rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/doc/src/sgml/release-9.2.sgml

11434 lines
325 KiB
Plaintext
Raw Blame History

<!-- doc/src/sgml/release-9.2.sgml -->
<!-- See header comment in release.sgml about typical markup -->
<sect1 id="release-9-2-21">
<title>Release 9.2.21</title>
<formalpara>
<title>Release date:</title>
<para>2017-05-11</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.20.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<para>
The <productname>PostgreSQL</> community will stop releasing updates
for the 9.2.X release series in September 2017.
Users are encouraged to update to a newer release branch soon.
</para>
<sect2>
<title>Migration to Version 9.2.21</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you use foreign data servers that make use of user
passwords for authentication, see the first changelog entry below.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.20,
see <xref linkend="release-9-2-20">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Restrict visibility
of <structname>pg_user_mappings</>.<structfield>umoptions</>, to
protect passwords stored as user mapping options
(Michael Paquier, Feike Steenbergen)
</para>
<para>
The previous coding allowed the owner of a foreign server object,
or anyone he has granted server <literal>USAGE</> permission to,
to see the options for all user mappings associated with that server.
This might well include passwords for other users.
Adjust the view definition to match the behavior of
<structname>information_schema.user_mapping_options</>, namely that
these options are visible to the user being mapped, or if the mapping
is for <literal>PUBLIC</literal> and the current user is the server
owner, or if the current user is a superuser.
(CVE-2017-7486)
</para>
<para>
By itself, this patch will only fix the behavior in newly initdb'd
databases. If you wish to apply this change in an existing database,
you will need to do the following:
</para>
<procedure>
<step>
<para>
Restart the postmaster after adding <literal>allow_system_table_mods
= true</> to <filename>postgresql.conf</>. (In versions
supporting <command>ALTER SYSTEM</>, you can use that to make the
configuration change, but you'll still need a restart.)
</para>
</step>
<step>
<para>
In <emphasis>each</> database of the cluster,
run the following commands as superuser:
<programlisting>
SET search_path = pg_catalog;
CREATE OR REPLACE VIEW pg_user_mappings AS
SELECT
U.oid AS umid,
S.oid AS srvid,
S.srvname AS srvname,
U.umuser AS umuser,
CASE WHEN U.umuser = 0 THEN
'public'
ELSE
A.rolname
END AS usename,
CASE WHEN (U.umuser &lt;&gt; 0 AND A.rolname = current_user)
OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
THEN U.umoptions
ELSE NULL END AS umoptions
FROM pg_user_mapping U
LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN
pg_foreign_server S ON (U.umserver = S.oid);
</programlisting>
</para>
</step>
<step>
<para>
Do not forget to include the <literal>template0</>
and <literal>template1</> databases, or the vulnerability will still
exist in databases you create later. To fix <literal>template0</>,
you'll need to temporarily make it accept connections.
In <productname>PostgreSQL</> 9.5 and later, you can use
<programlisting>
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
</programlisting>
and then after fixing <literal>template0</>, undo that with
<programlisting>
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
</programlisting>
In prior versions, instead use
<programlisting>
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
</programlisting>
</para>
</step>
<step>
<para>
Finally, remove the <literal>allow_system_table_mods</> configuration
setting, and again restart the postmaster.
</para>
</step>
</procedure>
</listitem>
<listitem>
<para>
Prevent exposure of statistical information via leaky operators
(Peter Eisentraut)
</para>
<para>
Some selectivity estimation functions in the planner will apply
user-defined operators to values obtained
from <structname>pg_statistic</>, such as most common values and
histogram entries. This occurs before table permissions are checked,
so a nefarious user could exploit the behavior to obtain these values
for table columns he does not have permission to read. To fix,
fall back to a default estimate if the operator's implementation
function is not certified leak-proof and the calling user does not have
permission to read the table column whose statistics are needed.
At least one of these criteria is satisfied in most cases in practice.
(CVE-2017-7484)
</para>
</listitem>
<listitem>
<para>
Fix possible corruption of <quote>init forks</> of unlogged indexes
(Robert Haas, Michael Paquier)
</para>
<para>
This could result in an unlogged index being set to an invalid state
after a crash and restart. Such a problem would persist until the
index was dropped and rebuilt.
</para>
</listitem>
<listitem>
<para>
Fix incorrect reconstruction of <structname>pg_subtrans</> entries
when a standby server replays a prepared but uncommitted two-phase
transaction (Tom Lane)
</para>
<para>
In most cases this turned out to have no visible ill effects, but in
corner cases it could result in circular references
in <structname>pg_subtrans</>, potentially causing infinite loops
in queries that examine rows modified by the two-phase transaction.
</para>
</listitem>
<listitem>
<para>
Ensure parsing of queries in extension scripts sees the results of
immediately-preceding DDL (Julien Rouhaud, Tom Lane)
</para>
<para>
Due to lack of a cache flush step between commands in an extension
script file, non-utility queries might not see the effects of an
immediately preceding catalog change, such as <command>ALTER TABLE
... RENAME</>.
</para>
</listitem>
<listitem>
<para>
Skip tablespace privilege checks when <command>ALTER TABLE ... ALTER
COLUMN TYPE</> rebuilds an existing index (Noah Misch)
</para>
<para>
The command failed if the calling user did not currently have
<literal>CREATE</> privilege for the tablespace containing the index.
That behavior seems unhelpful, so skip the check, allowing the
index to be rebuilt where it is.
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER TABLE ... VALIDATE CONSTRAINT</> to not recurse
to child tables when the constraint is marked <literal>NO INHERIT</>
(Amit Langote)
</para>
<para>
This fix prevents unwanted <quote>constraint does not exist</> failures
when no matching constraint is present in the child tables.
</para>
</listitem>
<listitem>
<para>
Fix <command>VACUUM</> to account properly for pages that could not
be scanned due to conflicting page pins (Andrew Gierth)
</para>
<para>
This tended to lead to underestimation of the number of tuples in
the table. In the worst case of a small heavily-contended
table, <command>VACUUM</> could incorrectly report that the table
contained no tuples, leading to very bad planning choices.
</para>
</listitem>
<listitem>
<para>
Ensure that bulk-tuple-transfer loops within a hash join are
interruptible by query cancel requests (Tom Lane, Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix <function>cursor_to_xml()</> to produce valid output
with <replaceable>tableforest</> = false
(Thomas Munro, Peter Eisentraut)
</para>
<para>
Previously it failed to produce a wrapping <literal>&lt;table&gt;</>
element.
</para>
</listitem>
<listitem>
<para>
Improve performance of <structname>pg_timezone_names</> view
(Tom Lane, David Rowley)
</para>
</listitem>
<listitem>
<para>
Fix sloppy handling of corner-case errors from <function>lseek()</>
and <function>close()</> (Tom Lane)
</para>
<para>
Neither of these system calls are likely to fail in typical situations,
but if they did, <filename>fd.c</> could get quite confused.
</para>
</listitem>
<listitem>
<para>
Fix incorrect check for whether postmaster is running as a Windows
service (Michael Paquier)
</para>
<para>
This could result in attempting to write to the event log when that
isn't accessible, so that no logging happens at all.
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</> to support <command>COMMIT PREPARED</>
and <command>ROLLBACK PREPARED</> (Masahiko Sawada)
</para>
</listitem>
<listitem>
<para>
Fix a double-free error when processing dollar-quoted string literals
in <application>ecpg</> (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</>, fix incorrect schema and owner marking for
comments and security labels of some types of database objects
(Giuseppe Broccolo, Tom Lane)
</para>
<para>
In simple cases this caused no ill effects; but for example, a
schema-selective restore might omit comments it should include, because
they were not marked as belonging to the schema of their associated
object.
</para>
</listitem>
<listitem>
<para>
Avoid emitting an invalid list file in <literal>pg_restore -l</>
when SQL object names contain newlines (Tom Lane)
</para>
<para>
Replace newlines by spaces, which is sufficient to make the output
valid for <literal>pg_restore -L</>'s purposes.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> to transfer comments and security labels
attached to <quote>large objects</> (blobs) (Stephen Frost)
</para>
<para>
Previously, blobs were correctly transferred to the new database, but
any comments or security labels attached to them were lost.
</para>
</listitem>
<listitem>
<para>
Improve error handling
in <filename>contrib/adminpack</>'s <function>pg_file_write()</>
function (Noah Misch)
</para>
<para>
Notably, it failed to detect errors reported
by <function>fclose()</>.
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/dblink</>, avoid leaking the previous unnamed
connection when establishing a new unnamed connection (Joe Conway)
</para>
</listitem>
<listitem>
<para>
Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane)
</para>
<para>
This is a back-patch of work previously done in newer branches;
it's needed since many platforms are adopting newer OpenSSL versions.
</para>
</listitem>
<listitem>
<para>
Support Tcl 8.6 in MSVC builds (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Sync our copy of the timezone library with IANA release tzcode2017b
(Tom Lane)
</para>
<para>
This fixes a bug affecting some DST transitions in January 2038.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2017b
for DST law changes in Chile, Haiti, and Mongolia, plus historical
corrections for Ecuador, Kazakhstan, Liberia, and Spain.
Switch to numeric abbreviations for numerous time zones in South
America, the Pacific and Indian oceans, and some Asian and Middle
Eastern countries.
</para>
<para>
The IANA time zone database previously provided textual abbreviations
for all time zones, sometimes making up abbreviations that have little
or no currency among the local population. They are in process of
reversing that policy in favor of using numeric UTC offsets in zones
where there is no evidence of real-world use of an English
abbreviation. At least for the time being, <productname>PostgreSQL</>
will continue to accept such removed abbreviations for timestamp input.
But they will not be shown in the <structname>pg_timezone_names</>
view nor used for output.
</para>
</listitem>
<listitem>
<para>
Use correct daylight-savings rules for POSIX-style time zone names
in MSVC builds (David Rowley)
</para>
<para>
The Microsoft MSVC build scripts neglected to install
the <filename>posixrules</> file in the timezone directory tree.
This resulted in the timezone code falling back to its built-in
rule about what DST behavior to assume for a POSIX-style time zone
name. For historical reasons that still corresponds to the DST rules
the USA was using before 2007 (i.e., change on first Sunday in April
and last Sunday in October). With this fix, a POSIX-style zone name
will use the current and historical DST transition dates of
the <literal>US/Eastern</> zone. If you don't want that, remove
the <filename>posixrules</> file, or replace it with a copy of some
other zone file (see <xref linkend="datatype-timezones">). Note that
due to caching, you may need to restart the server to get such changes
to take effect.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-20">
<title>Release 9.2.20</title>
<formalpara>
<title>Release date:</title>
<para>2017-02-09</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.19.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.20</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if your installation has been affected by the bug described in
the first changelog entry below, then after updating you may need
to take action to repair corrupted indexes.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix a race condition that could cause indexes built
with <command>CREATE INDEX CONCURRENTLY</> to be corrupt
(Pavan Deolasee, Tom Lane)
</para>
<para>
If <command>CREATE INDEX CONCURRENTLY</> was used to build an index
that depends on a column not previously indexed, then rows
updated by transactions that ran concurrently with
the <command>CREATE INDEX</> command could have received incorrect
index entries. If you suspect this may have happened, the most
reliable solution is to rebuild affected indexes after installing
this update.
</para>
</listitem>
<listitem>
<para>
Unconditionally WAL-log creation of the <quote>init fork</> for an
unlogged table (Michael Paquier)
</para>
<para>
Previously, this was skipped when <xref linkend="guc-wal-level">
= <literal>minimal</>, but actually it's necessary even in that case
to ensure that the unlogged table is properly reset to empty after a
crash.
</para>
</listitem>
<listitem>
<!--
Author: Fujii Masao <fujii@postgresql.org>
Branch: REL9_2_STABLE [38bec1805] 2017-01-25 07:02:25 +0900
-->
<para>
Fix WAL page header validation when re-reading segments (Takayuki
Tsunakawa, Amit Kapila)
</para>
<para>
In corner cases, a spurious <quote>out-of-sequence TLI</> error
could be reported during recovery.
</para>
</listitem>
<listitem>
<para>
If the stats collector dies during hot standby, restart it (Takayuki
Tsunakawa)
</para>
</listitem>
<listitem>
<para>
Check for interrupts while hot standby is waiting for a conflicting
query (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Avoid constantly respawning the autovacuum launcher in a corner case
(Amit Khandekar)
</para>
<para>
This fix avoids problems when autovacuum is nominally off and there
are some tables that require freezing, but all such tables are
already being processed by autovacuum workers.
</para>
</listitem>
<listitem>
<para>
Fix check for when an extension member object can be dropped (Tom Lane)
</para>
<para>
Extension upgrade scripts should be able to drop member objects,
but this was disallowed for serial-column sequences, and possibly
other cases.
</para>
</listitem>
<listitem>
<para>
Make sure <command>ALTER TABLE</> preserves index tablespace
assignments when rebuilding indexes (Tom Lane, Michael Paquier)
</para>
<para>
Previously, non-default settings
of <xref linkend="guc-default-tablespace"> could result in broken
indexes.
</para>
</listitem>
<listitem>
<para>
Prevent dropping a foreign-key constraint if there are pending
trigger events for the referenced relation (Tom Lane)
</para>
<para>
This avoids <quote>could not find trigger <replaceable>NNN</></quote>
or <quote>relation <replaceable>NNN</> has no triggers</quote> errors.
</para>
</listitem>
<listitem>
<para>
Fix processing of OID column when a table with OIDs is associated to
a parent with OIDs via <command>ALTER TABLE ... INHERIT</> (Amit
Langote)
</para>
<para>
The OID column should be treated the same as regular user columns in
this case, but it wasn't, leading to odd behavior in later
inheritance changes.
</para>
</listitem>
<listitem>
<para>
Check for serializability conflicts before reporting
constraint-violation failures (Thomas Munro)
</para>
<para>
When using serializable transaction isolation, it is desirable
that any error due to concurrent transactions should manifest
as a serialization failure, thereby cueing the application that
a retry might succeed. Unfortunately, this does not reliably
happen for duplicate-key failures caused by concurrent insertions.
This change ensures that such an error will be reported as a
serialization error if the application explicitly checked for
the presence of a conflicting key (and did not find it) earlier
in the transaction.
</para>
</listitem>
<listitem>
<para>
Ensure that column typmods are determined accurately for
multi-row <literal>VALUES</> constructs (Tom Lane)
</para>
<para>
This fixes problems occurring when the first value in a column has a
determinable typmod (e.g., length for a <type>varchar</> value) but
later values don't share the same limit.
</para>
</listitem>
<listitem>
<para>
Throw error for an unfinished Unicode surrogate pair at the end of a
Unicode string (Tom Lane)
</para>
<para>
Normally, a Unicode surrogate leading character must be followed by a
Unicode surrogate trailing character, but the check for this was
missed if the leading character was the last character in a Unicode
string literal (<literal>U&amp;'...'</>) or Unicode identifier
(<literal>U&amp;"..."</>).
</para>
</listitem>
<listitem>
<para>
Ensure that a purely negative text search query, such
as <literal>!foo</>, matches empty <type>tsvector</>s (Tom Dunstan)
</para>
<para>
Such matches were found by GIN index searches, but not by sequential
scans or GiST index searches.
</para>
</listitem>
<listitem>
<para>
Prevent crash when <function>ts_rewrite()</> replaces a non-top-level
subtree with an empty query (Artur Zakirov)
</para>
</listitem>
<listitem>
<para>
Fix performance problems in <function>ts_rewrite()</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>ts_rewrite()</>'s handling of nested NOT operators
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>array_fill()</> to handle empty arrays properly (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix one-byte buffer overrun in <function>quote_literal_cstr()</>
(Heikki Linnakangas)
</para>
<para>
The overrun occurred only if the input consisted entirely of single
quotes and/or backslashes.
</para>
</listitem>
<listitem>
<para>
Prevent multiple calls of <function>pg_start_backup()</>
and <function>pg_stop_backup()</> from running concurrently (Michael
Paquier)
</para>
<para>
This avoids an assertion failure, and possibly worse things, if
someone tries to run these functions in parallel.
</para>
</listitem>
<listitem>
<para>
Avoid discarding <type>interval</>-to-<type>interval</> casts
that aren't really no-ops (Tom Lane)
</para>
<para>
In some cases, a cast that should result in zeroing out
low-order <type>interval</> fields was mistakenly deemed to be a
no-op and discarded. An example is that casting from <type>INTERVAL
MONTH</> to <type>INTERVAL YEAR</> failed to clear the months field.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to dump user-defined casts and transforms
that use built-in functions (Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Fix possible <application>pg_basebackup</> failure on standby
server when including WAL files (Amit Kapila, Robert Haas)
</para>
</listitem>
<listitem>
<para>
Ensure that the Python exception objects we create for PL/Python are
properly reference-counted (Rafa de la Torre, Tom Lane)
</para>
<para>
This avoids failures if the objects are used after a Python garbage
collection cycle has occurred.
</para>
</listitem>
<listitem>
<para>
Fix PL/Tcl to support triggers on tables that have <literal>.tupno</>
as a column name (Tom Lane)
</para>
<para>
This matches the (previously undocumented) behavior of
PL/Tcl's <command>spi_exec</> and <command>spi_execp</> commands,
namely that a magic <literal>.tupno</> column is inserted only if
there isn't a real column named that.
</para>
</listitem>
<listitem>
<para>
Allow DOS-style line endings in <filename>~/.pgpass</> files,
even on Unix (Vik Fearing)
</para>
<para>
This change simplifies use of the same password file across Unix and
Windows machines.
</para>
</listitem>
<listitem>
<para>
Fix one-byte buffer overrun if <application>ecpg</> is given a file
name that ends with a dot (Takayuki Tsunakawa)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s tab completion for <command>ALTER DEFAULT
PRIVILEGES</> (Gilles Darold, Stephen Frost)
</para>
</listitem>
<listitem>
<para>
In <application>psql</>, treat an empty or all-blank setting of
the <envar>PAGER</> environment variable as meaning <quote>no
pager</> (Tom Lane)
</para>
<para>
Previously, such a setting caused output intended for the pager to
vanish entirely.
</para>
</listitem>
<listitem>
<para>
Improve <filename>contrib/dblink</>'s reporting of
low-level <application>libpq</> errors, such as out-of-memory
(Joe Conway)
</para>
</listitem>
<listitem>
<para>
On Windows, ensure that environment variable changes are propagated
to DLLs built with debug options (Christian Ullrich)
</para>
</listitem>
<listitem>
<para>
Sync our copy of the timezone library with IANA release tzcode2016j
(Tom Lane)
</para>
<para>
This fixes various issues, most notably that timezone data
installation failed if the target directory didn't support hard
links.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2016j
for DST law changes in northern Cyprus (adding a new zone
Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga,
and Antarctica/Casey.
Historical corrections for Italy, Kazakhstan, Malta, and Palestine.
Switch to preferring numeric zone abbreviations for Tonga.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-19">
<title>Release 9.2.19</title>
<formalpara>
<title>Release date:</title>
<para>2016-10-27</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.18.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.19</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix EvalPlanQual rechecks involving CTE scans (Tom Lane)
</para>
<para>
The recheck would always see the CTE as returning no rows, typically
leading to failure to update rows that were recently updated.
</para>
</listitem>
<listitem>
<para>
Fix improper repetition of previous results from hashed aggregation in
a subquery (Andrew Gierth)
</para>
<para>
The test to see if we can reuse a previously-computed hash table of
the aggregate state values neglected the possibility of an outer query
reference appearing in an aggregate argument expression. A change in
the value of such a reference should lead to recalculating the hash
table, but did not.
</para>
</listitem>
<listitem>
<para>
Fix <command>EXPLAIN</> to emit valid XML when
<xref linkend="guc-track-io-timing"> is on (Markus Winand)
</para>
<para>
Previously the XML output-format option produced syntactically invalid
tags such as <literal>&lt;I/O-Read-Time&gt;</>. That is now
rendered as <literal>&lt;I-O-Read-Time&gt;</>.
</para>
</listitem>
<listitem>
<para>
Suppress printing of zeroes for unmeasured times
in <command>EXPLAIN</> (Maksim Milyutin)
</para>
<para>
Certain option combinations resulted in printing zero values for times
that actually aren't ever measured in that combination. Our general
policy in <command>EXPLAIN</> is not to print such fields at all, so
do that consistently in all cases.
</para>
</listitem>
<listitem>
<para>
Fix timeout length when <command>VACUUM</> is waiting for exclusive
table lock so that it can truncate the table (Simon Riggs)
</para>
<para>
The timeout was meant to be 50 milliseconds, but it was actually only
50 microseconds, causing <command>VACUUM</> to give up on truncation
much more easily than intended. Set it to the intended value.
</para>
</listitem>
<listitem>
<para>
Fix bugs in merging inherited <literal>CHECK</> constraints while
creating or altering a table (Tom Lane, Amit Langote)
</para>
<para>
Allow identical <literal>CHECK</> constraints to be added to a parent
and child table in either order. Prevent merging of a valid
constraint from the parent table with a <literal>NOT VALID</>
constraint on the child. Likewise, prevent merging of a <literal>NO
INHERIT</> child constraint with an inherited constraint.
</para>
</listitem>
<listitem>
<para>
Remove artificial restrictions on the values accepted
by <function>numeric_in()</> and <function>numeric_recv()</>
(Tom Lane)
</para>
<para>
We allow numeric values up to the limit of the storage format (more
than <literal>1e100000</>), so it seems fairly pointless
that <function>numeric_in()</> rejected scientific-notation exponents
above 1000. Likewise, it was silly for <function>numeric_recv()</> to
reject more than 1000 digits in an input value.
</para>
</listitem>
<listitem>
<para>
Avoid very-low-probability data corruption due to testing tuple
visibility without holding buffer lock (Thomas Munro, Peter Geoghegan,
Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix file descriptor leakage when truncating a temporary relation of
more than 1GB (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Disallow starting a standalone backend with <literal>standby_mode</>
turned on (Michael Paquier)
</para>
<para>
This can't do anything useful, since there will be no WAL receiver
process to fetch more WAL data; and it could result in misbehavior
in code that wasn't designed with this situation in mind.
</para>
</listitem>
<listitem>
<para>
Don't try to share SSL contexts across multiple connections
in <application>libpq</> (Heikki Linnakangas)
</para>
<para>
This led to assorted corner-case bugs, particularly when trying to use
different SSL parameters for different connections.
</para>
</listitem>
<listitem>
<para>
Avoid corner-case memory leak in <application>libpq</> (Tom Lane)
</para>
<para>
The reported problem involved leaking an error report
during <function>PQreset()</>, but there might be related cases.
</para>
</listitem>
<listitem>
<para>
Make <application>ecpg</>'s <option>--help</> and <option>--version</>
options work consistently with our other executables (Haribabu Kommi)
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</>, never dump range constructor functions
(Tom Lane)
</para>
<para>
This oversight led to <application>pg_upgrade</> failures with
extensions containing range types, due to duplicate creation of the
constructor functions.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/intarray/bench/bench.pl</> to print the results
of the <command>EXPLAIN</> it does when given the <option>-e</> option
(Daniel Gustafsson)
</para>
</listitem>
<listitem>
<para>
Update Windows time zone mapping to recognize some time zone names
added in recent Windows versions (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane)
</para>
<para>
If a dynamic time zone abbreviation does not match any entry in the
referenced time zone, treat it as equivalent to the time zone name.
This avoids unexpected failures when IANA removes abbreviations from
their time zone database, as they did in <application>tzdata</>
release 2016f and seem likely to do again in the future. The
consequences were not limited to not recognizing the individual
abbreviation; any mismatch caused
the <structname>pg_timezone_abbrevs</> view to fail altogether.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2016h
for DST law changes in Palestine and Turkey, plus historical
corrections for Turkey and some regions of Russia.
Switch to numeric abbreviations for some time zones in Antarctica,
the former Soviet Union, and Sri Lanka.
</para>
<para>
The IANA time zone database previously provided textual abbreviations
for all time zones, sometimes making up abbreviations that have little
or no currency among the local population. They are in process of
reversing that policy in favor of using numeric UTC offsets in zones
where there is no evidence of real-world use of an English
abbreviation. At least for the time being, <productname>PostgreSQL</>
will continue to accept such removed abbreviations for timestamp input.
But they will not be shown in the <structname>pg_timezone_names</>
view nor used for output.
</para>
<para>
In this update, <literal>AMT</> is no longer shown as being in use to
mean Armenia Time. Therefore, we have changed the <literal>Default</>
abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-18">
<title>Release 9.2.18</title>
<formalpara>
<title>Release date:</title>
<para>2016-08-11</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.17.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.18</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix possible mis-evaluation of
nested <literal>CASE</>-<literal>WHEN</> expressions (Heikki
Linnakangas, Michael Paquier, Tom Lane)
</para>
<para>
A <literal>CASE</> expression appearing within the test value
subexpression of another <literal>CASE</> could become confused about
whether its own test value was null or not. Also, inlining of a SQL
function implementing the equality operator used by
a <literal>CASE</> expression could result in passing the wrong test
value to functions called within a <literal>CASE</> expression in the
SQL function's body. If the test values were of different data
types, a crash might result; moreover such situations could be abused
to allow disclosure of portions of server memory. (CVE-2016-5423)
</para>
</listitem>
<listitem>
<para>
Fix client programs' handling of special characters in database and
role names (Noah Misch, Nathan Bossart, Michael Paquier)
</para>
<para>
Numerous places in <application>vacuumdb</> and other client programs
could become confused by database and role names containing double
quotes or backslashes. Tighten up quoting rules to make that safe.
Also, ensure that when a conninfo string is used as a database name
parameter to these programs, it is correctly treated as such throughout.
</para>
<para>
Fix handling of paired double quotes
in <application>psql</>'s <command>\connect</>
and <command>\password</> commands to match the documentation.
</para>
<para>
Introduce a new <option>-reuse-previous</> option
in <application>psql</>'s <command>\connect</> command to allow
explicit control of whether to re-use connection parameters from a
previous connection. (Without this, the choice is based on whether
the database name looks like a conninfo string, as before.) This
allows secure handling of database names containing special
characters in <application>pg_dumpall</> scripts.
</para>
<para>
<application>pg_dumpall</> now refuses to deal with database and role
names containing carriage returns or newlines, as it seems impractical
to quote those characters safely on Windows. In future we may reject
such names on the server side, but that step has not been taken yet.
</para>
<para>
These are considered security fixes because crafted object names
containing special characters could have been used to execute
commands with superuser privileges the next time a superuser
executes <application>pg_dumpall</> or other routine maintenance
operations. (CVE-2016-5424)
</para>
</listitem>
<listitem>
<para>
Fix corner-case misbehaviors for <literal>IS NULL</>/<literal>IS NOT
NULL</> applied to nested composite values (Andrew Gierth, Tom Lane)
</para>
<para>
The SQL standard specifies that <literal>IS NULL</> should return
TRUE for a row of all null values (thus <literal>ROW(NULL,NULL) IS
NULL</> yields TRUE), but this is not meant to apply recursively
(thus <literal>ROW(NULL, ROW(NULL,NULL)) IS NULL</> yields FALSE).
The core executor got this right, but certain planner optimizations
treated the test as recursive (thus producing TRUE in both cases),
and <filename>contrib/postgres_fdw</> could produce remote queries
that misbehaved similarly.
</para>
</listitem>
<listitem>
<para>
Make the <type>inet</> and <type>cidr</> data types properly reject
IPv6 addresses with too many colon-separated fields (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent crash in <function>close_ps()</>
(the <type>point</> <literal>##</> <type>lseg</> operator)
for NaN input coordinates (Tom Lane)
</para>
<para>
Make it return NULL instead of crashing.
</para>
</listitem>
<listitem>
<para>
Fix several one-byte buffer over-reads in <function>to_number()</>
(Peter Eisentraut)
</para>
<para>
In several cases the <function>to_number()</> function would read one
more character than it should from the input string. There is a
small chance of a crash, if the input happens to be adjacent to the
end of memory.
</para>
</listitem>
<listitem>
<para>
Avoid unsafe intermediate state during expensive paths
through <function>heap_update()</> (Masahiko Sawada, Andres Freund)
</para>
<para>
Previously, these cases locked the target tuple (by setting its XMAX)
but did not WAL-log that action, thus risking data integrity problems
if the page were spilled to disk and then a database crash occurred
before the tuple update could be completed.
</para>
</listitem>
<listitem>
<para>
Avoid crash in <literal>postgres -C</> when the specified variable
has a null string value (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Avoid consuming a transaction ID during <command>VACUUM</>
(Alexander Korotkov)
</para>
<para>
Some cases in <command>VACUUM</> unnecessarily caused an XID to be
assigned to the current transaction. Normally this is negligible,
but if one is up against the XID wraparound limit, consuming more
XIDs during anti-wraparound vacuums is a very bad thing.
</para>
</listitem>
<listitem>
<para>
Avoid canceling hot-standby queries during <command>VACUUM FREEZE</>
(Simon Riggs, &Aacute;lvaro Herrera)
</para>
<para>
<command>VACUUM FREEZE</> on an otherwise-idle master server could
result in unnecessary cancellations of queries on its standby
servers.
</para>
</listitem>
<listitem>
<para>
When a manual <command>ANALYZE</> specifies a column list, don't
reset the table's <literal>changes_since_analyze</> counter
(Tom Lane)
</para>
<para>
If we're only analyzing some columns, we should not prevent routine
auto-analyze from happening for the other columns.
</para>
</listitem>
<listitem>
<para>
Fix <command>ANALYZE</>'s overestimation of <literal>n_distinct</>
for a unique or nearly-unique column with many null entries (Tom
Lane)
</para>
<para>
The nulls could get counted as though they were themselves distinct
values, leading to serious planner misestimates in some types of
queries.
</para>
</listitem>
<listitem>
<para>
Prevent autovacuum from starting multiple workers for the same shared
catalog (&Aacute;lvaro Herrera)
</para>
<para>
Normally this isn't much of a problem because the vacuum doesn't take
long anyway; but in the case of a severely bloated catalog, it could
result in all but one worker uselessly waiting instead of doing
useful work on other tables.
</para>
</listitem>
<listitem>
<para>
Prevent infinite loop in GiST index build for geometric columns
containing NaN component values (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/btree_gin</> to handle the smallest
possible <type>bigint</> value correctly (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Teach libpq to correctly decode server version from future servers
(Peter Eisentraut)
</para>
<para>
It's planned to switch to two-part instead of three-part server
version numbers for releases after 9.6. Make sure
that <function>PQserverVersion()</> returns the correct value for
such cases.
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s code for <literal>unsigned long long</>
array elements (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</> with both <option>-c</> and <option>-C</>
options, avoid emitting an unwanted <literal>CREATE SCHEMA public</>
command (David Johnston, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_basebackup</> accept <literal>-Z 0</> as
specifying no compression (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix makefiles' rule for building AIX shared libraries to be safe for
parallel make (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix TAP tests and MSVC scripts to work when build directory's path
name contains spaces (Michael Paquier, Kyotaro Horiguchi)
</para>
</listitem>
<listitem>
<para>
Make regression tests safe for Danish and Welsh locales (Jeff Janes,
Tom Lane)
</para>
<para>
Change some test data that triggered the unusual sorting rules of
these locales.
</para>
</listitem>
<listitem>
<para>
Update our copy of the timezone code to match
IANA's <application>tzcode</> release 2016c (Tom Lane)
</para>
<para>
This is needed to cope with anticipated future changes in the time
zone data files. It also fixes some corner-case bugs in coping with
unusual time zones.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2016f
for DST law changes in Kemerovo and Novosibirsk, plus historical
corrections for Azerbaijan, Belarus, and Morocco.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-17">
<title>Release 9.2.17</title>
<formalpara>
<title>Release date:</title>
<para>2016-05-12</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.16.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.17</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Clear the OpenSSL error queue before OpenSSL calls, rather than
assuming it's clear already; and make sure we leave it clear
afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut)
</para>
<para>
This change prevents problems when there are multiple connections
using OpenSSL within a single process and not all the code involved
follows the same rules for when to clear the error queue.
Failures have been reported specifically when a client application
uses SSL connections in <application>libpq</> concurrently with
SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL.
It's possible for similar problems to arise within the server as well,
if an extension module establishes an outgoing SSL connection.
</para>
</listitem>
<listitem>
<para>
Fix <quote>failed to build any <replaceable>N</>-way joins</quote>
planner error with a full join enclosed in the right-hand side of a
left join (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix incorrect handling of equivalence-class tests in multilevel
nestloop plans (Tom Lane)
</para>
<para>
Given a three-or-more-way equivalence class of variables, such
as <literal>X.X = Y.Y = Z.Z</>, it was possible for the planner to omit
some of the tests needed to enforce that all the variables are actually
equal, leading to join rows being output that didn't satisfy
the <literal>WHERE</> clauses. For various reasons, erroneous plans
were seldom selected in practice, so that this bug has gone undetected
for a long time.
</para>
</listitem>
<listitem>
<para>
Fix possible misbehavior of <literal>TH</>, <literal>th</>,
and <literal>Y,YYY</> format codes in <function>to_timestamp()</>
(Tom Lane)
</para>
<para>
These could advance off the end of the input string, causing subsequent
format codes to read garbage.
</para>
</listitem>
<listitem>
<para>
Fix dumping of rules and views in which the <replaceable>array</>
argument of a <literal><replaceable>value</> <replaceable>operator</>
ANY (<replaceable>array</>)</literal> construct is a sub-SELECT
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_regress</> use a startup timeout from the
<envar>PGCTLTIMEOUT</> environment variable, if that's set (Tom Lane)
</para>
<para>
This is for consistency with a behavior recently added
to <application>pg_ctl</>; it eases automated testing on slow machines.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> to correctly restore extension
membership for operator families containing only one operator class
(Tom Lane)
</para>
<para>
In such a case, the operator family was restored into the new database,
but it was no longer marked as part of the extension. This had no
immediate ill effects, but would cause later <application>pg_dump</>
runs to emit output that would cause (harmless) errors on restore.
</para>
</listitem>
<listitem>
<para>
Back-port 9.4-era memory-barrier code changes into 9.2 and 9.3 (Tom Lane)
</para>
<para>
These changes were not originally needed in pre-9.4 branches, but we
recently back-patched a fix that expected the barrier code to work
properly. Only IA64 (when using icc), HPPA, and Alpha platforms are
affected.
</para>
</listitem>
<listitem>
<para>
Reduce the number of SysV semaphores used by a build configured with
<option>--disable-spinlocks</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Rename internal function <function>strtoi()</>
to <function>strtoint()</> to avoid conflict with a NetBSD library
function (Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix reporting of errors from <function>bind()</>
and <function>listen()</> system calls on Windows (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Reduce verbosity of compiler output when building with Microsoft Visual
Studio (Christian Ullrich)
</para>
</listitem>
<listitem>
<para>
Avoid possibly-unsafe use of Windows' <function>FormatMessage()</>
function (Christian Ullrich)
</para>
<para>
Use the <literal>FORMAT_MESSAGE_IGNORE_INSERTS</> flag where
appropriate. No live bug is known to exist here, but it seems like a
good idea to be careful.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2016d
for DST law changes in Russia and Venezuela. There are new zone
names <literal>Europe/Kirov</> and <literal>Asia/Tomsk</> to reflect
the fact that these regions now have different time zone histories from
adjacent regions.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-16">
<title>Release 9.2.16</title>
<formalpara>
<title>Release date:</title>
<para>2016-03-31</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.15.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.16</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix incorrect handling of NULL index entries in
indexed <literal>ROW()</> comparisons (Tom Lane)
</para>
<para>
An index search using a row comparison such as <literal>ROW(a, b) &gt;
ROW('x', 'y')</> would stop upon reaching a NULL entry in
the <structfield>b</> column, ignoring the fact that there might be
non-NULL <structfield>b</> values associated with later values
of <structfield>a</>.
</para>
</listitem>
<listitem>
<para>
Avoid unlikely data-loss scenarios due to renaming files without
adequate <function>fsync()</> calls before and after (Michael Paquier,
Tomas Vondra, Andres Freund)
</para>
</listitem>
<listitem>
<para>
Correctly handle cases where <literal>pg_subtrans</> is close to XID
wraparound during server startup (Jeff Janes)
</para>
</listitem>
<listitem>
<para>
Fix corner-case crash due to trying to free <function>localeconv()</>
output strings more than once (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix parsing of affix files for <literal>ispell</> dictionaries
(Tom Lane)
</para>
<para>
The code could go wrong if the affix file contained any characters
whose byte length changes during case-folding, for
example <literal>I</> in Turkish UTF8 locales.
</para>
</listitem>
<listitem>
<para>
Avoid use of <function>sscanf()</> to parse <literal>ispell</>
dictionary files (Artur Zakirov)
</para>
<para>
This dodges a portability problem on FreeBSD-derived platforms
(including macOS).
</para>
</listitem>
<listitem>
<para>
Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an
AVX2-capable CPU and a Postgres build done with Visual Studio 2013
(Christian Ullrich)
</para>
<para>
This is a workaround for a bug in Visual Studio 2013's runtime
library, which Microsoft have stated they will not fix in that
version.
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s tab completion logic to handle multibyte
characters properly (Kyotaro Horiguchi, Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s tab completion for
<literal>SECURITY LABEL</> (Tom Lane)
</para>
<para>
Pressing TAB after <literal>SECURITY LABEL</> might cause a crash
or offering of inappropriate keywords.
</para>
</listitem>
<listitem>
<para>
Make <application>pg_ctl</> accept a wait timeout from the
<envar>PGCTLTIMEOUT</> environment variable, if none is specified on
the command line (Noah Misch)
</para>
<para>
This eases testing of slower buildfarm members by allowing them
to globally specify a longer-than-normal timeout for postmaster
startup and shutdown.
</para>
</listitem>
<listitem>
<para>
Fix incorrect test for Windows service status
in <application>pg_ctl</> (Manuel Mathar)
</para>
<para>
The previous set of minor releases attempted to
fix <application>pg_ctl</> to properly determine whether to send log
messages to Window's Event Log, but got the test backwards.
</para>
</listitem>
<listitem>
<para>
Fix <application>pgbench</> to correctly handle the combination
of <literal>-C</> and <literal>-M prepared</> options (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In PL/Perl, properly translate empty Postgres arrays into empty Perl
arrays (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Make PL/Python cope with function names that aren't valid Python
identifiers (Jim Nasby)
</para>
</listitem>
<listitem>
<para>
Fix multiple mistakes in the statistics returned
by <filename>contrib/pgstattuple</>'s <function>pgstatindex()</>
function (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Remove dependency on <literal>psed</> in MSVC builds, since it's no
longer provided by core Perl (Michael Paquier, Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2016c
for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia
(Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus
historical corrections for Lithuania, Moldova, and Russia
(Kaliningrad, Samara, Volgograd).
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-15">
<title>Release 9.2.15</title>
<formalpara>
<title>Release date:</title>
<para>2016-02-11</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.14.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.15</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix infinite loops and buffer-overrun problems in regular expressions
(Tom Lane)
</para>
<para>
Very large character ranges in bracket expressions could cause
infinite loops in some cases, and memory overwrites in other cases.
(CVE-2016-0773)
</para>
</listitem>
<listitem>
<para>
Perform an immediate shutdown if the <filename>postmaster.pid</> file
is removed (Tom Lane)
</para>
<para>
The postmaster now checks every minute or so
that <filename>postmaster.pid</> is still there and still contains its
own PID. If not, it performs an immediate shutdown, as though it had
received <systemitem>SIGQUIT</>. The main motivation for this change
is to ensure that failed buildfarm runs will get cleaned up without
manual intervention; but it also serves to limit the bad effects if a
DBA forcibly removes <filename>postmaster.pid</> and then starts a new
postmaster.
</para>
</listitem>
<listitem>
<para>
In <literal>SERIALIZABLE</> transaction isolation mode, serialization
anomalies could be missed due to race conditions during insertions
(Kevin Grittner, Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix failure to emit appropriate WAL records when doing <literal>ALTER
TABLE ... SET TABLESPACE</> for unlogged relations (Michael Paquier,
Andres Freund)
</para>
<para>
Even though the relation's data is unlogged, the move must be logged or
the relation will be inaccessible after a standby is promoted to master.
</para>
</listitem>
<listitem>
<para>
Fix possible misinitialization of unlogged relations at the end of
crash recovery (Andres Freund, Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER COLUMN TYPE</> to reconstruct inherited check
constraints properly (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> to change ownership of composite types
properly (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> and <command>ALTER OWNER</> to correctly
update granted-permissions lists when changing owners of data types,
foreign data wrappers, or foreign servers (Bruce Momjian,
&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> to ignore foreign user mappings,
rather than fail (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Add more defenses against bad planner cost estimates for GIN index
scans when the index's internal statistics are very out-of-date
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make planner cope with hypothetical GIN indexes suggested by an index
advisor plug-in (Julien Rouhaud)
</para>
</listitem>
<listitem>
<para>
Fix dumping of whole-row Vars in <literal>ROW()</>
and <literal>VALUES()</> lists (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible internal overflow in <type>numeric</> division
(Dean Rasheed)
</para>
</listitem>
<listitem>
<para>
Fix enforcement of restrictions inside parentheses within regular
expression lookahead constraints (Tom Lane)
</para>
<para>
Lookahead constraints aren't allowed to contain backrefs, and
parentheses within them are always considered non-capturing, according
to the manual. However, the code failed to handle these cases properly
inside a parenthesized subexpression, and would give unexpected
results.
</para>
</listitem>
<listitem>
<para>
Conversion of regular expressions to indexscan bounds could produce
incorrect bounds from regexps containing lookahead constraints
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix regular-expression compiler to handle loops of constraint arcs
(Tom Lane)
</para>
<para>
The code added for CVE-2007-4772 was both incomplete, in that it didn't
handle loops involving more than one state, and incorrect, in that it
could cause assertion failures (though there seem to be no bad
consequences of that in a non-assert build). Multi-state loops would
cause the compiler to run until the query was canceled or it reached
the too-many-states error condition.
</para>
</listitem>
<listitem>
<para>
Improve memory-usage accounting in regular-expression compiler
(Tom Lane)
</para>
<para>
This causes the code to emit <quote>regular expression is too
complex</> errors in some cases that previously used unreasonable
amounts of time and memory.
</para>
</listitem>
<listitem>
<para>
Improve performance of regular-expression compiler (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <literal>%h</> and <literal>%r</> escapes
in <varname>log_line_prefix</> work for messages emitted due
to <varname>log_connections</> (Tom Lane)
</para>
<para>
Previously, <literal>%h</>/<literal>%r</> started to work just after a
new session had emitted the <quote>connection received</> log message;
now they work for that message too.
</para>
</listitem>
<listitem>
<para>
On Windows, ensure the shared-memory mapping handle gets closed in
child processes that don't need it (Tom Lane, Amit Kapila)
</para>
<para>
This oversight resulted in failure to recover from crashes
whenever <varname>logging_collector</> is turned on.
</para>
</listitem>
<listitem>
<para>
Fix possible failure to detect socket EOF in non-blocking mode on
Windows (Tom Lane)
</para>
<para>
It's not entirely clear whether this problem can happen in pre-9.5
branches, but if it did, the symptom would be that a walsender process
would wait indefinitely rather than noticing a loss of connection.
</para>
</listitem>
<listitem>
<para>
Avoid leaking a token handle during SSPI authentication
(Christian Ullrich)
</para>
</listitem>
<listitem>
<para>
In <application>psql</>, ensure that <application>libreadline</>'s idea
of the screen size is updated when the terminal window size changes
(Merlin Moncure)
</para>
<para>
Previously, <application>libreadline</> did not notice if the window
was resized during query output, leading to strange behavior during
later input of multiline queries.
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s <literal>\det</> command to interpret its
pattern argument the same way as other <literal>\d</> commands with
potentially schema-qualified patterns do (Reece Hart)
</para>
</listitem>
<listitem>
<para>
Avoid possible crash in <application>psql</>'s <literal>\c</> command
when previous connection was via Unix socket and command specifies a
new hostname and same username (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In <literal>pg_ctl start -w</>, test child process status directly
rather than relying on heuristics (Tom Lane, Michael Paquier)
</para>
<para>
Previously, <application>pg_ctl</> relied on an assumption that the new
postmaster would always create <filename>postmaster.pid</> within five
seconds. But that can fail on heavily-loaded systems,
causing <application>pg_ctl</> to report incorrectly that the
postmaster failed to start.
</para>
<para>
Except on Windows, this change also means that a <literal>pg_ctl start
-w</> done immediately after another such command will now reliably
fail, whereas previously it would report success if done within two
seconds of the first command.
</para>
</listitem>
<listitem>
<para>
In <literal>pg_ctl start -w</>, don't attempt to use a wildcard listen
address to connect to the postmaster (Kondo Yuta)
</para>
<para>
On Windows, <application>pg_ctl</> would fail to detect postmaster
startup if <varname>listen_addresses</> is set to <literal>0.0.0.0</>
or <literal>::</>, because it would try to use that value verbatim as
the address to connect to, which doesn't work. Instead assume
that <literal>127.0.0.1</> or <literal>::1</>, respectively, is the
right thing to use.
</para>
</listitem>
<listitem>
<para>
In <application>pg_ctl</> on Windows, check service status to decide
where to send output, rather than checking if standard output is a
terminal (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</> and <application>pg_basebackup</>, adopt
the GNU convention for handling tar-archive members exceeding 8GB
(Tom Lane)
</para>
<para>
The POSIX standard for <literal>tar</> file format does not allow
archive member files to exceed 8GB, but most modern implementations
of <application>tar</> support an extension that fixes that. Adopt
this extension so that <application>pg_dump</> with <option>-Ft</> no
longer fails on tables with more than 8GB of data, and so
that <application>pg_basebackup</> can handle files larger than 8GB.
In addition, fix some portability issues that could cause failures for
members between 4GB and 8GB on some platforms. Potentially these
problems could cause unrecoverable data loss due to unreadable backup
files.
</para>
</listitem>
<listitem>
<para>
Fix assorted corner-case bugs in <application>pg_dump</>'s processing
of extension member objects (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</> mark a view's triggers as needing to be
processed after its rule, to prevent possible failure during
parallel <application>pg_restore</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that relation option values are properly quoted
in <application>pg_dump</> (Kouhei Sutou, Tom Lane)
</para>
<para>
A reloption value that isn't a simple identifier or number could lead
to dump/reload failures due to syntax errors in CREATE statements
issued by <application>pg_dump</>. This is not an issue with any
reloption currently supported by core <productname>PostgreSQL</>, but
extensions could allow reloptions that cause the problem.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</>'s file-copying code to handle errors
properly on Windows (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Install guards in <application>pgbench</> against corner-case overflow
conditions during evaluation of script-specified division or modulo
operators (Fabien Coelho, Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix failure to localize messages emitted
by <application>pg_receivexlog</> and <application>pg_recvlogical</>
(Ioseph Kim)
</para>
</listitem>
<listitem>
<para>
Avoid dump/reload problems when using both <application>plpython2</>
and <application>plpython3</> (Tom Lane)
</para>
<para>
In principle, both versions of <application>PL/Python</> can be used in
the same database, though not in the same session (because the two
versions of <application>libpython</> cannot safely be used concurrently).
However, <application>pg_restore</> and <application>pg_upgrade</> both
do things that can fall foul of the same-session restriction. Work
around that by changing the timing of the check.
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/Python</> regression tests to pass with Python 3.5
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Prevent certain <application>PL/Java</> parameters from being set by
non-superusers (Noah Misch)
</para>
<para>
This change mitigates a <application>PL/Java</> security bug
(CVE-2016-0766), which was fixed in <application>PL/Java</> by marking
these parameters as superuser-only. To fix the security hazard for
sites that update <productname>PostgreSQL</> more frequently
than <application>PL/Java</>, make the core code aware of them also.
</para>
</listitem>
<listitem>
<para>
Improve <application>libpq</>'s handling of out-of-memory situations
(Michael Paquier, Amit Kapila, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix order of arguments
in <application>ecpg</>-generated <literal>typedef</> statements
(Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Use <literal>%g</> not <literal>%f</> format
in <application>ecpg</>'s <function>PGTYPESnumeric_from_double()</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>-supplied header files to not contain comments
continued from a preprocessor directive line onto the next line
(Michael Meskes)
</para>
<para>
Such a comment is rejected by <application>ecpg</>. It's not yet clear
whether <application>ecpg</> itself should be changed.
</para>
</listitem>
<listitem>
<para>
Ensure that <filename>contrib/pgcrypto</>'s <function>crypt()</>
function can be interrupted by query cancel (Andreas Karlsson)
</para>
</listitem>
<listitem>
<para>
Accept <application>flex</> versions later than 2.5.x
(Tom Lane, Michael Paquier)
</para>
<para>
Now that flex 2.6.0 has been released, the version checks in our build
scripts needed to be adjusted.
</para>
</listitem>
<listitem>
<para>
Install our <filename>missing</> script where PGXS builds can find it
(Jim Nasby)
</para>
<para>
This allows sane behavior in a PGXS build done on a machine where build
tools such as <application>bison</> are missing.
</para>
</listitem>
<listitem>
<para>
Ensure that <filename>dynloader.h</> is included in the installed
header files in MSVC builds (Bruce Momjian, Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Add variant regression test expected-output file to match behavior of
current <application>libxml2</> (Tom Lane)
</para>
<para>
The fix for <application>libxml2</>'s CVE-2015-7499 causes it not to
output error context reports in some cases where it used to do so.
This seems to be a bug, but we'll probably have to live with it for
some time, so work around it.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2016a for
DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-14">
<title>Release 9.2.14</title>
<formalpara>
<title>Release date:</title>
<para>2015-10-08</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.13.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.14</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</> to detect and report
too-short <function>crypt()</> salts (Josh Kupershmidt)
</para>
<para>
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
</para>
</listitem>
<listitem>
<para>
Fix subtransaction cleanup after a portal (cursor) belonging to an
outer subtransaction fails (Tom Lane, Michael Paquier)
</para>
<para>
A function executed in an outer-subtransaction cursor could cause an
assertion failure or crash by referencing a relation created within an
inner subtransaction.
</para>
</listitem>
<listitem>
<para>
Fix insertion of relations into the relation cache <quote>init file</>
(Tom Lane)
</para>
<para>
An oversight in a patch in the most recent minor releases
caused <structname>pg_trigger_tgrelid_tgname_index</> to be omitted
from the init file. Subsequent sessions detected this, then deemed the
init file to be broken and silently ignored it, resulting in a
significant degradation in session startup time. In addition to fixing
the bug, install some guards so that any similar future mistake will be
more obvious.
</para>
</listitem>
<listitem>
<para>
Avoid O(N^2) behavior when inserting many tuples into a SPI query
result (Neil Conway)
</para>
</listitem>
<listitem>
<para>
Improve <command>LISTEN</> startup time when there are many unread
notifications (Matt Newell)
</para>
</listitem>
<!--
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: REL9_2_STABLE [0e933fdf9] 2015-08-27 12:22:10 -0400
Branch: REL9_1_STABLE [9b1b9446f] 2015-08-27 12:22:10 -0400
-->
<listitem>
<para>
Back-patch 9.3-era addition of per-resource-owner lock caches
(Jeff Janes)
</para>
<para>
This substantially improves performance when <application>pg_dump</>
tries to dump a large number of tables.
</para>
</listitem>
<listitem>
<para>
Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
</para>
<para>
While use of SSL renegotiation is a good idea in theory, we have seen
too many bugs in practice, both in the underlying OpenSSL library and
in our usage of it. Renegotiation will be removed entirely in 9.5 and
later. In the older branches, just change the default value
of <varname>ssl_renegotiation_limit</> to zero (disabled).
</para>
</listitem>
<listitem>
<para>
Lower the minimum values of the <literal>*_freeze_max_age</> parameters
(Andres Freund)
</para>
<para>
This is mainly to make tests of related behavior less time-consuming,
but it may also be of value for installations with limited disk space.
</para>
</listitem>
<listitem>
<para>
Limit the maximum value of <varname>wal_buffers</> to 2GB to avoid
server crashes (Josh Berkus)
</para>
</listitem>
<listitem>
<para>
Fix rare internal overflow in multiplication of <type>numeric</> values
(Dean Rasheed)
</para>
</listitem>
<listitem>
<para>
Guard against hard-to-reach stack overflows involving record types,
range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
<type>ltxtquery</> and <type>query_int</> (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input
(Greg Stark)
</para>
<para>
These tokens aren't meant to be used in datetime values, but previously
they resulted in opaque internal error messages rather
than <quote>invalid input syntax</>.
</para>
</listitem>
<listitem>
<para>
Add more query-cancel checks to regular expression matching (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add recursion depth protections to regular expression, <literal>SIMILAR
TO</>, and <literal>LIKE</> matching (Tom Lane)
</para>
<para>
Suitable search patterns and a low stack depth limit could lead to
stack-overrun crashes.
</para>
</listitem>
<listitem>
<para>
Fix potential infinite loop in regular expression execution (Tom Lane)
</para>
<para>
A search pattern that can apparently match a zero-length string, but
actually doesn't match because of a back reference, could lead to an
infinite loop.
</para>
</listitem>
<listitem>
<para>
In regular expression execution, correctly record match data for
capturing parentheses within a quantifier even when the match is
zero-length (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix low-memory failures in regular expression compilation
(Andreas Seltenreich)
</para>
</listitem>
<listitem>
<para>
Fix low-probability memory leak during regular expression execution
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix rare low-memory failure in lock cleanup during transaction abort
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>unexpected out-of-memory situation during sort</> errors
when using tuplestores with small <varname>work_mem</> settings (Tom
Lane)
</para>
</listitem>
<listitem>
<para>
Fix very-low-probability stack overrun in <function>qsort</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>invalid memory alloc request size</> failure in hash joins
with large <varname>work_mem</> settings (Tomas Vondra, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix assorted planner bugs (Tom Lane)
</para>
<para>
These mistakes could lead to incorrect query plans that would give wrong
answers, or to assertion failures in assert-enabled builds, or to odd
planner errors such as <quote>could not devise a query plan for the
given query</>, <quote>could not find pathkey item to
sort</>, <quote>plan should not reference subplan's variable</>,
or <quote>failed to assign all NestLoopParams to plan nodes</>.
Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz
testing that exposed these problems.
</para>
</listitem>
<listitem>
<para>
Improve planner's performance for <command>UPDATE</>/<command>DELETE</>
on large inheritance sets (Tom Lane, Dean Rasheed)
</para>
</listitem>
<listitem>
<para>
Ensure standby promotion trigger files are removed at postmaster
startup (Michael Paquier, Fujii Masao)
</para>
<para>
This prevents unwanted promotion from occurring if these files appear
in a database backup that is used to initialize a new standby server.
</para>
</listitem>
<listitem>
<para>
During postmaster shutdown, ensure that per-socket lock files are
removed and listen sockets are closed before we remove
the <filename>postmaster.pid</> file (Tom Lane)
</para>
<para>
This avoids race-condition failures if an external script attempts to
start a new postmaster as soon as <literal>pg_ctl stop</> returns.
</para>
</listitem>
<listitem>
<para>
Fix postmaster's handling of a startup-process crash during crash
recovery (Tom Lane)
</para>
<para>
If, during a crash recovery cycle, the startup process crashes without
having restored database consistency, we'd try to launch a new startup
process, which typically would just crash again, leading to an infinite
loop.
</para>
</listitem>
<listitem>
<para>
Do not print a <literal>WARNING</> when an autovacuum worker is already
gone when we attempt to signal it, and reduce log verbosity for such
signals (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent autovacuum launcher from sleeping unduly long if the server
clock is moved backwards a large amount (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Ensure that cleanup of a GIN index's pending-insertions list is
interruptable by cancel requests (Jeff Janes)
</para>
</listitem>
<listitem>
<para>
Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas)
</para>
<para>
Such a page might be left behind after a crash.
</para>
</listitem>
<listitem>
<para>
Fix handling of all-zeroes pages in SP-GiST indexes (Heikki
Linnakangas)
</para>
<para>
<command>VACUUM</> attempted to recycle such pages, but did so in a
way that wasn't crash-safe.
</para>
</listitem>
<listitem>
<para>
Fix off-by-one error that led to otherwise-harmless warnings
about <quote>apparent wraparound</> in subtrans/multixact truncation
(Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix misreporting of <command>CONTINUE</> and <command>MOVE</> statement
types in <application>PL/pgSQL</>'s error context messages
(Pavel Stehule, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/Perl</> to handle non-<acronym>ASCII</> error
message texts correctly (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/Python</> crash when returning the string
representation of a <type>record</> result (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix some places in <application>PL/Tcl</> that neglected to check for
failure of <function>malloc()</> calls (Michael Paquier, &Aacute;lvaro
Herrera)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/isn</>, fix output of ISBN-13 numbers that begin
with 979 (Fabien Coelho)
</para>
<para>
EANs beginning with 979 (but not 9790) are considered ISBNs, but they
must be printed in the new 13-digit format, not the 10-digit format.
</para>
</listitem>
<!--
Author: Joe Conway <mail@joeconway.com>
Branch: REL9_2_STABLE [e90a629e1] 2015-09-22 14:58:38 -0700
-->
<listitem>
<para>
Fix <filename>contrib/sepgsql</>'s handling of <command>SELECT INTO</>
statements (Kohei KaiGai)
</para>
</listitem>
<listitem>
<para>
Improve <application>libpq</>'s handling of out-of-memory conditions
(Michael Paquier, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix memory leaks and missing out-of-memory checks
in <application>ecpg</> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s code for locale-aware formatting of numeric
output (Tom Lane)
</para>
<para>
The formatting code invoked by <literal>\pset numericlocale on</>
did the wrong thing for some uncommon cases such as numbers with an
exponent but no decimal point. It could also mangle already-localized
output from the <type>money</> data type.
</para>
</listitem>
<listitem>
<para>
Prevent crash in <application>psql</>'s <command>\c</> command when
there is no current connection (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</> handle inherited <literal>NOT VALID</>
check constraints correctly (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix selection of default <application>zlib</> compression level
in <application>pg_dump</>'s directory output format (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Ensure that temporary files created during a <application>pg_dump</>
run with <acronym>tar</>-format output are not world-readable (Michael
Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> and <application>pg_upgrade</> to support
cases where the <literal>postgres</> or <literal>template1</> database
is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to handle object privileges sanely when
dumping from a server too old to have a particular privilege type
(Tom Lane)
</para>
<para>
When dumping data types from pre-9.2 servers, and when dumping
functions or procedural languages from pre-7.3
servers, <application>pg_dump</> would
produce <command>GRANT</>/<command>REVOKE</> commands that revoked the
owner's grantable privileges and instead granted all privileges
to <literal>PUBLIC</>. Since the privileges involved are
just <literal>USAGE</> and <literal>EXECUTE</>, this isn't a security
problem, but it's certainly a surprising representation of the older
systems' behavior. Fix it to leave the default privilege state alone
in these cases.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to dump shell types (Tom Lane)
</para>
<para>
Shell types (that is, not-yet-fully-defined types) aren't useful for
much, but nonetheless <application>pg_dump</> should dump them.
</para>
</listitem>
<listitem>
<para>
Fix assorted minor memory leaks in <application>pg_dump</> and other
client-side programs (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix spinlock assembly code for PPC hardware to be compatible
with <acronym>AIX</>'s native assembler (Tom Lane)
</para>
<para>
Building with <application>gcc</> didn't work if <application>gcc</>
had been configured to use the native assembler, which is becoming more
common.
</para>
</listitem>
<listitem>
<para>
On <acronym>AIX</>, test the <literal>-qlonglong</> compiler option
rather than just assuming it's safe to use (Noah Misch)
</para>
</listitem>
<listitem>
<para>
On <acronym>AIX</>, use <literal>-Wl,-brtllib</> link option to allow
symbols to be resolved at runtime (Noah Misch)
</para>
<para>
Perl relies on this ability in 5.8.0 and later.
</para>
</listitem>
<listitem>
<para>
Avoid use of inline functions when compiling with
32-bit <application>xlc</>, due to compiler bugs (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Use <filename>librt</> for <function>sched_yield()</> when necessary,
which it is on some Solaris versions (Oskari Saarenmaa)
</para>
</listitem>
<listitem>
<para>
Fix Windows <filename>install.bat</> script to handle target directory
names that contain spaces (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Make the numeric form of the <productname>PostgreSQL</> version number
(e.g., <literal>90405</>) readily available to extension Makefiles,
as a variable named <varname>VERSION_NUM</> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2015g for
DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
Island, North Korea, Turkey, and Uruguay. There is a new zone name
<literal>America/Fort_Nelson</> for the Canadian Northern Rockies.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-13">
<title>Release 9.2.13</title>
<formalpara>
<title>Release date:</title>
<para>2015-06-12</para>
</formalpara>
<para>
This release contains a small number of fixes from 9.2.12.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.13</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix rare failure to invalidate relation cache init file (Tom Lane)
</para>
<para>
With just the wrong timing of concurrent activity, a <command>VACUUM
FULL</> on a system catalog might fail to update the <quote>init file</>
that's used to avoid cache-loading work for new sessions. This would
result in later sessions being unable to access that catalog at all.
This is a very ancient bug, but it's so hard to trigger that no
reproducible case had been seen until recently.
</para>
</listitem>
<listitem>
<para>
Avoid deadlock between incoming sessions and <literal>CREATE/DROP
DATABASE</> (Tom Lane)
</para>
<para>
A new session starting in a database that is the target of
a <command>DROP DATABASE</> command, or is the template for
a <command>CREATE DATABASE</> command, could cause the command to wait
for five seconds and then fail, even if the new session would have
exited before that.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-12">
<title>Release 9.2.12</title>
<formalpara>
<title>Release date:</title>
<para>2015-06-04</para>
</formalpara>
<para>
This release contains a small number of fixes from 9.2.11.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.12</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.11,
see <xref linkend="release-9-2-11">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Avoid failures while <function>fsync</>'ing data directory during
crash restart (Abhijit Menon-Sen, Tom Lane)
</para>
<para>
In the previous minor releases we added a patch to <function>fsync</>
everything in the data directory after a crash. Unfortunately its
response to any error condition was to fail, thereby preventing the
server from starting up, even when the problem was quite harmless.
An example is that an unwritable file in the data directory would
prevent restart on some platforms; but it is common to make SSL
certificate files unwritable by the server. Revise this behavior so
that permissions failures are ignored altogether, and other types of
failures are logged but do not prevent continuing.
</para>
</listitem>
<listitem>
<para>
Fix <function>pg_get_functiondef()</> to show
functions' <literal>LEAKPROOF</> property, if set (Jeevan Chalke)
</para>
</listitem>
<listitem>
<para>
Remove <application>configure</>'s check prohibiting linking to a
threaded <application>libpython</>
on <systemitem class="osname">OpenBSD</> (Tom Lane)
</para>
<para>
The failure this restriction was meant to prevent seems to not be a
problem anymore on current <systemitem class="osname">OpenBSD</>
versions.
</para>
</listitem>
<listitem>
<para>
Allow <application>libpq</> to use TLS protocol versions beyond v1
(Noah Misch)
</para>
<para>
For a long time, <application>libpq</> was coded so that the only SSL
protocol it would allow was TLS v1. Now that newer TLS versions are
becoming popular, allow it to negotiate the highest commonly-supported
TLS version with the server. (<productname>PostgreSQL</> servers were
already capable of such negotiation, so no change is needed on the
server side.) This is a back-patch of a change already released in
9.4.0.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-11">
<title>Release 9.2.11</title>
<formalpara>
<title>Release date:</title>
<para>2015-05-22</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.10.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.11</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you use <filename>contrib/citext</>'s
<function>regexp_matches()</> functions, see the changelog entry below
about that.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.10,
see <xref linkend="release-9-2-10">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Avoid possible crash when client disconnects just before the
authentication timeout expires (Benkocs Norbert Attila)
</para>
<para>
If the timeout interrupt fired partway through the session shutdown
sequence, SSL-related state would be freed twice, typically causing a
crash and hence denial of service to other sessions. Experimentation
shows that an unauthenticated remote attacker could trigger the bug
somewhat consistently, hence treat as security issue.
(CVE-2015-3165)
</para>
</listitem>
<listitem>
<para>
Improve detection of system-call failures (Noah Misch)
</para>
<para>
Our replacement implementation of <function>snprintf()</> failed to
check for errors reported by the underlying system library calls;
the main case that might be missed is out-of-memory situations.
In the worst case this might lead to information exposure, due to our
code assuming that a buffer had been overwritten when it hadn't been.
Also, there were a few places in which security-relevant calls of other
system library functions did not check for failure.
</para>
<para>
It remains possible that some calls of the <function>*printf()</>
family of functions are vulnerable to information disclosure if an
out-of-memory error occurs at just the wrong time. We judge the risk
to not be large, but will continue analysis in this area.
(CVE-2015-3166)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/pgcrypto</>, uniformly report decryption failures
as <quote>Wrong key or corrupt data</> (Noah Misch)
</para>
<para>
Previously, some cases of decryption with an incorrect key could report
other error message texts. It has been shown that such variance in
error reports can aid attackers in recovering keys from other systems.
While it's unknown whether <filename>pgcrypto</>'s specific behaviors
are likewise exploitable, it seems better to avoid the risk by using a
one-size-fits-all message.
(CVE-2015-3167)
</para>
</listitem>
<listitem>
<para>
Fix incorrect declaration of <filename>contrib/citext</>'s
<function>regexp_matches()</> functions (Tom Lane)
</para>
<para>
These functions should return <type>setof text[]</>, like the core
functions they are wrappers for; but they were incorrectly declared as
returning just <type>text[]</>. This mistake had two results: first,
if there was no match you got a scalar null result, whereas what you
should get is an empty set (zero rows). Second, the <literal>g</> flag
was effectively ignored, since you would get only one result array even
if there were multiple matches.
</para>
<para>
While the latter behavior is clearly a bug, there might be applications
depending on the former behavior; therefore the function declarations
will not be changed by default until <productname>PostgreSQL</> 9.5.
In pre-9.5 branches, the old behavior exists in version 1.0 of
the <literal>citext</> extension, while we have provided corrected
declarations in version 1.1 (which is <emphasis>not</> installed by
default). To adopt the fix in pre-9.5 branches, execute
<literal>ALTER EXTENSION citext UPDATE TO '1.1'</> in each database in
which <literal>citext</> is installed. (You can also <quote>update</>
back to 1.0 if you need to undo that.) Be aware that either update
direction will require dropping and recreating any views or rules that
use <filename>citext</>'s <function>regexp_matches()</> functions.
</para>
</listitem>
<listitem>
<para>
Fix incorrect checking of deferred exclusion constraints after a HOT
update (Tom Lane)
</para>
<para>
If a new row that potentially violates a deferred exclusion constraint
is HOT-updated (that is, no indexed columns change and the row can be
stored back onto the same table page) later in the same transaction,
the exclusion constraint would be reported as violated when the check
finally occurred, even if the row(s) the new row originally conflicted
with had been deleted.
</para>
</listitem>
<listitem>
<para>
Fix planning of star-schema-style queries (Tom Lane)
</para>
<para>
Sometimes, efficient scanning of a large table requires that index
parameters be provided from more than one other table (commonly,
dimension tables whose keys are needed to index a large fact table).
The planner should be able to find such plans, but an overly
restrictive search heuristic prevented it.
</para>
</listitem>
<listitem>
<para>
Prevent improper reordering of antijoins (NOT EXISTS joins) versus
other outer joins (Tom Lane)
</para>
<para>
This oversight in the planner has been observed to cause <quote>could
not find RelOptInfo for given relids</> errors, but it seems possible
that sometimes an incorrect query plan might get past that consistency
check and result in silently-wrong query output.
</para>
</listitem>
<listitem>
<para>
Fix incorrect matching of subexpressions in outer-join plan nodes
(Tom Lane)
</para>
<para>
Previously, if textually identical non-strict subexpressions were used
both above and below an outer join, the planner might try to re-use
the value computed below the join, which would be incorrect because the
executor would force the value to NULL in case of an unmatched outer row.
</para>
</listitem>
<listitem>
<para>
Fix GEQO planner to cope with failure of its join order heuristic
(Tom Lane)
</para>
<para>
This oversight has been seen to lead to <quote>failed to join all
relations together</> errors in queries involving <literal>LATERAL</>,
and that might happen in other cases as well.
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock at startup
when <literal>max_prepared_transactions</> is too small
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Don't archive useless preallocated WAL files after a timeline switch
(Heikki Linnakangas)
</para>
</listitem>
<!--
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
Branch: REL9_2_STABLE [97ff2a564] 2015-05-18 17:44:21 -0300
Branch: REL9_1_STABLE [2360eea3b] 2015-05-18 17:44:21 -0300
Branch: REL9_0_STABLE [850e1a566] 2015-05-18 17:44:21 -0300
-->
<listitem>
<para>
Avoid <quote>cannot GetMultiXactIdMembers() during recovery</> error
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Recursively <function>fsync()</> the data directory after a crash
(Abhijit Menon-Sen, Robert Haas)
</para>
<para>
This ensures consistency if another crash occurs shortly later. (The
second crash would have to be a system-level crash, not just a database
crash, for there to be a problem.)
</para>
</listitem>
<listitem>
<para>
Fix autovacuum launcher's possible failure to shut down, if an error
occurs after it receives SIGTERM (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Cope with unexpected signals in <function>LockBufferForCleanup()</>
(Andres Freund)
</para>
<para>
This oversight could result in spurious errors about <quote>multiple
backends attempting to wait for pincount 1</>.
</para>
</listitem>
<listitem>
<para>
Fix crash when doing <literal>COPY IN</> to a table with check
constraints that contain whole-row references (Tom Lane)
</para>
<para>
The known failure case only crashes in 9.4 and up, but there is very
similar code in 9.3 and 9.2, so back-patch those branches as well.
</para>
</listitem>
<listitem>
<para>
Avoid waiting for WAL flush or synchronous replication during commit of
a transaction that was read-only so far as the user is concerned
(Andres Freund)
</para>
<para>
Previously, a delay could occur at commit in transactions that had
written WAL due to HOT page pruning, leading to undesirable effects
such as sessions getting stuck at startup if all synchronous replicas
are down. Sessions have also been observed to get stuck in catchup
interrupt processing when using synchronous replication; this will fix
that problem as well.
</para>
</listitem>
<listitem>
<para>
Fix crash when manipulating hash indexes on temporary tables
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix possible failure during hash index bucket split, if other processes
are modifying the index concurrently (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Check for interrupts while analyzing index expressions (Jeff Janes)
</para>
<para>
<command>ANALYZE</> executes index expressions many times; if there are
slow functions in such an expression, it's desirable to be able to
cancel the <command>ANALYZE</> before that loop finishes.
</para>
</listitem>
<listitem>
<para>
Ensure <structfield>tableoid</> of a foreign table is reported
correctly when a <literal>READ COMMITTED</> recheck occurs after
locking rows in <command>SELECT FOR UPDATE</>, <command>UPDATE</>,
or <command>DELETE</> (Etsuro Fujita)
</para>
</listitem>
<listitem>
<para>
Add the name of the target server to object description strings for
foreign-server user mappings (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Recommend setting <literal>include_realm</> to 1 when using
Kerberos/GSSAPI/SSPI authentication (Stephen Frost)
</para>
<para>
Without this, identically-named users from different realms cannot be
distinguished. For the moment this is only a documentation change, but
it will become the default setting in <productname>PostgreSQL</> 9.5.
</para>
</listitem>
<listitem>
<para>
Remove code for matching IPv4 <filename>pg_hba.conf</> entries to
IPv4-in-IPv6 addresses (Tom Lane)
</para>
<para>
This hack was added in 2003 in response to a report that some Linux
kernels of the time would report IPv4 connections as having
IPv4-in-IPv6 addresses. However, the logic was accidentally broken in
9.0. The lack of any field complaints since then shows that it's not
needed anymore. Now we have reports that the broken code causes
crashes on some systems, so let's just remove it rather than fix it.
(Had we chosen to fix it, that would make for a subtle and potentially
security-sensitive change in the effective meaning of
IPv4 <filename>pg_hba.conf</> entries, which does not seem like a good
thing to do in minor releases.)
</para>
</listitem>
<listitem>
<para>
Report WAL flush, not insert, position in <literal>IDENTIFY_SYSTEM</>
replication command (Heikki Linnakangas)
</para>
<para>
This avoids a possible startup failure
in <application>pg_receivexlog</>.
</para>
</listitem>
<listitem>
<para>
While shutting down service on Windows, periodically send status
updates to the Service Control Manager to prevent it from killing the
service too soon; and ensure that <application>pg_ctl</> will wait for
shutdown (Krystian Bigaj)
</para>
</listitem>
<listitem>
<para>
Reduce risk of network deadlock when using <application>libpq</>'s
non-blocking mode (Heikki Linnakangas)
</para>
<para>
When sending large volumes of data, it's important to drain the input
buffer every so often, in case the server has sent enough response data
to cause it to block on output. (A typical scenario is that the server
is sending a stream of NOTICE messages during <literal>COPY FROM
STDIN</>.) This worked properly in the normal blocking mode, but not
so much in non-blocking mode. We've modified <application>libpq</>
to opportunistically drain input when it can, but a full defense
against this problem requires application cooperation: the application
should watch for socket read-ready as well as write-ready conditions,
and be sure to call <function>PQconsumeInput()</> upon read-ready.
</para>
</listitem>
<listitem>
<para>
In <application>libpq</>, fix misparsing of empty values in URI
connection strings (Thomas Fanghaenel)
</para>
</listitem>
<listitem>
<para>
Fix array handling in <application>ecpg</> (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</> to sanely handle URIs and conninfo strings as
the first parameter to <command>\connect</>
(David Fetter, Andrew Dunstan, &Aacute;lvaro Herrera)
</para>
<para>
This syntax has been accepted (but undocumented) for a long time, but
previously some parameters might be taken from the old connection
instead of the given string, which was agreed to be undesirable.
</para>
</listitem>
<listitem>
<para>
Suppress incorrect complaints from <application>psql</> on some
platforms that it failed to write <filename>~/.psql_history</> at exit
(Tom Lane)
</para>
<para>
This misbehavior was caused by a workaround for a bug in very old
(pre-2006) versions of <application>libedit</>. We fixed it by
removing the workaround, which will cause a similar failure to appear
for anyone still using such versions of <application>libedit</>.
Recommendation: upgrade that library, or use <application>libreadline</>.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</>'s rule for deciding which casts are
system-provided casts that should not be dumped (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</>, fix failure to honor <literal>-Z</>
compression level option together with <literal>-Fd</>
(Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</> consider foreign key relationships
between extension configuration tables while choosing dump order
(Gilles Darold, Michael Paquier, Stephen Frost)
</para>
<para>
This oversight could result in producing dumps that fail to reload
because foreign key constraints are transiently violated.
</para>
</listitem>
<listitem>
<para>
Fix dumping of views that are just <literal>VALUES(...)</> but have
column aliases (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, force timeline 1 in the new cluster
(Bruce Momjian)
</para>
<para>
This change prevents upgrade failures caused by bogus complaints about
missing WAL history files.
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, check for improperly non-connectable
databases before proceeding
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, quote directory paths
properly in the generated <literal>delete_old_cluster</> script
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, preserve database-level freezing info
properly
(Bruce Momjian)
</para>
<para>
This oversight could cause missing-clog-file errors for tables within
the <literal>postgres</> and <literal>template1</> databases.
</para>
</listitem>
<listitem>
<para>
Run <application>pg_upgrade</> and <application>pg_resetxlog</> with
restricted privileges on Windows, so that they don't fail when run by
an administrator (Muhammad Asif Naeem)
</para>
</listitem>
<listitem>
<para>
Improve handling of <function>readdir()</> failures when scanning
directories in <application>initdb</> and <application>pg_basebackup</>
(Marco Nenciarini)
</para>
</listitem>
<!--
Author: Andres Freund <andres@anarazel.de>
Branch: REL9_2_STABLE [6b700301c] 2015-02-17 16:03:00 +0100
-->
<listitem>
<para>
Fix failure in <application>pg_receivexlog</> (Andres Freund)
</para>
<para>
A patch merge mistake in 9.2.10 led to <quote>could not create archive
status file</> errors.
</para>
</listitem>
<listitem>
<para>
Fix slow sorting algorithm in <filename>contrib/intarray</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix compile failure on Sparc V8 machines (Rob Rowan)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2015d
for DST law changes in Egypt, Mongolia, and Palestine, plus historical
changes in Canada and Chile. Also adopt revised zone abbreviations for
the America/Adak zone (HST/HDT not HAST/HADT).
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-10">
<title>Release 9.2.10</title>
<formalpara>
<title>Release date:</title>
<para>2015-02-05</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.9.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.10</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are a Windows user and are using the <quote>Norwegian
(Bokm&aring;l)</> locale, manual action is needed after the upgrade to
replace any <quote>Norwegian (Bokm&aring;l)_Norway</> locale names stored
in <productname>PostgreSQL</> system catalogs with the plain-ASCII
alias <quote>Norwegian_Norway</>. For details see
<ulink url="http://wiki.postgresql.org/wiki/Changes_To_Norwegian_Locale"></>
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.9,
see <xref linkend="release-9-2-9">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix buffer overruns in <function>to_char()</>
(Bruce Momjian)
</para>
<para>
When <function>to_char()</> processes a numeric formatting template
calling for a large number of digits, <productname>PostgreSQL</>
would read past the end of a buffer. When processing a crafted
timestamp formatting template, <productname>PostgreSQL</> would write
past the end of a buffer. Either case could crash the server.
We have not ruled out the possibility of attacks that lead to
privilege escalation, though they seem unlikely.
(CVE-2015-0241)
</para>
</listitem>
<listitem>
<para>
Fix buffer overrun in replacement <function>*printf()</> functions
(Tom Lane)
</para>
<para>
<productname>PostgreSQL</> includes a replacement implementation
of <function>printf</> and related functions. This code will overrun
a stack buffer when formatting a floating point number (conversion
specifiers <literal>e</>, <literal>E</>, <literal>f</>, <literal>F</>,
<literal>g</> or <literal>G</>) with requested precision greater than
about 500. This will crash the server, and we have not ruled out the
possibility of attacks that lead to privilege escalation.
A database user can trigger such a buffer overrun through
the <function>to_char()</> SQL function. While that is the only
affected core <productname>PostgreSQL</> functionality, extension
modules that use printf-family functions may be at risk as well.
</para>
<para>
This issue primarily affects <productname>PostgreSQL</> on Windows.
<productname>PostgreSQL</> uses the system implementation of these
functions where adequate, which it is on other modern platforms.
(CVE-2015-0242)
</para>
</listitem>
<listitem>
<para>
Fix buffer overruns in <filename>contrib/pgcrypto</>
(Marko Tiikkaja, Noah Misch)
</para>
<para>
Errors in memory size tracking within the <filename>pgcrypto</>
module permitted stack buffer overruns and improper dependence on the
contents of uninitialized memory. The buffer overrun cases can
crash the server, and we have not ruled out the possibility of
attacks that lead to privilege escalation.
(CVE-2015-0243)
</para>
</listitem>
<listitem>
<para>
Fix possible loss of frontend/backend protocol synchronization after
an error
(Heikki Linnakangas)
</para>
<para>
If any error occurred while the server was in the middle of reading a
protocol message from the client, it could lose synchronization and
incorrectly try to interpret part of the message's data as a new
protocol message. An attacker able to submit crafted binary data
within a command parameter might succeed in injecting his own SQL
commands this way. Statement timeout and query cancellation are the
most likely sources of errors triggering this scenario. Particularly
vulnerable are applications that use a timeout and also submit
arbitrary user-crafted data as binary query parameters. Disabling
statement timeout will reduce, but not eliminate, the risk of
exploit. Our thanks to Emil Lenngren for reporting this issue.
(CVE-2015-0244)
</para>
</listitem>
<listitem>
<para>
Fix information leak via constraint-violation error messages
(Stephen Frost)
</para>
<para>
Some server error messages show the values of columns that violate
a constraint, such as a unique constraint. If the user does not have
<literal>SELECT</> privilege on all columns of the table, this could
mean exposing values that the user should not be able to see. Adjust
the code so that values are displayed only when they came from the SQL
command or could be selected by the user.
(CVE-2014-8161)
</para>
</listitem>
<listitem>
<para>
Lock down regression testing's temporary installations on Windows
(Noah Misch)
</para>
<para>
Use SSPI authentication to allow connections only from the OS user
who launched the test suite. This closes on Windows the same
vulnerability previously closed on other platforms, namely that other
users might be able to connect to the test postmaster.
(CVE-2014-0067)
</para>
</listitem>
<listitem>
<para>
Cope with the Windows locale named <quote>Norwegian (Bokm&aring;l)</>
(Heikki Linnakangas)
</para>
<para>
Non-ASCII locale names are problematic since it's not clear what
encoding they should be represented in. Map the troublesome locale
name to a plain-ASCII alias, <quote>Norwegian_Norway</>.
</para>
</listitem>
<listitem>
<para>
Avoid possible data corruption if <command>ALTER DATABASE SET
TABLESPACE</> is used to move a database to a new tablespace and then
shortly later move it back to its original tablespace (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Avoid corrupting tables when <command>ANALYZE</> inside a transaction
is rolled back (Andres Freund, Tom Lane, Michael Paquier)
</para>
<para>
If the failing transaction had earlier removed the last index, rule, or
trigger from the table, the table would be left in a corrupted state
with the relevant <structname>pg_class</> flags not set though they
should be.
</para>
</listitem>
<listitem>
<para>
Ensure that unlogged tables are copied correctly
during <command>CREATE DATABASE</> or <command>ALTER DATABASE SET
TABLESPACE</> (Pavan Deolasee, Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix <command>DROP</>'s dependency searching to correctly handle the
case where a table column is recursively visited before its table
(Petr Jelinek, Tom Lane)
</para>
<para>
This case is only known to arise when an extension creates both a
datatype and a table using that datatype. The faulty code might
refuse a <command>DROP EXTENSION</> unless <literal>CASCADE</> is
specified, which should not be required.
</para>
</listitem>
<listitem>
<para>
Fix use-of-already-freed-memory problem in EvalPlanQual processing
(Tom Lane)
</para>
<para>
In <literal>READ COMMITTED</> mode, queries that lock or update
recently-updated rows could crash as a result of this bug.
</para>
</listitem>
<listitem>
<para>
Fix planning of <command>SELECT FOR UPDATE</> when using a partial
index on a child table (Kyotaro Horiguchi)
</para>
<para>
In <literal>READ COMMITTED</> mode, <command>SELECT FOR UPDATE</> must
also recheck the partial index's <literal>WHERE</> condition when
rechecking a recently-updated row to see if it still satisfies the
query's <literal>WHERE</> condition. This requirement was missed if the
index belonged to an inheritance child table, so that it was possible
to incorrectly return rows that no longer satisfy the query condition.
</para>
</listitem>
<listitem>
<para>
Fix corner case wherein <command>SELECT FOR UPDATE</> could return a row
twice, and possibly miss returning other rows (Tom Lane)
</para>
<para>
In <literal>READ COMMITTED</> mode, a <command>SELECT FOR UPDATE</>
that is scanning an inheritance tree could incorrectly return a row
from a prior child table instead of the one it should return from a
later child table.
</para>
</listitem>
<listitem>
<para>
Reject duplicate column names in the referenced-columns list of
a <literal>FOREIGN KEY</> declaration (David Rowley)
</para>
<para>
This restriction is per SQL standard. Previously we did not reject
the case explicitly, but later on the code would fail with
bizarre-looking errors.
</para>
</listitem>
<listitem>
<para>
Restore previous behavior of conversion of domains to JSON
(Tom Lane)
</para>
<para>
This change causes domains over numeric and boolean to be treated
like their base types for purposes of conversion to JSON. It worked
like that before 9.3.5 and 9.2.9, but was unintentionally changed
while fixing a related problem.
</para>
</listitem>
<listitem>
<para>
Fix bugs in raising a <type>numeric</> value to a large integral power
(Tom Lane)
</para>
<para>
The previous code could get a wrong answer, or consume excessive
amounts of time and memory before realizing that the answer must
overflow.
</para>
</listitem>
<listitem>
<para>
In <function>numeric_recv()</>, truncate away any fractional digits
that would be hidden according to the value's <literal>dscale</> field
(Tom Lane)
</para>
<para>
A <type>numeric</> value's display scale (<literal>dscale</>) should
never be less than the number of nonzero fractional digits; but
apparently there's at least one broken client application that
transmits binary <type>numeric</> values in which that's true.
This leads to strange behavior since the extra digits are taken into
account by arithmetic operations even though they aren't printed.
The least risky fix seems to be to truncate away such <quote>hidden</>
digits on receipt, so that the value is indeed what it prints as.
</para>
</listitem>
<listitem>
<para>
Fix incorrect search for shortest-first regular expression matches
(Tom Lane)
</para>
<para>
Matching would often fail when the number of allowed iterations is
limited by a <literal>?</> quantifier or a bound expression.
</para>
</listitem>
<listitem>
<para>
Reject out-of-range numeric timezone specifications (Tom Lane)
</para>
<para>
Simple numeric timezone specifications exceeding +/- 168 hours (one
week) would be accepted, but could then cause null-pointer dereference
crashes in certain operations. There's no use-case for such large UTC
offsets, so reject them.
</para>
</listitem>
<listitem>
<para>
Fix bugs in <type>tsquery</> <literal>@&gt;</> <type>tsquery</>
operator (Heikki Linnakangas)
</para>
<para>
Two different terms would be considered to match if they had the same
CRC. Also, if the second operand had more terms than the first, it
would be assumed not to be contained in the first; which is wrong
since it might contain duplicate terms.
</para>
</listitem>
<listitem>
<para>
Improve ispell dictionary's defenses against bad affix files (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
</para>
<para>
The previous coding could crash on an oversize dictionary, so this was
deemed a back-patchable bug fix rather than a feature addition.
</para>
</listitem>
<listitem>
<para>
Fix namespace handling in <function>xpath()</> (Ali Akbar)
</para>
<para>
Previously, the <type>xml</> value resulting from
an <function>xpath()</> call would not have namespace declarations if
the namespace declarations were attached to an ancestor element in the
input <type>xml</> value, rather than to the specific element being
returned. Propagate the ancestral declaration so that the result is
correct when considered in isolation.
</para>
</listitem>
<listitem>
<para>
Ensure that whole-row variables expose nonempty column names
to functions that pay attention to column names within composite
arguments (Tom Lane)
</para>
<para>
In some contexts, constructs like <literal>row_to_json(tab.*)</> may
not produce the expected column names. This is fixed properly as of
9.4; in older branches, just ensure that we produce some nonempty
name. (In some cases this will be the underlying table's column name
rather than the query-assigned alias that should theoretically be
visible.)
</para>
</listitem>
<listitem>
<para>
Fix mishandling of system columns,
particularly <structfield>tableoid</>, in FDW queries (Etsuro Fujita)
</para>
</listitem>
<listitem>
<para>
Avoid doing <literal><replaceable>indexed_column</> = ANY
(<replaceable>array</>)</literal> as an index qualifier if that leads
to an inferior plan (Andrew Gierth)
</para>
<para>
In some cases, <literal>= ANY</> conditions applied to non-first index
columns would be done as index conditions even though it would be
better to use them as simple filter conditions.
</para>
</listitem>
<listitem>
<para>
Fix planner problems with nested append relations, such as inherited
tables within <literal>UNION ALL</> subqueries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fail cleanly when a GiST index tuple doesn't fit on a page, rather
than going into infinite recursion (Andrew Gierth)
</para>
</listitem>
<listitem>
<para>
Exempt tables that have per-table <varname>cost_limit</>
and/or <varname>cost_delay</> settings from autovacuum's global cost
balancing rules (&Aacute;lvaro Herrera)
</para>
<para>
The previous behavior resulted in basically ignoring these per-table
settings, which was unintended. Now, a table having such settings
will be vacuumed using those settings, independently of what is going
on in other autovacuum workers. This may result in heavier total I/O
load than before, so such settings should be re-examined for sanity.
</para>
</listitem>
<listitem>
<para>
Avoid wholesale autovacuuming when autovacuum is nominally off
(Tom Lane)
</para>
<para>
Even when autovacuum is nominally off, we will still launch autovacuum
worker processes to vacuum tables that are at risk of XID wraparound.
However, such a worker process then proceeded to vacuum all tables in
the target database, if they met the usual thresholds for
autovacuuming. This is at best pretty unexpected; at worst it delays
response to the wraparound threat. Fix it so that if autovacuum is
turned off, workers <emphasis>only</> do anti-wraparound vacuums and
not any other work.
</para>
</listitem>
<listitem>
<para>
During crash recovery, ensure that unlogged relations are rewritten as
empty and are synced to disk before recovery is considered complete
(Abhijit Menon-Sen, Andres Freund)
</para>
<para>
This prevents scenarios in which unlogged relations might contain
garbage data following database crash recovery.
</para>
</listitem>
<listitem>
<para>
Fix race condition between hot standby queries and replaying a
full-page image (Heikki Linnakangas)
</para>
<para>
This mistake could result in transient errors in queries being
executed in hot standby.
</para>
</listitem>
<listitem>
<para>
Fix several cases where recovery logic improperly ignored WAL records
for <literal>COMMIT/ABORT PREPARED</> (Heikki Linnakangas)
</para>
<para>
The most notable oversight was
that <varname>recovery_target_xid</> could not be used to stop at
a two-phase commit.
</para>
</listitem>
<listitem>
<para>
Prevent latest WAL file from being archived a second time at completion
of crash recovery (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Avoid creating unnecessary <filename>.ready</> marker files for
timeline history files (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix possible null pointer dereference when an empty prepared statement
is used and the <varname>log_statement</> setting is <literal>mod</>
or <literal>ddl</> (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Change <quote>pgstat wait timeout</> warning message to be LOG level,
and rephrase it to be more understandable (Tom Lane)
</para>
<para>
This message was originally thought to be essentially a can't-happen
case, but it occurs often enough on our slower buildfarm members to be
a nuisance. Reduce it to LOG level, and expend a bit more effort on
the wording: it now reads <quote>using stale statistics instead of
current ones because stats collector is not responding</>.
</para>
</listitem>
<listitem>
<para>
Fix SPARC spinlock implementation to ensure correctness if the CPU is
being run in a non-TSO coherency mode, as some non-Solaris kernels do
(Andres Freund)
</para>
</listitem>
<listitem>
<para>
Warn if macOS's <function>setlocale()</> starts an unwanted extra
thread inside the postmaster (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix processing of repeated <literal>dbname</> parameters
in <function>PQconnectdbParams()</> (Alex Shulgin)
</para>
<para>
Unexpected behavior ensued if the first occurrence
of <literal>dbname</> contained a connection string or URI to be
expanded.
</para>
</listitem>
<listitem>
<para>
Ensure that <application>libpq</> reports a suitable error message on
unexpected socket EOF (Marko Tiikkaja, Tom Lane)
</para>
<para>
Depending on kernel behavior, <application>libpq</> might return an
empty error string rather than something useful when the server
unexpectedly closed the socket.
</para>
</listitem>
<listitem>
<para>
Clear any old error message during <function>PQreset()</>
(Heikki Linnakangas)
</para>
<para>
If <function>PQreset()</> is called repeatedly, and the connection
cannot be re-established, error messages from the failed connection
attempts kept accumulating in the <structname>PGconn</>'s error
string.
</para>
</listitem>
<listitem>
<para>
Properly handle out-of-memory conditions while parsing connection
options in <application>libpq</> (Alex Shulgin, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix array overrun in <application>ecpg</>'s version
of <function>ParseDateTime()</> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
In <application>initdb</>, give a clearer error message if a password
file is specified but is empty (Mats Erik Andersson)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s <command>\s</> command to work nicely with
libedit, and add pager support (Stepan Rutz, Tom Lane)
</para>
<para>
When using libedit rather than readline, <command>\s</> printed the
command history in a fairly unreadable encoded format, and on recent
libedit versions might fail altogether. Fix that by printing the
history ourselves rather than having the library do it. A pleasant
side-effect is that the pager is used if appropriate.
</para>
<para>
This patch also fixes a bug that caused newline encoding to be applied
inconsistently when saving the command history with libedit.
Multiline history entries written by older <application>psql</>
versions will be read cleanly with this patch, but perhaps not
vice versa, depending on the exact libedit versions involved.
</para>
</listitem>
<listitem>
<para>
Improve consistency of parsing of <application>psql</>'s special
variables (Tom Lane)
</para>
<para>
Allow variant spellings of <literal>on</> and <literal>off</> (such
as <literal>1</>/<literal>0</>) for <literal>ECHO_HIDDEN</>
and <literal>ON_ERROR_ROLLBACK</>. Report a warning for unrecognized
values for <literal>COMP_KEYWORD_CASE</>, <literal>ECHO</>,
<literal>ECHO_HIDDEN</>, <literal>HISTCONTROL</>,
<literal>ON_ERROR_ROLLBACK</>, and <literal>VERBOSITY</>. Recognize
all values for all these variables case-insensitively; previously
there was a mishmash of case-sensitive and case-insensitive behaviors.
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s expanded-mode display to work
consistently when using <literal>border</> = 3
and <literal>linestyle</> = <literal>ascii</> or <literal>unicode</>
(Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Improve performance of <application>pg_dump</> when the database
contains many instances of multiple dependency paths between the same
two objects (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dumpall</> to restore its ability to dump from
pre-8.1 servers (Gilles Darold)
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock during parallel restore of a schema-only dump
(Robert Haas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix core dump in <literal>pg_dump --binary-upgrade</> on zero-column
composite type (Rushabh Lathia)
</para>
</listitem>
<listitem>
<para>
Prevent WAL files created by <literal>pg_basebackup -x/-X</> from
being archived again when the standby is promoted (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix failure of <filename>contrib/auto_explain</> to print per-node
timing information when doing <command>EXPLAIN ANALYZE</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix upgrade-from-unpackaged script for <filename>contrib/citext</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix block number checking
in <filename>contrib/pageinspect</>'s <function>get_raw_page()</>
(Tom Lane)
</para>
<para>
The incorrect checking logic could prevent access to some pages in
non-main relation forks.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</>'s <function>pgp_sym_decrypt()</>
to not fail on messages whose length is 6 less than a power of 2
(Marko Tiikkaja)
</para>
</listitem>
<listitem>
<para>
Fix file descriptor leak in <filename>contrib/pg_test_fsync</>
(Jeff Janes)
</para>
<para>
This could cause failure to remove temporary files on Windows.
</para>
</listitem>
<listitem>
<para>
Handle unexpected query results, especially NULLs, safely in
<filename>contrib/tablefunc</>'s <function>connectby()</>
(Michael Paquier)
</para>
<para>
<function>connectby()</> previously crashed if it encountered a NULL
key value. It now prints that row but doesn't recurse further.
</para>
</listitem>
<listitem>
<para>
Avoid a possible crash in <filename>contrib/xml2</>'s
<function>xslt_process()</> (Mark Simonetti)
</para>
<para>
<application>libxslt</> seems to have an undocumented dependency on
the order in which resources are freed; reorder our calls to avoid a
crash.
</para>
</listitem>
<listitem>
<para>
Mark some <filename>contrib</> I/O functions with correct volatility
properties (Tom Lane)
</para>
<para>
The previous over-conservative marking was immaterial in normal use,
but could cause optimization problems or rejection of valid index
expression definitions. Since the consequences are not large, we've
just adjusted the function definitions in the extension modules'
scripts, without changing version numbers.
</para>
</listitem>
<listitem>
<para>
Numerous cleanups of warnings from Coverity static code analyzer
(Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
</para>
<para>
These changes are mostly cosmetic but in some cases fix corner-case
bugs, for example a crash rather than a proper error report after an
out-of-memory failure. None are believed to represent security
issues.
</para>
</listitem>
<listitem>
<para>
Detect incompatible OpenLDAP versions during build (Noah Misch)
</para>
<para>
With OpenLDAP versions 2.4.24 through 2.4.31,
inclusive, <productname>PostgreSQL</> backends can crash at exit.
Raise a warning during <application>configure</> based on the
compile-time OpenLDAP version number, and test the crashing scenario
in the <filename>contrib/dblink</> regression test.
</para>
</listitem>
<listitem>
<para>
In non-MSVC Windows builds, ensure <filename>libpq.dll</> is installed
with execute permissions (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_regress</> remove any temporary installation it
created upon successful exit (Tom Lane)
</para>
<para>
This results in a very substantial reduction in disk space usage
during <literal>make check-world</>, since that sequence involves
creation of numerous temporary installations.
</para>
</listitem>
<listitem>
<para>
Support time zone abbreviations that change UTC offset from time to
time (Tom Lane)
</para>
<para>
Previously, <productname>PostgreSQL</> assumed that the UTC offset
associated with a time zone abbreviation (such as <literal>EST</>)
never changes in the usage of any particular locale. However this
assumption fails in the real world, so introduce the ability for a
zone abbreviation to represent a UTC offset that sometimes changes.
Update the zone abbreviation definition files to make use of this
feature in timezone locales that have changed the UTC offset of their
abbreviations since 1970 (according to the IANA timezone database).
In such timezones, <productname>PostgreSQL</> will now associate the
correct UTC offset with the abbreviation depending on the given date.
</para>
</listitem>
<listitem>
<para>
Update time zone abbreviations lists (Tom Lane)
</para>
<para>
Add CST (China Standard Time) to our lists.
Remove references to ADT as <quote>Arabia Daylight Time</>, an
abbreviation that's been out of use since 2007; therefore, claiming
there is a conflict with <quote>Atlantic Daylight Time</> doesn't seem
especially helpful.
Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
(Fiji); we didn't even have them on the proper side of the date line.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2015a.
</para>
<para>
The IANA timezone database has adopted abbreviations of the form
<literal>A<replaceable>x</>ST</literal>/<literal>A<replaceable>x</>DT</literal>
for all Australian time zones, reflecting what they believe to be
current majority practice Down Under. These names do not conflict
with usage elsewhere (other than ACST for Acre Summer Time, which has
been in disuse since 1994). Accordingly, adopt these names into
our <quote>Default</> timezone abbreviation set.
The <quote>Australia</> abbreviation set now contains only CST, EAST,
EST, SAST, SAT, and WST, all of which are thought to be mostly
historical usage. Note that SAST has also been changed to be South
Africa Standard Time in the <quote>Default</> abbreviation set.
</para>
<para>
Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
(Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
DST law changes in Chile, Mexico, the Turks &amp; Caicos Islands
(America/Grand_Turk), and Fiji. There is a new zone
Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
corrections for historical (pre-1970) time zone data.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-9">
<title>Release 9.2.9</title>
<formalpara>
<title>Release date:</title>
<para>2014-07-24</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.8.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.9</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, this release corrects an index corruption problem in some GiST
indexes. See the first changelog entry below to find out whether your
installation has been affected and what steps you should take if so.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.6,
see <xref linkend="release-9-2-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Correctly initialize padding bytes in <filename>contrib/btree_gist</>
indexes on <type>bit</> columns (Heikki Linnakangas)
</para>
<para>
This error could result in incorrect query results due to values that
should compare equal not being seen as equal.
Users with GiST indexes on <type>bit</> or <type>bit varying</>
columns should <command>REINDEX</> those indexes after installing this
update.
</para>
</listitem>
<listitem>
<para>
Protect against torn pages when deleting GIN list pages (Heikki
Linnakangas)
</para>
<para>
This fix prevents possible index corruption if a system crash occurs
while the page update is being written to disk.
</para>
</listitem>
<listitem>
<para>
Don't clear the right-link of a GiST index page while replaying
updates from WAL (Heikki Linnakangas)
</para>
<para>
This error could lead to transiently wrong answers from GiST index
scans performed in Hot Standby.
</para>
</listitem>
<listitem>
<para>
Fix corner-case infinite loop during insertion into an SP-GiST text
index (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix feedback status when <xref linkend="guc-hot-standby-feedback"> is
turned off on-the-fly (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Fix possibly-incorrect cache invalidation during nested calls
to <function>ReceiveSharedInvalidMessages</> (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix planner's mishandling of nested PlaceHolderVars generated in
nested-nestloop plans (Tom Lane)
</para>
<para>
This oversight could result in <quote>variable not found in subplan
target lists</> errors, or in silently wrong query results.
</para>
</listitem>
<listitem>
<para>
Fix <quote>could not find pathkey item to sort</> planner failures
with <literal>UNION ALL</> over subqueries reading from tables with
inheritance children (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Don't assume a subquery's output is unique if there's a set-returning
function in its targetlist (David Rowley)
</para>
<para>
This oversight could lead to misoptimization of constructs
like <literal>WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP
BY y)</literal>.
</para>
</listitem>
<listitem>
<para>
Improve planner to drop constant-NULL inputs
of <literal>AND</>/<literal>OR</> when possible (Tom Lane)
</para>
<para>
This change fixes some cases where the more aggressive parameter
substitution done by 9.2 and later can lead to a worse plan than
older versions produced.
</para>
</listitem>
<listitem>
<para>
Fix identification of input type category in <function>to_json()</>
and friends (Tom Lane)
</para>
<para>
This is known to have led to inadequate quoting of <type>money</>
fields in the <type>JSON</> result, and there may have been wrong
results for other data types as well.
</para>
</listitem>
<listitem>
<para>
Fix failure to detoast fields in composite elements of structured
types (Tom Lane)
</para>
<para>
This corrects cases where TOAST pointers could be copied into other
tables without being dereferenced. If the original data is later
deleted, it would lead to errors like <quote>missing chunk number 0
for toast value ...</> when the now-dangling pointer is used.
</para>
</listitem>
<listitem>
<para>
Fix <quote>record type has not been registered</> failures with
whole-row references to the output of Append plan nodes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible crash when invoking a user-defined function while
rewinding a cursor (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix query-lifespan memory leak while evaluating the arguments for a
function in <literal>FROM</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix session-lifespan memory leaks in regular-expression processing
(Tom Lane, Arthur O'Dwyer, Greg Stark)
</para>
</listitem>
<listitem>
<para>
Fix data encoding error in <filename>hungarian.stop</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent foreign tables from being created with OIDS
when <xref linkend="guc-default-with-oids"> is true
(Etsuro Fujita)
</para>
</listitem>
<listitem>
<para>
Fix liveness checks for rows that were inserted in the current
transaction and then deleted by a now-rolled-back subtransaction
(Andres Freund)
</para>
<para>
This could cause problems (at least spurious warnings, and at worst an
infinite loop) if <command>CREATE INDEX</> or <command>CLUSTER</> were
done later in the same transaction.
</para>
</listitem>
<listitem>
<para>
Clear <structname>pg_stat_activity</>.<structfield>xact_start</>
during <command>PREPARE TRANSACTION</> (Andres Freund)
</para>
<para>
After the <command>PREPARE</>, the originating session is no longer in
a transaction, so it should not continue to display a transaction
start time.
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> to not fail for text search objects
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Block signals during postmaster startup (Tom Lane)
</para>
<para>
This ensures that the postmaster will properly clean up after itself
if, for example, it receives <systemitem>SIGINT</> while still
starting up.
</para>
</listitem>
<listitem>
<para>
Fix client host name lookup when processing <filename>pg_hba.conf</>
entries that specify host names instead of IP addresses (Tom Lane)
</para>
<para>
Ensure that reverse-DNS lookup failures are reported, instead of just
silently not matching such entries. Also ensure that we make only
one reverse-DNS lookup attempt per connection, not one per host name
entry, which is what previously happened if the lookup attempts failed.
</para>
</listitem>
<listitem>
<para>
Allow the root user to use <literal>postgres -C variable</> and
<literal>postgres --describe-config</> (MauMau)
</para>
<para>
The prohibition on starting the server as root does not need to extend
to these operations, and relaxing it prevents failure
of <application>pg_ctl</> in some scenarios.
</para>
</listitem>
<listitem>
<para>
Secure Unix-domain sockets of temporary postmasters started during
<literal>make check</> (Noah Misch)
</para>
<para>
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory
of <filename>/tmp</>. The hazard remains however on platforms where
Unix sockets are not supported, notably Windows, because then the
temporary postmaster must accept local TCP connections.
</para>
<para>
A useful side effect of this change is to simplify
<literal>make check</> testing in builds that
override <literal>DEFAULT_PGSOCKET_DIR</>. Popular non-default values
like <filename>/var/run/postgresql</> are often not writable by the
build user, requiring workarounds that will no longer be necessary.
</para>
</listitem>
<listitem>
<para>
Fix tablespace creation WAL replay to work on Windows (MauMau)
</para>
</listitem>
<listitem>
<para>
Fix detection of socket creation failures on Windows (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
On Windows, allow new sessions to absorb values of PGC_BACKEND
parameters (such as <xref linkend="guc-log-connections">) from the
configuration file (Amit Kapila)
</para>
<para>
Previously, if such a parameter were changed in the file post-startup,
the change would have no effect.
</para>
</listitem>
<listitem>
<para>
Properly quote executable path names on Windows (Nikhil Deshpande)
</para>
<para>
This oversight could cause <application>initdb</>
and <application>pg_upgrade</> to fail on Windows, if the installation
path contained both spaces and <literal>@</> signs.
</para>
</listitem>
<listitem>
<para>
Fix linking of <application>libpython</> on macOS (Tom Lane)
</para>
<para>
The method we previously used can fail with the Python library
supplied by Xcode 5.0 and later.
</para>
</listitem>
<listitem>
<para>
Avoid buffer bloat in <application>libpq</> when the server
consistently sends data faster than the client can absorb it
(Shin-ichi Morita, Tom Lane)
</para>
<para>
<application>libpq</> could be coerced into enlarging its input buffer
until it runs out of memory (which would be reported misleadingly
as <quote>lost synchronization with server</>). Under ordinary
circumstances it's quite far-fetched that data could be continuously
transmitted more quickly than the <function>recv()</> loop can
absorb it, but this has been observed when the client is artificially
slowed by scheduler constraints.
</para>
</listitem>
<listitem>
<para>
Ensure that LDAP lookup attempts in <application>libpq</> time out as
intended (Laurenz Albe)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</> to do the right thing when an array
of <type>char *</> is the target for a FETCH statement returning more
than one row, as well as some other array-handling fixes
(Ashutosh Bapat)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</>'s processing of old-style large object
comments (Tom Lane)
</para>
<para>
A direct-to-database restore from an archive file generated by a
pre-9.0 version of <application>pg_dump</> would usually fail if the
archive contained more than a few comments for large objects.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> for cases where the new server creates
a TOAST table but the old version did not (Bruce Momjian)
</para>
<para>
This rare situation would manifest as <quote>relation OID mismatch</>
errors.
</para>
</listitem>
<listitem>
<para>
Prevent <filename>contrib/auto_explain</> from changing the output of
a user's <command>EXPLAIN</> (Tom Lane)
</para>
<para>
If <filename>auto_explain</> is active, it could cause
an <literal>EXPLAIN (ANALYZE, TIMING OFF)</> command to nonetheless
print timing information.
</para>
</listitem>
<listitem>
<para>
Fix query-lifespan memory leak in <filename>contrib/dblink</>
(MauMau, Joe Conway)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/pgcrypto</> functions, ensure sensitive
information is cleared from stack variables before returning
(Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Prevent use of already-freed memory in
<filename>contrib/pgstattuple</>'s <function>pgstat_heap()</>
(Noah Misch)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/uuid-ossp</>, cache the state of the OSSP UUID
library across calls (Tom Lane)
</para>
<para>
This improves the efficiency of UUID generation and reduces the amount
of entropy drawn from <filename>/dev/urandom</>, on platforms that
have that.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2014e
for DST law changes in Crimea, Egypt, and Morocco.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-8">
<title>Release 9.2.8</title>
<formalpara>
<title>Release date:</title>
<para>2014-03-20</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.7.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.8</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.6,
see <xref linkend="release-9-2-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Restore GIN metapages unconditionally to avoid torn-page risk
(Heikki Linnakangas)
</para>
<para>
Although this oversight could theoretically result in a corrupted
index, it is unlikely to have caused any problems in practice, since
the active part of a GIN metapage is smaller than a standard 512-byte
disk sector.
</para>
</listitem>
<listitem>
<para>
Avoid race condition in checking transaction commit status during
receipt of a <command>NOTIFY</> message (Marko Tiikkaja)
</para>
<para>
This prevents a scenario wherein a sufficiently fast client might
respond to a notification before database updates made by the
notifier have become visible to the recipient.
</para>
</listitem>
<listitem>
<para>
Allow regular-expression operators to be terminated early by query
cancel requests (Tom Lane)
</para>
<para>
This prevents scenarios wherein a pathological regular expression
could lock up a server process uninterruptibly for a long time.
</para>
</listitem>
<listitem>
<para>
Remove incorrect code that tried to allow <literal>OVERLAPS</> with
single-element row arguments (Joshua Yanovski)
</para>
<para>
This code never worked correctly, and since the case is neither
specified by the SQL standard nor documented, it seemed better to
remove it than fix it.
</para>
</listitem>
<listitem>
<para>
Avoid getting more than <literal>AccessShareLock</> when de-parsing a
rule or view (Dean Rasheed)
</para>
<para>
This oversight resulted in <application>pg_dump</> unexpectedly
acquiring <literal>RowExclusiveLock</> locks on tables mentioned as
the targets of <literal>INSERT</>/<literal>UPDATE</>/<literal>DELETE</>
commands in rules. While usually harmless, that could interfere with
concurrent transactions that tried to acquire, for example,
<literal>ShareLock</> on those tables.
</para>
</listitem>
<listitem>
<para>
Improve performance of index endpoint probes during planning (Tom Lane)
</para>
<para>
This change fixes a significant performance problem that occurred
when there were many not-yet-committed rows at the end of the index,
which is a common situation for indexes on sequentially-assigned
values such as timestamps or sequence-generated identifiers.
</para>
</listitem>
<listitem>
<para>
Fix <application>walsender</>'s failure to shut down cleanly when client
is <application>pg_receivexlog</> (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Check WAL level and hot standby parameters correctly when doing crash
recovery that will be followed by archive recovery (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix test to see if hot standby connections can be allowed immediately
after a crash (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Prevent interrupts while reporting non-<literal>ERROR</> messages
(Tom Lane)
</para>
<para>
This guards against rare server-process freezeups due to recursive
entry to <function>syslog()</>, and perhaps other related problems.
</para>
</listitem>
<listitem>
<para>
Fix memory leak in PL/Perl when returning a composite result, including
multiple-OUT-parameter cases (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Fix tracking of <application>psql</> script line numbers
during <literal>\copy</> from out-of-line data
(Kumar Rajeev Rastogi, Amit Khandekar)
</para>
<para>
<literal>\copy ... from</> incremented the script file line number
for each data line, even if the data was not coming from the script
file. This mistake resulted in wrong line numbers being reported for
any errors occurring later in the same script file.
</para>
</listitem>
<listitem>
<para>
Prevent intermittent <quote>could not reserve shared memory region</>
failures on recent Windows versions (MauMau)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2014a
for DST law changes in Fiji and Turkey, plus historical changes in
Israel and Ukraine.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-7">
<title>Release 9.2.7</title>
<formalpara>
<title>Release date:</title>
<para>2014-02-20</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.6.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.7</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.6,
see <xref linkend="release-9-2-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Shore up <literal>GRANT ... WITH ADMIN OPTION</> restrictions
(Noah Misch)
</para>
<para>
Granting a role without <literal>ADMIN OPTION</> is supposed to
prevent the grantee from adding or removing members from the granted
role, but this restriction was easily bypassed by doing <literal>SET
ROLE</> first. The security impact is mostly that a role member can
revoke the access of others, contrary to the wishes of his grantor.
Unapproved role member additions are a lesser concern, since an
uncooperative role member could provide most of his rights to others
anyway by creating views or <literal>SECURITY DEFINER</> functions.
(CVE-2014-0060)
</para>
</listitem>
<listitem>
<para>
Prevent privilege escalation via manual calls to PL validator
functions (Andres Freund)
</para>
<para>
The primary role of PL validator functions is to be called implicitly
during <command>CREATE FUNCTION</>, but they are also normal SQL
functions that a user can call explicitly. Calling a validator on
a function actually written in some other language was not checked
for and could be exploited for privilege-escalation purposes.
The fix involves adding a call to a privilege-checking function in
each validator function. Non-core procedural languages will also
need to make this change to their own validator functions, if any.
(CVE-2014-0061)
</para>
</listitem>
<listitem>
<para>
Avoid multiple name lookups during table and index DDL
(Robert Haas, Andres Freund)
</para>
<para>
If the name lookups come to different conclusions due to concurrent
activity, we might perform some parts of the DDL on a different table
than other parts. At least in the case of <command>CREATE INDEX</>,
this can be used to cause the permissions checks to be performed
against a different table than the index creation, allowing for a
privilege escalation attack.
(CVE-2014-0062)
</para>
</listitem>
<listitem>
<para>
Prevent buffer overrun with long datetime strings (Noah Misch)
</para>
<para>
The <literal>MAXDATELEN</> constant was too small for the longest
possible value of type <type>interval</>, allowing a buffer overrun
in <function>interval_out()</>. Although the datetime input
functions were more careful about avoiding buffer overrun, the limit
was short enough to cause them to reject some valid inputs, such as
input containing a very long timezone name. The <application>ecpg</>
library contained these vulnerabilities along with some of its own.
(CVE-2014-0063)
</para>
</listitem>
<listitem>
<para>
Prevent buffer overrun due to integer overflow in size calculations
(Noah Misch, Heikki Linnakangas)
</para>
<para>
Several functions, mostly type input functions, calculated an
allocation size without checking for overflow. If overflow did
occur, a too-small buffer would be allocated and then written past.
(CVE-2014-0064)
</para>
</listitem>
<listitem>
<para>
Prevent overruns of fixed-size buffers
(Peter Eisentraut, Jozef Mlich)
</para>
<para>
Use <function>strlcpy()</> and related functions to provide a clear
guarantee that fixed-size buffers are not overrun. Unlike the
preceding items, it is unclear whether these cases really represent
live issues, since in most cases there appear to be previous
constraints on the size of the input string. Nonetheless it seems
prudent to silence all Coverity warnings of this type.
(CVE-2014-0065)
</para>
</listitem>
<listitem>
<para>
Avoid crashing if <function>crypt()</> returns NULL (Honza Horak,
Bruce Momjian)
</para>
<para>
There are relatively few scenarios in which <function>crypt()</>
could return NULL, but <filename>contrib/chkpass</> would crash
if it did. One practical case in which this could be an issue is
if <application>libc</> is configured to refuse to execute unapproved
hashing algorithms (e.g., <quote>FIPS mode</>).
(CVE-2014-0066)
</para>
</listitem>
<listitem>
<para>
Document risks of <literal>make check</> in the regression testing
instructions (Noah Misch, Tom Lane)
</para>
<para>
Since the temporary server started by <literal>make check</>
uses <quote>trust</> authentication, another user on the same machine
could connect to it as database superuser, and then potentially
exploit the privileges of the operating-system user who started the
tests. A future release will probably incorporate changes in the
testing procedure to prevent this risk, but some public discussion is
needed first. So for the moment, just warn people against using
<literal>make check</> when there are untrusted users on the
same machine.
(CVE-2014-0067)
</para>
</listitem>
<listitem>
<para>
Fix possible mis-replay of WAL records when some segments of a
relation aren't full size (Greg Stark, Tom Lane)
</para>
<para>
The WAL update could be applied to the wrong page, potentially many
pages past where it should have been. Aside from corrupting data,
this error has been observed to result in significant <quote>bloat</>
of standby servers compared to their masters, due to updates being
applied far beyond where the end-of-file should have been. This
failure mode does not appear to be a significant risk during crash
recovery, only when initially synchronizing a standby created from a
base backup taken from a quickly-changing master.
</para>
</listitem>
<listitem>
<para>
Fix bug in determining when recovery has reached consistency
(Tomonari Katsumata, Heikki Linnakangas)
</para>
<para>
In some cases WAL replay would mistakenly conclude that the database
was already consistent at the start of replay, thus possibly allowing
hot-standby queries before the database was really consistent. Other
symptoms such as <quote>PANIC: WAL contains references to invalid
pages</> were also possible.
</para>
</listitem>
<listitem>
<para>
Fix improper locking of btree index pages while replaying
a <literal>VACUUM</> operation in hot-standby mode (Andres Freund,
Heikki Linnakangas, Tom Lane)
</para>
<para>
This error could result in <quote>PANIC: WAL contains references to
invalid pages</> failures.
</para>
</listitem>
<listitem>
<para>
Ensure that insertions into non-leaf GIN index pages write a full-page
WAL record when appropriate (Heikki Linnakangas)
</para>
<para>
The previous coding risked index corruption in the event of a
partial-page write during a system crash.
</para>
</listitem>
<listitem>
<para>
When <literal>pause_at_recovery_target</>
and <literal>recovery_target_inclusive</> are both set, ensure the
target record is applied before pausing, not after (Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix race conditions during server process exit (Robert Haas)
</para>
<para>
Ensure that signal handlers don't attempt to use the
process's <varname>MyProc</> pointer after it's no longer valid.
</para>
</listitem>
<listitem>
<para>
Fix race conditions in walsender shutdown logic and walreceiver
SIGHUP signal handler (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix unsafe references to <varname>errno</> within error reporting
logic (Christian Kruse)
</para>
<para>
This would typically lead to odd behaviors such as missing or
inappropriate <literal>HINT</> fields.
</para>
</listitem>
<listitem>
<para>
Fix possible crashes from using <function>ereport()</> too early
during server startup (Tom Lane)
</para>
<para>
The principal case we've seen in the field is a crash if the server
is started in a directory it doesn't have permission to read.
</para>
</listitem>
<listitem>
<para>
Clear retry flags properly in OpenSSL socket write
function (Alexander Kukushkin)
</para>
<para>
This omission could result in a server lockup after unexpected loss
of an SSL-encrypted connection.
</para>
</listitem>
<listitem>
<para>
Fix length checking for Unicode identifiers (<literal>U&amp;"..."</>
syntax) containing escapes (Tom Lane)
</para>
<para>
A spurious truncation warning would be printed for such identifiers
if the escaped form of the identifier was too long, but the
identifier actually didn't need truncation after de-escaping.
</para>
</listitem>
<listitem>
<para>
Allow keywords that are type names to be used in lists of roles
(Stephen Frost)
</para>
<para>
A previous patch allowed such keywords to be used without quoting
in places such as role identifiers; but it missed cases where a
list of role identifiers was permitted, such as <literal>DROP ROLE</>.
</para>
</listitem>
<listitem>
<para>
Fix parser crash for <literal>EXISTS(SELECT * FROM
zero_column_table)</literal> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible crash due to invalid plan for nested sub-selects, such
as <literal>WHERE (... x IN (SELECT ...) ...) IN (SELECT ...)</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <literal>UPDATE/DELETE</> of an inherited target table
that has <literal>UNION ALL</> subqueries (Tom Lane)
</para>
<para>
Without this fix, <literal>UNION ALL</> subqueries aren't correctly
inserted into the update plans for inheritance child tables after the
first one, typically resulting in no update happening for those child
table(s).
</para>
</listitem>
<listitem>
<para>
Ensure that <command>ANALYZE</> creates statistics for a table column
even when all the values in it are <quote>too wide</> (Tom Lane)
</para>
<para>
<command>ANALYZE</> intentionally omits very wide values from its
histogram and most-common-values calculations, but it neglected to do
something sane in the case that all the sampled entries are too wide.
</para>
</listitem>
<listitem>
<para>
In <literal>ALTER TABLE ... SET TABLESPACE</>, allow the database's
default tablespace to be used without a permissions check
(Stephen Frost)
</para>
<para>
<literal>CREATE TABLE</> has always allowed such usage,
but <literal>ALTER TABLE</> didn't get the memo.
</para>
</listitem>
<listitem>
<para>
Fix <quote>cannot accept a set</> error when some arms of
a <literal>CASE</> return a set and others don't (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Properly distinguish numbers from non-numbers when generating JSON
output (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Fix checks for all-zero client addresses in pgstat functions (Kevin
Grittner)
</para>
</listitem>
<listitem>
<para>
Fix possible misclassification of multibyte characters by the text
search parser (Tom Lane)
</para>
<para>
Non-ASCII characters could be misclassified when using C locale with
a multibyte encoding. On Cygwin, non-C locales could fail as well.
</para>
</listitem>
<listitem>
<para>
Fix possible misbehavior in <function>plainto_tsquery()</>
(Heikki Linnakangas)
</para>
<para>
Use <function>memmove()</> not <function>memcpy()</> for copying
overlapping memory regions. There have been no field reports of
this actually causing trouble, but it's certainly risky.
</para>
</listitem>
<listitem>
<para>
Fix placement of permissions checks in <function>pg_start_backup()</>
and <function>pg_stop_backup()</> (Andres Freund, Magnus Hagander)
</para>
<para>
The previous coding might attempt to do catalog access when it
shouldn't.
</para>
</listitem>
<listitem>
<para>
Accept <literal>SHIFT_JIS</> as an encoding name for locale checking
purposes (Tatsuo Ishii)
</para>
</listitem>
<listitem>
<para>
Fix <literal>*</>-qualification of named parameters in SQL-language
functions (Tom Lane)
</para>
<para>
Given a composite-type parameter
named <literal>foo</>, <literal>$1.*</> worked fine,
but <literal>foo.*</> not so much.
</para>
</listitem>
<listitem>
<para>
Fix misbehavior of <function>PQhost()</> on Windows (Fujii Masao)
</para>
<para>
It should return <literal>localhost</> if no host has been specified.
</para>
</listitem>
<listitem>
<para>
Improve error handling in <application>libpq</> and <application>psql</>
for failures during <literal>COPY TO STDOUT/FROM STDIN</> (Tom Lane)
</para>
<para>
In particular this fixes an infinite loop that could occur in 9.2 and
up if the server connection was lost during <literal>COPY FROM
STDIN</>. Variants of that scenario might be possible in older
versions, or with other client applications.
</para>
</listitem>
<listitem>
<para>
Fix incorrect translation handling in
some <application>psql</> <literal>\d</> commands
(Peter Eisentraut, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure <application>pg_basebackup</>'s background process is killed
when exiting its foreground process (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Fix possible incorrect printing of filenames
in <application>pg_basebackup</>'s verbose mode (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Avoid including tablespaces inside PGDATA twice in base backups
(Dimitri Fontaine, Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Fix misaligned descriptors in <application>ecpg</> (MauMau)
</para>
</listitem>
<listitem>
<para>
In <application>ecpg</>, handle lack of a hostname in the connection
parameters properly (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix performance regression in <filename>contrib/dblink</> connection
startup (Joe Conway)
</para>
<para>
Avoid an unnecessary round trip when client and server encodings match.
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/isn</>, fix incorrect calculation of the check
digit for ISMN values (Fabien Coelho)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pg_stat_statement</>'s handling
of <literal>CURRENT_DATE</> and related constructs (Kyotaro
Horiguchi)
</para>
</listitem>
<listitem>
<para>
Ensure client-code-only installation procedure works as documented
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
In Mingw and Cygwin builds, install the <application>libpq</> DLL
in the <filename>bin</> directory (Andrew Dunstan)
</para>
<para>
This duplicates what the MSVC build has long done. It should fix
problems with programs like <application>psql</> failing to start
because they can't find the DLL.
</para>
</listitem>
<listitem>
<para>
Avoid using the deprecated <literal>dllwrap</> tool in Cygwin builds
(Marco Atzeri)
</para>
</listitem>
<listitem>
<para>
Don't generate plain-text <filename>HISTORY</>
and <filename>src/test/regress/README</> files anymore (Tom Lane)
</para>
<para>
These text files duplicated the main HTML and PDF documentation
formats. The trouble involved in maintaining them greatly outweighs
the likely audience for plain-text format. Distribution tarballs
will still contain files by these names, but they'll just be stubs
directing the reader to consult the main documentation.
The plain-text <filename>INSTALL</> file will still be maintained, as
there is arguably a use-case for that.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013i
for DST law changes in Jordan and historical changes in Cuba.
</para>
<para>
In addition, the zones <literal>Asia/Riyadh87</>,
<literal>Asia/Riyadh88</>, and <literal>Asia/Riyadh89</> have been
removed, as they are no longer maintained by IANA, and never
represented actual civil timekeeping practice.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-6">
<title>Release 9.2.6</title>
<formalpara>
<title>Release date:</title>
<para>2013-12-05</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.5.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.6</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, this release corrects a number of potential data corruption
issues. See the first two changelog entries below to find out whether
your installation has been affected and what steps you can take if so.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.4,
see <xref linkend="release-9-2-4">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <command>VACUUM</>'s tests to see whether it can
update <structfield>relfrozenxid</> (Andres Freund)
</para>
<para>
In some cases <command>VACUUM</> (either manual or autovacuum) could
incorrectly advance a table's <structfield>relfrozenxid</> value,
allowing tuples to escape freezing, causing those rows to become
invisible once 2^31 transactions have elapsed. The probability of
data loss is fairly low since multiple incorrect advancements would
need to happen before actual loss occurs, but it's not zero. In 9.2.0
and later, the probability of loss is higher, and it's also possible
to get <quote>could not access status of transaction</> errors as a
consequence of this bug. Users upgrading from releases 9.0.4 or 8.4.8
or earlier are not affected, but all later versions contain the bug.
</para>
<para>
The issue can be ameliorated by, after upgrading, vacuuming all tables
in all databases while having <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</></link>
set to zero. This will fix any latent corruption but will not be able
to fix all pre-existing data errors. However, an installation can be
presumed safe after performing this vacuuming if it has executed fewer
than 2^31 update transactions in its lifetime (check this with
<literal>SELECT txid_current() < 2^31</>).
</para>
</listitem>
<listitem>
<para>
Fix initialization of <filename>pg_clog</> and <filename>pg_subtrans</>
during hot standby startup (Andres Freund, Heikki Linnakangas)
</para>
<para>
This bug can cause data loss on standby servers at the moment they
start to accept hot-standby queries, by marking committed transactions
as uncommitted. The likelihood of such corruption is small unless, at
the time of standby startup, the primary server has executed many
updating transactions since its last checkpoint. Symptoms include
missing rows, rows that should have been deleted being still visible,
and obsolete versions of updated rows being still visible alongside
their newer versions.
</para>
<para>
This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14.
Standby servers that have only been running earlier releases are not
at risk. It's recommended that standby servers that have ever run any
of the buggy releases be re-cloned from the primary (e.g., with a new
base backup) after upgrading.
</para>
</listitem>
<listitem>
<para>
Fix dangling-pointer problem in fast-path locking (Tom Lane)
</para>
<para>
This could lead to corruption of the lock data structures in shared
memory, causing <quote>lock already held</> and other odd errors.
</para>
</listitem>
<listitem>
<para>
Truncate <filename>pg_multixact</> contents during WAL replay
(Andres Freund)
</para>
<para>
This avoids ever-increasing disk space consumption in standby servers.
</para>
</listitem>
<listitem>
<para>
Ensure an anti-wraparound <command>VACUUM</> counts a page as scanned
when it's only verified that no tuples need freezing (Sergey
Burladyan, Jeff Janes)
</para>
<para>
This bug could result in failing to
advance <structfield>relfrozenxid</>, so that the table would still be
thought to need another anti-wraparound vacuum. In the worst case the
database might even shut down to prevent wraparound.
</para>
</listitem>
<listitem>
<para>
Fix race condition in GIN index posting tree page deletion (Heikki
Linnakangas)
</para>
<para>
This could lead to transient wrong answers or query failures.
</para>
</listitem>
<listitem>
<para>
Fix <quote>unexpected spgdoinsert() failure</> error during SP-GiST
index creation (Teodor Sigaev)
</para>
</listitem>
<listitem>
<para>
Avoid flattening a subquery whose <literal>SELECT</> list contains a
volatile function wrapped inside a sub-<literal>SELECT</> (Tom Lane)
</para>
<para>
This avoids unexpected results due to extra evaluations of the
volatile function.
</para>
</listitem>
<listitem>
<para>
Fix planner's processing of non-simple-variable subquery outputs
nested within outer joins (Tom Lane)
</para>
<para>
This error could lead to incorrect plans for queries involving
multiple levels of subqueries within <literal>JOIN</> syntax.
</para>
</listitem>
<listitem>
<para>
Fix incorrect planning in cases where the same non-strict expression
appears in multiple <literal>WHERE</> and outer <literal>JOIN</>
equality clauses (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix planner crash with whole-row reference to a subquery (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix incorrect generation of optimized MIN()/MAX() plans for
inheritance trees (Tom Lane)
</para>
<para>
The planner could fail in cases where the MIN()/MAX() argument was an
expression rather than a simple variable.
</para>
</listitem>
<listitem>
<para>
Fix premature deletion of temporary files (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Prevent intra-transaction memory leak when printing range values
(Tom Lane)
</para>
<para>
This fix actually cures transient memory leaks in any datatype output
function, but range types are the only ones known to have had a
significant problem.
</para>
</listitem>
<listitem>
<para>
Prevent incorrect display of dropped columns in NOT NULL and CHECK
constraint violation messages (Michael Paquier and Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow default arguments and named-argument notation for window
functions (Tom Lane)
</para>
<para>
Previously, these cases were likely to crash.
</para>
</listitem>
<listitem>
<para>
Fix possible read past end of memory in rule printing (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix array slicing of <type>int2vector</> and <type>oidvector</> values
(Tom Lane)
</para>
<para>
Expressions of this kind are now implicitly promoted to
regular <type>int2</> or <type>oid</> arrays.
</para>
</listitem>
<listitem>
<para>
Fix incorrect behaviors when using a SQL-standard, simple GMT offset
timezone (Tom Lane)
</para>
<para>
In some cases, the system would use the simple GMT offset value when
it should have used the regular timezone setting that had prevailed
before the simple offset was selected. This change also causes
the <function>timeofday</> function to honor the simple GMT offset
zone.
</para>
</listitem>
<listitem>
<para>
Prevent possible misbehavior when logging translations of Windows
error codes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Properly quote generated command lines in <application>pg_ctl</>
(Naoya Anzai and Tom Lane)
</para>
<para>
This fix applies only to Windows.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dumpall</> to work when a source database
sets <link
linkend="guc-default-transaction-read-only"><varname>default_transaction_read_only</></link>
via <command>ALTER DATABASE SET</> (Kevin Grittner)
</para>
<para>
Previously, the generated script would fail during restore.
</para>
</listitem>
<listitem>
<para>
Make <application>ecpg</> search for quoted cursor names
case-sensitively (Zolt&aacute;n B&ouml;sz&ouml;rm&eacute;nyi)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s processing of lists of variables
declared <type>varchar</> (Zolt&aacute;n B&ouml;sz&ouml;rm&eacute;nyi)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/lo</> defend against incorrect trigger definitions
(Marc Cousin)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013h
for DST law changes in Argentina, Brazil, Jordan, Libya,
Liechtenstein, Morocco, and Palestine. Also, new timezone
abbreviations WIB, WIT, WITA for Indonesia.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-5">
<title>Release 9.2.5</title>
<formalpara>
<title>Release date:</title>
<para>2013-10-10</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.4.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.5</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.4,
see <xref linkend="release-9-2-4">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent corruption of multi-byte characters when attempting to
case-fold identifiers (Andrew Dunstan)
</para>
<para>
<productname>PostgreSQL</> case-folds non-ASCII characters only
when using a single-byte server encoding.
</para>
</listitem>
<listitem>
<para>
Fix memory leak when creating B-tree indexes on range columns
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix checkpoint memory leak in background writer when <literal>wal_level =
hot_standby</> (Naoya Anzai)
</para>
</listitem>
<listitem>
<para>
Fix memory leak caused by <function>lo_open()</function> failure
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix memory overcommit bug when <varname>work_mem</> is using more
than 24GB of memory (Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix deadlock bug in libpq when using SSL (Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Fix possible SSL state corruption in threaded libpq applications
(Nick Phillips, Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Improve estimate of planner cost when choosing between generic and
custom plans (Tom Lane)
</para>
<para>
This change will favor generic plans when planning cost is high.
</para>
</listitem>
<listitem>
<para>
Properly compute row estimates for boolean columns containing many NULL
values (Andrew Gierth)
</para>
<para>
Previously tests like <literal>col IS NOT TRUE</> and <literal>col IS
NOT FALSE</> did not properly factor in NULL values when estimating
plan costs.
</para>
</listitem>
<listitem>
<para>
Fix accounting for qualifier evaluation costs in <literal>UNION ALL</>
and inheritance queries (Tom Lane)
</para>
<para>
This fixes cases where suboptimal query plans could be chosen if
some <literal>WHERE</> clauses are expensive to calculate.
</para>
</listitem>
<listitem>
<para>
Prevent pushing down <literal>WHERE</> clauses into unsafe
<literal>UNION/INTERSECT</> subqueries (Tom Lane)
</para>
<para>
Subqueries of a <literal>UNION</> or <literal>INTERSECT</> that
contain set-returning functions or volatile functions in their
<literal>SELECT</> lists could be improperly optimized, leading to
run-time errors or incorrect query results.
</para>
</listitem>
<listitem>
<para>
Fix rare case of <quote>failed to locate grouping columns</>
planner failure (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> of foreign tables with dropped columns (Andrew Dunstan)
</para>
<para>
Previously such cases could cause a <application>pg_upgrade</> error.
</para>
</listitem>
<listitem>
<para>
Reorder <application>pg_dump</> processing of extension-related
rules and event triggers (Joe Conway)
</para>
</listitem>
<listitem>
<para>
Force dumping of extension tables if specified by <command>pg_dump
-t</> or <literal>-n</> (Joe Conway)
</para>
</listitem>
<listitem>
<para>
Improve view dumping code's handling of dropped columns in referenced
tables (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <command>pg_restore -l</> with the directory archive to display
the correct format name (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Properly record index comments created using <literal>UNIQUE</>
and <literal>PRIMARY KEY</> syntax (Andres Freund)
</para>
<para>
This fixes a parallel <application>pg_restore</> failure.
</para>
</listitem>
<listitem>
<para>
Cause <command>pg_basebackup -x</> with an empty xlog directory
to throw an error rather than crashing (Magnus Hagander, Haruka
Takatsuka)
</para>
</listitem>
<listitem>
<para>
Properly guarantee transmission of WAL files before clean switchover
(Fujii Masao)
</para>
<para>
Previously, the streaming replication connection might close before all
WAL files had been replayed on the standby.
</para>
</listitem>
<listitem>
<para>
Fix WAL segment timeline handling during recovery (Mitsumasa Kondo,
Heikki Linnakangas)
</para>
<para>
WAL file recycling during standby recovery could lead to premature
recovery completion, resulting in data loss.
</para>
</listitem>
<listitem>
<para>
Prevent errors in WAL replay due to references to uninitialized empty
pages (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix <command>REINDEX TABLE</> and <command>REINDEX DATABASE</>
to properly revalidate constraints and mark invalidated indexes as
valid (Noah Misch)
</para>
<para>
<command>REINDEX INDEX</> has always worked properly.
</para>
</listitem>
<listitem>
<para>
Avoid deadlocks during insertion into SP-GiST indexes (Teodor Sigaev)
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock during concurrent <command>CREATE INDEX
CONCURRENTLY</> operations (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix GiST index lookup crash (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>regexp_matches()</> handling of zero-length matches
(Jeevan Chalke)
</para>
<para>
Previously, zero-length matches like '^' could return too many matches.
</para>
</listitem>
<listitem>
<para>
Fix crash for overly-complex regular expressions (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix regular expression match failures for back references combined with
non-greedy quantifiers (Jeevan Chalke)
</para>
</listitem>
<listitem>
<para>
Prevent <command>CREATE FUNCTION</> from checking <command>SET</>
variables unless function body checking is enabled (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow <command>ALTER DEFAULT PRIVILEGES</> to operate on schemas
without requiring CREATE permission (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Loosen restriction on keywords used in queries (Tom Lane)
</para>
<para>
Specifically, lessen keyword restrictions for role names, language
names, <command>EXPLAIN</> and <command>COPY</> options, and
<command>SET</> values. This allows <literal>COPY ... (FORMAT
BINARY)</> to work as expected; previously <literal>BINARY</> needed
to be quoted.
</para>
</listitem>
<listitem>
<para>
Print proper line number during <command>COPY</> failure (Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix <function>pgp_pub_decrypt()</> so it works for secret keys with
passwords (Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_upgrade</> use <literal>pg_dump
--quote-all-identifiers</> to avoid problems with keyword changes
between releases (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Remove rare inaccurate warning during vacuum of index-less tables
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ensure that <command>VACUUM ANALYZE</> still runs the ANALYZE phase
if its attempt to truncate the file is cancelled due to lock conflicts
(Kevin Grittner)
</para>
</listitem>
<listitem>
<para>
Avoid possible failure when performing transaction control commands (e.g
<command>ROLLBACK</>) in prepared queries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that floating-point data input accepts standard spellings
of <quote>infinity</> on all platforms (Tom Lane)
</para>
<para>
The C99 standard says that allowable spellings are <literal>inf</>,
<literal>+inf</>, <literal>-inf</>, <literal>infinity</>,
<literal>+infinity</>, and <literal>-infinity</>. Make sure we
recognize these even if the platform's <function>strtod</> function
doesn't.
</para>
</listitem>
<listitem>
<para>
Avoid unnecessary reporting when <varname>track_activities</> is off
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Expand ability to compare rows to records and arrays (Rafal Rzepecki,
Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent crash when <application>psql</>'s <envar>PSQLRC</> variable
contains a tilde (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Add spinlock support for ARM64 (Mark Salter)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013d
for DST law changes in Israel, Morocco, Palestine, and Paraguay.
Also, historical zone data corrections for Macquarie Island.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-4">
<title>Release 9.2.4</title>
<formalpara>
<title>Release date:</title>
<para>2013-04-04</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.3.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.4</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, this release corrects several errors in management of GiST
indexes. After installing this update, it is advisable to
<command>REINDEX</> any GiST indexes that meet one or more of the
conditions described below.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.2,
see <xref linkend="release-9-2-2">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix insecure parsing of server command-line switches (Mitsumasa
Kondo, Kyotaro Horiguchi)
</para>
<para>
A connection request containing a database name that begins with
<quote><literal>-</></quote> could be crafted to damage or destroy
files within the server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
</para>
</listitem>
<listitem>
<para>
Reset OpenSSL randomness state in each postmaster child process
(Marko Kreen)
</para>
<para>
This avoids a scenario wherein random numbers generated by
<filename>contrib/pgcrypto</> functions might be relatively easy for
another database user to guess. The risk is only significant when
the postmaster is configured with <varname>ssl</> = <literal>on</>
but most connections don't use SSL encryption. (CVE-2013-1900)
</para>
</listitem>
<listitem>
<para>
Make REPLICATION privilege checks test current user not authenticated
user (Noah Misch)
</para>
<para>
An unprivileged database user could exploit this mistake to call
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
thus possibly interfering with creation of routine backups.
(CVE-2013-1901)
</para>
</listitem>
<listitem>
<para>
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when
it's not appropriate to do so (Alexander Korotkov)
</para>
<para>
The core geometric types perform comparisons using <quote>fuzzy</>
equality, but <function>gist_box_same</> must do exact comparisons,
else GiST indexes using it might become inconsistent. After installing
this update, users should <command>REINDEX</> any GiST indexes on
<type>box</>, <type>polygon</>, <type>circle</>, or <type>point</>
columns, since all of these use <function>gist_box_same</>.
</para>
</listitem>
<listitem>
<para>
Fix erroneous range-union and penalty logic in GiST indexes that use
<filename>contrib/btree_gist</> for variable-width data types, that is
<type>text</>, <type>bytea</>, <type>bit</>, and <type>numeric</>
columns (Tom Lane)
</para>
<para>
These errors could result in inconsistent indexes in which some keys
that are present would not be found by searches, and also in useless
index bloat. Users are advised to <command>REINDEX</> such indexes
after installing this update.
</para>
</listitem>
<listitem>
<para>
Fix bugs in GiST page splitting code for multi-column indexes
(Tom Lane)
</para>
<para>
These errors could result in inconsistent indexes in which some keys
that are present would not be found by searches, and also in indexes
that are unnecessarily inefficient to search. Users are advised to
<command>REINDEX</> multi-column GiST indexes after installing this
update.
</para>
</listitem>
<listitem>
<para>
Fix <function>gist_point_consistent</>
to handle fuzziness consistently (Alexander Korotkov)
</para>
<para>
Index scans on GiST indexes on <type>point</> columns would sometimes
yield results different from a sequential scan, because
<function>gist_point_consistent</> disagreed with the underlying
operator code about whether to do comparisons exactly or fuzzily.
</para>
</listitem>
<listitem>
<para>
Fix buffer leak in WAL replay (Heikki Linnakangas)
</para>
<para>
This bug could result in <quote>incorrect local pin count</> errors
during replay, making recovery impossible.
</para>
</listitem>
<listitem>
<para>
Ensure we do crash recovery before entering archive recovery, if the
database was not stopped cleanly and a <filename>recovery.conf</> file
is present (Heikki Linnakangas, Kyotaro Horiguchi, Mitsumasa Kondo)
</para>
<para>
This is needed to ensure that the database is consistent in certain
scenarios, such as initializing a standby server with a filesystem
snapshot from a running server.
</para>
</listitem>
<listitem>
<para>
Avoid deleting not-yet-archived WAL files during crash recovery
(Heikki Linnakangas, Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix race condition in <command>DELETE RETURNING</> (Tom Lane)
</para>
<para>
Under the right circumstances, <command>DELETE RETURNING</> could
attempt to fetch data from a shared buffer that the current process
no longer has any pin on. If some other process changed the buffer
meanwhile, this would lead to garbage <literal>RETURNING</> output, or
even a crash.
</para>
</listitem>
<listitem>
<para>
Fix infinite-loop risk in regular expression compilation (Tom Lane,
Don Porter)
</para>
</listitem>
<listitem>
<para>
Fix potential null-pointer dereference in regular expression compilation
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>to_char()</> to use ASCII-only case-folding rules where
appropriate (Tom Lane)
</para>
<para>
This fixes misbehavior of some template patterns that should be
locale-independent, but mishandled <quote><literal>I</></quote> and
<quote><literal>i</></quote> in Turkish locales.
</para>
</listitem>
<listitem>
<para>
Fix unwanted rejection of timestamp <literal>1999-12-31 24:00:00</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix SQL-language functions to be safely usable as support
functions for range types (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix logic error when a single transaction does <command>UNLISTEN</>
then <command>LISTEN</> (Tom Lane)
</para>
<para>
The session wound up not listening for notify events at all, though it
surely should listen in this case.
</para>
</listitem>
<listitem>
<para>
Fix possible planner crash after columns have been added to a view
that's depended on by another view (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix performance issue in <literal>EXPLAIN (ANALYZE, TIMING OFF)</>
(Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Remove useless <quote>picksplit doesn't support secondary split</> log
messages (Josh Hansen, Tom Lane)
</para>
<para>
This message seems to have been added in expectation of code that was
never written, and probably never will be, since GiST's default
handling of secondary splits is actually pretty good. So stop nagging
end users about it.
</para>
</listitem>
<listitem>
<para>
Remove vestigial secondary-split support in
<function>gist_box_picksplit()</> (Tom Lane)
</para>
<para>
Not only was this implementation of secondary-split not better than the
default implementation, it's actually worse. So remove it and let the
default code path handle the case.
</para>
</listitem>
<listitem>
<para>
Fix possible failure to send a session's last few transaction
commit/abort counts to the statistics collector (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Eliminate memory leaks in PL/Perl's <function>spi_prepare()</> function
(Alex Hunsaker, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dumpall</> to handle database names containing
<quote><literal>=</></quote> correctly (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Avoid crash in <application>pg_dump</> when an incorrect connection
string is given (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ignore invalid indexes in <application>pg_dump</> and
<application>pg_upgrade</> (Michael Paquier, Bruce Momjian)
</para>
<para>
Dumping invalid indexes can cause problems at restore time, for example
if the reason the index creation failed was because it tried to enforce
a uniqueness condition not satisfied by the table's data. Also, if the
index creation is in fact still in progress, it seems reasonable to
consider it to be an uncommitted DDL change, which
<application>pg_dump</> wouldn't be expected to dump anyway.
<application>pg_upgrade</> now also skips invalid indexes rather than
failing.
</para>
</listitem>
<listitem>
<para>
In <application>pg_basebackup</>, include only the current server
version's subdirectory when backing up a tablespace (Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Add a server version check in <application>pg_basebackup</> and
<application>pg_receivexlog</>, so they fail cleanly with version
combinations that won't work (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/dblink</> to handle inconsistent settings of
<varname>DateStyle</> or <varname>IntervalStyle</> safely (Daniel
Farina, Tom Lane)
</para>
<para>
Previously, if the remote server had different settings of these
parameters, ambiguous dates might be read incorrectly. This fix
ensures that datetime and interval columns fetched by a
<filename>dblink</> query will be interpreted correctly. Note however
that inconsistent settings are still risky, since literal values
appearing in SQL commands sent to the remote server might be
interpreted differently than they would be locally.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pg_trgm</>'s <function>similarity()</> function
to return zero for trigram-less strings (Tom Lane)
</para>
<para>
Previously it returned <literal>NaN</> due to internal division by zero.
</para>
</listitem>
<listitem>
<para>
Enable building <productname>PostgreSQL</> with Microsoft Visual
Studio 2012 (Brar Piening, Noah Misch)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013b
for DST law changes in Chile, Haiti, Morocco, Paraguay, and some
Russian areas. Also, historical zone data corrections for numerous
places.
</para>
<para>
Also, update the time zone abbreviation files for recent changes in
Russia and elsewhere: <literal>CHOT</>, <literal>GET</>,
<literal>IRKT</>, <literal>KGT</>, <literal>KRAT</>, <literal>MAGT</>,
<literal>MAWT</>, <literal>MSK</>, <literal>NOVT</>, <literal>OMST</>,
<literal>TKT</>, <literal>VLAT</>, <literal>WST</>, <literal>YAKT</>,
<literal>YEKT</> now follow their current meanings, and
<literal>VOLT</> (Europe/Volgograd) and <literal>MIST</>
(Antarctica/Macquarie) are added to the default abbreviations list.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-3">
<title>Release 9.2.3</title>
<formalpara>
<title>Release date:</title>
<para>2013-02-07</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.2.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.3</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.2,
see <xref linkend="release-9-2-2">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent execution of <function>enum_recv</> from SQL (Tom Lane)
</para>
<para>
The function was misdeclared, allowing a simple SQL command to crash the
server. In principle an attacker might be able to use it to examine the
contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
for reporting this issue. (CVE-2013-0255)
</para>
</listitem>
<listitem>
<para>
Fix multiple problems in detection of when a consistent database
state has been reached during WAL replay (Fujii Masao, Heikki
Linnakangas, Simon Riggs, Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix detection of end-of-backup point when no actual redo work is
required (Heikki Linnakangas)
</para>
<para>
This mistake could result in incorrect <quote>WAL ends before end of
online backup</> errors.
</para>
</listitem>
<listitem>
<para>
Update minimum recovery point when truncating a relation file (Heikki
Linnakangas)
</para>
<para>
Once data has been discarded, it's no longer safe to stop recovery at
an earlier point in the timeline.
</para>
</listitem>
<listitem>
<para>
Fix recycling of WAL segments after changing recovery target timeline
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Properly restore timeline history files from archive on cascading
standby servers (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix lock conflict detection on hot-standby servers (Andres Freund,
Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs)
</para>
<para>
The need to cancel conflicting hot-standby queries would sometimes be
missed, allowing those queries to see inconsistent data.
</para>
</listitem>
<listitem>
<para>
Prevent recovery pause feature from pausing before users can connect
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix SQL grammar to allow subscripting or field selection from a
sub-SELECT result (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix performance problems with autovacuum truncation in busy workloads
(Jan Wieck)
</para>
<para>
Truncation of empty pages at the end of a table requires exclusive
lock, but autovacuum was coded to fail (and release the table lock)
when there are conflicting lock requests. Under load, it is easily
possible that truncation would never occur, resulting in table bloat.
Fix by performing a partial truncation, releasing the lock, then
attempting to re-acquire the lock and continue. This fix also greatly
reduces the average time before autovacuum releases the lock after a
conflicting request arrives.
</para>
</listitem>
<listitem>
<para>
Improve performance of <function>SPI_execute</> and related
functions, thereby improving PL/pgSQL's <literal>EXECUTE</>
(Heikki Linnakangas, Tom Lane)
</para>
<para>
Remove some data-copying overhead that was added in 9.2 as a
consequence of revisions in the plan caching mechanism. This
eliminates a performance regression compared to 9.1, and also saves
memory, especially when the query string to be executed contains many
SQL statements.
</para>
<para>
A side benefit is that multi-statement query strings are now
processed fully serially, that is we complete execution of earlier
statements before running parse analysis and planning on the
following ones. This eliminates a long-standing issue, in that DDL
that should affect the behavior of a later statement will now behave as
expected.
</para>
</listitem>
<listitem>
<para>
Restore pre-9.2 cost estimates for index usage (Tom Lane)
</para>
<para>
An ill-considered change of a fudge factor led to undesirably high
cost estimates for use of very large indexes.
</para>
</listitem>
<listitem>
<para>
Fix intermittent crash in <literal>DROP INDEX CONCURRENTLY</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix potential corruption of shared-memory lock table during
<command>CREATE/DROP INDEX CONCURRENTLY</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <command>COPY</>'s multiple-tuple-insertion code for the case of
a tuple larger than page size minus fillfactor (Heikki Linnakangas)
</para>
<para>
The previous coding could get into an infinite loop.
</para>
</listitem>
<listitem>
<para>
Protect against race conditions when scanning
<structname>pg_tablespace</> (Stephen Frost, Tom Lane)
</para>
<para>
<command>CREATE DATABASE</> and <command>DROP DATABASE</> could
misbehave if there were concurrent updates of
<structname>pg_tablespace</> entries.
</para>
</listitem>
<listitem>
<para>
Prevent <command>DROP OWNED</> from trying to drop whole databases or
tablespaces (&Aacute;lvaro Herrera)
</para>
<para>
For safety, ownership of these objects must be reassigned, not dropped.
</para>
</listitem>
<listitem>
<para>
Fix error in <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</></link>
implementation (Andres Freund)
</para>
<para>
In installations that have existed for more than <link
linkend="guc-vacuum-freeze-min-age"><varname>vacuum_freeze_min_age</></link>
transactions, this mistake prevented autovacuum from using partial-table
scans, so that a full-table scan would always happen instead.
</para>
</listitem>
<listitem>
<para>
Prevent misbehavior when a <symbol>RowExpr</> or <symbol>XmlExpr</>
is parse-analyzed twice (Andres Freund, Tom Lane)
</para>
<para>
This mistake could be user-visible in contexts such as
<literal>CREATE TABLE LIKE INCLUDING INDEXES</>.
</para>
</listitem>
<listitem>
<para>
Improve defenses against integer overflow in hashtable sizing
calculations (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Fix some bugs associated with privileges on datatypes (Tom Lane)
</para>
<para>
There were some issues with default privileges for types, and
<application>pg_dump</> failed to dump such privileges at all.
</para>
</listitem>
<listitem>
<para>
Fix failure to ignore leftover temporary tables after a server crash
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix failure to rotate postmaster log files for size reasons on
Windows (Jeff Janes, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Reject out-of-range dates in <function>to_date()</> (Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Fix <function>pg_extension_config_dump()</> to handle
extension-update cases properly (Tom Lane)
</para>
<para>
This function will now replace any existing entry for the target
table, making it usable in extension update scripts.
</para>
</listitem>
<listitem>
<para>
Fix PL/pgSQL's reporting of plan-time errors in possibly-simple
expressions (Tom Lane)
</para>
<para>
The previous coding resulted in sometimes omitting the first line in
the <literal>CONTEXT</> traceback for the error.
</para>
</listitem>
<listitem>
<para>
Fix PL/Python's handling of functions used as triggers on multiple
tables (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Ensure that non-ASCII prompt strings are translated to the correct
code page on Windows (Alexander Law, Noah Misch)
</para>
<para>
This bug affected <application>psql</> and some other client programs.
</para>
</listitem>
<listitem>
<para>
Fix possible crash in <application>psql</>'s <command>\?</> command
when not connected to a database (Meng Qingzhong)
</para>
</listitem>
<listitem>
<para>
Fix possible error if a relation file is removed while
<application>pg_basebackup</> is running (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Tolerate timeline switches while <literal>pg_basebackup -X fetch</>
is backing up a standby server (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</> exclude data of unlogged tables when
running on a hot-standby server (Magnus Hagander)
</para>
<para>
This would fail anyway because the data is not available on the standby
server, so it seems most convenient to assume
<option>--no-unlogged-table-data</> automatically.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> to deal with invalid indexes safely
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</>'s -O/-o options (Marti Raudsepp)
</para>
</listitem>
<listitem>
<para>
Fix one-byte buffer overrun in <application>libpq</>'s
<function>PQprintTuples</> (Xi Wang)
</para>
<para>
This ancient function is not used anywhere by
<productname>PostgreSQL</> itself, but it might still be used by some
client code.
</para>
</listitem>
<listitem>
<para>
Make <application>ecpglib</> use translated messages properly
(Chen Huajun)
</para>
</listitem>
<listitem>
<para>
Properly install <application>ecpg_compat</> and
<application>pgtypes</> libraries on MSVC (Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Include our version of <function>isinf()</> in
<application>libecpg</> if it's not provided by the system
(Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Rearrange configure's tests for supplied functions so it is not
fooled by bogus exports from libedit/libreadline (Christoph Berg)
</para>
</listitem>
<listitem>
<para>
Ensure Windows build number increases over time (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Make <application>pgxs</> build executables with the right
<literal>.exe</> suffix when cross-compiling for Windows
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Add new timezone abbreviation <literal>FET</> (Tom Lane)
</para>
<para>
This is now used in some eastern-European time zones.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-2">
<title>Release 9.2.2</title>
<formalpara>
<title>Release date:</title>
<para>2012-12-06</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.1.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.2</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, you may need to perform <command>REINDEX</> operations to
correct problems in concurrently-built indexes, as described in the first
changelog item below.
</para>
<para>
Also, if you are upgrading from version 9.2.0,
see <xref linkend="release-9-2-1">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix multiple bugs associated with <command>CREATE/DROP INDEX
CONCURRENTLY</> (Andres Freund, Tom Lane, Simon Riggs, Pavan Deolasee)
</para>
<para>
An error introduced while adding <command>DROP INDEX CONCURRENTLY</>
allowed incorrect indexing decisions to be made during the initial
phase of <command>CREATE INDEX CONCURRENTLY</>; so that indexes built
by that command could be corrupt. It is recommended that indexes
built in 9.2.X with <command>CREATE INDEX CONCURRENTLY</> be rebuilt
after applying this update.
</para>
<para>
In addition, fix <command>CREATE/DROP INDEX CONCURRENTLY</> to use
in-place updates when changing the state of an index's
<structname>pg_index</> row. This prevents race conditions that could
cause concurrent sessions to miss updating the target index, thus
again resulting in corrupt concurrently-created indexes.
</para>
<para>
Also, fix various other operations to ensure that they ignore
invalid indexes resulting from a failed <command>CREATE INDEX
CONCURRENTLY</> command. The most important of these is
<command>VACUUM</>, because an auto-vacuum could easily be launched
on the table before corrective action can be taken to fix or remove
the invalid index.
</para>
<para>
Also fix <command>DROP INDEX CONCURRENTLY</> to not disable
insertions into the target index until all queries using it are done.
</para>
<para>
Also fix misbehavior if <command>DROP INDEX CONCURRENTLY</> is
canceled: the previous coding could leave an un-droppable index behind.
</para>
</listitem>
<listitem>
<para>
Correct predicate locking for <command>DROP INDEX CONCURRENTLY</>
(Kevin Grittner)
</para>
<para>
Previously, SSI predicate locks were processed at the wrong time,
possibly leading to incorrect behavior of serializable transactions
executing in parallel with the <command>DROP</>.
</para>
</listitem>
<listitem>
<para>
Fix buffer locking during WAL replay (Tom Lane)
</para>
<para>
The WAL replay code was insufficiently careful about locking buffers
when replaying WAL records that affect more than one page. This could
result in hot standby queries transiently seeing inconsistent states,
resulting in wrong answers or unexpected failures.
</para>
</listitem>
<listitem>
<para>
Fix an error in WAL generation logic for GIN indexes (Tom Lane)
</para>
<para>
This could result in index corruption, if a torn-page failure occurred.
</para>
</listitem>
<listitem>
<para>
Fix an error in WAL replay logic for SP-GiST indexes (Tom Lane)
</para>
<para>
This could result in index corruption after a crash, or on a standby
server.
</para>
</listitem>
<listitem>
<para>
Fix incorrect detection of end-of-base-backup location during WAL
recovery (Heikki Linnakangas)
</para>
<para>
This mistake allowed hot standby mode to start up before the database
reaches a consistent state.
</para>
</listitem>
<listitem>
<para>
Properly remove startup process's virtual XID lock when promoting a
hot standby server to normal running (Simon Riggs)
</para>
<para>
This oversight could prevent subsequent execution of certain
operations such as <command>CREATE INDEX CONCURRENTLY</>.
</para>
</listitem>
<listitem>
<para>
Avoid bogus <quote>out-of-sequence timeline ID</> errors in standby
mode (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Prevent the postmaster from launching new child processes after it's
received a shutdown signal (Tom Lane)
</para>
<para>
This mistake could result in shutdown taking longer than it should, or
even never completing at all without additional user action.
</para>
</listitem>
<listitem>
<para>
Fix the syslogger process to not fail when
<varname>log_rotation_age</> exceeds 2^31 milliseconds (about 25 days)
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>WaitLatch()</> to return promptly when the requested
timeout expires (Jeff Janes, Tom Lane)
</para>
<para>
With the previous coding, a steady stream of non-wait-terminating
interrupts could delay return from <function>WaitLatch()</>
indefinitely. This has been shown to be a problem for the autovacuum
launcher process, and might cause trouble elsewhere as well.
</para>
</listitem>
<listitem>
<para>
Avoid corruption of internal hash tables when out of memory
(Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Prevent file descriptors for dropped tables from being held open past
transaction end (Tom Lane)
</para>
<para>
This should reduce problems with long-since-dropped tables continuing
to occupy disk space.
</para>
</listitem>
<listitem>
<para>
Prevent database-wide crash and restart when a new child process is
unable to create a pipe for its latch (Tom Lane)
</para>
<para>
Although the new process must fail, there is no good reason to force a
database-wide restart, so avoid that. This improves robustness when
the kernel is nearly out of file descriptors.
</para>
</listitem>
<listitem>
<para>
Avoid planner crash with joins to unflattened subqueries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix planning of non-strict equivalence clauses above outer joins
(Tom Lane)
</para>
<para>
The planner could derive incorrect constraints from a clause equating
a non-strict construct to something else, for example
<literal>WHERE COALESCE(foo, 0) = 0</>
when <literal>foo</> is coming from the nullable side of an outer join.
9.2 showed this type of error in more cases than previous releases,
but the basic bug has been there for a long time.
</para>
</listitem>
<listitem>
<para>
Fix <command>SELECT DISTINCT</> with index-optimized
<function>MIN</>/<function>MAX</> on an inheritance tree (Tom Lane)
</para>
<para>
The planner would fail with <quote>failed to re-find MinMaxAggInfo
record</> given this combination of factors.
</para>
</listitem>
<listitem>
<para>
Make sure the planner sees implicit and explicit casts as equivalent
for all purposes, except in the minority of cases where there's
actually a semantic difference (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Include join clauses when considering whether partial indexes can be
used for a query (Tom Lane)
</para>
<para>
A strict join clause can be sufficient to establish an
<replaceable>x</> <literal>IS NOT NULL</> predicate, for example.
This fixes a planner regression in 9.2, since previous versions could
make comparable deductions.
</para>
</listitem>
<listitem>
<para>
Limit growth of planning time when there are many indexable join
clauses for the same index (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve planner's ability to prove exclusion constraints from
equivalence classes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix partial-row matching in hashed subplans to handle cross-type cases
correctly (Tom Lane)
</para>
<para>
This affects multicolumn <literal>NOT IN</> subplans, such as
<literal>WHERE (a, b) NOT IN (SELECT x, y FROM ...)</>
when for instance <literal>b</> and <literal>y</> are <type>int4</>
and <type>int8</> respectively. This mistake led to wrong answers
or crashes depending on the specific datatypes involved.
</para>
</listitem>
<listitem>
<para>
Fix btree mark/restore functions to handle array keys (Tom Lane)
</para>
<para>
This oversight could result in wrong answers from merge joins whose
inner side is an index scan using an
<literal><replaceable>indexed_column</> =
ANY(<replaceable>array</>)</literal> condition.
</para>
</listitem>
<listitem>
<para>
Revert patch for taking fewer snapshots (Tom Lane)
</para>
<para>
The 9.2 change to reduce the number of snapshots taken during query
execution led to some anomalous behaviors not seen in previous
releases, because execution would proceed with a snapshot acquired
before locking the tables used by the query. Thus, for example,
a query would not be guaranteed to see updates committed by a
preceding transaction even if that transaction had exclusive lock.
We'll probably revisit this in future releases, but meanwhile put it
back the way it was before 9.2.
</para>
</listitem>
<listitem>
<para>
Acquire buffer lock when re-fetching the old tuple for an
<literal>AFTER ROW UPDATE/DELETE</> trigger (Andres Freund)
</para>
<para>
In very unusual circumstances, this oversight could result in passing
incorrect data to a trigger <literal>WHEN</> condition, or to the
precheck logic for a foreign-key enforcement trigger. That could
result in a crash, or in an incorrect decision about whether to
fire the trigger.
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER COLUMN TYPE</> to handle inherited check
constraints properly (Pavan Deolasee)
</para>
<para>
This worked correctly in pre-8.4 releases, and now works correctly
in 8.4 and later.
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER EXTENSION SET SCHEMA</>'s failure to move some
subsidiary objects into the new schema (&Aacute;lvaro Herrera, Dimitri
Fontaine)
</para>
</listitem>
<listitem>
<para>
Handle <command>CREATE TABLE AS EXECUTE</> correctly in extended query
protocol (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Don't modify the input parse tree in <command>DROP RULE IF NOT
EXISTS</> and <command>DROP TRIGGER IF NOT EXISTS</> (Tom Lane)
</para>
<para>
This mistake would cause errors if a cached statement of one of these
types was re-executed.
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> to handle grants on tablespaces
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Ignore incorrect <structname>pg_attribute</> entries for system
columns for views (Tom Lane)
</para>
<para>
Views do not have any system columns. However, we forgot to
remove such entries when converting a table to a view. That's fixed
properly for 9.3 and later, but in previous branches we need to defend
against existing mis-converted views.
</para>
</listitem>
<listitem>
<para>
Fix rule printing to dump <literal>INSERT INTO <replaceable>table</>
DEFAULT VALUES</literal> correctly (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Guard against stack overflow when there are too many
<literal>UNION</>/<literal>INTERSECT</>/<literal>EXCEPT</> clauses
in a query (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent platform-dependent failures when dividing the minimum possible
integer value by -1 (Xi Wang, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible access past end of string in date parsing
(Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Fix failure to advance XID epoch if XID wraparound happens during a
checkpoint and <varname>wal_level</> is <literal>hot_standby</>
(Tom Lane, Andres Freund)
</para>
<para>
While this mistake had no particular impact on
<productname>PostgreSQL</productname> itself, it was bad for
applications that rely on <function>txid_current()</> and related
functions: the TXID value would appear to go backwards.
</para>
</listitem>
<listitem>
<para>
Fix <function>pg_terminate_backend()</> and
<function>pg_cancel_backend()</> to not throw error for a non-existent
target process (Josh Kupershmidt)
</para>
<para>
This case already worked as intended when called by a superuser,
but not so much when called by ordinary users.
</para>
</listitem>
<listitem>
<para>
Fix display of
<structname>pg_stat_replication</>.<structfield>sync_state</> at a
page boundary (Kyotaro Horiguchi)
</para>
</listitem>
<listitem>
<para>
Produce an understandable error message if the length of the path name
for a Unix-domain socket exceeds the platform-specific limit
(Tom Lane, Andrew Dunstan)
</para>
<para>
Formerly, this would result in something quite unhelpful, such as
<quote>Non-recoverable failure in name resolution</>.
</para>
</listitem>
<listitem>
<para>
Fix memory leaks when sending composite column values to the client
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Save some cycles by not searching for subtransaction locks at commit
(Simon Riggs)
</para>
<para>
In a transaction holding many exclusive locks, this useless activity
could be quite costly.
</para>
</listitem>
<listitem>
<para>
Make <application>pg_ctl</> more robust about reading the
<filename>postmaster.pid</> file (Heikki Linnakangas)
</para>
<para>
This fixes race conditions and possible file descriptor leakage.
</para>
</listitem>
<listitem>
<para>
Fix possible crash in <application>psql</> if incorrectly-encoded data
is presented and the <varname>client_encoding</> setting is a
client-only encoding, such as SJIS (Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</> dump <literal>SEQUENCE SET</> items in
the data not pre-data section of the archive (Tom Lane)
</para>
<para>
This fixes an undesirable inconsistency between the meanings of
<option>--data-only</> and <option>--section=data</>, and also fixes
dumping of sequences that are marked as extension configuration tables.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</>'s handling of <command>DROP DATABASE</>
commands in <option>--clean</> mode (Guillaume Lelarge)
</para>
<para>
Beginning in 9.2.0, <literal>pg_dump --clean</> would issue a
<command>DROP DATABASE</> command, which was either useless or
dangerous depending on the usage scenario. It no longer does that.
This change also fixes the combination of <option>--clean</> and
<option>--create</> to work sensibly, i.e., emit <command>DROP
DATABASE</> then <command>CREATE DATABASE</> before reconnecting to the
target database.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> for views with circular dependencies and
no relation options (Tom Lane)
</para>
<para>
The previous fix to dump relation options when a view is
involved in a circular dependency didn't work right for the case
that the view has no options; it emitted <literal>ALTER VIEW foo
SET ()</> which is invalid syntax.
</para>
</listitem>
<listitem>
<para>
Fix bugs in the <filename>restore.sql</> script emitted by
<application>pg_dump</> in <literal>tar</> output format (Tom Lane)
</para>
<para>
The script would fail outright on tables whose names include
upper-case characters. Also, make the script capable of restoring
data in <option>--inserts</> mode as well as the regular COPY mode.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</> to accept POSIX-conformant
<literal>tar</> files (Brian Weaver, Tom Lane)
</para>
<para>
The original coding of <application>pg_dump</>'s <literal>tar</>
output mode produced files that are not fully conformant with the
POSIX standard. This has been corrected for version 9.3. This
patch updates previous branches so that they will accept both the
incorrect and the corrected formats, in hopes of avoiding
compatibility problems when 9.3 comes out.
</para>
</listitem>
<listitem>
<para>
Fix <literal>tar</> files emitted by <application>pg_basebackup</> to
be POSIX conformant (Brian Weaver, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_resetxlog</> to locate <filename>postmaster.pid</>
correctly when given a relative path to the data directory (Tom Lane)
</para>
<para>
This mistake could lead to <application>pg_resetxlog</> not noticing
that there is an active postmaster using the data directory.
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</>'s <function>lo_import()</> and
<function>lo_export()</> functions to report file I/O errors properly
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s processing of nested structure pointer
variables (Muhammad Usama)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s <function>ecpg_get_data</> function to
handle arrays properly (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Prevent <application>pg_upgrade</> from trying to process TOAST tables
for system catalogs (Bruce Momjian)
</para>
<para>
This fixes an error seen when the <literal>information_schema</> has
been dropped and recreated. Other failures were also possible.
</para>
</listitem>
<listitem>
<para>
Improve <application>pg_upgrade</> performance by setting
<varname>synchronous_commit</> to <literal>off</> in the new cluster
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/pageinspect</>'s btree page inspection
functions take buffer locks while examining pages (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Work around unportable behavior of <literal>malloc(0)</> and
<literal>realloc(NULL, 0)</> (Tom Lane)
</para>
<para>
On platforms where these calls return <literal>NULL</>, some code
mistakenly thought that meant out-of-memory.
This is known to have broken <application>pg_dump</> for databases
containing no user-defined aggregates. There might be other cases
as well.
</para>
</listitem>
<listitem>
<para>
Ensure that <literal>make install</> for an extension creates the
<filename>extension</> installation directory (C&eacute;dric Villemain)
</para>
<para>
Previously, this step was missed if <varname>MODULEDIR</> was set in
the extension's Makefile.
</para>
</listitem>
<listitem>
<para>
Fix <application>pgxs</> support for building loadable modules on AIX
(Tom Lane)
</para>
<para>
Building modules outside the original source tree didn't work on AIX.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2012j
for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western
Samoa, and portions of Brazil.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2-1">
<title>Release 9.2.1</title>
<formalpara>
<title>Release date:</title>
<para>2012-09-24</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.2.0.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.1</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, you may need to perform <command>REINDEX</> and/or
<command>VACUUM</> operations to recover from the effects of the data
corruption bug described in the first changelog item below.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix persistence marking of shared buffers during WAL replay
(Jeff Davis)
</para>
<para>
This mistake can result in buffers not being written out during
checkpoints, resulting in data corruption if the server later crashes
without ever having written those buffers. Corruption can occur on
any server following crash recovery, but it is significantly more
likely to occur on standby slave servers since those perform much
more WAL replay. There is a low probability of corruption of btree
and GIN indexes. There is a much higher probability of corruption
of table <quote>visibility maps</>, which might lead to wrong answers
from index-only scans. Table data proper cannot be corrupted by this
bug.
</para>
<para>
While no index corruption due to this bug is known to have occurred
in the field, as a precautionary measure it is recommended that
production installations <command>REINDEX</> all btree and GIN
indexes at a convenient time after upgrading to 9.2.1.
</para>
<para>
Also, it is recommended to perform a <command>VACUUM</> of all tables
while having <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</></link>
set to zero. This will fix any incorrect visibility map data. <link
linkend="guc-vacuum-cost-delay"><varname>vacuum_cost_delay</></link>
can be adjusted to reduce the performance impact of vacuuming, while
causing it to take longer to finish.
</para>
</listitem>
<listitem>
<para>
Fix possible incorrect sorting of output from queries involving
<literal>WHERE <replaceable>indexed_column</> IN
(<replaceable>list_of_values</>)</literal> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix planner failure for queries involving <literal>GROUP BY</>
expressions along with window functions and aggregates (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix planner's assignment of executor parameters (Tom Lane)
</para>
<para>
This error could result in wrong answers from queries that scan the
same <literal>WITH</> subquery multiple times.
</para>
</listitem>
<listitem>
<para>
Improve planner's handling of join conditions in index scans (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve selectivity estimation for text search queries involving
prefixes, i.e. <replaceable>word</><literal>:*</> patterns (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix delayed recognition of permissions changes (Tom Lane)
</para>
<para>
A command that needed no locks other than ones its transaction already
had might fail to notice a concurrent <command>GRANT</> or
<command>REVOKE</> that committed since the start of its transaction.
</para>
</listitem>
<listitem>
<para>
Fix <command>ANALYZE</> to not fail when a column is a domain over an
array type (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent PL/Perl from crashing if a recursive PL/Perl function is
redefined while being executed (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Work around possible misoptimization in PL/Perl (Tom Lane)
</para>
<para>
Some Linux distributions contain an incorrect version of
<filename>pthread.h</> that results in incorrect compiled code in
PL/Perl, leading to crashes if a PL/Perl function calls another one
that throws an error.
</para>
</listitem>
<listitem>
<para>
Remove unnecessary dependency on <application>pg_config</> from
<application>pg_upgrade</> (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2012f
for DST law changes in Fiji
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-2">
<title>Release 9.2</title>
<formalpara>
<title>Release date:</title>
<para>2012-09-10</para>
</formalpara>
<sect2>
<title>Overview</title>
<para>
This release has been largely focused on performance improvements, though
new SQL features are not lacking. Work also continues in the area of
replication support. Major enhancements include:
</para>
<itemizedlist>
<!-- This list duplicates items below, but without authors or details-->
<listitem>
<para>
Allow queries to retrieve data only from indexes, avoiding heap
access (<firstterm>index-only scans</>)
</para>
</listitem>
<listitem>
<para>
Allow the planner to generate custom plans for specific parameter
values even when using prepared statements
</para>
</listitem>
<listitem>
<para>
Improve the planner's ability to use nested loops with inner
index scans
</para>
</listitem>
<listitem>
<para>
Allow streaming replication slaves to forward data to other slaves
(<link linkend="cascading-replication"><firstterm>cascading
replication</></link>)
</para>
</listitem>
<listitem>
<para>
Allow <link
linkend="app-pgbasebackup"><application>pg_basebackup</></link>
to make base backups from standby servers
</para>
</listitem>
<listitem>
<para>
Add a <link
linkend="app-pgreceivewal"><application>pg_receivexlog</></link>
tool to archive WAL file changes as they are written
</para>
</listitem>
<listitem>
<para>
Add the <link linkend="SPGiST">SP-GiST</link> (Space-Partitioned
GiST) index access method
</para>
</listitem>
<listitem>
<para>
Add support for <link linkend="rangetypes">range data types</link>
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="datatype-json"><type>JSON</type></link>
data type
</para>
</listitem>
<listitem>
<para>
Add a <link
linkend="SQL-CREATEVIEW"><literal>security_barrier</></link>
option for views
</para>
</listitem>
<listitem>
<para>
Allow <application>libpq</> connection strings to have the format of a
<link linkend="libpq-connstring"><acronym>URI</acronym></link>
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="libpq-single-row-mode">single-row processing
mode</link> to <application>libpq</> for better handling of large
result sets
</para>
</listitem>
</itemizedlist>
<para>
The above items are explained in more detail in the sections below.
</para>
</sect2>
<sect2>
<title>Migration to Version 9.2</title>
<para>
A dump/restore using <application>pg_dump</application>, or use of
<application>pg_upgrade</application>, is required for those wishing
to migrate data from any previous release.
</para>
<para>
Version 9.2 contains a number of changes that may affect compatibility
with previous releases. Observe the following incompatibilities:
</para>
<sect3>
<title>System Catalogs</title>
<itemizedlist>
<listitem>
<para>
Remove the <structfield>spclocation</> field from <link
linkend="catalog-pg-tablespace"><structname>pg_tablespace</></link>
(Magnus Hagander)
</para>
<para>
This field was duplicative of the symbolic links that actually define
tablespace locations, and thus risked errors of omission when moving
a tablespace. This change allows tablespace directories to be moved
while the server is down, by manually adjusting the symbolic links.
To replace this field, we have added <link
linkend="functions-info-catalog-table"><function>pg_tablespace_location()</></link>
to allow querying of the symbolic links.
</para>
</listitem>
<listitem>
<para>
Move <type>tsvector</> most-common-element statistics to new
<link linkend="view-pg-stats"><structname>pg_stats</></link> columns
(Alexander Korotkov)
</para>
<para>
Consult <structfield>most_common_elems</>
and <structfield>most_common_elem_freqs</> for the data formerly
available in <structfield>most_common_vals</>
and <structfield>most_common_freqs</> for a <type>tsvector</> column.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Functions</title>
<itemizedlist>
<listitem>
<para>
Remove <link linkend="hstore">hstore</link>'s <literal>=&gt;</>
operator (Robert Haas)
</para>
<para>
Users should now use <function>hstore(text, text)</>. Since
<productname>PostgreSQL</productname> 9.0, a warning message has been
emitted when an operator named <literal>=&gt;</> is created because
the <acronym>SQL</acronym> standard reserves that token for
another use.
</para>
</listitem>
<listitem>
<para>
Ensure that <link
linkend="functions-xml-processing"><function>xpath()</></link>
escapes special characters in string values (Florian Pflug)
</para>
<para>
Without this it is possible for the result not to be valid
<acronym>XML</acronym>.
</para>
</listitem>
<listitem>
<para>
Make <link
linkend="functions-admin-dbobject"><function>pg_relation_size()</></link>
and friends return NULL if the object does not exist (Phil Sorber)
</para>
<para>
This prevents queries that call these functions from returning
errors immediately after a concurrent <command>DROP</>.
</para>
</listitem>
<listitem>
<para>
Make <link
linkend="functions-datetime-extract"><function>EXTRACT(EPOCH FROM
<replaceable>timestamp without time zone</>)</function></link>
measure the epoch from local midnight, not <acronym>UTC</acronym>
midnight (Tom Lane)
</para>
<para>
This change reverts an ill-considered change made in release 7.3.
Measuring from <acronym>UTC</acronym> midnight was inconsistent
because it made the result dependent on the <link
linkend="guc-timezone"><varname>timezone</></link> setting, which
computations for <type>timestamp without time zone</> should not be.
The previous behavior remains available by casting the input value
to <type>timestamp with time zone</>.
</para>
</listitem>
<listitem>
<para>
Properly parse time strings with trailing <literal>yesterday</>,
<literal>today</>, and <literal>tomorrow</> (Dean Rasheed)
</para>
<para>
Previously, <literal>SELECT '04:00:00 yesterday'::timestamp</literal>
returned yesterday's date at midnight.
</para>
</listitem>
<listitem>
<para>
Fix <link
linkend="functions-formatting"><function>to_date()</></link> and
<function>to_timestamp()</> to wrap incomplete dates toward 2020
(Bruce Momjian)
</para>
<para>
Previously, supplied years and year masks of less than four digits
wrapped inconsistently.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Object Modification</title>
<itemizedlist>
<listitem>
<para>
Prevent <link linkend="SQL-ALTERDOMAIN"><command>ALTER
DOMAIN</command></link> from working on non-domain types (Peter
Eisentraut)
</para>
<para>
Owner and schema changes were previously possible on non-domain
types.
</para>
</listitem>
<listitem>
<para>
No longer forcibly lowercase procedural language names in <link
linkend="SQL-CREATEFUNCTION"><command>CREATE FUNCTION</></link>
(Robert Haas)
</para>
<para>
While unquoted language identifiers are still lowercased, strings
and quoted identifiers are no longer forcibly down-cased.
Thus for example <literal>CREATE FUNCTION ... LANGUAGE 'C'</>
will no longer work; it must be spelled <literal>'c'</>, or better
omit the quotes.
</para>
</listitem>
<listitem>
<para>
Change system-generated names of foreign key enforcement triggers
(Tom Lane)
</para>
<para>
This change ensures that the triggers fire in the correct order in
some corner cases involving self-referential foreign key constraints.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Command-Line Tools</title>
<itemizedlist>
<listitem>
<para>
Provide consistent backquote, variable
expansion, and quoted substring behavior in <link
linkend="APP-PSQL"><application>psql</></link> meta-command
arguments (Tom Lane)
</para>
<para>
Previously, such references were treated oddly when not separated by
whitespace from adjacent text. For example <literal>'FOO'BAR</> was
output as <literal>FOO BAR</> (unexpected insertion of a space) and
<literal>FOO'BAR'BAZ</> was output unchanged (not removing the quotes
as most would expect).
</para>
</listitem>
<listitem>
<para>
No longer treat <link
linkend="APP-CLUSTERDB"><application>clusterdb</></link>
table names as double-quoted; no longer treat <link
linkend="APP-REINDEXDB"><application>reindexdb</></link> table
and index names as double-quoted (Bruce Momjian)
</para>
<para>
Users must now include double-quotes in the command arguments if
quoting is wanted.
</para>
</listitem>
<listitem>
<para>
<link linkend="APP-CREATEUSER"><application>createuser</></link>
no longer prompts for option settings by default (Peter Eisentraut)
</para>
<para>
Use <option>--interactive</> to obtain the old behavior.
</para>
</listitem>
<listitem>
<para>
Disable prompting for the user name in <link
linkend="APP-DROPUSER"><application>dropuser</></link> unless
<option>--interactive</> is specified (Peter Eisentraut)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Server Settings</title>
<itemizedlist>
<listitem>
<para>
Add server parameters for specifying the <link
linkend="guc-ssl-ca-file">locations of server-side
<acronym>SSL</acronym> files</link> (Peter Eisentraut)
</para>
<para>
This allows changing the names and locations of the files that were
previously hard-coded as <filename>server.crt</>,
<filename>server.key</>, <filename>root.crt</>, and
<filename>root.crl</> in the data directory.
<emphasis>The server will no longer examine <filename>root.crt</> or
<filename>root.crl</> by default</emphasis>; to load these files, the
associated parameters must be set to non-default values.
</para>
</listitem>
<listitem>
<para>
Remove the <varname>silent_mode</> parameter (Heikki Linnakangas)
</para>
<para>
Similar behavior can be obtained with <command>pg_ctl start
-l postmaster.log</>.
</para>
</listitem>
<listitem>
<para>
Remove the <varname>wal_sender_delay</> parameter,
as it is no longer needed (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Remove the <varname>custom_variable_classes</> parameter (Tom Lane)
</para>
<para>
The checking provided by this setting was dubious. Now any
setting can be prefixed by any class name.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Monitoring</title>
<itemizedlist>
<listitem>
<para>
Rename <link
linkend="monitoring-stats-views-table"><structname>pg_stat_activity</></link><structfield>.procpid</>
to <structfield>pid</>, to match other system tables (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Create a separate <structfield>pg_stat_activity</> column to
report process state (Scott Mead, Magnus Hagander)
</para>
<para>
The previous <structfield>query</> and <structfield>query_start</>
values now remain available for an idle session, allowing enhanced
analysis.
</para>
</listitem>
<listitem>
<para>
Rename <structname>pg_stat_activity</>.<structfield>current_query</> to
<structfield>query</> because it is not cleared when the query
completes (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Change all <acronym>SQL</acronym>-level statistics timing values
to be <type>float8</> columns measured in milliseconds (Tom Lane)
</para>
<para>
This change eliminates the designed-in assumption that the values
are accurate to microseconds and no more (since the <type>float8</>
values can be fractional).
The columns affected are
<structname>pg_stat_user_functions</>.<structfield>total_time</>,
<structname>pg_stat_user_functions</>.<structfield>self_time</>,
<structname>pg_stat_xact_user_functions</>.<structfield>total_time</>,
and
<structname>pg_stat_xact_user_functions</>.<structfield>self_time</>.
The statistics functions underlying these columns now also return
<type>float8</> milliseconds, rather than <type>bigint</>
microseconds.
<filename>contrib/pg_stat_statements</>'
<structfield>total_time</> column is now also measured in
milliseconds.
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
<sect2>
<title>Changes</title>
<para>
Below you will find a detailed account of the changes between
<productname>PostgreSQL</productname> 9.2 and the previous major
release.
</para>
<sect3>
<title>Server</title>
<sect4>
<title>Performance</title>
<itemizedlist>
<listitem>
<para>
Allow queries to retrieve data only from indexes, avoiding heap
access (Robert Haas, Ibrar Ahmed, Heikki Linnakangas, Tom Lane)
</para>
<para>
This feature is often called <firstterm>index-only scans</>.
Heap access can be skipped for heap pages containing only tuples that
are visible to all sessions, as reported by the visibility map; so
the benefit applies mainly to mostly-static data. The visibility map
was made crash-safe as a necessary part of implementing this feature.
</para>
</listitem>
<listitem>
<para>
Add the <link linkend="SPGiST">SP-GiST</link> (Space-Partitioned
GiST) index access method (Teodor Sigaev, Oleg Bartunov, Tom
Lane)
</para>
<para>
SP-GiST is comparable to GiST in flexibility, but supports
unbalanced partitioned search structures rather than balanced
trees. For suitable problems, SP-GiST can be faster than GiST in both
index build time and search time.
</para>
</listitem>
<listitem>
<para>
Allow group commit to work effectively under heavy load (Peter
Geoghegan, Simon Riggs, Heikki Linnakangas)
</para>
<para>
Previously, batching of commits became ineffective as the write
workload increased, because of internal lock contention.
</para>
</listitem>
<listitem>
<para>
Allow uncontended locks to be managed using a new
fast-path lock mechanism (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Reduce overhead of creating virtual transaction ID locks (Robert
Haas)
</para>
</listitem>
<listitem>
<para>
Reduce the overhead of serializable isolation level locks (Dan
Ports)
</para>
</listitem>
<listitem>
<para>
Improve PowerPC and Itanium spinlock performance (Manabu Ori,
Robert Haas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Reduce overhead for shared invalidation cache messages (Robert
Haas)
</para>
</listitem>
<listitem>
<para>
Move the frequently accessed members of the <structname>PGPROC</>
shared memory array to a separate array (Pavan
Deolasee, Heikki Linnakangas, Robert Haas)
</para>
</listitem>
<listitem>
<para>
Improve <command>COPY</command> performance by adding tuples to
the heap in batches (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Improve GiST index performance for geometric data types by producing
better trees with less memory allocation overhead (Alexander Korotkov)
</para>
</listitem>
<listitem>
<para>
Improve GiST index build times (Alexander Korotkov, Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Allow hint bits to be set sooner for temporary and unlogged tables
(Robert Haas)
</para>
</listitem>
<listitem>
<para>
Allow sorting to be performed by inlined,
non-<acronym>SQL</acronym>-callable comparison functions (Peter
Geoghegan, Robert Haas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make the number of CLOG buffers scale based on <link
linkend="guc-shared-buffers"><varname>shared_buffers</></link>
(Robert Haas, Simon Riggs, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve performance of buffer pool scans that occur when tables or
databases are dropped (Jeff Janes, Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Improve performance of checkpointer's fsync-request queue
when many tables are being dropped or truncated (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Pass the safe number of file descriptors to child processes on Windows
(Heikki Linnakangas)
</para>
<para>
This allows Windows sessions to use more open file descriptors than
before.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Process Management</title>
<itemizedlist>
<listitem>
<para>
Create a dedicated background process to perform checkpoints (Simon
Riggs)
</para>
<para>
Formerly the background writer did both dirty-page writing and
checkpointing. Separating this into two processes allows each goal
to be accomplished more predictably.
</para>
</listitem>
<listitem>
<para>
Improve asynchronous commit behavior by waking the walwriter sooner
(Simon Riggs)
</para>
<para>
Previously, only <link
linkend="guc-wal-writer-delay"><varname>wal_writer_delay</></link>
triggered <acronym>WAL</acronym> flushing to disk; now filling a
<acronym>WAL</acronym> buffer also triggers <acronym>WAL</acronym>
writes.
</para>
</listitem>
<listitem>
<para>
Allow the bgwriter, walwriter, checkpointer, statistics collector,
log collector, and archiver background processes to sleep more
efficiently during periods of inactivity (Peter Geoghegan, Tom Lane)
</para>
<para>
This series of changes reduces the frequency of process wake-ups when
there is nothing to do, dramatically reducing power consumption on
idle servers.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Optimizer</title>
<itemizedlist>
<listitem>
<para>
Allow the planner to generate custom plans for specific parameter
values even when using prepared statements
(Tom Lane)
</para>
<para>
In the past, a prepared statement always had a single
<quote>generic</> plan that was used for all parameter values, which
was frequently much inferior to the plans used for non-prepared
statements containing explicit constant values. Now, the planner
attempts to generate custom plans for specific parameter values.
A generic plan will only be used after custom plans have repeatedly
proven to provide no benefit. This change should eliminate the
performance penalties formerly seen from use of prepared statements
(including non-dynamic statements in PL/pgSQL).
</para>
</listitem>
<listitem>
<para>
Improve the planner's ability to use nested loops with inner
index scans (Tom Lane)
</para>
<para>
The new <quote>parameterized path</> mechanism allows inner
index scans to use values from relations that are more than one join
level up from the scan. This can greatly improve performance in
situations where semantic restrictions (such as outer joins) limit
the allowed join orderings.
</para>
</listitem>
<listitem>
<para>
Improve the planning <acronym>API</acronym> for foreign data wrappers
(Etsuro Fujita, Shigeru Hanada, Tom Lane)
</para>
<para>
Wrappers can now provide multiple access <quote>paths</> for their
tables, allowing more flexibility in join planning.
</para>
</listitem>
<listitem>
<para>
Recognize self-contradictory restriction clauses for non-table
relations (Tom Lane)
</para>
<para>
This check is only performed when <link
linkend="guc-constraint-exclusion"><varname>constraint_exclusion</></link>
is <literal>on</literal>.
</para>
</listitem>
<listitem>
<para>
Allow <literal>indexed_col op ANY(ARRAY[...])</> conditions to be
used in plain index scans and index-only scans (Tom Lane)
</para>
<para>
Formerly such conditions could only be used in bitmap index scans.
</para>
</listitem>
<listitem>
<para>
Support <function>MIN</>/<function>MAX</> index optimizations on
<type>boolean</type> columns (Marti Raudsepp)
</para>
</listitem>
<listitem>
<para>
Account for set-returning functions in <command>SELECT</> target
lists when setting row count estimates (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix planner to handle indexes with duplicated columns more reliably
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Collect and use element-frequency statistics for arrays (Alexander
Korotkov, Tom Lane)
</para>
<para>
This change improves selectivity estimation for the array
<literal>&lt;@</literal>, <literal>&amp;&amp;</literal>, and
<literal>@&gt;</literal> operators (array containment and overlaps).
</para>
</listitem>
<listitem>
<para>
Allow statistics to be collected for foreign tables
(Etsuro Fujita)
</para>
</listitem>
<listitem>
<para>
Improve cost estimates for use of partial indexes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve the planner's ability to use statistics for columns
referenced in subqueries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve statistical estimates for subqueries using
<literal>DISTINCT</> (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Authentication</title>
<itemizedlist>
<listitem>
<para>
Do not treat role names and <literal>samerole</> specified in <link
linkend="auth-pg-hba-conf"><filename>pg_hba.conf</filename></link>
as automatically including superusers (Andrew Dunstan)
</para>
<para>
This makes it easier to use <literal>reject</> lines with group roles.
</para>
</listitem>
<listitem>
<para>
Adjust <filename>pg_hba.conf</filename> processing to handle token
parsing more consistently (Brendan Jurd, &Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Disallow empty <filename>pg_hba.conf</filename> files (Tom Lane)
</para>
<para>
This was done to more quickly detect misconfiguration.
</para>
</listitem>
<listitem>
<para>
Make superuser privilege imply replication privilege (Noah Misch)
</para>
<para>
This avoids the need to explicitly assign such privileges.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Monitoring</title>
<itemizedlist>
<listitem>
<para>
Attempt to log the current query string during a backend crash
(Marti Raudsepp)
</para>
</listitem>
<listitem>
<para>
Make logging of autovacuum I/O activity more verbose (Greg
Smith, Noah Misch)
</para>
<para>
This logging is triggered by <link
linkend="guc-log-autovacuum-min-duration"><varname>log_autovacuum_min_duration</></link>.
</para>
</listitem>
<listitem>
<para>
Make <acronym>WAL</acronym> replay report failures sooner
(Fujii Masao)
</para>
<para>
There were some cases where failures were only reported once the
server went into master mode.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="functions-admin-backup"><function>pg_xlog_location_diff()</></link>
to simplify WAL location comparisons (Euler Taveira de Oliveira)
</para>
<para>
This is useful for computing replication lag.
</para>
</listitem>
<listitem>
<para>
Support configurable event log application names on Windows
(MauMau, Magnus Hagander)
</para>
<para>
This allows different instances to use the event log
with different identifiers, by setting the <link
linkend="guc-event-source"><varname>event_source</></link>
server parameter, which is similar to how <link
linkend="guc-syslog-ident"><varname>syslog_ident</></link> works.
</para>
</listitem>
<listitem>
<para>
Change <quote>unexpected EOF</> messages to <literal>DEBUG1</> level,
except when there is an open transaction (Magnus Hagander)
</para>
<para>
This change reduces log chatter caused by applications that close
database connections ungracefully.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Statistical Views</title>
<itemizedlist>
<listitem>
<para>
Track temporary file sizes and file counts in the <link
linkend="pg-stat-database-view"><structname>pg_stat_database</></link>
system view (Tomas Vondra)
</para>
</listitem>
<listitem>
<para>
Add a deadlock counter to the <structname>pg_stat_database</>
system view (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Add a server parameter <link
linkend="guc-track-io-timing"><varname>track_io_timing</></link>
to track I/O timings (Ants Aasma, Robert Haas)
</para>
</listitem>
<listitem>
<para>
Report checkpoint timing information in <link
linkend="pg-stat-bgwriter-view"><structname>pg_stat_bgwriter</></link>
(Greg Smith, Peter Geoghegan)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Server Settings</title>
<itemizedlist>
<listitem>
<para>
Silently ignore nonexistent schemas specified in <link
linkend="guc-search-path"><varname>search_path</></link> (Tom Lane)
</para>
<para>
This makes it more convenient to use generic path settings, which
might include some schemas that don't exist in all databases.
</para>
</listitem>
<listitem>
<para>
Allow superusers to set <link
linkend="guc-deadlock-timeout"><varname>deadlock_timeout</></link>
per-session, not just per-cluster (Noah Misch)
</para>
<para>
This allows <varname>deadlock_timeout</> to be reduced for
transactions that are likely to be involved in a deadlock, thus
detecting the failure more quickly. Alternatively, increasing the
value can be used to reduce the chances of a session being chosen for
cancellation due to a deadlock.
</para>
</listitem>
<listitem>
<para>
Add a server parameter <link
linkend="guc-temp-file-limit"><varname>temp_file_limit</></link>
to constrain temporary file space usage per session (Mark Kirkwood)
</para>
</listitem>
<listitem>
<para>
Allow a superuser to <command>SET</command> an extension's
superuser-only custom variable before loading the associated
extension (Tom Lane)
</para>
<para>
The system now remembers whether a <command>SET</command> was
performed by a superuser, so that proper privilege checking can be
done when the extension is loaded.
</para>
</listitem>
<listitem>
<para>
Add <link linkend="app-postmaster">postmaster</link> <option>-C</>
option to query configuration parameters (Bruce Momjian)
</para>
<para>
This allows <application>pg_ctl</> to better handle cases where
<envar>PGDATA</> or <option>-D</> points to a configuration-only
directory.
</para>
</listitem>
<listitem>
<para>
Replace an empty locale name with the implied value in
<command>CREATE DATABASE</>
(Tom Lane)
</para>
<para>
This prevents cases where
<structname>pg_database</>.<structfield>datcollate</> or
<structfield>datctype</> could be interpreted differently after a
server restart.
</para>
</listitem>
</itemizedlist>
<sect5>
<title><filename>postgresql.conf</filename></title>
<itemizedlist>
<listitem>
<para>
Allow multiple errors in <filename>postgresql.conf</filename>
to be reported, rather than just the first one (Alexey Klyukin,
Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow a reload of <filename>postgresql.conf</filename> to be
processed by all sessions, even if there are some settings that
are invalid for particular sessions (Alexey Klyukin)
</para>
<para>
Previously, such not-valid-within-session values would cause all
setting changes to be ignored by that session.
</para>
</listitem>
<listitem>
<para>
Add an <literal>include_if_exists</> facility for configuration
files (Greg Smith)
</para>
<para>
This works the same as <literal>include</>, except that an error
is not thrown if the file is missing.
</para>
</listitem>
<listitem>
<para>
Identify the server time zone during <application>initdb</>, and set
<filename>postgresql.conf</filename> entries
<link linkend="guc-timezone"><varname>timezone</></link> and
<link linkend="guc-log-timezone"><varname>log_timezone</></link>
accordingly (Tom Lane)
</para>
<para>
This avoids expensive time zone probes during server start.
</para>
</listitem>
<listitem>
<para>
Fix <link
linkend="view-pg-settings"><structname>pg_settings</></link> to
report <filename>postgresql.conf</filename> line numbers on Windows
(Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect5>
</sect4>
</sect3>
<sect3>
<title>Replication and Recovery</title>
<itemizedlist>
<listitem>
<para>
Allow streaming replication slaves to forward data to other slaves
(<link linkend="cascading-replication"><firstterm>cascading
replication</></link>) (Fujii Masao)
</para>
<para>
Previously, only the master server could supply streaming
replication log files to standby servers.
</para>
</listitem>
<listitem>
<para>
Add new <link
linkend="guc-synchronous-commit"><varname>synchronous_commit</></link>
mode <literal>remote_write</> (Fujii Masao, Simon Riggs)
</para>
<para>
This mode waits for the standby server to write transaction data to
its own operating system, but does not wait for the data to be
flushed to the standby's disk.
</para>
</listitem>
<listitem>
<para>
Add a <link
linkend="app-pgreceivewal"><application>pg_receivexlog</></link>
tool to archive WAL file changes as they are written, rather
than waiting for completed WAL files (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Allow <link
linkend="app-pgbasebackup"><application>pg_basebackup</></link>
to make base backups from standby servers (Jun Ishizuka, Fujii Masao)
</para>
<para>
This feature lets the work of making new base backups be off-loaded
from the primary server.
</para>
</listitem>
<listitem>
<para>
Allow streaming of WAL files while <application>pg_basebackup</>
is performing a backup (Magnus Hagander)
</para>
<para>
This allows passing of WAL files to the standby before they are
discarded on the primary.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Queries</title>
<itemizedlist>
<listitem>
<para>
Cancel the running query if the client gets disconnected
(Florian Pflug)
</para>
<para>
If the backend detects loss of client connection during a query, it
will now cancel the query rather than attempting to finish it.
</para>
</listitem>
<listitem>
<para>
Retain column names at run time for row expressions
(Andrew Dunstan, Tom Lane)
</para>
<para>
This change allows better results when a row value is converted to
<type>hstore</> or <type>json</> type: the fields of the resulting
value will now have the expected names.
</para>
</listitem>
<listitem>
<para>
Improve column labels used for sub-<command>SELECT</> results
(Marti Raudsepp)
</para>
<para>
Previously, the generic label <literal>?column?</> was used.
</para>
</listitem>
<listitem>
<para>
Improve heuristics for determining the types of unknown values
(Tom Lane)
</para>
<para>
The longstanding rule that an unknown constant might have the
same type as the value on the other side of the operator using it
is now applied when considering polymorphic operators, not only
for simple operator matches.
</para>
</listitem>
<listitem>
<para>
Warn about creating casts to or from domain types (Robert Haas)
</para>
<para>
Such casts have no effect.
</para>
</listitem>
<listitem>
<para>
When a row fails a <literal>CHECK</> or <literal>NOT NULL</>
constraint, show the row's contents as error detail (Jan
Kundr&aacute;t)
</para>
<para>
This should make it easier to identify which row is problematic
when an insert or update is processing many rows.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Object Manipulation</title>
<itemizedlist>
<listitem>
<para>
Provide more reliable operation during concurrent
<acronym>DDL</acronym> (Robert Haas, Noah Misch)
</para>
<para>
This change adds locking that should eliminate <quote>cache lookup
failed</> errors in many scenarios. Also, it is no longer possible
to add relations to a schema that is being concurrently dropped, a
scenario that formerly led to inconsistent system catalog contents.
</para>
</listitem>
<listitem>
<para>
Add <literal>CONCURRENTLY</> option to <link
linkend="SQL-DROPINDEX"><command>DROP INDEX</command></link>
(Simon Riggs)
</para>
<para>
This allows index removal without blocking other sessions.
</para>
</listitem>
<listitem>
<para>
Allow foreign data wrappers to have per-column options (Shigeru Hanada)
</para>
</listitem>
<listitem>
<para>
Improve pretty-printing of view definitions (Andrew Dunstan)
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Constraints</title>
<itemizedlist>
<listitem>
<para>
Allow <link linkend="ddl-constraints"><literal>CHECK</></link>
constraints to be declared <literal>NOT VALID</> (&Aacute;lvaro
Herrera)
</para>
<para>
Adding a <literal>NOT VALID</> constraint does not cause the table to
be scanned to verify that existing rows meet the constraint.
Subsequently, newly added or updated rows are checked.
Such constraints are ignored by the planner when considering
<varname>constraint_exclusion</>, since it is not certain that all
rows meet the constraint.
</para>
<para>
The new <command>ALTER TABLE VALIDATE</> command allows <literal>NOT
VALID</> constraints to be checked for existing rows, after which
they are converted into ordinary constraints.
</para>
</listitem>
<listitem>
<para>
Allow <literal>CHECK</> constraints to be declared <literal>NO
INHERIT</> (Nikhil Sontakke, Alex Hunsaker, &Aacute;lvaro Herrera)
</para>
<para>
This makes them enforceable only on the parent table, not on
child tables.
</para>
</listitem>
<listitem>
<para>
Add the ability to <link linkend="SQL-ALTERTABLE">rename</link>
constraints (Peter Eisentraut)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><command>ALTER</></title>
<itemizedlist>
<listitem>
<para>
Reduce need to rebuild tables and indexes for certain <link
linkend="SQL-ALTERTABLE"><command>ALTER TABLE</command></link>
... <literal>ALTER COLUMN TYPE</> operations (Noah Misch)
</para>
<para>
Increasing the length limit for a <type>varchar</> or <type>varbit</>
column, or removing the limit altogether, no longer requires a table
rewrite. Similarly, increasing the allowable precision of a
<type>numeric</> column, or changing a column from constrained
<type>numeric</> to unconstrained <type>numeric</>, no longer
requires a table rewrite. Table rewrites are also avoided in similar
cases involving the <type>interval</>, <type>timestamp</>, and
<type>timestamptz</> types.
</para>
</listitem>
<listitem>
<para>
Avoid having <link linkend="SQL-ALTERTABLE"><command>ALTER
TABLE</command></link> revalidate foreign key constraints in some
cases where it is not necessary (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Add <literal>IF EXISTS</> options to some <command>ALTER</command>
commands (Pavel Stehule)
</para>
<para>
For example, <command>ALTER FOREIGN TABLE IF EXISTS foo RENAME
TO bar</command>.
</para>
</listitem>
<listitem>
<para>
Add <link linkend="SQL-ALTERFOREIGNDATAWRAPPER"><command>ALTER
FOREIGN DATA WRAPPER</command></link> ... <literal>RENAME</>
and <link linkend="SQL-ALTERSERVER"><command>ALTER
SERVER</command></link> ... <literal>RENAME</> (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Add <link linkend="SQL-ALTERDOMAIN"><command>ALTER
DOMAIN</command></link> ... <literal>RENAME</> (Peter Eisentraut)
</para>
<para>
You could already rename domains using <command>ALTER
TYPE</command>.
</para>
</listitem>
<listitem>
<para>
Throw an error for <command>ALTER DOMAIN</command> ... <literal>DROP
CONSTRAINT</> on a nonexistent constraint (Peter Eisentraut)
</para>
<para>
An <literal>IF EXISTS</> option has been added to provide the
previous behavior.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="SQL-CREATETABLE"><command>CREATE TABLE</></link></title>
<itemizedlist>
<listitem>
<para>
Allow <command>CREATE TABLE (LIKE ...)</command> from foreign
tables, views, and composite types (Peter Eisentraut)
</para>
<para>
For example, this allows a table to be created whose schema matches a
view.
</para>
</listitem>
<listitem>
<para>
Fix <command>CREATE TABLE (LIKE ...)</command> to avoid index name
conflicts when copying index comments (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <command>CREATE TABLE</command> ... <literal>AS EXECUTE</>
to handle <literal>WITH NO DATA</> and column name specifications
(Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Object Permissions</title>
<itemizedlist>
<listitem>
<para>
Add a <link
linkend="SQL-CREATEVIEW"><literal>security_barrier</></link>
option for views (KaiGai Kohei, Robert Haas)
</para>
<para>
This option prevents optimizations that might allow view-protected
data to be exposed to users, for example pushing a clause involving
an insecure function into the <literal>WHERE</> clause of the view.
Such views can be expected to perform more poorly than ordinary
views.
</para>
</listitem>
<listitem>
<para>
Add a new <link
linkend="SQL-CREATEFUNCTION"><literal>LEAKPROOF</></link> function
attribute to mark functions that can safely be pushed down
into <literal>security_barrier</> views (KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Add support for privileges on data types (Peter Eisentraut)
</para>
<para>
This adds support for the <acronym>SQL</>-conforming
<literal>USAGE</> privilege on types and domains. The intent is
to be able to restrict which users can create dependencies on types,
since such dependencies limit the owner's ability to alter the type.
</para>
</listitem>
<listitem>
<para>
Check for <command>INSERT</command> privileges in <command>SELECT
INTO</command> / <command>CREATE TABLE AS</command> (KaiGai Kohei)
</para>
<para>
Because the object is being created by <command>SELECT INTO</command>
or <command>CREATE TABLE AS</command>, the creator would ordinarily
have insert permissions; but there are corner cases where this is not
true, such as when <literal>ALTER DEFAULT PRIVILEGES</> has removed
such permissions.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Utility Operations</title>
<itemizedlist>
<listitem>
<para>
Allow <link linkend="SQL-VACUUM"><command>VACUUM</></link> to more
easily skip pages that cannot be locked (Simon Riggs, Robert Haas)
</para>
<para>
This change should greatly reduce the incidence of <command>VACUUM</>
getting <quote>stuck</> waiting for other sessions.
</para>
</listitem>
<listitem>
<para>
Make <link linkend="SQL-EXPLAIN"><command>EXPLAIN</></link>
<literal>(BUFFERS)</> count blocks dirtied and written (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Make <command>EXPLAIN ANALYZE</command> report the number of rows
rejected by filter steps (Marko Tiikkaja)
</para>
</listitem>
<listitem>
<para>
Allow <command>EXPLAIN ANALYZE</command> to avoid timing overhead when
time values are not wanted (Tomas Vondra)
</para>
<para>
This is accomplished by setting the new <literal>TIMING</> option to
<literal>FALSE</>.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Data Types</title>
<itemizedlist>
<listitem>
<para>
Add support for <link linkend="rangetypes">range data types</link>
(Jeff Davis, Tom Lane, Alexander Korotkov)
</para>
<para>
A range data type stores a lower and upper bound belonging to its
base data type. It supports operations like contains, overlaps, and
intersection.
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="datatype-json"><type>JSON</type></link>
data type (Robert Haas)
</para>
<para>
This type stores <acronym>JSON</acronym> (JavaScript Object Notation)
data with proper validation.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="functions-json"><function>array_to_json()</></link>
and <function>row_to_json()</> (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="datatype-serial"><type>SMALLSERIAL</></link>
data type (Mike Pultz)
</para>
<para>
This is like <type>SERIAL</>, except it stores the sequence in
a two-byte integer column (<type>int2</>).
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="SQL-CREATEDOMAIN">domains</link> to be
declared <literal>NOT VALID</> (&Aacute;lvaro Herrera)
</para>
<para>
This option can be set at domain creation time, or via <command>ALTER
DOMAIN</command> ... <literal>ADD CONSTRAINT</> ... <literal>NOT
VALID</>. <command>ALTER DOMAIN</command> ... <literal>VALIDATE
CONSTRAINT</> fully validates the constraint.
</para>
</listitem>
<listitem>
<para>
Support more locale-specific formatting options for the <link
linkend="datatype-money"><type>money</></link> data type (Tom Lane)
</para>
<para>
Specifically, honor all the POSIX options for ordering of the value,
sign, and currency symbol in monetary output. Also, make sure that
the thousands separator is only inserted to the left of the decimal
point, as required by POSIX.
</para>
</listitem>
<listitem>
<para>
Add bitwise <quote>and</>, <quote>or</>, and <quote>not</>
operators for the <type>macaddr</> data type (Brendan Jurd)
</para>
</listitem>
<listitem>
<para>
Allow <link
linkend="functions-xml-processing"><function>xpath()</></link> to
return a single-element <acronym>XML</acronym> array when supplied a
scalar value (Florian Pflug)
</para>
<para>
Previously, it returned an empty array. This change will also
cause <function>xpath_exists()</> to return true, not false,
for such expressions.
</para>
</listitem>
<listitem>
<para>
Improve <acronym>XML</acronym> error handling to be more robust
(Florian Pflug)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Functions</title>
<itemizedlist>
<listitem>
<para>
Allow non-superusers to use <link
linkend="functions-admin-signal"><function>pg_cancel_backend()</></link>
and <link
linkend="functions-admin-signal"><function>pg_terminate_backend()</></link>
on other sessions belonging to the same user
(Magnus Hagander, Josh Kupershmidt, Dan Farina)
</para>
<para>
Previously only superusers were allowed to use these functions.
</para>
</listitem>
<listitem>
<para>
Allow importing and exporting of transaction snapshots (Joachim
Wieland, Tom Lane)
</para>
<para>
This allows multiple transactions to share identical views of the
database state.
Snapshots are exported via <link
linkend="functions-snapshot-synchronization"><function>pg_export_snapshot()</></link>
and imported via <link linkend="SQL-SET-TRANSACTION"><command>SET
TRANSACTION SNAPSHOT</command></link>. Only snapshots from
currently-running transactions can be imported.
</para>
</listitem>
<listitem>
<para>
Support <link
linkend="functions-info-catalog-table"><literal>COLLATION
FOR</></link> on expressions (Peter Eisentraut)
</para>
<para>
This returns a string representing the collation of the expression.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="functions-info-schema-table"><function>pg_opfamily_is_visible()</></link>
(Josh Kupershmidt)
</para>
</listitem>
<listitem>
<para>
Add a <type>numeric</> variant of <link
linkend="functions-admin-dbsize"><function>pg_size_pretty()</></link>
for use with <function>pg_xlog_location_diff()</> (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Add a <link
linkend="functions-info-session-table"><function>pg_trigger_depth()</></link>
function (Kevin Grittner)
</para>
<para>
This reports the current trigger call depth.
</para>
</listitem>
<listitem>
<para>
Allow <link
linkend="functions-aggregate-table"><function>string_agg()</></link>
to process <type>bytea</> values (Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Fix regular expressions in which a back-reference occurs within
a larger quantified subexpression (Tom Lane)
</para>
<para>
For example, <literal>^(\w+)( \1)+$</>. Previous releases did not
check that the back-reference actually matched the first occurrence.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title><link linkend="information-schema">Information Schema</link></title>
<itemizedlist>
<listitem>
<para>
Add information schema views
<structname>role_udt_grants</>, <structname>udt_privileges</>,
and <structname>user_defined_types</> (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Add composite-type attributes to the
information schema <structname>element_types</> view
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Implement <structfield>interval_type</> columns in the information
schema (Peter Eisentraut)
</para>
<para>
Formerly these columns read as nulls.
</para>
</listitem>
<listitem>
<para>
Implement collation-related columns in the information schema
<structname>attributes</>, <structname>columns</>,
<structname>domains</>, and <structname>element_types</>
views (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Implement the <structfield>with_hierarchy</> column in the
information schema <structname>table_privileges</> view (Peter
Eisentraut)
</para>
</listitem>
<listitem>
<para>
Add display of sequence <literal>USAGE</> privileges to information
schema (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Make the information schema show default privileges (Peter
Eisentraut)
</para>
<para>
Previously, non-empty default permissions were not represented in the
views.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Server-Side Languages</title>
<sect4>
<title><link linkend="plpgsql">PL/pgSQL</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Allow the PL/pgSQL <command>OPEN</> cursor command to supply
parameters by name (Yeb Havinga)
</para>
</listitem>
<listitem>
<para>
Add a <command>GET STACKED DIAGNOSTICS</command> PL/pgSQL command
to retrieve exception info (Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Speed up PL/pgSQL array assignment by caching type information
(Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Improve performance and memory consumption for long chains of
<literal>ELSIF</> clauses (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Output the function signature, not just the name, in PL/pgSQL
error messages (Pavel Stehule)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="plpython">PL/Python</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Add PL/Python <acronym>SPI</acronym> cursor support (Jan
Urbanski)
</para>
<para>
This allows PL/Python to read partial result sets.
</para>
</listitem>
<listitem>
<para>
Add result metadata functions to PL/Python (Peter Eisentraut)
</para>
<para>
Specifically, this adds result object functions
<literal>.colnames</literal>, <literal>.coltypes</literal>, and
<literal>.coltypmods</literal>.
</para>
</listitem>
<listitem>
<para>
Remove support for Python 2.2 (Peter Eisentraut)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="xfunc-sql">SQL</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Allow <acronym>SQL</acronym>-language functions to reference
parameters by name (Matthew Draper)
</para>
<para>
To use this, simply name the function arguments and then reference
the argument names in the <acronym>SQL</acronym> function body.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Client Applications</title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="APP-INITDB"><application>initdb</></link>
options <option>--auth-local</> and <option>--auth-host</>
(Peter Eisentraut)
</para>
<para>
This allows separate control of <literal>local</> and
<literal>host</> <filename>pg_hba.conf</filename> authentication
settings. <option>--auth</> still controls both.
</para>
</listitem>
<listitem>
<para>
Add <option>--replication</>/<option>--no-replication</> flags to
<link linkend="APP-CREATEUSER"><application>createuser</></link>
to control replication permission (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Add the <option>--if-exists</> option to <link
linkend="APP-DROPDB"><application>dropdb</></link> and <link
linkend="APP-DROPUSER"><application>dropuser</></link> (Josh
Kupershmidt)
</para>
</listitem>
<listitem>
<para>
Give command-line tools the ability to specify the name of the
database to connect to, and fall back to <literal>template1</>
if a <literal>postgres</> database connection fails (Robert Haas)
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="APP-PSQL"><application>psql</></link></title>
<itemizedlist>
<listitem>
<para>
Add a display mode to auto-expand output based on the
display width (Peter Eisentraut)
</para>
<para>
This adds the <literal>auto</> option to the <command>\x</>
command, which switches to the expanded mode when the normal
output would be wider than the screen.
</para>
</listitem>
<listitem>
<para>
Allow inclusion of a script file that is named relative to the
directory of the file from which it was invoked (Gurjeet Singh)
</para>
<para>
This is done with a new command <command>\ir</>.
</para>
</listitem>
<listitem>
<para>
Add support for non-<acronym>ASCII</acronym> characters in
<application>psql</> variable names (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add support for major-version-specific <filename>.psqlrc</> files
(Bruce Momjian)
</para>
<para>
<application>psql</> already supported minor-version-specific
<filename>.psqlrc</> files.
</para>
</listitem>
<listitem>
<para>
Provide environment variable overrides for <application>psql</>
history and startup file locations (Andrew Dunstan)
</para>
<para>
<envar>PSQL_HISTORY</envar> and <envar>PSQLRC</envar> now
determine these file names if set.
</para>
</listitem>
<listitem>
<para>
Add a <command>\setenv</> command to modify
the environment variables passed to child processes (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Name <application>psql</>'s temporary editor files with a
<filename>.sql</> extension (Peter Eisentraut)
</para>
<para>
This allows extension-sensitive editors to select the right mode.
</para>
</listitem>
<listitem>
<para>
Allow <application>psql</> to use zero-byte field and record
separators (Peter Eisentraut)
</para>
<para>
Various shell tools use zero-byte (NUL) separators,
e.g. <application>find</>.
</para>
</listitem>
<listitem>
<para>
Make the <command>\timing</> option report times for
failed queries (Magnus Hagander)
</para>
<para>
Previously times were reported only for successful queries.
</para>
</listitem>
<listitem>
<para>
Unify and tighten <application>psql</>'s treatment of <command>\copy</>
and SQL <command>COPY</> (Noah Misch)
</para>
<para>
This fix makes failure behavior more predictable and honors
<command>\set ON_ERROR_ROLLBACK</>.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Informational Commands</title>
<itemizedlist>
<listitem>
<para>
Make <command>\d</> on a sequence show the
table/column name owning it (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Show statistics target for columns in <command>\d+</> (Magnus
Hagander)
</para>
</listitem>
<listitem>
<para>
Show role password expiration dates in <command>\du</>
(Fabr&iacute;zio de Royes Mello)
</para>
</listitem>
<listitem>
<para>
Display comments for casts, conversions, domains, and languages
(Josh Kupershmidt)
</para>
<para>
These are included in the output of <command>\dC+</>,
<command>\dc+</>, <command>\dD+</>, and <command>\dL</> respectively.
</para>
</listitem>
<listitem>
<para>
Display comments for <acronym>SQL</acronym>/<acronym>MED</acronym>
objects (Josh Kupershmidt)
</para>
<para>
These are included in the output of <command>\des+</>,
<command>\det+</>, and <command>\dew+</> for foreign servers, foreign
tables, and foreign data wrappers respectively.
</para>
</listitem>
<listitem>
<para>
Change <command>\dd</> to display comments only for object types
without their own backslash command (Josh Kupershmidt)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Tab Completion</title>
<itemizedlist>
<listitem>
<para>
In <application>psql</> tab completion, complete <acronym>SQL</>
keywords in either upper or lower case according to the new <link
linkend="APP-PSQL-variables"><literal>COMP_KEYWORD_CASE</></link>
setting (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Add tab completion support for
<command>EXECUTE</command> (Andreas Karlsson)
</para>
</listitem>
<listitem>
<para>
Allow tab completion of role references in
<command>GRANT</command>/<command>REVOKE</command> (Peter
Eisentraut)
</para>
</listitem>
<listitem>
<para>
Allow tab completion of file names to supply quotes, when necessary
(Noah Misch)
</para>
</listitem>
<listitem>
<para>
Change tab completion support for
<command>TABLE</command> to also include views (Magnus Hagander)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="APP-PGDUMP"><application>pg_dump</></link></title>
<itemizedlist>
<listitem>
<para>
Add an <option>--exclude-table-data</> option to
<application>pg_dump</> (Andrew Dunstan)
</para>
<para>
This allows dumping of a table's definition but not its data,
on a per-table basis.
</para>
</listitem>
<listitem>
<para>
Add a <option>--section</> option to <application>pg_dump</>
and <application>pg_restore</> (Andrew Dunstan)
</para>
<para>
Valid values are <literal>pre-data</>, <literal>data</>,
and <literal>post-data</>. The option can be
given more than once to select two or more sections.
</para>
</listitem>
<listitem>
<para>
Make <link
linkend="APP-PG-DUMPALL"><application>pg_dumpall</></link> dump all
roles first, then all configuration settings on roles (Phil Sorber)
</para>
<para>
This allows a role's configuration settings to mention other
roles without generating an error.
</para>
</listitem>
<listitem>
<para>
Allow <application>pg_dumpall</> to avoid errors if the
<literal>postgres</> database is missing in the new cluster
(Robert Haas)
</para>
</listitem>
<listitem>
<para>
Dump foreign server user mappings in user name order (Peter
Eisentraut)
</para>
<para>
This helps produce deterministic dump files.
</para>
</listitem>
<listitem>
<para>
Dump operators in a predictable order (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Tighten rules for when extension configuration tables are dumped
by <application>pg_dump</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</> emit more useful dependency
information (Tom Lane)
</para>
<para>
The dependency links included in archive-format dumps were formerly
of very limited use, because they frequently referenced objects that
appeared nowhere in the dump. Now they represent actual dependencies
(possibly indirect) among the dumped objects.
</para>
</listitem>
<listitem>
<para>
Improve <application>pg_dump</>'s performance when dumping many
database objects (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title><link linkend="libpq"><application>libpq</></link></title>
<itemizedlist>
<listitem>
<para>
Allow <application>libpq</> connection strings to have the format of a
<link linkend="libpq-connstring"><acronym>URI</acronym></link>
(Alexander Shulgin)
</para>
<para>
The syntax begins with <literal>postgres://</>. This can allow
applications to avoid implementing their own parser for URIs
representing database connections.
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="libpq-connect-sslcompression">connection
option</link> to disable <acronym>SSL</acronym> compression
(Laurenz Albe)
</para>
<para>
This can be used to remove the overhead of <acronym>SSL</acronym>
compression on fast networks.
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="libpq-single-row-mode">single-row processing
mode</link> for better handling of large result sets
(Kyotaro Horiguchi, Marko Kreen)
</para>
<para>
Previously, <application>libpq</> always collected the entire query
result in memory before passing it back to the application.
</para>
</listitem>
<listitem>
<para>
Add <literal>const</> qualifiers to the declarations of the functions
<function>PQconnectdbParams</>, <function>PQconnectStartParams</>,
and <function>PQpingParams</> (Lionel Elie Mamane)
</para>
</listitem>
<listitem>
<para>
Allow the <filename>.pgpass</> file to include escaped characters
in the password field (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Make library functions use <function>abort()</> instead of
<function>exit()</> when it is necessary to terminate the process
(Peter Eisentraut)
</para>
<para>
This choice does not interfere with the normal exit codes used by the
program, and generates a signal that can be caught by the caller.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Source Code</title>
<itemizedlist>
<listitem>
<para>
Remove dead ports (Peter Eisentraut)
</para>
<para>
The following platforms are no longer supported: dgux,
nextstep, sunos4, svr4, ultrix4, univel, bsdi.
</para>
</listitem>
<listitem>
<para>
Add support for building with <link linkend="install-windows">MS
Visual Studio 2010</link> (Brar Piening)
</para>
</listitem>
<listitem>
<para>
Enable compiling with the MinGW-w64 32-bit compiler (Lars Kanis)
</para>
</listitem>
<listitem>
<para>
Install <filename>plpgsql.h</> into <filename>include/server</> during installation
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Improve the latch facility to include detection of postmaster death
(Peter Geoghegan, Heikki Linnakangas, Tom Lane)
</para>
<para>
This eliminates one of the main reasons that background processes
formerly had to wake up to poll for events.
</para>
</listitem>
<listitem>
<para>
Use C flexible array members, where supported (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Improve the concurrent transaction regression tests
(<application>isolationtester</>) (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Modify <application>thread_test</> to create its test files in
the current directory, rather than <filename>/tmp</> (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Improve flex and bison warning and error reporting (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add memory barrier support (Robert Haas)
</para>
<para>
This is currently unused.
</para>
</listitem>
<listitem>
<para>
Modify pgindent to use a typedef file (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Add a hook for processing messages due to be sent to the server
log (Martin Pihlak)
</para>
</listitem>
<listitem>
<para>
Add object access hooks for <command>DROP</command> commands
(KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Centralize <command>DROP</command> handling for some object types
(KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Add a <application>pg_upgrade</> test suite (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Sync regular expression code with <acronym>TCL</acronym> 8.5.11
and improve internal processing (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Move <acronym>CRC</acronym> tables to libpgport, and provide them
in a separate include file (Daniel Farina)
</para>
</listitem>
<listitem>
<para>
Add options to <application>git_changelog</> for use in major
release note creation (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Support Linux's <filename>/proc/self/oom_score_adj</> API (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Additional Modules</title>
<itemizedlist>
<listitem>
<para>
Improve efficiency of <link linkend="dblink">dblink</link> by using
libpq's new single-row processing mode (Kyotaro Horiguchi, Marko
Kreen)
</para>
<para>
This improvement does not apply to
<function>dblink_send_query()</>/<function>dblink_get_result()</>.
</para>
</listitem>
<listitem>
<para>
Support <literal>force_not_null</> option in <link
linkend="file-fdw">file_fdw</link> (Shigeru Hanada)
</para>
</listitem>
<listitem>
<para>
Implement dry-run mode for <link
linkend="pgarchivecleanup"><application>pg_archivecleanup</></link>
(Gabriele Bartolini)
</para>
<para>
This only outputs the names of files to be deleted.
</para>
</listitem>
<listitem>
<para>
Add new <link linkend="pgbench">pgbench</link> switches
<option>--unlogged-tables</>, <option>--tablespace</>, and
<option>--index-tablespace</> (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Change <link
linkend="pgtestfsync"><application>pg_test_fsync</></link> to test
for a fixed amount of time, rather than a fixed number of cycles
(Bruce Momjian)
</para>
<para>
The <option>-o</>/cycles option was removed, and
<option>-s</>/seconds added.
</para>
</listitem>
<listitem>
<para>
Add a <link
linkend="pgtesttiming"><application>pg_test_timing</></link>
utility to measure clock monotonicity and timing overhead (Ants
Aasma, Greg Smith)
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="tcn">tcn</link> (triggered change notification)
module to generate <command>NOTIFY</command> events on table changes
(Kevin Grittner)
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="pgupgrade"><application>pg_upgrade</></link></title>
<itemizedlist>
<listitem>
<para>
Adjust <application>pg_upgrade</> environment variables (Bruce
Momjian)
</para>
<para>
Rename data, bin, and port environment
variables to begin with <literal>PG</>, and support
<envar>PGPORTOLD</envar>/<envar>PGPORTNEW</envar>, to replace
<envar>PGPORT</envar>.
</para>
</listitem>
<listitem>
<para>
Overhaul <application>pg_upgrade</> logging and failure reporting
(Bruce Momjian)
</para>
<para>
Create four append-only log files, and delete them on success.
Add <option>-r</>/<option>--retain</> option to unconditionally
retain these files. Also remove <application>pg_upgrade</> options
<option>-g</>/<option>-G</>/<option>-l</> options as unnecessary,
and tighten log file permissions.
</para>
</listitem>
<listitem>
<para>
Make <application>pg_upgrade</> create a script to incrementally
generate more accurate optimizer statistics (Bruce Momjian)
</para>
<para>
This reduces the time needed to generate minimal cluster statistics
after an upgrade.
</para>
</listitem>
<listitem>
<para>
Allow <application>pg_upgrade</> to upgrade an old cluster that
does not have a <literal>postgres</> database (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Allow <application>pg_upgrade</> to handle cases where some
old or new databases are missing, as long as they are empty
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Allow <application>pg_upgrade</> to handle configuration-only
directory installations (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, add <option>-o</>/<option>-O</>
options to pass parameters to the servers (Bruce Momjian)
</para>
<para>
This is useful for configuration-only directory installs.
</para>
</listitem>
<listitem>
<para>
Change <application>pg_upgrade</> to use port 50432 by default
(Bruce Momjian)
</para>
<para>
This helps avoid unintended client connections during the upgrade.
</para>
</listitem>
<listitem>
<para>
Reduce cluster locking in <application>pg_upgrade</> (Bruce
Momjian)
</para>
<para>
Specifically, only lock the old cluster if link mode is used,
and do it right after the schema is restored.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="pgstatstatements"><application>pg_stat_statements</></link></title>
<itemizedlist>
<listitem>
<para>
Allow <application>pg_stat_statements</> to aggregate similar
queries via SQL text normalization (Peter Geoghegan, Tom Lane)
</para>
<para>
Users with applications that use non-parameterized SQL will now
be able to monitor query performance without detailed log analysis.
</para>
</listitem>
<listitem>
<para>
Add dirtied and written block counts and read/write times to
<application>pg_stat_statements</> (Robert Haas, Ants Aasma)
</para>
</listitem>
<listitem>
<para>
Prevent <application>pg_stat_statements</> from double-counting
<command>PREPARE</command> and <command>EXECUTE</command> commands
(Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="sepgsql">sepgsql</link></title>
<itemizedlist>
<listitem>
<para>
Support <literal>SECURITY LABEL</> on global objects (KaiGai
Kohei, Robert Haas)
</para>
<para>
Specifically, add security labels to databases,
tablespaces, and roles.
</para>
</listitem>
<listitem>
<para>
Allow sepgsql to honor database labels (KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Perform sepgsql permission checks during the creation of various
objects (KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Add <function>sepgsql_setcon()</> and related functions to control
the sepgsql security domain (KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Add a user space access cache to sepgsql to improve performance
(KaiGai Kohei)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Documentation</title>
<itemizedlist>
<listitem>
<para>
Add a rule to optionally build HTML documentation using the
stylesheet from the website (Magnus Hagander)
</para>
<para>
Use <command>gmake STYLE=website draft</>.
</para>
</listitem>
<listitem>
<para>
Improve <command>EXPLAIN</command> documentation (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Document that user/database names are preserved with double-quoting
by command-line tools like <application>vacuumdb</> (Bruce
Momjian)
</para>
</listitem>
<listitem>
<para>
Document the actual string returned by the client for MD5
authentication (Cyan Ogilvie)
</para>
</listitem>
<listitem>
<para>
Deprecate use of <literal>GLOBAL</> and <literal>LOCAL</> in
<command>CREATE TEMP TABLE</> (Noah Misch)
</para>
<para>
<productname>PostgreSQL</> has long treated these keyword as no-ops,
and continues to do so; but in future they might mean what the SQL
standard says they mean, so applications should avoid using them.
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink