2014-03-20 This release contains a variety of fixes from 9.3.3. For information about new features in the 9.3 major release, see . A dump/restore is not required for those running 9.3.X. However, the error fixed in the first changelog entry below could have resulted in corrupt data on standby servers. It may be prudent to reinitialize standby servers from fresh base backups after installing this update. Also, if you are upgrading from a version earlier than 9.3.3, see . Fix WAL replay of locking an already-updated tuple (Andres Freund, Álvaro Herrera) This error caused updated rows to not be found by index scans, resulting in inconsistent query results depending on whether an index scan was used. Subsequent processing could result in constraint violations, since the previously updated row would not be found by later index searches, thus possibly allowing conflicting rows to be inserted. Since this error is in WAL replay, it would only manifest during crash recovery or on standby servers. The improperly-replayed case most commonly arises when a table row that is referenced by a foreign-key constraint is updated concurrently with creation of a referencing row. Restore GIN metapages unconditionally to avoid torn-page risk (Heikki Linnakangas) Although this oversight could theoretically result in a corrupted index, it is unlikely to have caused any problems in practice, since the active part of a GIN metapage is smaller than a standard 512-byte disk sector. Avoid race condition in checking transaction commit status during receipt of a NOTIFY message (Marko Tiikkaja) This prevents a scenario wherein a sufficiently fast client might respond to a notification before database updates made by the notifier have become visible to the recipient. Allow materialized views to be referenced in UPDATE and DELETE commands (Michael Paquier) Previously such queries failed with a complaint about not being able to lock rows in the materialized view. Allow regular-expression operators to be terminated early by query cancel requests (Tom Lane) This prevents scenarios wherein a pathological regular expression could lock up a server process uninterruptably for a long time. Remove incorrect code that tried to allow OVERLAPS with single-element row arguments (Joshua Yanovski) This code never worked correctly, and since the case is neither specified by the SQL standard nor documented, it seemed better to remove it than fix it. Avoid getting more than AccessShareLock when de-parsing a rule or view (Dean Rasheed) This oversight resulted in pg_dump unexpectedly acquiring RowExclusiveLock locks on tables mentioned as the targets of INSERT/UPDATE/DELETE commands in rules. While usually harmless, that could interfere with concurrent transactions that tried to acquire, for example, ShareLock on those tables. Improve performance of index endpoint probes during planning (Tom Lane) This change fixes a significant performance problem that occurred when there were many not-yet-committed rows at the end of the index, which is a common situation for indexes on sequentially-assigned values such as timestamps or sequence-generated identifiers. Use non-default selectivity estimates for value IN (list) and value operator ANY (array) expressions when the righthand side is a stable expression (Tom Lane) Remove the correct per-database statistics file during DROP DATABASE (Tomas Vondra) This fix prevents a permanent leak of statistics file space. Users who have done many DROP DATABASE commands since upgrading to PostgreSQL 9.3 may wish to check their statistics directory and delete statistics files that do not correspond to any existing database. Please note that db_0.stat should not be removed. Fix walsender ping logic to avoid inappropriate disconnects under continuous load (Andres Freund, Heikki Linnakangas) walsender failed to send ping messages to the client if it was constantly busy sending WAL data; but it expected to see ping responses despite that, and would therefore disconnect once elapsed. Fix walsender's failure to shut down cleanly when client is pg_receivexlog (Fujii Masao) Check WAL level and hot standby parameters correctly when doing crash recovery that will be followed by archive recovery (Heikki Linnakangas) Fix test to see if hot standby connections can be allowed immediately after a crash (Heikki Linnakangas) Add read-only parameter to display whether page checksums are enabled (Heikki Linnakangas) Without this parameter, determining the state of checksum processing was difficult. Prevent interrupts while reporting non-ERROR messages (Tom Lane) This guards against rare server-process freezeups due to recursive entry to syslog(), and perhaps other related problems. Fix memory leak in PL/Perl when returning a composite result, including multiple-OUT-parameter cases (Alex Hunsaker) Fix tracking of psql script line numbers during \copy from out-of-line data (Kumar Rajeev Rastogi, Amit Khandekar) \copy ... from incremented the script file line number for each data line, even if the data was not coming from the script file. This mistake resulted in wrong line numbers being reported for any errors occurring later in the same script file. Fix contrib/postgres_fdw to handle multiple join conditions properly (Tom Lane) This oversight could result in sending WHERE clauses to the remote server for execution even though the clauses are not known to have the same semantics on the remote server (for example, clauses that use non-built-in operators). The query might succeed anyway, but it could also fail with errors from the remote server, or worse give silently wrong answers. Prevent intermittent could not reserve shared memory region failures on recent Windows versions (MauMau) Update time zone data files to tzdata release 2014a for DST law changes in Fiji and Turkey, plus historical changes in Israel and Ukraine. 2014-02-20 This release contains a variety of fixes from 9.3.2. For information about new features in the 9.3 major release, see . A dump/restore is not required for those running 9.3.X. However, several of the issues corrected in this release could have resulted in corruption of foreign-key constraints; that is, there might now be referencing rows for which there is no matching row in the referenced table. It may be worthwhile to recheck such constraints after installing this update. The simplest way to do that is to drop and recreate each suspect constraint; however, that will require taking an exclusive lock on both tables, so it is unlikely to be acceptable in production databases. Alternatively, you can do a manual join query between the two tables to look for unmatched rows. Note also the requirement for replication standby servers to be upgraded before their master server is upgraded. Also, if you are upgrading from a version earlier than 9.3.2, see . Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) Prevent buffer overrun with long datetime strings (Noah Misch) The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode). (CVE-2014-0066) Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) Since the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine. (CVE-2014-0067) Rework tuple freezing protocol (Álvaro Herrera, Andres Freund) The logic for tuple freezing was unable to handle some cases involving freezing of multixact IDs, with the practical effect that shared row-level locks might be forgotten once old enough. Fixing this required changing the WAL record format for tuple freezing. While this is no issue for standalone servers, when using replication it means that standby servers must be upgraded to 9.3.3 or later before their masters are. An older standby will be unable to interpret freeze records generated by a newer master, and will fail with a PANIC message. (In such a case, upgrading the standby should be sufficient to let it resume execution.) Create separate GUC parameters to control multixact freezing (Álvaro Herrera) 9.3 requires multixact tuple labels to be frozen before they grow too old, in the same fashion as plain transaction ID labels have been frozen for some time. Previously, the transaction ID freezing parameters were used for multixact IDs too; but since the consumption rates of transaction IDs and multixact IDs can be quite different, this did not work very well. Introduce new settings , , and to control when to freeze multixacts. Account for remote row locks propagated by local updates (Álvaro Herrera) If a row was locked by transaction A, and transaction B updated it, the new version of the row created by B would be locked by A, yet visible only to B. If transaction B then again updated the row, A's lock wouldn't get checked, thus possibly allowing B to complete when it shouldn't. This case is new in 9.3 since prior versions did not have any types of row locking that would permit another transaction to update the row at all. This oversight could allow referential integrity checks to give false positives (for instance, allow deletes that should have been rejected). Applications using the new commands SELECT FOR KEY SHARE and SELECT FOR NO KEY UPDATE might also have suffered locking failures of this kind. Prevent forgetting valid row locks when one of several holders of a row lock aborts (Álvaro Herrera) This was yet another mechanism by which a shared row lock could be lost, thus possibly allowing updates that should have been prevented by foreign-key constraints. Fix incorrect logic during update chain locking (Álvaro Herrera) This mistake could result in spurious could not serialize access due to concurrent update errors in REPEATABLE READ and SERIALIZABLE transaction isolation modes. Handle wraparound correctly during extension or truncation of pg_multixact/members (Andres Freund, Álvaro Herrera) Fix handling of 5-digit filenames in pg_multixact/members (Álvaro Herrera) As of 9.3, these names can be more than 4 digits, but the directory cleanup code ignored such files. Improve performance of multixact cache code (Álvaro Herrera) Optimize updating a row that's already locked by the same transaction (Andres Freund, Álvaro Herrera) This fixes a performance regression from pre-9.3 versions when doing SELECT FOR UPDATE followed by UPDATE/DELETE. During archive recovery, prefer highest timeline number when WAL segments with the same ID are present in both the archive and pg_xlog/ (Kyotaro Horiguchi) Previously, not-yet-archived segments could get ignored during recovery. This reverts an undesirable behavioral change in 9.3.0 back to the way things worked pre-9.3. Fix possible mis-replay of WAL records when some segments of a relation aren't full size (Greg Stark, Tom Lane) The WAL update could be applied to the wrong page, potentially many pages past where it should have been. Aside from corrupting data, this error has been observed to result in significant bloat of standby servers compared to their masters, due to updates being applied far beyond where the end-of-file should have been. This failure mode does not appear to be a significant risk during crash recovery, only when initially synchronizing a standby created from a base backup taken from a quickly-changing master. Fix bug in determining when recovery has reached consistency (Tomonari Katsumata, Heikki Linnakangas) In some cases WAL replay would mistakenly conclude that the database was already consistent at the start of replay, thus possibly allowing hot-standby queries before the database was really consistent. Other symptoms such as PANIC: WAL contains references to invalid pages were also possible. Fix WAL logging of visibility map changes (Heikki Linnakangas) Fix improper locking of btree index pages while replaying a VACUUM operation in hot-standby mode (Andres Freund, Heikki Linnakangas, Tom Lane) This error could result in PANIC: WAL contains references to invalid pages failures. Ensure that insertions into non-leaf GIN index pages write a full-page WAL record when appropriate (Heikki Linnakangas) The previous coding risked index corruption in the event of a partial-page write during a system crash. When pause_at_recovery_target and recovery_target_inclusive are both set, ensure the target record is applied before pausing, not after (Heikki Linnakangas) Ensure walreceiver sends hot-standby feedback messages on time even when there is a continuous stream of data (Andres Freund, Amit Kapila) Prevent timeout interrupts from taking control away from mainline code unless ImmediateInterruptOK is set (Andres Freund, Tom Lane) This is a serious issue for any application making use of statement timeouts, as it could cause all manner of strange failures after a timeout occurred. We have seen reports of stuck spinlocks, ERRORs being unexpectedly promoted to PANICs, unkillable backends, and other misbehaviors. Fix race conditions during server process exit (Robert Haas) Ensure that signal handlers don't attempt to use the process's MyProc pointer after it's no longer valid. Fix race conditions in walsender shutdown logic and walreceiver SIGHUP signal handler (Tom Lane) Fix unsafe references to errno within error reporting logic (Christian Kruse) This would typically lead to odd behaviors such as missing or inappropriate HINT fields. Fix possible crashes from using ereport() too early during server startup (Tom Lane) The principal case we've seen in the field is a crash if the server is started in a directory it doesn't have permission to read. Clear retry flags properly in OpenSSL socket write function (Alexander Kukushkin) This omission could result in a server lockup after unexpected loss of an SSL-encrypted connection. Fix length checking for Unicode identifiers (U&"..." syntax) containing escapes (Tom Lane) A spurious truncation warning would be printed for such identifiers if the escaped form of the identifier was too long, but the identifier actually didn't need truncation after de-escaping. Fix parsing of Unicode literals and identifiers just before the end of a command string or function body (Tom Lane) Allow keywords that are type names to be used in lists of roles (Stephen Frost) A previous patch allowed such keywords to be used without quoting in places such as role identifiers; but it missed cases where a list of role identifiers was permitted, such as DROP ROLE. Fix parser crash for EXISTS(SELECT * FROM zero_column_table) (Tom Lane) Fix possible crash due to invalid plan for nested sub-selects, such as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) (Tom Lane) Fix mishandling of WHERE conditions pulled up from a LATERAL subquery (Tom Lane) The typical symptom of this bug was a JOIN qualification cannot refer to other relations error, though subtle logic errors in created plans seem possible as well. Disallow LATERAL references to the target table of an UPDATE/DELETE (Tom Lane) While this might be allowed in some future release, it was unintentional in 9.3, and didn't work quite right anyway. Fix UPDATE/DELETE of an inherited target table that has UNION ALL subqueries (Tom Lane) Without this fix, UNION ALL subqueries aren't correctly inserted into the update plans for inheritance child tables after the first one, typically resulting in no update happening for those child table(s). Fix ANALYZE to not fail on a column that's a domain over a range type (Tom Lane) Ensure that ANALYZE creates statistics for a table column even when all the values in it are too wide (Tom Lane) ANALYZE intentionally omits very wide values from its histogram and most-common-values calculations, but it neglected to do something sane in the case that all the sampled entries are too wide. In ALTER TABLE ... SET TABLESPACE, allow the database's default tablespace to be used without a permissions check (Stephen Frost) CREATE TABLE has always allowed such usage, but ALTER TABLE didn't get the memo. Fix support for extensions containing event triggers (Tom Lane) Fix cannot accept a set error when some arms of a CASE return a set and others don't (Tom Lane) Fix memory leakage in JSON functions (Craig Ringer) Properly distinguish numbers from non-numbers when generating JSON output (Andrew Dunstan) Fix checks for all-zero client addresses in pgstat functions (Kevin Grittner) Fix possible misclassification of multibyte characters by the text search parser (Tom Lane) Non-ASCII characters could be misclassified when using C locale with a multibyte encoding. On Cygwin, non-C locales could fail as well. Fix possible misbehavior in plainto_tsquery() (Heikki Linnakangas) Use memmove() not memcpy() for copying overlapping memory regions. There have been no field reports of this actually causing trouble, but it's certainly risky. Fix placement of permissions checks in pg_start_backup() and pg_stop_backup() (Andres Freund, Magnus Hagander) The previous coding might attempt to do catalog access when it shouldn't. Accept SHIFT_JIS as an encoding name for locale checking purposes (Tatsuo Ishii) Fix *-qualification of named parameters in SQL-language functions (Tom Lane) Given a composite-type parameter named foo, $1.* worked fine, but foo.* not so much. Fix misbehavior of PQhost() on Windows (Fujii Masao) It should return localhost if no host has been specified. Improve error handling in libpq and psql for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) In particular this fixes an infinite loop that could occur in 9.2 and up if the server connection was lost during COPY FROM STDIN. Variants of that scenario might be possible in older versions, or with other client applications. Fix incorrect translation handling in some psql \d commands (Peter Eisentraut, Tom Lane) Ensure pg_basebackup's background process is killed when exiting its foreground process (Magnus Hagander) Fix possible incorrect printing of filenames in pg_basebackup's verbose mode (Magnus Hagander) Avoid including tablespaces inside PGDATA twice in base backups (Dimitri Fontaine, Magnus Hagander) Fix misaligned descriptors in ecpg (MauMau) In ecpg, handle lack of a hostname in the connection parameters properly (Michael Meskes) Fix performance regression in contrib/dblink connection startup (Joe Conway) Avoid an unnecessary round trip when client and server encodings match. In contrib/isn, fix incorrect calculation of the check digit for ISMN values (Fabien Coelho) Fix contrib/pgbench's progress logging to avoid overflow when the scale factor is large (Tatsuo Ishii) Fix contrib/pg_stat_statement's handling of CURRENT_DATE and related constructs (Kyotaro Horiguchi) Improve lost-connection error handling in contrib/postgres_fdw (Tom Lane) Ensure client-code-only installation procedure works as documented (Peter Eisentraut) In Mingw and Cygwin builds, install the libpq DLL in the bin directory (Andrew Dunstan) This duplicates what the MSVC build has long done. It should fix problems with programs like psql failing to start because they can't find the DLL. Avoid using the deprecated dllwrap tool in Cygwin builds (Marco Atzeri) Enable building with Visual Studio 2013 (Brar Piening) Don't generate plain-text HISTORY and src/test/regress/README files anymore (Tom Lane) These text files duplicated the main HTML and PDF documentation formats. The trouble involved in maintaining them greatly outweighs the likely audience for plain-text format. Distribution tarballs will still contain files by these names, but they'll just be stubs directing the reader to consult the main documentation. The plain-text INSTALL file will still be maintained, as there is arguably a use-case for that. Update time zone data files to tzdata release 2013i for DST law changes in Jordan and historical changes in Cuba. In addition, the zones Asia/Riyadh87, Asia/Riyadh88, and Asia/Riyadh89 have been removed, as they are no longer maintained by IANA, and never represented actual civil timekeeping practice. 2013-12-05 This release contains a variety of fixes from 9.3.1. For information about new features in the 9.3 major release, see . A dump/restore is not required for those running 9.3.X. However, this release corrects a number of potential data corruption issues. See the first three changelog entries below to find out whether your installation has been affected and what steps you can take if so. Also, if you are upgrading from a version earlier than 9.3.1, see . Fix VACUUM's tests to see whether it can update relfrozenxid (Andres Freund) In some cases VACUUM (either manual or autovacuum) could incorrectly advance a table's relfrozenxid value, allowing tuples to escape freezing, causing those rows to become invisible once 2^31 transactions have elapsed. The probability of data loss is fairly low since multiple incorrect advancements would need to happen before actual loss occurs, but it's not zero. In 9.2.0 and later, the probability of loss is higher, and it's also possible to get could not access status of transaction errors as a consequence of this bug. Users upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but all later versions contain the bug. The issue can be ameliorated by, after upgrading, vacuuming all tables in all databases while having vacuum_freeze_table_age set to zero. This will fix any latent corruption but will not be able to fix all pre-existing data errors. However, an installation can be presumed safe after performing this vacuuming if it has executed fewer than 2^31 update transactions in its lifetime (check this with SELECT txid_current() < 2^31). Fix multiple bugs in MultiXactId freezing (Andres Freund, Álvaro Herrera) These bugs could lead to could not access status of transaction errors, or to duplicate or vanishing rows. Users upgrading from releases prior to 9.3.0 are not affected. The issue can be ameliorated by, after upgrading, vacuuming all tables in all databases while having vacuum_freeze_table_age set to zero. This will fix latent corruption but will not be able to fix all pre-existing data errors. As a separate issue, these bugs can also cause standby servers to get out of sync with the primary, thus exhibiting data errors that are not in the primary. Therefore, it's recommended that 9.3.0 and 9.3.1 standby servers be re-cloned from the primary (e.g., with a new base backup) after upgrading. Fix initialization of pg_clog and pg_subtrans during hot standby startup (Andres Freund, Heikki Linnakangas) This bug can cause data loss on standby servers at the moment they start to accept hot-standby queries, by marking committed transactions as uncommitted. The likelihood of such corruption is small unless, at the time of standby startup, the primary server has executed many updating transactions since its last checkpoint. Symptoms include missing rows, rows that should have been deleted being still visible, and obsolete versions of updated rows being still visible alongside their newer versions. This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. Standby servers that have only been running earlier releases are not at risk. It's recommended that standby servers that have ever run any of the buggy releases be re-cloned from the primary (e.g., with a new base backup) after upgrading. Fix multiple bugs in update chain traversal (Andres Freund, Álvaro Herrera) These bugs could result in incorrect behavior, such as locking or even updating the wrong row, in the presence of concurrent updates. Spurious unable to fetch updated version of tuple errors were also possible. Fix dangling-pointer problem in fast-path locking (Tom Lane) This could lead to corruption of the lock data structures in shared memory, causing lock already held and other odd errors. Fix assorted race conditions in timeout management (Tom Lane) These errors could result in a server process becoming unresponsive because it had blocked SIGALRM and/or SIGINT. Truncate pg_multixact contents during WAL replay (Andres Freund) This avoids ever-increasing disk space consumption in standby servers. Ensure an anti-wraparound VACUUM counts a page as scanned when it's only verified that no tuples need freezing (Sergey Burladyan, Jeff Janes) This bug could result in failing to advance relfrozenxid, so that the table would still be thought to need another anti-wraparound vacuum. In the worst case the database might even shut down to prevent wraparound. Fix full-table-vacuum request mechanism for MultiXactIds (Andres Freund) This bug could result in large amounts of useless autovacuum activity. Fix race condition in GIN index posting tree page deletion (Heikki Linnakangas) This could lead to transient wrong answers or query failures. Fix unexpected spgdoinsert() failure error during SP-GiST index creation (Teodor Sigaev) Fix assorted bugs in materialized views (Kevin Grittner, Andres Freund) Re-allow duplicate table aliases if they're within aliased JOINs (Tom Lane) Historically PostgreSQL has accepted queries like SELECT ... FROM tab1 x CROSS JOIN (tab2 x CROSS JOIN tab3 y) z although a strict reading of the SQL standard would forbid the duplicate usage of table alias x. A misguided change in 9.3.0 caused it to reject some such cases that were formerly accepted. Restore the previous behavior. Avoid flattening a subquery whose SELECT list contains a volatile function wrapped inside a sub-SELECT (Tom Lane) This avoids unexpected results due to extra evaluations of the volatile function. Fix planner's processing of non-simple-variable subquery outputs nested within outer joins (Tom Lane) This error could lead to incorrect plans for queries involving multiple levels of subqueries within JOIN syntax. Fix incorrect planning in cases where the same non-strict expression appears in multiple WHERE and outer JOIN equality clauses (Tom Lane) Fix planner crash with whole-row reference to a subquery (Tom Lane) Fix incorrect generation of optimized MIN()/MAX() plans for inheritance trees (Tom Lane) The planner could fail in cases where the MIN()/MAX() argument was an expression rather than a simple variable. Fix premature deletion of temporary files (Andres Freund) Prevent intra-transaction memory leak when printing range values (Tom Lane) This fix actually cures transient memory leaks in any datatype output function, but range types are the only ones known to have had a significant problem. Fix memory leaks when reloading configuration files (Heikki Linnakangas, Hari Babu) Prevent incorrect display of dropped columns in NOT NULL and CHECK constraint violation messages (Michael Paquier and Tom Lane) Allow default arguments and named-argument notation for window functions (Tom Lane) Previously, these cases were likely to crash. Suppress trailing whitespace on each line when pretty-printing rules and views (Tom Lane) 9.3.0 generated such whitespace in many more cases than previous versions did. To reduce unexpected behavioral changes, suppress unnecessary whitespace in all cases. Fix possible read past end of memory in rule printing (Peter Eisentraut) Fix array slicing of int2vector and oidvector values (Tom Lane) Expressions of this kind are now implicitly promoted to regular int2 or oid arrays. Return a valid JSON value when converting an empty hstore value to json (Oskari Saarenmaa) Fix incorrect behaviors when using a SQL-standard, simple GMT offset timezone (Tom Lane) In some cases, the system would use the simple GMT offset value when it should have used the regular timezone setting that had prevailed before the simple offset was selected. This change also causes the timeofday function to honor the simple GMT offset zone. Prevent possible misbehavior when logging translations of Windows error codes (Tom Lane) Properly quote generated command lines in pg_ctl (Naoya Anzai and Tom Lane) This fix applies only to Windows. Fix pg_dumpall to work when a source database sets default_transaction_read_only via ALTER DATABASE SET (Kevin Grittner) Previously, the generated script would fail during restore. Fix pg_isready to handle its -d option properly (Fabrízio de Royes Mello and Fujii Masao) Fix parsing of WAL file names in pg_receivexlog (Heikki Linnakangas) This error made pg_receivexlog unable to restart streaming after stopping, once at least 4 GB of WAL had been written. Report out-of-disk-space failures properly in pg_upgrade (Peter Eisentraut) Make ecpg search for quoted cursor names case-sensitively (Zoltán Böszörményi) Fix ecpg's processing of lists of variables declared varchar (Zoltán Böszörményi) Make contrib/lo defend against incorrect trigger definitions (Marc Cousin) Update time zone data files to tzdata release 2013h for DST law changes in Argentina, Brazil, Jordan, Libya, Liechtenstein, Morocco, and Palestine. Also, new timezone abbreviations WIB, WIT, WITA for Indonesia. 2013-10-10 This release contains a variety of fixes from 9.3.0. For information about new features in the 9.3 major release, see . A dump/restore is not required for those running 9.3.X. However, if you use the hstore extension, see the first changelog entry. Ensure new-in-9.3 JSON functionality is added to the hstore extension during an update (Andrew Dunstan) Users who upgraded a pre-9.3 database containing hstore should execute ALTER EXTENSION hstore UPDATE; after installing 9.3.1, to add two new JSON functions and a cast. (If hstore is already up to date, this command does nothing.) Fix memory leak when creating B-tree indexes on range columns (Heikki Linnakangas) Fix memory leak caused by lo_open() failure (Heikki Linnakangas) Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas) Fix deadlock bug in libpq when using SSL (Stephen Frost) Fix timeline handling bugs in pg_receivexlog (Heikki Linnakangas, Andrew Gierth) Prevent CREATE FUNCTION from checking SET variables unless function body checking is enabled (Tom Lane) Remove rare inaccurate warning during vacuum of index-less tables (Heikki Linnakangas) 2013-09-09 Major enhancements in PostgreSQL 9.3 include: Add materialized views Make simple views auto-updatable Add many features for the JSON data type, including operators and functions to extract elements from JSON values Implement SQL-standard LATERAL option for FROM-clause subqueries and function calls Allow foreign data wrappers to support writes (inserts/updates/deletes) on foreign tables Add a Postgres foreign data wrapper to allow access to other Postgres servers Add support for event triggers Add optional ability to checksum data pages and report corruption Prevent non-key-field row updates from blocking foreign key checks Greatly reduce System V shared memory requirements The above items are explained in more detail in the sections below. A dump/restore using pg_dumpall, or use of pg_upgrade, is required for those wishing to migrate data from any previous release. Version 9.3 contains a number of changes that may affect compatibility with previous releases. Observe the following incompatibilities: Rename replication_timeout to wal_sender_timeout (Amit Kapila) This setting controls the WAL sender timeout. Require superuser privileges to set commit_delay because it can now potentially delay other sessions (Simon Riggs) Allow in-memory sorts to use their full memory allocation (Jeff Janes) Users who have set work_mem based on the previous behavior may need to revisit that setting. Throw an error if a tuple to be updated or deleted has already been updated or deleted by a BEFORE trigger (Kevin Grittner) Formerly, the originally-intended update was silently skipped, resulting in logical inconsistency since the trigger might have propagated data to other places based on the intended update. Now an error is thrown to prevent the inconsistent results from being committed. If this change affects your application, the best solution is usually to move the data-propagation actions to an AFTER trigger. This error will also be thrown if a query invokes a volatile function that modifies rows that are later modified by the query itself. Such cases likewise previously resulted in silently skipping updates. Change multicolumn ON UPDATE SET NULL/SET DEFAULT foreign key actions to affect all columns of the constraint, not just those changed in the UPDATE (Tom Lane) Previously, we would set only those referencing columns that correspond to referenced columns that were changed by the UPDATE. This was what was required by SQL-92, but more recent editions of the SQL standard specify the new behavior. Force cached plans to be replanned if the search_path changes (Tom Lane) Previously, cached plans already generated in the current session were not redone if the query was re-executed with a new search_path setting, resulting in surprising behavior. Fix to_number() to properly handle a period used as a thousands separator (Tom Lane) Previously, a period was considered to be a decimal point even when the locale says it isn't and the D format code is used to specify use of the locale-specific decimal point. This resulted in wrong answers if FM format was also used. Fix STRICT non-set-returning functions that have set-returning functions in their arguments to properly return null rows (Tom Lane) A null value passed to the strict function should result in a null output, but instead, that output row was suppressed entirely. Store WAL in a continuous stream, rather than skipping the last 16MB segment every 4GB (Heikki Linnakangas) Previously, WAL files with names ending in FF were not used because of this skipping. If you have WAL backup or restore scripts that took this behavior into account, they will need to be adjusted. In pg_constraint.confmatchtype, store the default foreign key match type (non-FULL, non-PARTIAL) as s for simple (Tom Lane) Previously this case was represented by u for unspecified. Below you will find a detailed account of the changes between PostgreSQL 9.3 and the previous major release. Prevent non-key-field row updates from blocking foreign key checks (Álvaro Herrera, Noah Misch, Andres Freund, Alexander Shulgin, Marti Raudsepp, Alexander Shulgin) This change improves concurrency and reduces the probability of deadlocks when updating tables involved in a foreign-key constraint. UPDATEs that do not change any columns referenced in a foreign key now take the new NO KEY UPDATE lock mode on the row, while foreign key checks use the new KEY SHARE lock mode, which does not conflict with NO KEY UPDATE. So there is no blocking unless a foreign-key column is changed. Add configuration variable lock_timeout to allow limiting how long a session will wait to acquire any one lock (Zoltán Böszörményi) Add SP-GiST support for range data types (Alexander Korotkov) Allow GiST indexes to be unlogged (Jeevan Chalke) Improve performance of GiST index insertion by randomizing the choice of which page to descend to when there are multiple equally good alternatives (Heikki Linnakangas) Improve concurrency of hash index operations (Robert Haas) Collect and use histograms of upper and lower bounds, as well as range lengths, for range types (Alexander Korotkov) Improve optimizer's cost estimation for index access (Tom Lane) Improve optimizer's hash table size estimate for doing DISTINCT via hash aggregation (Tom Lane) Suppress no-op Result and Limit plan nodes (Kyotaro Horiguchi, Amit Kapila, Tom Lane) Reduce optimizer overhead by not keeping plans on the basis of cheap startup cost when the optimizer only cares about total cost overall (Tom Lane) Add COPY FREEZE option to avoid the overhead of marking tuples as frozen later (Simon Riggs, Jeff Davis) Improve performance of NUMERIC calculations (Kyotaro Horiguchi) Improve synchronization of sessions waiting for commit_delay (Peter Geoghegan) This greatly improves the usefulness of commit_delay. Improve performance of the CREATE TEMPORARY TABLE ... ON COMMIT DELETE ROWS option by not truncating such temporary tables in transactions that haven't touched any temporary tables (Heikki Linnakangas) Make vacuum recheck visibility after it has removed expired tuples (Pavan Deolasee) This increases the chance of a page being marked as all-visible. Add per-resource-owner lock caches (Jeff Janes) This speeds up lock bookkeeping at statement completion in multi-statement transactions that hold many locks; it is particularly useful for pg_dump. Avoid scanning the entire relation cache at commit of a transaction that creates a new relation (Jeff Janes) This speeds up sessions that create many tables in successive small transactions, such as a pg_restore run. Improve performance of transactions that drop many relations (Tomas Vondra) Add optional ability to checksum data pages and report corruption (Simon Riggs, Jeff Davis, Greg Smith, Ants Aasma) The checksum option can be set during initdb. Split the statistics collector's data file into separate global and per-database files (Tomas Vondra) This reduces the I/O required for statistics tracking. Fix the statistics collector to operate properly in cases where the system clock goes backwards (Tom Lane) Previously, statistics collection would stop until the time again reached the latest time previously recorded. Emit an informative message to postmaster standard error when we are about to stop logging there (Tom Lane) This should help reduce user confusion about where to look for log output in common configurations that log to standard error only during postmaster startup. When an authentication failure occurs, log the relevant pg_hba.conf line, to ease debugging of unintended failures (Magnus Hagander) Improve LDAP error reporting and documentation (Peter Eisentraut) Add support for specifying LDAP authentication parameters in URL format, per RFC 4516 (Peter Eisentraut) Change the ssl_ciphers parameter to start with DEFAULT, rather than ALL, then remove insecure ciphers (Magnus Hagander) This should yield a more appropriate SSL cipher set. Parse and load pg_ident.conf once, not during each connection (Amit Kapila) This is similar to how pg_hba.conf is processed. Greatly reduce System V shared memory requirements (Robert Haas) On Unix-like systems, mmap() is now used for most of PostgreSQL's shared memory. For most users, this will eliminate any need to adjust kernel parameters for shared memory. Allow the postmaster to listen on multiple Unix-domain sockets (Honza Horák) The configuration parameter unix_socket_directory is replaced by unix_socket_directories, which accepts a list of directories. Allow a directory of configuration files to be processed (Magnus Hagander, Greg Smith, Selena Deckelmann) Such a directory is specified with include_dir in the server configuration file. Increase the maximum initdb-configured value for shared_buffers to 128MB (Robert Haas) This is the maximum value that initdb will attempt to set in postgresql.conf; the previous maximum was 32MB. Remove the external PID file, if any, on postmaster exit (Peter Eisentraut) Allow a streaming replication standby to follow a timeline switch (Heikki Linnakangas) This allows streaming standby servers to receive WAL data from a slave newly promoted to master status. Previously, other standbys would require a resync to begin following the new master. Add SQL functions pg_is_in_backup() and pg_backup_start_time() (Gilles Darold) These functions report the status of base backups. Improve performance of streaming log shipping with synchronous_commit disabled (Andres Freund) Allow much faster promotion of a streaming standby to primary (Simon Riggs, Kyotaro Horiguchi) Add the last checkpoint's redo location to pg_controldata's output (Fujii Masao) This information is useful for determining which WAL files are needed for restore. Allow tools like pg_receivexlog to run on computers with different architectures (Heikki Linnakangas) WAL files can still only be replayed on servers with the same architecture as the primary; but they can now be transmitted to and stored on machines of any architecture, since the streaming replication protocol is now machine-independent. Make pg_basebackup --write-recovery-conf output a minimal recovery.conf file (Zoltán Böszörményi, Magnus Hagander) This simplifies setting up a standby server. Allow pg_receivexlog and pg_basebackup --xlog-method to handle streaming timeline switches (Heikki Linnakangas) Add wal_receiver_timeout parameter to control the WAL receiver's timeout (Amit Kapila) This allows more rapid detection of connection failure. Change the WAL record format to allow splitting the record header across pages (Heikki Linnakangas) The new format is slightly more compact, and is more efficient to write. Implement SQL-standard LATERAL option for FROM-clause subqueries and function calls (Tom Lane) This feature allows subqueries and functions in FROM to reference columns from other tables in the FROM clause. The LATERAL keyword is optional for functions. Add support for piping COPY and psql \copy data to/from an external program (Etsuro Fujita) Allow a multirow VALUES clause in a rule to reference OLD/NEW (Tom Lane) Add support for event triggers (Dimitri Fontaine, Robert Haas, Álvaro Herrera) This allows server-side functions written in event-enabled languages to be called when DDL commands are run. Allow foreign data wrappers to support writes (inserts/updates/deletes) on foreign tables (KaiGai Kohei) Add CREATE SCHEMA ... IF NOT EXISTS clause (Fabrízio de Royes Mello) Make REASSIGN OWNED also change ownership of shared objects (Álvaro Herrera) Make CREATE AGGREGATE complain if the given initial value string is not valid input for the transition datatype (Tom Lane) Suppress CREATE TABLE's messages about implicit index and sequence creation (Robert Haas) These messages now appear at DEBUG1 verbosity, so that they will not be shown by default. Allow DROP TABLE IF EXISTS to succeed when a non-existent schema is specified in the table name (Bruce Momjian) Previously, it threw an error if the schema did not exist. Provide clients with constraint violation details as separate fields (Pavel Stehule) This allows clients to retrieve table, column, data type, or constraint name error details. Previously such information had to be extracted from error strings. Client library support is required to access these fields. Support IF NOT EXISTS option in ALTER TYPE ... ADD VALUE (Andrew Dunstan) This is useful for conditionally adding values to enumerated types. Add ALTER ROLE ALL SET to establish settings for all users (Peter Eisentraut) This allows settings to apply to all users in all databases. ALTER DATABASE SET already allowed addition of settings for all users in a single database. postgresql.conf has a similar effect. Add support for ALTER RULE ... RENAME (Ali Dar) Add materialized views (Kevin Grittner) Unlike ordinary views, where the base tables are read on every access, materialized views create physical tables at creation or refresh time. Access to the materialized view then reads from its physical table. There is not yet any facility for incrementally refreshing materialized views or auto-accessing them via base table access. Make simple views auto-updatable (Dean Rasheed) Simple views that reference some or all columns from a single base table are now updatable by default. More complex views can be made updatable using INSTEAD OF triggers or INSTEAD rules. Add CREATE RECURSIVE VIEW syntax (Peter Eisentraut) Internally this is translated into CREATE VIEW ... WITH RECURSIVE .... Improve view/rule printing code to handle cases where referenced tables are renamed, or columns are renamed, added, or dropped (Tom Lane) Table and column renamings can produce cases where, if we merely substitute the new name into the original text of a rule or view, the result is ambiguous. This change fixes the rule-dumping code to insert manufactured table and column aliases when needed to preserve the original semantics. Increase the maximum size of large objects from 2GB to 4TB (Nozomi Anzai, Yugo Nagata) This change includes adding 64-bit-capable large object access functions, both in the server and in libpq. Allow text timezone designations, e.g. America/Chicago, in the T field of ISO-format timestamptz input (Bruce Momjian) Add operators and functions to extract elements from JSON values (Andrew Dunstan) Allow JSON values to be converted into records (Andrew Dunstan) Add functions to convert scalars, records, and hstore values to JSON (Andrew Dunstan) Add array_remove() and array_replace() functions (Marco Nenciarini, Gabriele Bartolini) Allow concat() and format() to properly expand VARIADIC-labeled arguments (Pavel Stehule) Improve format() to provide field width and left/right alignment options (Pavel Stehule) Make to_char(), to_date(), and to_timestamp() handle negative (BC) century values properly (Bruce Momjian) Previously the behavior was either wrong or inconsistent with positive/AD handling, e.g. with the format mask IYYY-IW-DY. Make to_date() and to_timestamp() return proper results when mixing ISO and Gregorian week/day designations (Bruce Momjian) Cause pg_get_viewdef() to start a new line by default after each SELECT target list entry and FROM entry (Marko Tiikkaja) This reduces line length in view printing, for instance in pg_dump output. Fix map_sql_value_to_xml_value() to print values of domain types the same way their base type would be printed (Pavel Stehule) There are special formatting rules for certain built-in types such as boolean; these rules now also apply to domains over these types. Allow PL/pgSQL to use RETURN with a composite-type expression (Asif Rehman) Previously, in a function returning a composite type, RETURN could only reference a variable of that type. Allow PL/pgSQL to access constraint violation details as separate fields (Pavel Stehule) Allow PL/pgSQL to access the number of rows processed by COPY (Pavel Stehule) A COPY executed in a PL/pgSQL function now updates the value retrieved by GET DIAGNOSTICS x = ROW_COUNT. Allow unreserved keywords to be used as identifiers everywhere in PL/pgSQL (Tom Lane) In certain places in the PL/pgSQL grammar, keywords had to be quoted to be used as identifiers, even if they were nominally unreserved. Add PL/Python result object string handler (Peter Eisentraut) This allows plpy.debug(rv) to output something reasonable. Make PL/Python convert OID values to a proper Python numeric type (Peter Eisentraut) Handle SPI errors raised explicitly (with PL/Python's RAISE) the same as internal SPI errors (Oskari Saarenmaa and Jan Urbanski) Prevent leakage of SPI tuple tables during subtransaction abort (Tom Lane) At the end of any failed subtransaction, the core SPI code now releases any SPI tuple tables that were created during that subtransaction. This avoids the need for SPI-using code to keep track of such tuple tables and release them manually in error-recovery code. Failure to do so caused a number of transaction-lifespan memory leakage issues in PL/pgSQL and perhaps other SPI clients. SPI_freetuptable() now protects itself against multiple freeing requests, so any existing code that did take care to clean up shouldn't be broken by this change. Allow SPI functions to access the number of rows processed by COPY (Pavel Stehule) Add command-line utility pg_isready to check if the server is ready to accept connections (Phil Sorber) Support multiple --table arguments for pg_restore, clusterdb, reindexdb, and vacuumdb (Josh Kupershmidt) This is similar to the way pg_dump's --table option works. Add --dbname option to pg_dumpall, pg_basebackup, and pg_receivexlog to allow specifying a connection string (Amit Kapila) Add libpq function PQconninfo() to return connection information (Zoltán Böszörményi, Magnus Hagander) Adjust function cost settings so psql tab completion and pattern searching are more efficient (Tom Lane) Improve psql's tab completion coverage (Jeff Janes, Dean Rasheed, Peter Eisentraut, Magnus Hagander) Allow the psql --single-transaction mode to work when reading from standard input (Fabien Coelho, Robert Haas) Previously this option only worked when reading from a file. Remove psql warning when connecting to an older server (Peter Eisentraut) A warning is still issued when connecting to a server of a newer major version than psql's. Add psql command \watch to repeatedly execute a SQL command (Will Leinweber) Add psql command \gset to store query results in psql variables (Pavel Stehule) Add SSL information to psql's \conninfo command (Alastair Turner) Add Security column to psql's \df+ output (Jon Erdman) Allow psql command \l to accept a database name pattern (Peter Eisentraut) In psql, do not allow \connect to use defaults if there is no active connection (Bruce Momjian) This might be the case if the server had crashed. Properly reset state after failure of a SQL command executed with psql's \g file (Tom Lane) Previously, the output from subsequent SQL commands would unexpectedly continue to go to the same file. Add a latex-longtable output format to psql (Bruce Momjian) This format allows tables to span multiple pages. Add a border=3 output mode to the psql latex format (Bruce Momjian) In psql's tuples-only and expanded output modes, no longer emit (No rows) for zero rows (Peter Eisentraut) In psql's unaligned, expanded output mode, no longer print an empty line for zero rows (Peter Eisentraut) Add pg_dump --jobs option to dump tables in parallel (Joachim Wieland) Make pg_dump output functions in a more predictable order (Joel Jacobson) Fix tar files emitted by pg_dump to be POSIX conformant (Brian Weaver, Tom Lane) Add --dbname option to pg_dump, for consistency with other client commands (Heikki Linnakangas) The database name could already be supplied last without a flag. Make initdb fsync the newly created data directory (Jeff Davis) This insures data integrity in event of a system crash shortly after initdb. This can be disabled by using --nosync. Add initdb --sync-only option to sync the data directory to durable storage (Bruce Momjian) This is used by pg_upgrade. Make initdb issue a warning about placing the data directory at the top of a file system mount point (Bruce Momjian) Add infrastructure to allow plug-in background worker processes (Álvaro Herrera) Create a centralized timeout API (Zoltán Böszörményi) Create libpgcommon and move pg_malloc() and other functions there (Álvaro Herrera, Andres Freund) This allows libpgport to be used solely for portability-related code. Add support for list links embedded in larger structs (Andres Freund) Use SA_RESTART for all signals, including SIGALRM (Tom Lane) Ensure that the correct text domain is used when translating errcontext() messages (Heikki Linnakangas) Standardize naming of client-side memory allocation functions (Tom Lane) Provide support for static assertions that will fail at compile time if some compile-time-constant condition is not met (Andres Freund, Tom Lane) Support Assert() in client-side code (Andrew Dunstan) Add decoration to inform the C compiler that some ereport() and elog() calls do not return (Peter Eisentraut, Andres Freund, Tom Lane, Heikki Linnakangas) Allow options to be passed to the regression test output comparison utility via PG_REGRESS_DIFF_OPTS (Peter Eisentraut) Add isolation tests for CREATE INDEX CONCURRENTLY (Abhijit Menon-Sen) Remove typedefs for int2/int4 as they are better represented as int16/int32 (Peter Eisentraut) Fix install-strip on Mac OS X (Peter Eisentraut) Remove configure flag --disable-shared, as it is no longer supported (Bruce Momjian) Rewrite pgindent in Perl (Andrew Dunstan) Provide Emacs macro to set Perl formatting to match PostgreSQL's perltidy settings (Peter Eisentraut) Run tool to check the keyword list whenever the backend grammar is changed (Tom Lane) Change the way UESCAPE is lexed, to significantly reduce the size of the lexer tables (Heikki Linnakangas) Centralize flex and bison make rules (Peter Eisentraut) This is useful for pgxs authors. Change many internal backend functions to return object OIDs rather than void (Dimitri Fontaine) This is useful for event triggers. Invent pre-commit/pre-prepare/pre-subcommit events for transaction callbacks (Tom Lane) Loadable modules that use transaction callbacks might need modification to handle these new event types. Add function pg_identify_object() to produce a machine-readable description of a database object (Álvaro Herrera) Add post-ALTER-object server hooks (KaiGai Kohei) Implement a generic binary heap and use it for Merge-Append operations (Abhijit Menon-Sen) Provide a tool to help detect timezone abbreviation changes when updating the src/timezone/data files (Tom Lane) Add pkg-config support for libpq and ecpg libraries (Peter Eisentraut) Remove src/tool/backend, now that the content is on the PostgreSQL wiki (Bruce Momjian) Split out WAL reading as an independent facility (Heikki Linnakangas, Andres Freund) Use a 64-bit integer to represent WAL positions (XLogRecPtr) instead of two 32-bit integers (Heikki Linnakangas) Generally, tools that need to read the WAL format will need to be adjusted. Allow PL/Python to support platform-specific include directories (Peter Eisentraut) Allow PL/Python on OS X to build against custom versions of Python (Peter Eisentraut) Add a Postgres foreign data wrapper contrib module to allow access to other Postgres servers (Shigeru Hanada) This foreign data wrapper supports writes. Add pg_xlogdump contrib program (Andres Freund) Add support for indexing of regular-expression searches in pg_trgm (Alexander Korotkov) Improve pg_trgm's handling of multibyte characters (Tom Lane) On a platform that does not have the wcstombs() or towlower() library functions, this could result in an incompatible change in the contents of pg_trgm indexes for non-ASCII data. In such cases, REINDEX those indexes to ensure correct search results. Add a pgstattuple function to report the size of the pending-insertions list of a GIN index (Fujii Masao) Make oid2name, pgbench, and vacuumlo set fallback_application_name (Amit Kapila) Improve output of pg_test_timing (Bruce Momjian) Improve output of pg_test_fsync (Peter Geoghegan) Create a dedicated foreign data wrapper, with its own option validator function, for dblink (Shigeru Hanada) When using this FDW to define the target of a dblink connection, instead of using a hard-wired list of connection options, the underlying libpq library is consulted to see what connection options it supports. Allow pg_upgrade to do dumps and restores in parallel (Bruce Momjian, Andrew Dunstan) This allows parallel schema dump/restore of databases, as well as parallel copy/link of data files per tablespace. Use the --jobs option to specify the level of parallelism. Make pg_upgrade create Unix-domain sockets in the current directory (Bruce Momjian, Tom Lane) This reduces the possibility that someone will accidentally connect during the upgrade. Make pg_upgrade --check mode properly detect the location of non-default socket directories (Bruce Momjian, Tom Lane) Improve performance of pg_upgrade for databases with many tables (Bruce Momjian) Improve pg_upgrade's logs by showing executed commands (Álvaro Herrera) Improve pg_upgrade's status display during copy/link (Bruce Momjian) Add --foreign-keys option to pgbench (Jeff Janes) This adds foreign key constraints to the standard tables created by pgbench, for use in foreign key performance testing. Allow pgbench to aggregate performance statistics and produce output every --aggregate-interval seconds (Tomas Vondra) Add pgbench --sampling-rate option to control the percentage of transactions logged (Tomas Vondra) Reduce and improve the status message output of pgbench's initialization mode (Robert Haas, Peter Eisentraut) Add pgbench -q mode to print one output line every five seconds (Tomas Vondra) Output pgbench elapsed and estimated remaining time during initialization (Tomas Vondra) Allow pgbench to use much larger scale factors, by changing relevant columns from integer to bigint when the requested scale factor exceeds 20000 (Greg Smith) Allow EPUB-format documentation to be created (Peter Eisentraut) Update FreeBSD kernel configuration documentation (Brad Davis) Improve WINDOW function documentation (Bruce Momjian, Florian Pflug) Add instructions for setting up the documentation tool chain on Mac OS X (Peter Eisentraut) Improve commit_delay documentation (Peter Geoghegan)