2010-12-16 This release contains a variety of fixes from 8.1.22. For information about new features in the 8.1 major release, see . This is expected to be the last PostgreSQL release in the 8.1.X series. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.18, see the release notes for 8.1.18. Force the default wal_sync_method to be fdatasync on Linux (Tom Lane, Marti Raudsepp) The default on Linux has actually been fdatasync for many years, but recent kernel changes caused PostgreSQL to choose open_datasync instead. This choice did not result in any performance improvement, and caused outright failures on certain filesystems, notably ext4 with the data=journal mount option. Fix recovery from base backup when the starting checkpoint WAL record is not in the same WAL segment as its redo point (Jeff Davis) Add support for detecting register-stack overrun on IA64 (Tom Lane) The IA64 architecture has two hardware stacks. Full prevention of stack-overrun failures requires checking both. Add a check for stack overflow in copyObject() (Tom Lane) Certain code paths could crash due to stack overflow given a sufficiently complex query. Fix detection of page splits in temporary GiST indexes (Heikki Linnakangas) It is possible to have a concurrent page split in a temporary index, if for example there is an open cursor scanning the index when an insertion is done. GiST failed to detect this case and hence could deliver wrong results when execution of the cursor continued. Avoid memory leakage while ANALYZE'ing complex index expressions (Tom Lane) Ensure an index that uses a whole-row Var still depends on its table (Tom Lane) An index declared like create index i on t (foo(t.*)) would not automatically get dropped when its table was dropped. Do not inline a SQL function with multiple OUT parameters (Tom Lane) This avoids a possible crash due to loss of information about the expected result rowtype. Fix constant-folding of COALESCE() expressions (Tom Lane) The planner would sometimes attempt to evaluate sub-expressions that in fact could never be reached, possibly leading to unexpected errors. Add print functionality for InhRelation nodes (Tom Lane) This avoids a failure when debug_print_parse is enabled and certain types of query are executed. Fix incorrect calculation of distance from a point to a horizontal line segment (Tom Lane) This bug affected several different geometric distance-measurement operators. Fix PL/pgSQL's handling of simple expressions to not fail in recursion or error-recovery cases (Tom Lane) Fix bug in contrib/cube's GiST picksplit algorithm (Alexander Korotkov) This could result in considerable inefficiency, though not actually incorrect answers, in a GiST index on a cube column. If you have such an index, consider REINDEXing it after installing this update. Don't emit identifier will be truncated notices in contrib/dblink except when creating new connections (Itagaki Takahiro) Fix potential coredump on missing public key in contrib/pgcrypto (Marti Raudsepp) Fix memory leak in contrib/xml2's XPath query functions (Tom Lane) Update time zone data files to tzdata release 2010o for DST law changes in Fiji and Samoa; also historical corrections for Hong Kong. 2010-10-04 This release contains a variety of fixes from 8.1.21. For information about new features in the 8.1 major release, see . The PostgreSQL community will stop releasing updates for the 8.1.X release series in November 2010. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.18, see the release notes for 8.1.18. Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane) This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with (Heikki Linnakangas, Tom Lane) Fix cannot handle unplanned sub-select error (Tom Lane) This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. Prevent show_session_authorization() from crashing within autovacuum processes (Tom Lane) Defend against functions returning setof record where not all the returned rows are actually of the same rowtype (Tom Lane) Fix possible failure when hashing a pass-by-reference function result (Tao Ma, Tom Lane) Take care to fsync the contents of lockfiles (both postmaster.pid and the socket lockfile) while writing them (Tom Lane) This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. Avoid recursion while assigning XIDs to heavily-nested subtransactions (Andres Freund, Robert Haas) The original coding could result in a crash if there was limited stack space. Fix log_line_prefix's %i escape, which could produce junk early in backend startup (Tom Lane) Fix possible data corruption in ALTER TABLE ... SET TABLESPACE when archiving is enabled (Jeff Davis) Allow CREATE DATABASE and ALTER DATABASE ... SET TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr (Peter Eisentraut) Improve contrib/dblink's handling of tables containing dropped columns (Tom Lane) Fix connection leak after duplicate connection name errors in contrib/dblink (Itagaki Takahiro) Fix contrib/dblink to handle connection names longer than 62 bytes correctly (Itagaki Takahiro) Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git (Magnus Hagander and others) Update time zone data files to tzdata release 2010l for DST law changes in Egypt and Palestine; also historical corrections for Finland. This change also adds new names for two Micronesian timezones: Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over Pacific/Ponape. 2010-05-17 This release contains a variety of fixes from 8.1.20. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.18, see the release notes for 8.1.18. Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using Safe.pm (Tim Bunce, Andrew Dunstan) Recent developments have convinced us that Safe.pm is too insecure to rely on for making plperl trustable. This change removes use of Safe.pm altogether, in favor of using a separate interpreter with an opcode mask that is always applied. Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. (CVE-2010-1169) Prevent PL/Tcl from executing untrustworthy code from pltcl_modules (Tom) PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted normal Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170) Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or ALTER DATABASE ... RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. Now, the ALTER will only remove the parameters that the user has permission to change. Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries (Tom) In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message. Update pl/perl's ppport.h for modern Perl versions (Andrew) Fix assorted memory leaks in pl/python (Andreas Freund, Tom) Prevent infinite recursion in psql when expanding a variable that refers to itself (Tom) Ensure that contrib/pgstattuple functions respond to cancel interrupts promptly (Tatsuhito Kasahara) Make server startup deal properly with the case that shmget() returns EINVAL for an existing shared memory segment (Tom) This behavior has been observed on BSD-derived kernels including OS X. It resulted in an entirely-misleading startup failure complaining that the shared memory request size was too large. Update time zone data files to tzdata release 2010j for DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also historical corrections for Taiwan. 2010-03-15 This release contains a variety of fixes from 8.1.19. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.18, see the release notes for 8.1.18. Add new configuration parameter ssl_renegotiation_limit to control how often we do session key renegotiation for an SSL connection (Magnus) This can be set to zero to disable renegotiation completely, which may be required if a broken SSL library is used. In particular, some vendors are shipping stopgap patches for CVE-2009-3555 that cause renegotiation attempts to fail. Fix possible crashes when trying to recover from a failure in subtransaction start (Tom) Fix server memory leak associated with use of savepoints and a client encoding different from server's encoding (Tom) Make substring() for bit types treat any negative length as meaning all the rest of the string (Tom) The previous coding treated only -1 that way, and would produce an invalid result value for other negative values, possibly leading to a crash (CVE-2010-0442). Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits (Tom) Fix some cases of pathologically slow regular expression matching (Tom) Fix the STOP WAL LOCATION entry in backup history files to report the next WAL segment's name when the end location is exactly at a segment boundary (Itagaki Takahiro) Fix some more cases of temporary-file leakage (Heikki) This corrects a problem introduced in the previous minor release. One case that failed is when a plpgsql function returning set is called within another function's exception handler. When reading pg_hba.conf and related files, do not treat @something as a file inclusion request if the @ appears inside quote marks; also, never treat @ by itself as a file inclusion request (Tom) This prevents erratic behavior if a role or database name starts with @. If you need to include a file whose path name contains spaces, you can still do so, but you must write @"/path to/file" rather than putting the quotes around the whole construct. Prevent infinite loop on some platforms if a directory is named as an inclusion target in pg_hba.conf and related files (Tom) Fix psql's numericlocale option to not format strings it shouldn't in latex and troff output formats (Heikki) Fix plpgsql failure in one case where a composite column is set to NULL (Tom) Add volatile markings in PL/Python to avoid possible compiler-specific misbehavior (Zdenek Kotala) Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) The only known symptom of this oversight is that the Tcl clock command misbehaves if using Tcl 8.5 or later. Prevent crash in contrib/dblink when too many key columns are specified to a dblink_build_sql_* function (Rushabh Lathia, Joe Conway) Fix assorted crashes in contrib/xml2 caused by sloppy memory management (Tom) Update time zone data files to tzdata release 2010e for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. 2009-12-14 This release contains a variety of fixes from 8.1.18. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.18, see the release notes for 8.1.18. Protect against indirect security threats caused by index functions changing session-local state (Gurjeet Singh, Tom) This change prevents allegedly-immutable index functions from possibly subverting a superuser's session (CVE-2009-4136). Reject SSL certificates containing an embedded null byte in the common name (CN) field (Magnus) This prevents unintended matching of a certificate to a server or client name during SSL validation (CVE-2009-4034). Fix possible crash during backend-startup-time cache initialization (Tom) Prevent signals from interrupting VACUUM at unsafe times (Alvaro) This fix prevents a PANIC if a VACUUM FULL is cancelled after it's already committed its tuple movements, as well as transient errors if a plain VACUUM is interrupted after having truncated the table. Fix possible crash due to integer overflow in hash table size calculation (Tom) This could occur with extremely large planner estimates for the size of a hashjoin's result. Fix very rare crash in inet/cidr comparisons (Chris Mikkelson) Ensure that shared tuple-level locks held by prepared transactions are not ignored (Heikki) Fix premature drop of temporary files used for a cursor that is accessed within a subtransaction (Heikki) Fix PAM password processing to be more robust (Tom) The previous code is known to fail with the combination of the Linux pam_krb5 PAM module with Microsoft Active Directory as the domain controller. It might have problems elsewhere too, since it was making unjustified assumptions about what arguments the PAM stack would pass to it. Fix processing of ownership dependencies during CREATE OR REPLACE FUNCTION (Tom) Ensure that Perl arrays are properly converted to PostgreSQL arrays when returned by a set-returning PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) This worked correctly already for non-set-returning functions. Fix rare crash in exception processing in PL/Python (Peter) Ensure psql's flex module is compiled with the correct system header definitions (Tom) This fixes build failures on platforms where --enable-largefile causes incompatible changes in the generated code. Make the postmaster ignore any application_name parameter in connection request packets, to improve compatibility with future libpq versions (Tom) Update time zone data files to tzdata release 2009s for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical corrections for Hong Kong. 2009-09-09 This release contains a variety of fixes from 8.1.17. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you have any hash indexes on interval columns, you must REINDEX them after updating to 8.1.18. Also, if you are upgrading from a version earlier than 8.1.15, see the release notes for 8.1.15. Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer functions (Tom, Heikki) This covers a case that was missed in the previous patch that disallowed SET ROLE and SET SESSION AUTHORIZATION inside security-definer functions. (See CVE-2007-6600) Fix handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function (Tom) Fix hash calculation for data type interval (Tom) This corrects wrong results for hash joins on interval values. It also changes the contents of hash indexes on interval columns. If you have any such indexes, you must REINDEX them after updating. Treat to_char(..., 'TH') as an uppercase ordinal suffix with 'HH'/'HH12' (Heikki) It was previously handled as 'th' (lowercase). Fix overflow for INTERVAL 'x ms' when x is more than 2 million and integer datetimes are in use (Alex Hunsaker) Fix calculation of distance between a point and a line segment (Tom) This led to incorrect results from a number of geometric operators. Fix money data type to work in locales where currency amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) Properly round datetime input like 00:12:57.9999999999999999999999999999 (Tom) Fix poor choice of page split point in GiST R-tree operator classes (Teodor) Fix portability issues in plperl initialization (Andrew Dunstan) Fix pg_ctl to not go into an infinite loop if postgresql.conf is empty (Jeff Davis) Fix contrib/xml2's xslt_process() to properly handle the maximum number of parameters (twenty) (Tom) Improve robustness of libpq's code to recover from errors during COPY FROM STDIN (Tom) Avoid including conflicting readline and editline header files when both libraries are installed (Zdenek Kotala) Update time zone data files to tzdata release 2009l for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, Argentina/San_Luis, Cuba, Jordan (historical correction only), Mauritius, Morocco, Palestine, Syria, Tunisia. 2009-03-16 This release contains a variety of fixes from 8.1.16. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.15, see the release notes for 8.1.15. Prevent error recursion crashes when encoding conversion fails (Tom) This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that any error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (CVE-2009-0922) Disallow CREATE CONVERSION with the wrong encodings for the specified conversion function (Heikki) This prevents one possible scenario for encoding conversion failure. The previous change is a backstop to guard against other kinds of failures in the same area. Fix core dump when to_char() is given format codes that are inappropriate for the type of the data argument (Tom) Fix decompilation of CASE WHEN with an implicit coercion (Tom) This mistake could lead to Assert failures in an Assert-enabled build, or an unexpected CASE WHEN clause error message in other cases, when trying to examine or dump a view. Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) If CLUSTER or a rewriting variant of ALTER TABLE were executed by someone other than the table owner, the pg_type entry for the table's TOAST table would end up marked as owned by that someone. This caused no immediate problems, since the permissions on the TOAST rowtype aren't examined by any ordinary database operation. However, it could lead to unexpected failures if one later tried to drop the role that issued the command (in 8.1 or 8.2), or owner of data type appears to be invalid warnings from pg_dump after having done so (in 8.3). Clean up PL/pgSQL error status variables fully at block exit (Ashesh Vashi and Dave Page) This is not a problem for PL/pgSQL itself, but the omission could cause the PL/pgSQL Debugger to crash while examining the state of a function. Add MUST (Mauritius Island Summer Time) to the default list of known timezone abbreviations (Xavier Bugaud) 2009-02-02 This release contains a variety of fixes from 8.1.15. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.15, see the release notes for 8.1.15. Fix crash in autovacuum (Alvaro) The crash occurs only after vacuuming a whole database for anti-transaction-wraparound purposes, which means that it occurs infrequently and is hard to track down. Improve handling of URLs in headline() function (Teodor) Improve handling of overlength headlines in headline() function (Teodor) Prevent possible Assert failure or misconversion if an encoding conversion is created with the wrong conversion function for the specified pair of encodings (Tom, Heikki) Avoid unnecessary locking of small tables in VACUUM (Heikki) Ensure that the contents of a holdable cursor don't depend on the contents of TOAST tables (Tom) Previously, large field values in a cursor result might be represented as TOAST pointers, which would fail if the referenced table got dropped before the cursor is read, or if the large value is deleted and then vacuumed away. This cannot happen with an ordinary cursor, but it could with a cursor that is held past its creating transaction. Fix uninitialized variables in contrib/tsearch2's get_covers() function (Teodor) Fix configure script to properly report failure when unable to obtain linkage information for PL/Perl (Andrew) Make all documentation reference pgsql-bugs and/or pgsql-hackers as appropriate, instead of the now-decommissioned pgsql-ports and pgsql-patches mailing lists (Tom) Update time zone data files to tzdata release 2009a (for Kathmandu and historical DST corrections in Switzerland, Cuba) 2008-11-03 This release contains a variety of fixes from 8.1.14. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Also, if you were running a previous 8.1.X release, it is recommended to REINDEX all GiST indexes after the upgrade. Fix GiST index corruption due to marking the wrong index entry dead after a deletion (Teodor) This would result in index searches failing to find rows they should have found. Corrupted indexes can be fixed with REINDEX. Fix backend crash when the client encoding cannot represent a localized error message (Tom) We have addressed similar issues before, but it would still fail if the character has no equivalent message itself couldn't be converted. The fix is to disable localization and send the plain ASCII error message when we detect such a situation. Fix possible crash when deeply nested functions are invoked from a trigger (Tom) Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list (Tom) The usual symptom of this problem is an unrecognized node type error. Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function (Tom) Prevent possible collision of relfilenode numbers when moving a table to another tablespace with ALTER SET TABLESPACE (Heikki) The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. Fix incorrect tsearch2 headline generation when single query item matches first word of text (Sushant Sinha) Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an --enable-integer-datetimes build (Ron Mayer) Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns (Tom) This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. Fix ecpg's parsing of CREATE ROLE (Michael) Fix recent breakage of pg_ctl restart (Tom) Update time zone data files to tzdata release 2008i (for DST law changes in Argentina, Brazil, Mauritius, Syria) 2008-09-22 This release contains a variety of fixes from 8.1.13. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Widen local lock counters from 32 to 64 bits (Tom) This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected lock is already held errors. Fix possible duplicate output of tuples during a GiST index scan (Teodor) Add checks in executor startup to ensure that the tuples produced by an INSERT or UPDATE will match the target table's current rowtype (Tom) ALTER COLUMN TYPE, followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly (Tom) The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted only abbreviations. Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform (Tom) Improve performance of writing very long log messages to syslog (Tom) Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query (Tom) Fix planner bug with nested sub-select expressions (Tom) If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents (Tom) This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like col IS NULL. Fix PL/pgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields (Tom) Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful about the encoding of data sent to or from Tcl (Tom) Fix PL/Python to work with Python 2.5 This is a back-port of fixes made during the 8.2 development cycle. Improve pg_dump and pg_restore's error reporting after failure to send a SQL command (Tom) Fix pg_ctl to properly preserve postmaster command-line arguments across a restart (Bruce) Update time zone data files to tzdata release 2008f (for DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, Pakistan, Palestine, and Paraguay) 2008-06-12 This release contains one serious and one minor bug fix over 8.1.12. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Make pg_get_ruledef() parenthesize negative constants (Tom) Before this fix, a negative constant in a view or rule might be dumped as, say, -42::integer, which is subtly incorrect: it should be (-42)::integer due to operator precedence rules. Usually this would make little difference, but it could interact with another recent patch to cause PostgreSQL to reject what had been a valid SELECT DISTINCT view query. Since this could result in pg_dump output failing to reload, it is being treated as a high-priority fix. The only released versions in which dump output is actually incorrect are 8.3.1 and 8.2.7. Make ALTER AGGREGATE ... OWNER TO update pg_shdepend (Tom) This oversight could lead to problems if the aggregate was later involved in a DROP OWNED or REASSIGN OWNED operation. never released This release contains a variety of fixes from 8.1.11. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new column is correctly checked to see if it's been initialized to all non-nulls (Brendan Jurd) Previous versions neglected to check this requirement at all. Fix possible CREATE TABLE failure when inheriting the same constraint from multiple parent relations that inherited that constraint from a common ancestor (Tom) Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic Yo characters (e and E with two dots) (Sergey Burladyan) Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values (Tom) This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. Fix a corner case in regular-expression substring matching (substring(string from pattern)) (Tom) The problem occurs when there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, foo). Update time zone data files to tzdata release 2008c (for DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, Argentina/San_Luis, and Chile) Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function (Michael) Fix core dump in contrib/xml2's xpath_table() function when the input query returns a NULL value (Tom) Fix contrib/xml2's makefile to not override CFLAGS (Tom) Fix DatumGetBool macro to not fail with gcc 4.3 (Tom) This problem affects old style (V0) C functions that return boolean. The fix is already in 8.3, but the need to back-patch it was not realized at the time. Fix longstanding LISTEN/NOTIFY race condition (Tom) In rare cases a session that had just executed a LISTEN might not get a notification, even though one would be expected because the concurrent transaction executing NOTIFY was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed LISTEN command will not see any row in pg_listener for the LISTEN, should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. Disallow LISTEN and UNLISTEN within a prepared transaction (Tom) This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an UNLISTEN remained uncommitted. Fix rare crash when an error occurs during a query using a hash index (Heikki) Fix input of datetime values for February 29 in years BC (Tom) The former coding was mistaken about which years were leap years. Fix unrecognized node type error in some variants of ALTER OWNER (Tom) Fix pg_ctl to correctly extract the postmaster's port number from command-line options (Itagaki Takahiro, Tom) Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. Use -fwrapv to defend against possible misoptimization in recent gcc versions (Tom) This is known to be necessary when building PostgreSQL with gcc 4.3 or later. Fix display of constant expressions in ORDER BY and GROUP BY (Tom) An explictly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. Fix libpq to handle NOTICE messages correctly during COPY OUT (Tom) This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. 2008-01-07 This release contains a variety of fixes from 8.1.10, including fixes for significant security issues. For information about new features in the 8.1 major release, see . This is the last 8.1.X release for which the PostgreSQL community will produce binary packages for Windows. Windows users are encouraged to move to 8.2.X or later, since there are Windows-specific fixes in 8.2.X that are impractical to back-port. 8.1.X will continue to be supported on other platforms. A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Prevent functions in indexes from executing with the privileges of the user running VACUUM, ANALYZE, etc (Tom) Functions used in index expressions and partial-index predicates are evaluated whenever a new table entry is made. It has long been understood that this poses a risk of trojan-horse code execution if one modifies a table owned by an untrustworthy user. (Note that triggers, defaults, check constraints, etc. pose the same type of risk.) But functions in indexes pose extra danger because they will be executed by routine maintenance operations such as VACUUM FULL, which are commonly performed automatically under a superuser account. For example, a nefarious user can execute code with superuser privileges by setting up a trojan-horse index definition and waiting for the next routine vacuum. The fix arranges for standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) to execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. (CVE-2007-6600) Repair assorted bugs in the regular-expression package (Tom, Will Drewry) Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) The fix that appeared for this in 8.1.10 was incomplete, as it plugged the hole for only some dblink functions. (CVE-2007-6601, CVE-2007-3278) Update time zone data files to tzdata release 2007k (in particular, recent Argentina changes) (Tom) Improve planner's handling of LIKE/regex estimation in non-C locales (Tom) Fix planner failure in some cases of WHERE false AND var IN (SELECT ...) (Tom) Preserve the tablespace of indexes that are rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) Make archive recovery always start a new WAL timeline, rather than only when a recovery stop time was used (Simon) This avoids a corner-case risk of trying to overwrite an existing archived copy of the last WAL segment, and seems simpler and cleaner than the original definition. Make VACUUM not use all of maintenance_work_mem when the table is too small for it to be useful (Alvaro) Fix potential crash in translate() when using a multibyte database encoding (Tom) Fix overflow in extract(epoch from interval) for intervals exceeding 68 years (Tom) Fix PL/Perl to not fail when a UTF-8 regular expression is used in a trusted function (Andrew) Fix PL/Perl to cope when platform's Perl defines type bool as int rather than char (Tom) While this could theoretically happen anywhere, no standard build of Perl did things this way ... until Mac OS X 10.5. Fix PL/Python to not crash on long exception messages (Alvaro) Fix pg_dump to correctly handle inheritance child tables that have default expressions different from their parent's (Tom) Fix libpq crash when PGPASSFILE refers to a file that is not a plain file (Martin Pitt) ecpg parser fixes (Michael) Make contrib/pgcrypto defend against OpenSSL libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions (Marko Kreen) Make contrib/tablefunc's crosstab() handle NULL rowid as a category in its own right, rather than crashing (Joe) Fix tsvector and tsquery output routines to escape backslashes correctly (Teodor, Bruce) Fix crash of to_tsvector() on huge input strings (Teodor) Require a specific version of Autoconf to be used when re-generating the configure script (Peter) This affects developers and packagers only. The change was made to prevent accidental use of untested combinations of Autoconf and PostgreSQL versions. You can remove the version check if you really want to use a different Autoconf version, but it's your responsibility whether the result works or not. 2007-09-17 This release contains a variety of fixes from 8.1.9. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Prevent index corruption when a transaction inserts rows and then aborts close to the end of a concurrent VACUUM on the same table (Tom) Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) Allow the interval data type to accept input consisting only of milliseconds or microseconds (Neil) Speed up rtree index insertion (Teodor) Fix excessive logging of SSL error messages (Tom) Fix logging so that log messages are never interleaved when using the syslogger process (Andrew) Fix crash when log_min_error_statement logging runs out of memory (Tom) Fix incorrect handling of some foreign-key corner cases (Tom) Prevent REINDEX and CLUSTER from failing due to attempting to process temporary tables of other sessions (Alvaro) Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) Windows socket improvements (Magnus) Suppress timezone name (%Z) in log timestamps on Windows because of possible encoding mismatches (Tom) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) 2007-04-23 This release contains a variety of fixes from 8.1.8, including a security fix. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Support explicit placement of the temporary-table schema within search_path, and disable searching it for functions and operators (Tom) This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, an unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function (CVE-2007-2138). See CREATE FUNCTION for more information. /contrib/tsearch2 crash fixes (Teodor) Require COMMIT PREPARED to be executed in the same database as the transaction was prepared in (Heikki) Fix potential-data-corruption bug in how VACUUM FULL handles UPDATE chains (Tom, Pavan Deolasee) Planner fixes, including improving outer join and bitmap scan selection logic (Tom) Fix PANIC during enlargement of a hash index (bug introduced in 8.1.6) (Tom) Fix POSIX-style timezone specs to follow new USA DST rules (Tom) 2007-02-07 This release contains one fix from 8.1.7. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Remove overly-restrictive check for type length in constraints and functional indexes(Tom) 2007-02-05 This release contains a variety of fixes from 8.1.6, including a security fix. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Remove security vulnerabilities that allowed connected users to read backend memory (Tom) The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access. Fix rare bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas) Improve VACUUM performance for databases with many tables (Tom) Fix autovacuum to avoid leaving non-permanent transaction IDs in non-connectable databases (Alvaro) This bug affects the 8.1 branch only. Fix for rare Assert() crash triggered by UNION (Tom) Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom) Fix bogus permission denied failures occurring on Windows due to attempts to fsync already-deleted files (Magnus, Tom) Fix possible crashes when an already-in-use PL/pgSQL function is updated (Tom) 2007-01-08 This release contains a variety of fixes from 8.1.5. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Improve handling of getaddrinfo() on AIX (Tom) This fixes a problem with starting the statistics collector, among other things. Fix pg_restore to handle a tar-format backup that contains large objects (blobs) with comments (Tom) Fix failed to re-find parent key errors in VACUUM (Tom) Clean out pg_internal.init cache files during server restart (Simon) This avoids a hazard that the cache files might contain stale data after PITR recovery. Fix race condition for truncation of a large relation across a gigabyte boundary by VACUUM (Tom) Fix bug causing needless deadlock errors on row-level locks (Tom) Fix bugs affecting multi-gigabyte hash indexes (Tom) Fix possible deadlock in Windows signal handling (Teodor) Fix error when constructing an ARRAY[] made up of multiple empty elements (Tom) Fix ecpg memory leak during connection (Michael) Fix for Darwin (OS X) compilation (Tom) to_number() and to_char(numeric) are now STABLE, not IMMUTABLE, for new initdb installs (Tom) This is because lc_numeric can potentially change the output of these functions. Improve index usage of regular expressions that use parentheses (Tom) This improves psql \d performance also. Update timezone database This affects Australian and Canadian daylight-savings rules in particular. 2006-10-16 This release contains a variety of fixes from 8.1.4. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Disallow aggregate functions in UPDATE commands, except within sub-SELECTs (Tom) The behavior of such an aggregate was unpredictable, and in 8.1.X could cause a crash, so it has been disabled. The SQL standard does not allow this either. Fix core dump when an untyped literal is taken as ANYARRAY Fix core dump in duration logging for extended query protocol when a COMMIT or ROLLBACK is executed Fix mishandling of AFTER triggers when query contains a SQL function returning multiple rows (Tom) Fix ALTER TABLE ... TYPE to recheck NOT NULL for USING clause (Tom) Fix string_to_array() to handle overlapping matches for the separator string For example, string_to_array('123xx456xxx789', 'xx'). Fix to_timestamp() for AM/PM formats (Bruce) Fix autovacuum's calculation that decides whether ANALYZE is needed (Alvaro) Fix corner cases in pattern matching for psql's \d commands Fix index-corrupting bugs in /contrib/ltree (Teodor) Numerous robustness fixes in ecpg (Joachim Wieland) Fix backslash escaping in /contrib/dbmirror Minor fixes in /contrib/dblink and /contrib/tsearch2 Efficiency improvements in hash tables and bitmap index scans (Tom) Fix instability of statistics collection on Windows (Tom, Andrew) Fix statement_timeout to use the proper units on Win32 (Bruce) In previous Win32 8.1.X versions, the delay was off by a factor of 100. Fixes for MSVC and Borland C++ compilers (Hiroshi Saito) Fixes for AIX and Intel compilers (Tom) Fix rare bug in continuous archiving (Tom) 2006-05-23 This release contains a variety of fixes from 8.1.3, including patches for extremely serious security issues. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Full security against the SQL-injection attacks described in CVE-2006-2313 and CVE-2006-2314 might require changes in application code. If you have applications that embed untrustworthy strings into SQL commands, you should examine them as soon as possible to ensure that they are using recommended escaping techniques. In most cases, applications should be using subroutines provided by libraries or drivers (such as libpq's PQescapeStringConn()) to perform string escaping, rather than relying on ad hoc code to do it. Change the server to reject invalidly-encoded multibyte characters in all cases (Tatsuo, Tom) While PostgreSQL has been moving in this direction for some time, the checks are now applied uniformly to all encodings and all textual input, and are now always errors not merely warnings. This change defends against SQL-injection attacks of the type described in CVE-2006-2313. Reject unsafe uses of \' in string literals As a server-side defense against SQL-injection attacks of the type described in CVE-2006-2314, the server now only accepts '' and not \' as a representation of ASCII single quote in SQL string literals. By default, \' is rejected only when client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC), which is the scenario in which SQL injection is possible. A new configuration parameter backslash_quote is available to adjust this behavior when needed. Note that full security against CVE-2006-2314 might require client-side changes; the purpose of backslash_quote is in part to make it obvious that insecure clients are insecure. Modify libpq's string-escaping routines to be aware of encoding considerations and standard_conforming_strings This fixes libpq-using applications for the security issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs them against the planned changeover to SQL-standard string literal syntax. Applications that use multiple PostgreSQL connections concurrently should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that escaping is done correctly for the settings in use in each database connection. Applications that do string escaping by hand should be modified to rely on library routines instead. Fix weak key selection in pgcrypto (Marko Kreen) Errors in fortuna PRNG reseeding logic could cause a predictable session key to be selected by pgp_sym_encrypt() in some cases. This only affects non-OpenSSL-using builds. Fix some incorrect encoding conversion functions win1251_to_iso, win866_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all broken to varying extents. Clean up stray remaining uses of \' in strings (Bruce, Jan) Make autovacuum visible in pg_stat_activity (Alvaro) Disable full_page_writes (Tom) In certain cases, having full_page_writes off would cause crash recovery to fail. A proper fix will appear in 8.2; for now it's just disabled. Various planner fixes, particularly for bitmap index scans and MIN/MAX optimization (Tom) Fix incorrect optimization in merge join (Tom) Outer joins could sometimes emit multiple copies of unmatched rows. Fix crash from using and modifying a plpgsql function in the same transaction Fix WAL replay for case where a B-Tree index has been truncated Fix SIMILAR TO for patterns involving | (Tom) Fix SELECT INTO and CREATE TABLE AS to create tables in the default tablespace, not the base directory (Kris Jurka) Fix server to use custom DH SSL parameters correctly (Michael Fuhr) Improve qsort performance (Dann Corbit) Currently this code is only used on Solaris. Fix for OS/X Bonjour on x86 systems (Ashley Clark) Fix various minor memory leaks Fix problem with password prompting on some Win32 systems (Robert Kinberg) Improve pg_dump's handling of default values for domains Fix pg_dumpall to handle identically-named users and groups reasonably (only possible when dumping from a pre-8.1 server) (Tom) The user and group will be merged into a single role with LOGIN permission. Formerly the merged role wouldn't have LOGIN permission, making it unusable as a user. Fix pg_restore -n to work as documented (Tom) 2006-02-14 This release contains a variety of fixes from 8.1.2, including one very serious security issue. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2. Fix bug that allowed any logged-in user to SET ROLE to any other database user id (CVE-2006-0553) Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, in all releases back to 7.3 there is a related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem. Fix bug with row visibility logic in self-inserted rows (Tom) Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases. Fix race condition that could lead to file already exists errors during pg_clog and pg_subtrans file creation (Tom) Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom) Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil) Ensure ALTER COLUMN TYPE will process FOREIGN KEY, UNIQUE, and PRIMARY KEY constraints in the proper order (Nakano Yoshihisa) Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom) Allow pg_restore to continue properly after a COPY failure; formerly it tried to treat the remaining COPY data as SQL commands (Stephen Frost) Fix pg_ctl unregister crash when the data directory is not specified (Magnus) Fix libpq PQprint HTML tags (Christoph Zwerschke) Fix ecpg crash on AMD64 and PPC (Neil) Allow SETOF and %TYPE to be used together in function result type declarations Recover properly if error occurs during argument passing in PL/python (Neil) Fix memory leak in plperl_return_next (Neil) Fix PL/perl's handling of locales on Win32 to match the backend (Andrew) Various optimizer fixes (Tom) Fix crash when log_min_messages is set to DEBUG3 or above in postgresql.conf on Win32 (Bruce) Fix pgxs -L library path specification for Win32, Cygwin, OS X, AIX (Bruce) Check that SID is enabled while checking for Win32 admin privileges (Magnus) Properly reject out-of-range date inputs (Kris Jurka) Portability fix for testing presence of finite and isinf during configure (Tom) Improve speed of COPY IN via libpq, by avoiding a kernel call per data line (Alon Goldshuv) Improve speed of /contrib/tsearch2 index creation (Tom) 2006-01-09 This release contains a variety of fixes from 8.1.1. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. However, you might need to REINDEX indexes on textual columns after updating, if you are affected by the locale or plperl issues described below. Fix Windows code so that postmaster will continue rather than exit if there is no more room in ShmemBackendArray (Magnus) The previous behavior could lead to a denial-of-service situation if too many connection requests arrive close together. This applies only to the Windows port. Fix bug introduced in 8.0 that could allow ReadBuffer to return an already-used page as new, potentially causing loss of recently-committed data (Tom) Fix for protocol-level Describe messages issued outside a transaction or in a failed transaction (Tom) Fix character string comparison for locales that consider different character combinations as equal, such as Hungarian (Tom) This might require REINDEX to fix existing indexes on textual columns. Set locale environment variables during postmaster startup to ensure that plperl won't change the locale later This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of plperl was likely to lead to corrupt indexes. You might need REINDEX to fix existing indexes on textual columns if this has happened to you. Allow more flexible relocation of installation directories (Tom) Previous releases supported relocation only if all installation directory paths were the same except for the last component. Prevent crashes caused by the use of ISO-8859-5 and ISO-8859-9 encodings (Tatsuo) Fix longstanding bug in strpos() and regular expression handling in certain rarely used Asian multi-byte character sets (Tatsuo) Fix bug where COPY CSV mode considered any \. to terminate the copy data The new code requires \. to appear alone on a line, as per documentation. Make COPY CSV mode quote a literal data value of \. to ensure it cannot be interpreted as the end-of-data marker (Bruce) Various fixes for functions returning RECORDs (Tom) Fix processing of postgresql.conf so a final line with no newline is processed properly (Tom) Fix bug in /contrib/pgcrypto gen_salt, which caused it not to use all available salt space for MD5 and XDES algorithms (Marko Kreen, Solar Designer) Salts for Blowfish and standard DES are unaffected. Fix autovacuum crash when processing expression indexes Fix /contrib/dblink to throw an error, rather than crashing, when the number of columns specified is different from what's actually returned by the query (Joe) 2005-12-12 This release contains a variety of fixes from 8.1.0. For information about new features in the 8.1 major release, see . A dump/restore is not required for those running 8.1.X. Fix incorrect optimizations of outer-join conditions (Tom) Fix problems with wrong reported column names in cases involving sub-selects flattened by the optimizer (Tom) Fix update failures in scenarios involving CHECK constraints, toasted columns, and indexes (Tom) Fix bgwriter problems after recovering from errors (Tom) The background writer was found to leak buffer pins after write errors. While not fatal in itself, this might lead to mysterious blockages of later VACUUM commands. Prevent failure if client sends Bind protocol message when current transaction is already aborted /contrib/tsearch2 and /contrib/ltree fixes (Teodor) Fix problems with translated error messages in languages that require word reordering, such as Turkish; also problems with unexpected truncation of output strings and wrong display of the smallest possible bigint value (Andrew, Tom) These problems only appeared on platforms that were using our port/snprintf.c code, which includes BSD variants if --enable-nls was given, and perhaps others. In addition, a different form of the translated-error-message problem could appear on Windows depending on which version of libintl was used. Re-allow AM/PM, HH, HH12, and D format specifiers for to_char(time) and to_char(interval). (to_char(interval) should probably use HH24.) (Bruce) AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi Saito) Optimizer improvements (Tom) Retry file reads and writes after Windows NO_SYSTEM_RESOURCES error (Qingqing Zhou) Prevent autovacuum from crashing during ANALYZE of expression index (Alvaro) Fix problems with ON COMMIT DELETE ROWS temp tables Fix problems when a trigger alters the output of a SELECT DISTINCT query Add 8.1.0 release note item on how to migrate invalid UTF-8 byte sequences (Paul Lindner) 2005-11-08 Major changes in this release: Improve concurrent access to the shared buffer cache (Tom) Access to the shared buffer cache was identified as a significant scalability problem, particularly on multi-CPU systems. In this release, the way that locking is done in the buffer manager has been overhauled to reduce lock contention and improve scalability. The buffer manager has also been changed to use a clock sweep replacement policy. Allow index scans to use an intermediate in-memory bitmap (Tom) In previous releases, only a single index could be used to do lookups on a table. With this feature, if a query has WHERE tab.col1 = 4 and tab.col2 = 9, and there is no multicolumn index on col1 and col2, but there is an index on col1 and another on col2, it is possible to search both indexes and combine the results in memory, then do heap fetches for only the rows matching both the col1 and col2 restrictions. This is very useful in environments that have a lot of unstructured queries where it is impossible to create indexes that match all possible access conditions. Bitmap scans are useful even with a single index, as they reduce the amount of random access needed; a bitmap index scan is efficient for retrieving fairly large fractions of the complete table, whereas plain index scans are not. Add two-phase commit (Heikki Linnakangas, Alvaro, Tom) Two-phase commit allows transactions to be "prepared" on several computers, and once all computers have successfully prepared their transactions (none failed), all transactions can be committed. Even if a machine crashes after a prepare, the prepared transaction can be committed after the machine is restarted. New syntax includes PREPARE TRANSACTION and COMMIT/ROLLBACK PREPARED. A new system view pg_prepared_xacts has also been added. Create a new role system that replaces users and groups (Stephen Frost) Roles are a combination of users and groups. Like users, they can have login capability, and like groups, a role can have other roles as members. Roles basically remove the distinction between users and groups. For example, a role can: Have login capability (optionally) Own objects Hold access permissions for database objects Inherit permissions from other roles it is a member of Once a user logs into a role, she obtains capabilities of the login role plus any inherited roles, and can use SET ROLE to switch to other roles she is a member of. This feature is a generalization of the SQL standard's concept of roles. This change also replaces pg_shadow and pg_group by new role-capable catalogs pg_authid and pg_auth_members. The old tables are redefined as read-only views on the new role tables. Automatically use indexes for MIN() and MAX() (Tom) In previous releases, the only way to use an index for MIN() or MAX() was to rewrite the query as SELECT col FROM tab ORDER BY col LIMIT 1. Index usage now happens automatically. Move /contrib/pg_autovacuum into the main server (Alvaro) Integrating autovacuum into the server allows it to be automatically started and stopped in sync with the database server, and allows autovacuum to be configured from postgresql.conf. Add shared row level locks using SELECT ... FOR SHARE (Alvaro) While PostgreSQL's MVCC locking allows SELECT to never be blocked by writers and therefore does not need shared row locks for typical operations, shared locks are useful for applications that require shared row locking. In particular this reduces the locking requirements imposed by referential integrity checks. Add dependencies on shared objects, specifically roles (Alvaro) This extension of the dependency mechanism prevents roles from being dropped while there are still database objects they own. Formerly it was possible to accidentally orphan objects by deleting their owner. While this could be recovered from, it was messy and unpleasant. Improve performance for partitioned tables (Simon) The new constraint_exclusion configuration parameter avoids lookups on child tables where constraints indicate that no matching rows exist in the child table. This allows for a basic type of table partitioning. If child tables store separate key ranges and this is enforced using appropriate CHECK constraints, the optimizer will skip child table accesses when the constraint guarantees no matching rows exist in the child table. A dump/restore using pg_dump is required for those wishing to migrate data from any previous release. The 8.0 release announced that the to_char() function for intervals would be removed in 8.1. However, since no better API has been suggested, to_char(interval) has been enhanced in 8.1 and will remain in the server. Observe the following incompatibilities: add_missing_from is now false by default (Neil) By default, we now generate an error if a table is used in a query without a FROM reference. The old behavior is still available, but the parameter must be set to 'true' to obtain it. It might be necessary to set add_missing_from to true in order to load an existing dump file, if the dump contains any views or rules created using the implicit-FROM syntax. This should be a one-time annoyance, because PostgreSQL 8.1 will convert such views and rules to standard explicit-FROM syntax. Subsequent dumps will therefore not have the problem. Cause input of a zero-length string ('') for float4/float8/oid to throw an error, rather than treating it as a zero (Neil) This change is consistent with the current handling of zero-length strings for integers. The schedule for this change was announced in 8.0. default_with_oids is now false by default (Neil) With this option set to false, user-created tables no longer have an OID column unless WITH OIDS is specified in CREATE TABLE. Though OIDs have existed in all releases of PostgreSQL, their use is limited because they are only four bytes long and the counter is shared across all installed databases. The preferred way of uniquely identifying rows is via sequences and the SERIAL type, which have been supported since PostgreSQL 6.4. Add E'' syntax so eventually ordinary strings can treat backslashes literally (Bruce) Currently PostgreSQL processes a backslash in a string literal as introducing a special escape sequence, e.g. \n or \010. While this allows easy entry of special values, it is nonstandard and makes porting of applications from other databases more difficult. For this reason, the PostgreSQL project is planning to remove the special meaning of backslashes in strings. For backward compatibility and for users who want special backslash processing, a new string syntax has been created. This new string syntax is formed by writing an E immediately preceding the single quote that starts the string, e.g. E'hi\n'. While this release does not change the handling of backslashes in strings, it does add new configuration parameters to help users migrate applications for future releases: standard_conforming_strings — does this release treat backslashes literally in ordinary strings? escape_string_warning — warn about backslashes in ordinary (non-E) strings The standard_conforming_strings value is read-only. Applications can retrieve the value to know how backslashes are processed. (Presence of the parameter can also be taken as an indication that E'' string syntax is supported.) In a future release, standard_conforming_strings will be true, meaning backslashes will be treated literally in non-E strings. To prepare for this change, use E'' strings in places that need special backslash processing, and turn on escape_string_warning to find additional strings that need to be converted to use E''. Also, use two single-quotes ('') to embed a literal single-quote in a string, rather than the PostgreSQL-supported syntax of backslash single-quote (\'). The former is standards-conforming and does not require the use of the E'' string syntax. You can also use the $$ string syntax, which does not treat backslashes specially. Make REINDEX DATABASE reindex all indexes in the database (Tom) Formerly, REINDEX DATABASE reindexed only system tables. This new behavior seems more intuitive. A new command REINDEX SYSTEM provides the old functionality of reindexing just the system tables. Read-only large object descriptors now obey MVCC snapshot semantics When a large object is opened with INV_READ (and not INV_WRITE), the data read from the descriptor will now reflect a snapshot of the large object's state at the time of the transaction snapshot in use by the query that called lo_open(). To obtain the old behavior of always returning the latest committed data, include INV_WRITE in the mode flags for lo_open(). Add proper dependencies for arguments of sequence functions (Tom) In previous releases, sequence names passed to nextval(), currval(), and setval() were stored as simple text strings, meaning that renaming or dropping a sequence used in a DEFAULT clause made the clause invalid. This release stores all newly-created sequence function arguments as internal OIDs, allowing them to track sequence renaming, and adding dependency information that prevents improper sequence removal. It also makes such DEFAULT clauses immune to schema renaming and search path changes. Some applications might rely on the old behavior of run-time lookup for sequence names. This can still be done by explicitly casting the argument to text, for example nextval('myseq'::text). Pre-8.1 database dumps loaded into 8.1 will use the old text-based representation and therefore will not have the features of OID-stored arguments. However, it is possible to update a database containing text-based DEFAULT clauses. First, save this query into a file, such as fixseq.sql: SELECT 'ALTER TABLE ' || pg_catalog.quote_ident(n.nspname) || '.' || pg_catalog.quote_ident(c.relname) || ' ALTER COLUMN ' || pg_catalog.quote_ident(a.attname) || ' SET DEFAULT ' || regexp_replace(d.adsrc, $$val\(\(('[^']*')::text\)::regclass$$, $$val(\1$$, 'g') || ';' FROM pg_namespace n, pg_class c, pg_attribute a, pg_attrdef d WHERE n.oid = c.relnamespace AND c.oid = a.attrelid AND a.attrelid = d.adrelid AND a.attnum = d.adnum AND d.adsrc ~ $$val\(\('[^']*'::text\)::regclass$$; Next, run the query against a database to find what adjustments are required, like this for database db1: psql -t -f fixseq.sql db1 This will show the ALTER TABLE commands needed to convert the database to the newer OID-based representation. If the commands look reasonable, run this to update the database: psql -t -f fixseq.sql db1 | psql -e db1 This process must be repeated in each database to be updated. In psql, treat unquoted \{digit}+ sequences as octal (Bruce) In previous releases, \{digit}+ sequences were treated as decimal, and only \0{digit}+ were treated as octal. This change was made for consistency. Remove grammar productions for prefix and postfix % and ^ operators (Tom) These have never been documented and complicated the use of the modulus operator (%) with negative numbers. Make &< and &> for polygons consistent with the box "over" operators (Tom) CREATE LANGUAGE can ignore the provided arguments in favor of information from pg_pltemplate (Tom) A new system catalog pg_pltemplate has been defined to carry information about the preferred definitions of procedural languages (such as whether they have validator functions). When an entry exists in this catalog for the language being created, CREATE LANGUAGE will ignore all its parameters except the language name and instead use the catalog information. This measure was taken because of increasing problems with obsolete language definitions being loaded by old dump files. As of 8.1, pg_dump will dump procedural language definitions as just CREATE LANGUAGE name, relying on a template entry to exist at load time. We expect this will be a more future-proof representation. Make pg_cancel_backend(int) return a boolean rather than an integer (Neil) Some users are having problems loading UTF-8 data into 8.1.X. This is because previous versions allowed invalid UTF-8 byte sequences to be entered into the database, and this release properly accepts only valid UTF-8 sequences. One way to correct a dumpfile is to run the command iconv -c -f UTF-8 -t UTF-8 -o cleanfile.sql dumpfile.sql. The -c option removes invalid character sequences. A diff of the two files will show the sequences that are invalid. iconv reads the entire input file into memory so it might be necessary to use split to break up the dump into multiple smaller files for processing. Below you will find a detailed account of the additional changes between PostgreSQL 8.1 and the previous major release. Improve GiST and R-tree index performance (Neil) Improve the optimizer, including auto-resizing of hash joins (Tom) Overhaul internal API in several areas Change WAL record CRCs from 64-bit to 32-bit (Tom) We determined that the extra cost of computing 64-bit CRCs was significant, and the gain in reliability too marginal to justify it. Prevent writing large empty gaps in WAL pages (Tom) Improve spinlock behavior on SMP machines, particularly Opterons (Tom) Allow nonconsecutive index columns to be used in a multicolumn index (Tom) For example, this allows an index on columns a,b,c to be used in a query with WHERE a = 4 and c = 10. Skip WAL logging for CREATE TABLE AS / SELECT INTO (Simon) Since a crash during CREATE TABLE AS would cause the table to be dropped during recovery, there is no reason to WAL log as the table is loaded. (Logging still happens if WAL archiving is enabled, however.) Allow concurrent GiST index access (Teodor, Oleg) Add configuration parameter full_page_writes to control writing full pages to WAL (Bruce) To prevent partial disk writes from corrupting the database, PostgreSQL writes a complete copy of each database disk page to WAL the first time it is modified after a checkpoint. This option turns off that functionality for more speed. This is safe to use with battery-backed disk caches where partial page writes cannot happen. Use O_DIRECT if available when using O_SYNC for wal_sync_method (Itagaki Takahiro) O_DIRECT causes disk writes to bypass the kernel cache, and for WAL writes, this improves performance. Improve COPY FROM performance (Alon Goldshuv) This was accomplished by reading COPY input in larger chunks, rather than character by character. Improve the performance of COUNT(), SUM, AVG(), STDDEV(), and VARIANCE() (Neil, Tom) Prevent problems due to transaction ID (XID) wraparound (Tom) The server will now warn when the transaction counter approaches the wraparound point. If the counter becomes too close to wraparound, the server will stop accepting queries. This ensures that data is not lost before needed vacuuming is performed. Fix problems with object IDs (OIDs) conflicting with existing system objects after the OID counter has wrapped around (Tom) Add warning about the need to increase max_fsm_relations and max_fsm_pages during VACUUM (Ron Mayer) Add temp_buffers configuration parameter to allow users to determine the size of the local buffer area for temporary table access (Tom) Add session start time and client IP address to pg_stat_activity (Magnus) Adjust pg_stat views for bitmap scans (Tom) The meanings of some of the fields have changed slightly. Enhance pg_locks view (Tom) Log queries for client-side PREPARE and EXECUTE (Simon) Allow Kerberos name and user name case sensitivity to be specified in postgresql.conf (Magnus) Add configuration parameter krb_server_hostname so that the server host name can be specified as part of service principal (Todd Kover) If not set, any service principal matching an entry in the keytab can be used. This is new Kerberos matching behavior in this release. Add log_line_prefix options for millisecond timestamps (%m) and remote host (%h) (Ed L.) Add WAL logging for GiST indexes (Teodor, Oleg) GiST indexes are now safe for crash and point-in-time recovery. Remove old *.backup files when we do pg_stop_backup() (Bruce) This prevents a large number of *.backup files from existing in pg_xlog/. Add configuration parameters to control TCP/IP keep-alive times for idle, interval, and count (Oliver Jowett) These values can be changed to allow more rapid detection of lost client connections. Add per-user and per-database connection limits (Petr Jelinek) Using ALTER USER and ALTER DATABASE, limits can now be enforced on the maximum number of sessions that can concurrently connect as a specific user or to a specific database. Setting the limit to zero disables user or database connections. Allow more than two gigabytes of shared memory and per-backend work memory on 64-bit machines (Koichi Suzuki) New system catalog pg_pltemplate allows overriding obsolete procedural-language definitions in dump files (Tom) Add temporary views (Koju Iijima, Neil) Fix HAVING without any aggregate functions or GROUP BY so that the query returns a single group (Tom) Previously, such a case would treat the HAVING clause the same as a WHERE clause. This was not per spec. Add USING clause to allow additional tables to be specified to DELETE (Euler Taveira de Oliveira, Neil) In prior releases, there was no clear method for specifying additional tables to be used for joins in a DELETE statement. UPDATE already has a FROM clause for this purpose. Add support for \x hex escapes in backend and ecpg strings (Bruce) This is just like the standard C \x escape syntax. Octal escapes were already supported. Add BETWEEN SYMMETRIC query syntax (Pavel Stehule) This feature allows BETWEEN comparisons without requiring the first value to be less than the second. For example, 2 BETWEEN [ASYMMETRIC] 3 AND 1 returns false, while 2 BETWEEN SYMMETRIC 3 AND 1 returns true. BETWEEN ASYMMETRIC was already supported. Add NOWAIT option to SELECT ... FOR UPDATE/SHARE (Hans-Juergen Schoenig) While the statement_timeout configuration parameter allows a query taking more than a certain amount of time to be cancelled, the NOWAIT option allows a query to be canceled as soon as a SELECT ... FOR UPDATE/SHARE command cannot immediately acquire a row lock. Track dependencies of shared objects (Alvaro) PostgreSQL allows global tables (users, databases, tablespaces) to reference information in multiple databases. This addition adds dependency information for global tables, so, for example, user ownership can be tracked across databases, so a user who owns something in any database can no longer be removed. Dependency tracking already existed for database-local objects. Allow limited ALTER OWNER commands to be performed by the object owner (Stephen Frost) Prior releases allowed only superusers to change object owners. Now, ownership can be transferred if the user executing the command owns the object and would be able to create it as the new owner (that is, the user is a member of the new owning role and that role has the CREATE permission that would be needed to create the object afresh). Add ALTER object SET SCHEMA capability for some object types (tables, functions, types) (Bernd Helmle) This allows objects to be moved to different schemas. Add ALTER TABLE ENABLE/DISABLE TRIGGER to disable triggers (Satoshi Nagayasu) Allow TRUNCATE to truncate multiple tables in a single command (Alvaro) Because of referential integrity checks, it is not allowed to truncate a table that is part of a referential integrity constraint. Using this new functionality, TRUNCATE can be used to truncate such tables, if both tables involved in a referential integrity constraint are truncated in a single TRUNCATE command. Properly process carriage returns and line feeds in COPY CSV mode (Andrew) In release 8.0, carriage returns and line feeds in CSV COPY TO were processed in an inconsistent manner. (This was documented on the TODO list.) Add COPY WITH CSV HEADER to allow a header line as the first line in COPY (Andrew) This allows handling of the common CSV usage of placing the column names on the first line of the data file. For COPY TO, the first line contains the column names, and for COPY FROM, the first line is ignored. On Windows, display better sub-second precision in EXPLAIN ANALYZE (Magnus) Add trigger duration display to EXPLAIN ANALYZE (Tom) Prior releases included trigger execution time as part of the total execution time, but did not show it separately. It is now possible to see how much time is spent in each trigger. Add support for \x hex escapes in COPY (Sergey Ten) Previous releases only supported octal escapes. Make SHOW ALL include variable descriptions (Matthias Schmidt) SHOW varname still only displays the variable's value and does not include the description. Make initdb create a new standard database called postgres, and convert utilities to use postgres rather than template1 for standard lookups (Dave) In prior releases, template1 was used both as a default connection for utilities like createuser, and as a template for new databases. This caused CREATE DATABASE to sometimes fail, because a new database cannot be created if anyone else is in the template database. With this change, the default connection database is now postgres, meaning it is much less likely someone will be using template1 during CREATE DATABASE. Create new reindexdb command-line utility by moving /contrib/reindexdb into the server (Euler Taveira de Oliveira) Add MAX() and MIN() aggregates for array types (Koju Iijima) Fix to_date() and to_timestamp() to behave reasonably when CC and YY fields are both used (Karel Zak) If the format specification contains CC and a year specification is YYY or longer, ignore the CC. If the year specification is YY or shorter, interpret CC as the previous century. Add md5(bytea) (Abhijit Menon-Sen) md5(text) already existed. Add support for numeric ^ numeric based on power(numeric, numeric) The function already existed, but there was no operator assigned to it. Fix NUMERIC modulus by properly truncating the quotient during computation (Bruce) In previous releases, modulus for large values sometimes returned negative results due to rounding of the quotient. Add a function lastval() (Dennis Björklund) lastval() is a simplified version of currval(). It automatically determines the proper sequence name based on the most recent nextval() or setval() call performed by the current session. Add to_timestamp(DOUBLE PRECISION) (Michael Glaesemann) Converts Unix seconds since 1970 to a TIMESTAMP WITH TIMEZONE. Add pg_postmaster_start_time() function (Euler Taveira de Oliveira, Matthias Schmidt) Allow the full use of time zone names in AT TIME ZONE, not just the short list previously available (Magnus) Previously, only a predefined list of time zone names were supported by AT TIME ZONE. Now any supported time zone name can be used, e.g.: SELECT CURRENT_TIMESTAMP AT TIME ZONE 'Europe/London'; In the above query, the time zone used is adjusted based on the daylight saving time rules that were in effect on the supplied date. Add GREATEST() and LEAST() variadic functions (Pavel Stehule) These functions take a variable number of arguments and return the greatest or least value among the arguments. Add pg_column_size() (Mark Kirkwood) This returns storage size of a column, which might be compressed. Add regexp_replace() (Atsushi Ogawa) This allows regular expression replacement, like sed. An optional flag argument allows selection of global (replace all) and case-insensitive modes. Fix interval division and multiplication (Bruce) Previous versions sometimes returned unjustified results, like '4 months'::interval / 5 returning '1 mon -6 days'. Fix roundoff behavior in timestamp, time, and interval output (Tom) This fixes some cases in which the seconds field would be shown as 60 instead of incrementing the higher-order fields. Add a separate day field to type interval so a one day interval can be distinguished from a 24 hour interval (Michael Glaesemann) Days that contain a daylight saving time adjustment are not 24 hours long, but typically 23 or 25 hours. This change creates a conceptual distinction between intervals of so many days and intervals of so many hours. Adding 1 day to a timestamp now gives the same local time on the next day even if a daylight saving time adjustment occurs between, whereas adding 24 hours will give a different local time when this happens. For example, under US DST rules: '2005-04-03 00:00:00-05' + '1 day' = '2005-04-04 00:00:00-04' '2005-04-03 00:00:00-05' + '24 hours' = '2005-04-04 01:00:00-04' Add justify_days() and justify_hours() (Michael Glaesemann) These functions, respectively, adjust days to an appropriate number of full months and days, and adjust hours to an appropriate number of full days and hours. Move /contrib/dbsize into the backend, and rename some of the functions (Dave Page, Andreas Pflug) pg_tablespace_size() pg_database_size() pg_relation_size() pg_total_relation_size() pg_size_pretty() pg_total_relation_size() includes indexes and TOAST tables. Add functions for read-only file access to the cluster directory (Dave Page, Andreas Pflug) pg_stat_file() pg_read_file() pg_ls_dir() Add pg_reload_conf() to force reloading of the configuration files (Dave Page, Andreas Pflug) Add pg_rotate_logfile() to force rotation of the server log file (Dave Page, Andreas Pflug) Change pg_stat_* views to include TOAST tables (Tom) Rename some encodings to be more consistent and to follow international standards (Bruce) UNICODE is now UTF8 ALT is now WIN866 WIN is now WIN1251 TCVN is now WIN1258 The original names still work. Add support for WIN1252 encoding (Roland Volkmann) Add support for four-byte UTF8 characters (John Hansen) Previously only one, two, and three-byte UTF8 characters were supported. This is particularly important for support for some Chinese character sets. Allow direct conversion between EUC_JP and SJIS to improve performance (Atsushi Ogawa) Allow the UTF8 encoding to work on Windows (Magnus) This is done by mapping UTF8 to the Windows-native UTF16 implementation. Fix ALTER LANGUAGE RENAME (Sergey Yatskevich) Allow function characteristics, like strictness and volatility, to be modified via ALTER FUNCTION (Neil) Increase the maximum number of function arguments to 100 (Tom) Allow SQL and PL/pgSQL functions to use OUT and INOUT parameters (Tom) OUT is an alternate way for a function to return values. Instead of using RETURN, values can be returned by assigning to parameters declared as OUT or INOUT. This is notationally simpler in some cases, particularly so when multiple values need to be returned. While returning multiple values from a function was possible in previous releases, this greatly simplifies the process. (The feature will be extended to other server-side languages in future releases.) Move language handler functions into the pg_catalog schema This makes it easier to drop the public schema if desired. Add SPI_getnspname() to SPI (Neil) Overhaul the memory management of PL/pgSQL functions (Neil) The parsetree of each function is now stored in a separate memory context. This allows this memory to be easily reclaimed when it is no longer needed. Check function syntax at CREATE FUNCTION time, rather than at runtime (Neil) Previously, most syntax errors were reported only when the function was executed. Allow OPEN to open non-SELECT queries like EXPLAIN and SHOW (Tom) No longer require functions to issue a RETURN statement (Tom) This is a byproduct of the newly added OUT and INOUT functionality. RETURN can be omitted when it is not needed to provide the function's return value. Add support for an optional INTO clause to PL/pgSQL's EXECUTE statement (Pavel Stehule, Neil) Make CREATE TABLE AS set ROW_COUNT (Tom) Define SQLSTATE and SQLERRM to return the SQLSTATE and error message of the current exception (Pavel Stehule, Neil) These variables are only defined inside exception blocks. Allow the parameters to the RAISE statement to be expressions (Pavel Stehule, Neil) Add a loop CONTINUE statement (Pavel Stehule, Neil) Allow block and loop labels (Pavel Stehule) Allow large result sets to be returned efficiently (Abhijit Menon-Sen) This allows functions to use return_next() to avoid building the entire result set in memory. Allow one-row-at-a-time retrieval of query results (Abhijit Menon-Sen) This allows functions to use spi_query() and spi_fetchrow() to avoid accumulating the entire result set in memory. Force PL/Perl to handle strings as UTF8 if the server encoding is UTF8 (David Kamholz) Add a validator function for PL/Perl (Andrew) This allows syntax errors to be reported at definition time, rather than execution time. Allow PL/Perl to return a Perl array when the function returns an array type (Andrew) This basically maps PostgreSQL arrays to Perl arrays. Allow Perl nonfatal warnings to generate NOTICE messages (Andrew) Allow Perl's strict mode to be enabled (Andrew) Add \set ON_ERROR_ROLLBACK to allow statements in a transaction to error without affecting the rest of the transaction (Greg Sabino Mullane) This is basically implemented by wrapping every statement in a sub-transaction. Add support for \x hex strings in psql variables (Bruce) Octal escapes were already supported. Add support for troff -ms output format (Roger Leigh) Allow the history file location to be controlled by HISTFILE (Andreas Seltenreich) This allows configuration of per-database history storage. Prevent \x (expanded mode) from affecting the output of \d tablename (Neil) Add -L option to psql to log sessions (Lorne Sunley) This option was added because some operating systems do not have simple command-line activity logging functionality. Make \d show the tablespaces of indexes (Qingqing Zhou) Allow psql help (\h) to make a best guess on the proper help information (Greg Sabino Mullane) This allows the user to just add \h to the front of the syntax error query and get help on the supported syntax. Previously any additional query text beyond the command name had to be removed to use \h. Add \pset numericlocale to allow numbers to be output in a locale-aware format (Eugen Nedelcu) For example, using C locale 100000 would be output as 100,000.0 while a European locale might output this value as 100.000,0. Make startup banner show both server version number and psql's version number, when they are different (Bruce) Also, a warning will be shown if the server and psql are from different major releases. Add -n / --schema switch to pg_restore (Richard van den Berg) This allows just the objects in a specified schema to be restored. Allow pg_dump to dump large objects even in text mode (Tom) With this change, large objects are now always dumped; the former -b switch is a no-op. Allow pg_dump to dump a consistent snapshot of large objects (Tom) Dump comments for large objects (Tom) Add --encoding to pg_dump (Magnus Hagander) This allows a database to be dumped in an encoding that is different from the server's encoding. This is valuable when transferring the dump to a machine with a different encoding. Rely on pg_pltemplate for procedural languages (Tom) If the call handler for a procedural language is in the pg_catalog schema, pg_dump does not dump the handler. Instead, it dumps the language using just CREATE LANGUAGE name, relying on the pg_pltemplate catalog to provide the language's creation parameters at load time. Add a PGPASSFILE environment variable to specify the password file's filename (Andrew) Add lo_create(), that is similar to lo_creat() but allows the OID of the large object to be specified (Tom) Make libpq consistently return an error to the client application on malloc() failure (Neil) Fix pgxs to support building against a relocated installation Add spinlock support for the Itanium processor using Intel compiler (Vikram Kalsi) Add Kerberos 5 support for Windows (Magnus) Add Chinese FAQ (laser@pgsqldb.com) Rename Rendezvous to Bonjour to match OS/X feature renaming (Bruce) Add support for fsync_writethrough on Darwin (Chris Campbell) Streamline the passing of information within the server, the optimizer, and the lock system (Tom) Allow pg_config to be compiled using MSVC (Andrew) This is required to build DBD::Pg using MSVC. Remove support for Kerberos V4 (Magnus) Kerberos 4 had security vulnerabilities and is no longer maintained. Code cleanups (Coverity static analysis performed by EnterpriseDB) Modify postgresql.conf to use documentation defaults on/off rather than true/false (Bruce) Enhance pg_config to be able to report more build-time values (Tom) Allow libpq to be built thread-safe on Windows (Dave Page) Allow IPv6 connections to be used on Windows (Andrew) Add Server Administration documentation about I/O subsystem reliability (Bruce) Move private declarations from gist.h to gist_private.h (Neil) In previous releases, gist.h contained both the public GiST API (intended for use by authors of GiST index implementations) as well as some private declarations used by the implementation of GiST itself. The latter have been moved to a separate file, gist_private.h. Most GiST index implementations should be unaffected. Overhaul GiST memory management (Neil) GiST methods are now always invoked in a short-lived memory context. Therefore, memory allocated via palloc() will be reclaimed automatically, so GiST index implementations do not need to manually release allocated memory via pfree(). Add /contrib/pg_buffercache contrib module (Mark Kirkwood) This displays the contents of the buffer cache, for debugging and performance tuning purposes. Remove /contrib/array because it is obsolete (Tom) Clean up the /contrib/lo module (Tom) Move /contrib/findoidjoins to /src/tools (Tom) Remove the <<, >>, &<, and &> operators from /contrib/cube These operators were not useful. Improve /contrib/btree_gist (Janko Richter) Improve /contrib/pgbench (Tomoaki Sato, Tatsuo) There is now a facility for testing with SQL command scripts given by the user, instead of only a hard-wired command sequence. Improve /contrib/pgcrypto (Marko Kreen) Implementation of OpenPGP symmetric-key and public-key encryption Both RSA and Elgamal public-key algorithms are supported. Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG OpenSSL build: support 3DES, use internal AES with OpenSSL < 0.9.7 Take build parameters (OpenSSL, zlib) from configure result There is no need to edit the Makefile anymore. Remove support for libmhash and libmcrypt