.
Show all parsing errors in pg_hba.conf> instead of
aborting after the first one (Selena Deckelmann)
Support ident> authentication over Unix-domain sockets
on Solaris> (Garick Hamlin)
Continuous Archiving
Provide an option to pg_start_backup()> to force its
implied checkpoint to finish as quickly as possible (Tom)
The default behavior avoids excess I/O consumption, but that is
pointless if no concurrent query activity is going on.
Make pg_stop_backup()> wait for modified WAL>
files to be archived (Simon)
This guarantees that the backup is valid at the time
pg_stop_backup()> completes.
When archiving is enabled, rotate the last WAL segment at shutdown
so that all transactions can be archived immediately
(Guillaume Smet, Heikki)
Delay smart> shutdown while a continuous archiving base backup
is in progress (Laurenz Albe)
Cancel a continuous archiving base backup if fast> shutdown
is requested (Laurenz Albe)
Allow recovery.conf> boolean variables to take the
same range of string values as postgresql.conf>
boolean variables
(Bruce)
Monitoring
Add pg_conf_load_time()> to report when
the PostgreSQL> configuration files were last loaded
(George Gensure)
Add pg_terminate_backend()> to safely terminate a
backend (the SIGTERM> signal works also) (Tom, Bruce)
While it's always been possible to SIGTERM> a single
backend, this was previously considered unsupported; and testing
of the case found some bugs that are now fixed.
Add ability to track user-defined functions' call counts and
runtimes (Martin Pihlak)
Function statistics appear in a new system view,
pg_stat_user_functions>. Tracking is controlled
by the new parameter track_functions>.
Allow specification of the maximum query string size in
pg_stat_activity> via new
track_activity_query_size> parameter (Thomas Lee)
Increase the maximum line length sent to syslog>, in
hopes of improving performance (Tom)
Add read-only configuration variables segment_size>,
wal_block_size>, and wal_segment_size>
(Bernd Helmle)
When reporting a deadlock, report the text of all queries involved
in the deadlock to the server log (Itagaki Takahiro)
Add pg_stat_get_activity(pid)> function to return
information about a specific process id (Magnus)
Allow the location of the server's statistics file to be specified
via stats_temp_directory> (Magnus)
This allows the statistics file to be placed in a
RAM>-resident directory to reduce I/O requirements.
On startup/shutdown, the file is copied to its traditional location
($PGDATA/global/>) so it is preserved across restarts.
Queries
Add support for WINDOW> functions (Hitoshi Harada)
Add support for WITH> clauses (CTEs), including WITH
RECURSIVE> (Yoshiyuki Asaba, Tatsuo Ishii, Tom)
Add TABLE> command (Peter)
TABLE tablename> is a SQL standard short-hand for
SELECT * FROM tablename>.
Allow AS> to be optional when specifying a
SELECT> (or RETURNING>) column output
label (Hiroshi Saito)
This works so long as the column label is not any
PostgreSQL> keyword; otherwise AS> is still
needed.
Support set-returning functions in SELECT> result lists
even for functions that return their result via a tuplestore (Tom)
In particular, this means that functions written in PL/pgSQL
and other PL languages can now be called this way.
Support set-returning functions in the output of aggregation
and grouping queries (Tom)
Allow SELECT FOR UPDATE>/SHARE> to work
on inheritance trees (Tom)
Add infrastructure for SQL/MED> (Martin Pihlak,
Peter)
There are no remote or external SQL/MED> capabilities
yet, but this change provides a standardized and future-proof
system for managing connection information for modules like
dblink> and plproxy>.
Invalidate cached plans when referenced schemas, functions, operators,
or operator classes are modified (Martin Pihlak, Tom)
This improves the system's ability to respond to on-the-fly
DDL changes.
Allow comparison of composite types and allow arrays of
anonymous composite types (Tom)
This allows constructs such as
row(1, 1.1) = any (array[row(7, 7.7), row(1, 1.0)])>.
This is particularly useful in recursive queries.
Add support for Unicode string literal and identifier specifications
using code points, e.g. U&'d\0061t\+000061'>
(Peter)
Reject \000> in string literals and COPY> data
(Tom)
Previously, this was accepted but had the effect of terminating
the string contents.
Improve the parser's ability to report error locations (Tom)
An error location is now reported for many semantic errors,
such as mismatched datatypes, that previously could not be localized.
TRUNCATE>
Support statement-level ON TRUNCATE> triggers (Simon)
Add RESTART>/CONTINUE IDENTITY> options
for TRUNCATE TABLE>
(Zoltan Boszormenyi)
The start value of a sequence can be changed by ALTER
SEQUENCE START WITH>.
Allow TRUNCATE tab1, tab1> to succeed (Bruce)
Add a separate TRUNCATE> permission (Robert Haas)
EXPLAIN>
Make EXPLAIN VERBOSE> show the output columns of each
plan node (Tom)
Previously EXPLAIN VERBOSE> output an internal
representation of the query plan. (That behavior is now
available via debug_print_plan>.)
Make EXPLAIN> identify subplans and initplans with
individual labels (Tom)
Make EXPLAIN> honor debug_print_plan> (Tom)
Allow EXPLAIN> on CREATE TABLE AS> (Peter)
LIMIT>/OFFSET>
Allow sub-selects in LIMIT> and OFFSET> (Tom)
Add SQL>-standard syntax for
LIMIT>/OFFSET> capabilities (Peter)
To wit,
OFFSET num {ROW|ROWS} FETCH {FIRST|NEXT} [num] {ROW|ROWS}
ONLY>.
Object Manipulation
Add support for column-level privileges (Stephen Frost, KaiGai
Kohei)
Refactor multi-object DROP> operations to reduce the
need for CASCADE> (Alex Hunsaker)
For example, if table B> has a dependency on table
A>, the command DROP TABLE A, B> no longer
requires the CASCADE> option.
Fix various problems with concurrent DROP> commands
by ensuring that locks are taken before we begin to drop dependencies
of an object (Tom)
Improve reporting of dependencies during DROP>
commands (Tom)
Add WITH [NO] DATA> clause to CREATE TABLE
AS>, per the SQL> standard (Peter, Tom)
Add support for user-defined I/O conversion casts (Heikki)
Allow CREATE AGGREGATE> to use an internal>
transition datatype (Tom)
Add LIKE> clause to CREATE TYPE> (Tom)
This simplifies creation of data types that use the same internal
representation as an existing type.
Allow specification of the type category and preferred>
status for user-defined base types (Tom)
This allows more control over the coercion behavior of user-defined
types.
Allow CREATE OR REPLACE VIEW> to add columns to the
end of a view (Robert Haas)
ALTER>
Add ALTER TYPE RENAME> (Petr Jelinek)
Add ALTER SEQUENCE ... RESTART> (with no parameter) to
reset a sequence to its initial value (Zoltan Boszormenyi)
Modify the ALTER TABLE> syntax to allow all reasonable
combinations for tables, indexes, sequences, and views (Tom)
This change allows the following new syntaxes:
ALTER SEQUENCE OWNER TO>
ALTER VIEW ALTER COLUMN SET/DROP DEFAULT>
ALTER VIEW OWNER TO>
ALTER VIEW SET SCHEMA>
There is no actual new functionality here, but formerly
you had to say ALTER TABLE> to do these things,
which was confusing.
Add support for the syntax ALTER TABLE ... ALTER COLUMN
... SET DATA TYPE> (Peter)
This is SQL>-standard syntax for functionality that
was already supported.
Make ALTER TABLE SET WITHOUT OIDS> rewrite the table
to physically remove OID> values (Tom)
Also, add ALTER TABLE SET WITH OIDS> to rewrite the
table to add OID>s.
Database Manipulation
Improve reporting of
CREATE>/DROP>/RENAME DATABASE>
failure when uncommitted prepared transactions are the cause
(Tom)
Make LC_COLLATE> and LC_CTYPE> into
per-database settings (Radek Strnad, Heikki)
This makes collation similar to encoding, which was always
configurable per database.
Improve checks that the database encoding, collation
(LC_COLLATE>), and character classes
(LC_CTYPE>) match (Heikki, Tom)
Note in particular that a new database's encoding and locale
settings can be changed only when copying from template0>.
This prevents possibly copying data that doesn't match the settings.
Add ALTER DATABASE SET TABLESPACE> to move a database
to a new tablespace (Guillaume Lelarge, Bernd Helmle)
Utility Operations
Add a VERBOSE> option to the CLUSTER> command and
clusterdb> (Jim Cox)
Decrease memory requirements for recording pending trigger
events (Tom)
Indexes
Dramatically improve the speed of building and accessing hash
indexes (Tom Raney, Shreya Bhargava)
This allows hash indexes to be sometimes faster than btree
indexes. However, hash indexes are still not crash-safe.
Make hash indexes store only the hash code, not the full value of
the indexed column (Xiao Meng)
This greatly reduces the size of hash indexes for long indexed
values, improving performance.
Implement fast update option for GIN indexes (Teodor, Oleg)
This option greatly improves update speed at a small penalty in search
speed.
xxx_pattern_ops> indexes can now be used for simple
equality comparisons, not only for LIKE> (Tom)
Full Text Indexes
Remove the requirement to use @@@> when doing
GIN> weighted lookups on full text indexes (Tom, Teodor)
The normal @@> text search operator can be used
instead.
Add an optimizer selectivity function for @@> text
search operations (Jan Urbanski)
Allow prefix matching in full text searches (Teodor Sigaev,
Oleg Bartunov)
Support multi-column GIN> indexes (Teodor Sigaev)
Improve support for Nepali language and Devanagari alphabet (Teodor)
VACUUM>
Track free space in separate per-relation fork> files (Heikki)
Free space discovered by VACUUM> is now recorded in
*_fsm> files, rather than in a fixed-sized shared memory
area. The max_fsm_pages> and max_fsm_relations>
settings have been removed, greatly simplifying administration of
free space management.
Add a visibility map to track pages that do not require
vacuuming (Heikki)
This allows VACUUM> to avoid scanning all of
a table when only a portion of the table needs vacuuming.
The visibility map is stored in per-relation fork> files.
Add vacuum_freeze_table_age> parameter to control
when VACUUM> should ignore the visibility map and
do a full table scan to freeze tuples (Heikki)
Track transaction snapshots more carefully (Alvaro)
This improves VACUUM>'s ability to reclaim space
in the presence of long-running transactions.
Add ability to specify per-relation autovacuum and TOAST>
parameters in CREATE TABLE> (Alvaro, Euler Taveira de
Oliveira)
Autovacuum options used to be stored in a system table.
Add --freeze> option to vacuumdb>
(Bruce)
Data Types
Add a CaseSensitive> option for text search synonym
dictionaries (Simon)
Improve the precision of NUMERIC> division (Tom)
Add basic arithmetic operators for int2> with int8>
(Tom)
This eliminates the need for explicit casting in some situations.
Allow UUID> input to accept an optional hyphen after
every fourth digit (Robert Haas)
Allow on>/off> as input for the boolean data type
(Itagaki Takahiro)
Allow spaces around NaN> in the input string for
type numeric> (Sam Mason)
Temporal Data Types
Reject year 0 BC> and years 000> and
0000> (Tom)
Previously these were interpreted as 1 BC>.
(Note: years 0> and 00> are still assumed to be
the year 2000.)
Include SGT> (Singapore time) in the default list of
known time zone abbreviations (Tom)
Support infinity> and -infinity> as
values of type date> (Tom)
Make parsing of interval> literals more standard-compliant
(Tom, Ron Mayer)
For example, INTERVAL '1' YEAR> now does what it's
supposed to.
Allow interval> fractional-seconds precision to be specified
after the second> keyword, for SQL> standard
compliance (Tom)
Formerly the precision had to be specified after the keyword
interval>. (For backwards compatibility, this syntax is still
supported, though deprecated.) Data type definitions will now be
output using the standard format.
Support the IS0 8601> interval> syntax (Ron
Mayer, Kevin Grittner)
For example, INTERVAL 'P1Y2M3DT4H5M6.7S'> is now
supported.
Add IntervalStyle> parameter
which controls how interval> values are output (Ron Mayer)
Valid values are: postgres>, postgres_verbose>,
sql_standard>, iso_8601>. This setting also
controls the handling of negative interval> input when only
some fields have positive/negative designations.
Improve consistency of handling of fractional seconds in
timestamp> and interval> output (Ron Mayer)
Arrays
Improve the handling of casts applied to ARRAY[]>
constructs, such as ARRAY[...]::integer[]>
(Brendan Jurd)
Formerly PostgreSQL> attempted to determine a data type
for the ARRAY[]> construct without reference to the ensuing
cast. This could fail unnecessarily in many cases, in particular when
the ARRAY[]> construct was empty or contained only
ambiguous entries such as NULL>. Now the cast is consulted
to determine the type that the array elements must be.
Make SQL>-syntax ARRAY> dimensions optional
to match the SQL> standard (Peter)
Add array_ndims()> to return the number
of dimensions of an array (Robert Haas)
Add array_length()> to return the length
of an array for a specified dimension (Jim Nasby, Robert
Haas, Peter Eisentraut)
Add aggregate function array_agg()>, which
returns all aggregated values as a single array (Robert Haas,
Jeff Davis, Peter)
Add unnest()>, which converts an array to
individual row values (Tom)
This is the opposite of array_agg()>.
Add array_fill()> to create arrays initialized with
a value (Pavel Stehule)
Add generate_subscripts()> to simplify generating
the range of an array's subscripts (Pavel Stehule)
Wide-Value Storage (TOAST>)
Consider TOAST> compression on values as short as
32 bytes (previously 256 bytes) (Greg Stark)
Require 25% minimum space savings before using TOAST>
compression (previously 20% for small values and any-savings-at-all
for large values) (Greg)
Improve TOAST> heuristics for rows that have a mix of large
and small toastable fields, so that we prefer to push large values out
of line and don't compress small values unnecessarily (Greg, Tom)
Functions
Document that setseed()> allows values from
-1> to 1> (not just 0> to
1>), and enforce the valid range (Kris Jurka)
Add server-side function lo_import(filename, oid)>
(Tatsuo)
Add quote_nullable()>, which behaves like
quote_literal()> but returns the string NULL> for
a null argument (Brendan Jurd)
Improve full text search headline()> function to
allow extracting several fragments of text (Sushant Sinha)
Add suppress_redundant_updates_trigger()> trigger
function to avoid overhead for non-data-changing updates (Andrew)
Add div(numeric, numeric)> to perform numeric>
division without rounding (Tom)
Add timestamp> and timestamptz> versions of
generate_series()> (Hitoshi Harada)
Object Information Functions
Implement current_query()> for use by functions
that need to know the currently running query (Tomas Doran)
Add pg_get_keywords()> to return a list of the
parser keywords (Dave Page)
Add pg_get_functiondef()> to see a function's
definition (Abhijit Menon-Sen)
Allow the second argument of pg_get_expr()> to be zero
when deparsing an expression that does not contain variables (Tom)
Modify pg_relation_size()> to use regclass>
(Heikki)
pg_relation_size(data_type_name)> no longer works.
Add boot_val> and reset_val> columns to
pg_settings> output (Greg Smith)
Add source file name and line number columns to
pg_settings> output for variables set in a configuration
file (Magnus, Alvaro)
For security reasons, these columns are only visible to superusers.
Add support for CURRENT_CATALOG>,
CURRENT_SCHEMA>, SET CATALOG>, SET
SCHEMA> (Peter)
These provide SQL>-standard syntax for existing features.
Add pg_typeof()> which returns the data type
of any value (Brendan Jurd)
Make version()> return information about whether
the server is a 32- or 64-bit binary (Bruce)
Fix the behavior of information schema columns
is_insertable_into> and is_updatable> to
be consistent (Peter)
Improve the behavior of information schema
datetime_precision> columns (Peter)
These columns now show zero for date> columns, and 6
(the default precision) for time>, timestamp>, and
interval> without a declared precision, rather than showing
null as formerly.
Convert remaining builtin set-returning functions to use
OUT> parameters (Jaime Casanova)
This makes it possible to call these functions without specifying
a column list: pg_show_all_settings()>,
pg_lock_status()>, pg_prepared_xact()>,
pg_prepared_statement()>, pg_cursor()>
Make pg_*_is_visible()> and
has_*_privilege()> functions return NULL>
for invalid OIDs, rather than reporting an error (Tom)
Extend has_*_privilege()> functions to allow inquiring
about the OR of multiple privileges in one call (Stephen
Frost, Tom)
Add has_column_privilege()> and
has_any_column_privilege()> functions (Stephen
Frost, Tom)
Function Creation
Support variadic functions (functions with a variable number
of arguments) (Pavel Stehule)
Only trailing arguments can be optional, and they all must be
of the same data type.
Support default values for function arguments (Pavel Stehule)
Add CREATE FUNCTION ... RETURNS TABLE> clause (Pavel
Stehule)
Allow SQL>-language functions to return the output
of an INSERT>/UPDATE>/DELETE>
RETURNING> clause (Tom)
PL/pgSQL Server-Side Language
Support EXECUTE USING> for easier insertion of data
values into a dynamic query string (Pavel Stehule)
Allow looping over the results of a cursor using a FOR>
loop (Pavel Stehule)
Support RETURN QUERY EXECUTE> (Pavel
Stehule)
Improve the RAISE> command (Pavel Stehule)
Support DETAIL> and HINT> fields
Support specification of the SQLSTATE> error code
Support an exception name parameter
Allow RAISE> without parameters in an exception
block to re-throw the current error
Allow specification of SQLSTATE> codes
in EXCEPTION> lists (Pavel Stehule)
This is useful for handling custom SQLSTATE> codes.
Support the CASE> statement (Pavel Stehule)
Make RETURN QUERY> set the special FOUND> and
GET DIAGNOSTICS> ROW_COUNT> variables
(Pavel Stehule)
Make FETCH> and MOVE> set the
GET DIAGNOSTICS> ROW_COUNT> variable
(Andrew Gierth)
Make EXIT> without a label always exit the innermost
loop (Tom)
Formerly, if there were a BEGIN> block more closely nested
than any loop, it would exit that block instead. The new behavior
matches Oracle(TM) and is also what was previously stated by our own
documentation.
Make processing of string literals and nested block comments
match the main SQL parser's processing (Tom)
In particular, the format string in RAISE> now works
the same as any other string literal, including being subject
to standard_conforming_strings>. This change also
fixes other cases in which valid commands would fail when
standard_conforming_strings> is on.
Avoid memory leakage when the same function is called at varying
exception-block nesting depths (Tom)
Client Applications
Fix pg_ctl restart> to preserve command-line arguments
(Bruce)
Add -w>/--no-password> option that
prevents password prompting in all utilities that have a
-W>/--password> option (Peter)
Remove
These options have had no effect since PostgreSQL>
8.3.
psql>
Remove verbose startup banner; now just suggest help>
(Joshua Drake)
Make help> show common backslash commands (Greg
Sabino Mullane)
Add \pset format wrapped> mode to wrap output to the
screen width, or file/pipe output too if \pset columns>
is set (Bryce Nesbitt)
Allow all supported spellings of boolean values in \pset>,
rather than just on> and off> (Bruce)
Formerly, any string other than off> was silently taken
to mean true>. psql> will now complain
about unrecognized spellings (but still take them as true>).
Use the pager for wide output (Bruce)
Require a space between a one-letter backslash command and its first
argument (Bernd Helmle)
This removes a historical source of ambiguity.
Improve tab completion support for schema-qualified and
quoted identifiers (Greg Sabino Mullane)
Add optional on>/off> argument for
\timing> (David Fetter)
Display access control rights on multiple lines (Brendan
Jurd, Andreas Scherbaum)
Make \l> show database access privileges (Andrew Gilligan)
Make \l+> show database sizes, if permissions
allow (Andrew Gilligan)
Add the \ef> command to edit function definitions
(Abhijit Menon-Sen)
psql> \d* commands
Make \d*> commands that do not have a pattern argument
show system objects only if the S> modifier is specified
(Greg Sabino Mullane, Bruce)
The former behavior was inconsistent across different variants
of \d>, and in most cases it provided no easy way to see
just user objects.
Improve \d*> commands to work with older
PostgreSQL> server versions (back to 7.4),
not only the current server version
(Guillaume Lelarge)
Make \d> show foreign-key constraints that reference
the selected table (Kenneth D'Souza)
Make \d> on a sequence show its column values
(Euler Taveira de Oliveira)
Add column storage type and other relation options to the
\d+> display (Gregory Stark, Euler Taveira de
Oliveira)
Show relation size in \dt+> output (Dickson S.
Guedes)
Show the possible values of enum> types in \dT+>
(David Fetter)
Allow \dC> to accept a wildcard pattern, which matches
either datatype involved in the cast (Tom)
Add a function type column to \df>'s output, and add
options to list only selected types of functions (David Fetter)
Make \df> not hide functions that take or return
type cstring> (Tom)
Previously, such functions were hidden because most of them are
datatype I/O functions, which were deemed uninteresting. The new
policy about hiding system functions by default makes this wart
unnecessary.
pg_dump>
Add a --no-tablespaces> option to
pg_dump>/pg_dumpall>/pg_restore>
so that dumps can be restored to clusters that have non-matching
tablespace layouts (Gavin Roy)
Remove
These options were too frequently confused with the option to
select a database name in other PostgreSQL>
client applications. The functionality is still available,
but you must now spell out the long option name
Remove
Use of this option does not throw an error, but it has no
effect. This option was removed because the version checks
are necessary for safety.
Disable statement_timeout> during dump and restore
(Joshua Drake)
Add pg_dump>/pg_dumpall> option
This allows dumps to fail if unable to acquire a shared lock
within the specified amount of time.
Reorder pg_dump> --data-only> output
to dump tables referenced by foreign keys before
the referencing tables (Tom)
This allows data loads when foreign keys are already present.
If circular references make a safe ordering impossible, a
NOTICE> is issued.
Allow pg_dump>, pg_dumpall>, and
pg_restore> to use a specified role (Benedek
László)
Allow pg_restore> to use multiple concurrent
connections to do the restore (Andrew)
The number of concurrent connections is controlled by the option
--jobs>. This is supported only for custom-format archives.
Programming Toolslibpq>
Allow the OID> to be specified when importing a large
object, via new function lo_import_with_oid()> (Tatsuo)
Add events> support (Andrew Chernow, Merlin Moncure)
This adds the ability to register callbacks to manage private
data associated with PGconn> and PGresult>
objects.
Improve error handling to allow the return of multiple
error messages as multi-line error reports (Magnus)
Make PQexecParams()> and related functions return
PGRES_EMPTY_QUERY> for an empty query (Tom)
They previously returned PGRES_COMMAND_OK>.
Document how to avoid the overhead of WSACleanup()>
on Windows (Andrew Chernow)
Do not rely on Kerberos tickets to determine the default database
username (Magnus)
Previously, a Kerberos-capable build of libpq would use the
principal name from any available Kerberos ticket as default
database username, even if the connection wasn't using Kerberos
authentication. This was deemed inconsistent and confusing.
The default username is now determined the same way with or
without Kerberos. Note however that the database username must still
match the ticket when Kerberos authentication is used.
libpq> SSL> (Secure Sockets Layer)
support
Fix certificate validation for SSL> connections
(Magnus)
libpq> now supports verifying both the certificate
and the name of the server when making SSL>
connections. If a root certificate is not available to use for
verification, SSL> connections will fail. The
sslmode> parameter is used to enable certificate
verification and set the level of checking.
The default is still not to do any verification, allowing connections
to SSL-enabled servers without requiring a root certificate on the
client.
Support wildcard server certificates (Magnus)
If a certificate CN> starts with *>, it will
be treated as a wildcard when matching the hostname, allowing the
use of the same certificate for multiple servers.
Allow the file locations for client certificates to be specified
(Mark Woodward, Alvaro, Magnus)
Add a PQinitOpenSSL> function to allow greater control
over OpenSSL/libcrypto initialization (Andrew Chernow)
Make libpq> unregister its OpenSSL>
callbacks when no database connections remain open
(Bruce, Magnus, Russell Smith)
This is required for applications that unload the libpq library,
otherwise invalid OpenSSL> callbacks will remain.
ecpg>
Add localization support for messages (Euler Taveira de
Oliveira)
ecpg parser is now automatically generated from the server
parser (Michael)
Previously the ecpg parser was hand-maintained.
Server Programming Interface (SPI>)
Add support for single-use plans with out-of-line
parameters (Tom)
Add new SPI_OK_REWRITTEN> return code for
SPI_execute()> (Heikki)
This is used when a command is rewritten to another type of
command.
Remove unnecessary inclusions from executor/spi.h> (Tom)
SPI-using modules might need to add some #include>
lines if they were depending on spi.h> to include
things for them.
Build Options
Update build system to use Autoconf> 2.61 (Peter)
Require GNU bison> for source code builds (Peter)
This has effectively been required for several years, but now there
is no infrastructure claiming to support other parser tools.
Add pg_config> --htmldir> option
(Peter)
Pass float4> by value inside the server (Zoltan
Boszormenyi)
Add configure> option
--disable-float4-byval> to use the old behavior.
External C functions that use old-style (version 0) call convention
and pass or return float4> values will be broken by this
change, so you may need the configure> option if you
have such functions and don't want to update them.
Pass float8>, int8>, and related datatypes
by value inside the server on 64-bit platforms (Zoltan Boszormenyi)
Add configure> option
--disable-float8-byval> to use the old behavior.
As above, this change might break old-style external C functions.
Add configure options --with-segsize>,
--with-blocksize>, --with-wal-blocksize>,
--with-wal-segsize> (Zdenek Kotala, Tom)
This simplifies build-time control over several constants that
previously could only be changed by editing
pg_config_manual.h>.
Allow threaded builds on Solaris> 2.5 (Bruce)
Use the system's getopt_long()> on Solaris>
(Zdenek Kotala, Tom)
This makes option processing more consistent with what Solaris users
expect.
Add support for the Sun Studio> compiler on
Linux> (Julius Stroffek)
Append the major version number to the backend gettext>
domain, and the soname> major version number to
libraries' gettext> domain (Peter)
This simplifies parallel installations of multiple versions.
Add support for code coverage testing with gcov>
(Michelle Caisse)
Allow out-of-tree builds on Mingw> and
Cygwin> (Richard Evans)
Fix the use of Mingw> as a cross-compiling source
platform (Peter)
Source Code
Support 64-bit time zone data files (Heikki)
This adds support for daylight saving time (DST>)
calculations beyond the year 2038.
Deprecate use of platform's time_t> data type (Tom)
Some platforms have migrated to 64-bit time_t>, some have
not, and Windows can't make up its mind what it's doing. Define
pg_time_t> to have the same meaning as time_t>,
but always be 64 bits (unless the platform has no 64-bit integer type),
and use that type in all module APIs and on-disk data formats.
Fix bug in handling of the time zone database when cross-compiling
(Richard Evans)
Link backend object files in one step, rather than in stages
(Peter)
Improve gettext> support to allow better translation
of plurals (Peter)
Add message translation support to the PL languages (Alvaro, Peter)
Add more DTrace> probes (Robert Lor)
Enable DTrace> support on Mac OS X
Leopard> and other non-Solaris platforms (Robert Lor)
Simplify and standardize conversions between C strings and
text> datums, by providing common functions for the purpose
(Brendan Jurd, Tom)
Clean up the include/catalog/> header files so that
frontend programs can include them without including
postgres.h>
(Zdenek Kotala)
Make name> char-aligned, and suppress zero-padding of
name> entries in indexes (Tom)
Recover better if dynamically-loaded code executes exit()>
(Tom)
Add a hook to let plug-ins monitor the executor (Itagaki
Takahiro)
Add a hook to allow the planner's statistics lookup behavior to
be overridden (Simon Riggs)
Add shmem_startup_hook()> for custom shared memory
requirements (Tom)
Replace the index access method amgetmulti> entry point
with amgetbitmap>, and extend the API for
amgettuple> to support run-time determination of
operator lossiness (Heikki, Tom, Teodor)
The API for GIN and GiST opclass consistent> functions
has been extended as well.
Add support for partial-match searches in GIN> indexes
(Teodor Sigaev, Oleg Bartunov)
Replace pg_class> column reltriggers>
with boolean relhastriggers> (Simon)
Also remove unused pg_class> columns
relukeys>, relfkeys>, and
relrefs>.
Add a relistemp> column to pg_class>
to ease identification of temporary tables (Tom)
Move platform FAQ>s into the main documentation
(Peter)
Prevent parser input files from being built with any conflicts
(Peter)
Add support for the KOI8U> (Ukrainian) encoding
(Peter)
Add Japanese message translations (Japan PostgreSQL Users Group)
This used to be maintained as a separate project.
Fix problem when setting LC_MESSAGES> on
MSVC>-built systems (Hiroshi Inoue, Hiroshi
Saito, Magnus)
Contrib
Add contrib/auto_explain> to automatically run
EXPLAIN> on queries exceeding a specified duration
(Itagaki Takahiro, Tom)
Add contrib/btree_gin> to allow GIN indexes to
handle more datatypes (Oleg, Teodor)
Add contrib/citext> to provide a case-insensitive,
multibyte-aware text data type (David Wheeler)
Add contrib/pg_stat_statements> for server-wide
tracking of statement execution statistics (Itagaki Takahiro)
Add duration and query mode options to contrib/pgbench>
(Itagaki Takahiro)
Make contrib/pgbench> use table names
pgbench_accounts>, pgbench_branches>,
pgbench_history>, and pgbench_tellers>,
rather than just accounts>, branches>,
history>, and tellers> (Tom)
This is to reduce the risk of accidentally destroying real data
by running pgbench>.
Fix contrib/pgstattuple> to handle tables and
indexes with over 2 billion pages (Tatsuhito Kasahara)
In contrib/fuzzystrmatch>, add a version of the
Levenshtein string-distance function that allows the user to
specify the costs of insertion, deletion, and substitution
(Volkan Yazici)
Make contrib/ltree> support multibyte encodings
(laser)
Enable contrib/dblink> to use connection information
stored in the SQL/MED catalogs (Joe Conway)
Improve contrib/dblink>'s reporting of errors from
the remote server (Joe Conway)
Make contrib/dblink> set client_encoding>
to match the local database's encoding (Joe Conway)
This prevents encoding problems when communicating with a remote
database that uses a different encoding.
Make sure contrib/dblink> uses a password supplied
by the user, and not accidentally taken from the server's
.pgpass> file (Joe Conway)
This is a minor security enhancement.
Add fsm_page_contents()>
to contrib/pageinspect> (Heikki)
Modify get_raw_page()> to support free space map
(*_fsm>) files. Also update
contrib/pg_freespacemap>.
Add support for multibyte encodings to contrib/pg_trgm>
(Teodor)
Rewrite contrib/intagg> to use new
functions array_agg()> and unnest()>
(Tom)
Make contrib/pg_standby> recover all available WAL before
failover (Fujii Masao, Simon, Heikki)
To make this work safely, you now need to set the new
recovery_end_command> option in recovery.conf>
to clean up the trigger file after failover. pg_standby>
will no longer remove the trigger file itself.
contrib/pg_standby>'s