rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/doc/src/sgml/release-9.1.sgml

11762 lines
344 KiB
Plaintext
Raw Blame History

<!-- doc/src/sgml/release-9.1.sgml -->
<!-- See header comment in release.sgml about typical markup -->
<sect1 id="release-9-1-24">
<title>Release 9.1.24</title>
<formalpara>
<title>Release date:</title>
<para>2016-10-27</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.23.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<para>
This is expected to be the last <productname>PostgreSQL</productname> release
in the 9.1.X series. Users are encouraged to update to a newer
release branch soon.
</para>
<sect2>
<title>Migration to Version 9.1.24</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix EvalPlanQual rechecks involving CTE scans (Tom Lane)
</para>
<para>
The recheck would always see the CTE as returning no rows, typically
leading to failure to update rows that were recently updated.
</para>
</listitem>
<listitem>
<para>
Fix improper repetition of previous results from hashed aggregation in
a subquery (Andrew Gierth)
</para>
<para>
The test to see if we can reuse a previously-computed hash table of
the aggregate state values neglected the possibility of an outer query
reference appearing in an aggregate argument expression. A change in
the value of such a reference should lead to recalculating the hash
table, but did not.
</para>
</listitem>
<listitem>
<para>
Fix timeout length when <command>VACUUM</command> is waiting for exclusive
table lock so that it can truncate the table (Simon Riggs)
</para>
<para>
The timeout was meant to be 50 milliseconds, but it was actually only
50 microseconds, causing <command>VACUUM</command> to give up on truncation
much more easily than intended. Set it to the intended value.
</para>
</listitem>
<listitem>
<para>
Remove artificial restrictions on the values accepted
by <function>numeric_in()</function> and <function>numeric_recv()</function>
(Tom Lane)
</para>
<para>
We allow numeric values up to the limit of the storage format (more
than <literal>1e100000</literal>), so it seems fairly pointless
that <function>numeric_in()</function> rejected scientific-notation exponents
above 1000. Likewise, it was silly for <function>numeric_recv()</function> to
reject more than 1000 digits in an input value.
</para>
</listitem>
<listitem>
<para>
Avoid very-low-probability data corruption due to testing tuple
visibility without holding buffer lock (Thomas Munro, Peter Geoghegan,
Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix file descriptor leakage when truncating a temporary relation of
more than 1GB (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Disallow starting a standalone backend with <literal>standby_mode</literal>
turned on (Michael Paquier)
</para>
<para>
This can't do anything useful, since there will be no WAL receiver
process to fetch more WAL data; and it could result in misbehavior
in code that wasn't designed with this situation in mind.
</para>
</listitem>
<listitem>
<para>
Don't try to share SSL contexts across multiple connections
in <application>libpq</application> (Heikki Linnakangas)
</para>
<para>
This led to assorted corner-case bugs, particularly when trying to use
different SSL parameters for different connections.
</para>
</listitem>
<listitem>
<para>
Avoid corner-case memory leak in <application>libpq</application> (Tom Lane)
</para>
<para>
The reported problem involved leaking an error report
during <function>PQreset()</function>, but there might be related cases.
</para>
</listitem>
<listitem>
<para>
Make <application>ecpg</application>'s <option>--help</option> and <option>--version</option>
options work consistently with our other executables (Haribabu Kommi)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/intarray/bench/bench.pl</filename> to print the results
of the <command>EXPLAIN</command> it does when given the <option>-e</option> option
(Daniel Gustafsson)
</para>
</listitem>
<listitem>
<para>
Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane)
</para>
<para>
If a dynamic time zone abbreviation does not match any entry in the
referenced time zone, treat it as equivalent to the time zone name.
This avoids unexpected failures when IANA removes abbreviations from
their time zone database, as they did in <application>tzdata</application>
release 2016f and seem likely to do again in the future. The
consequences were not limited to not recognizing the individual
abbreviation; any mismatch caused
the <structname>pg_timezone_abbrevs</structname> view to fail altogether.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2016h
for DST law changes in Palestine and Turkey, plus historical
corrections for Turkey and some regions of Russia.
Switch to numeric abbreviations for some time zones in Antarctica,
the former Soviet Union, and Sri Lanka.
</para>
<para>
The IANA time zone database previously provided textual abbreviations
for all time zones, sometimes making up abbreviations that have little
or no currency among the local population. They are in process of
reversing that policy in favor of using numeric UTC offsets in zones
where there is no evidence of real-world use of an English
abbreviation. At least for the time being, <productname>PostgreSQL</productname>
will continue to accept such removed abbreviations for timestamp input.
But they will not be shown in the <structname>pg_timezone_names</structname>
view nor used for output.
</para>
<para>
In this update, <literal>AMT</literal> is no longer shown as being in use to
mean Armenia Time. Therefore, we have changed the <literal>Default</literal>
abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-23">
<title>Release 9.1.23</title>
<formalpara>
<title>Release date:</title>
<para>2016-08-11</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.22.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<para>
The <productname>PostgreSQL</productname> community will stop releasing updates
for the 9.1.X release series in September 2016.
Users are encouraged to update to a newer release branch soon.
</para>
<sect2>
<title>Migration to Version 9.1.23</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix possible mis-evaluation of
nested <literal>CASE</literal>-<literal>WHEN</literal> expressions (Heikki
Linnakangas, Michael Paquier, Tom Lane)
</para>
<para>
A <literal>CASE</literal> expression appearing within the test value
subexpression of another <literal>CASE</literal> could become confused about
whether its own test value was null or not. Also, inlining of a SQL
function implementing the equality operator used by
a <literal>CASE</literal> expression could result in passing the wrong test
value to functions called within a <literal>CASE</literal> expression in the
SQL function's body. If the test values were of different data
types, a crash might result; moreover such situations could be abused
to allow disclosure of portions of server memory. (CVE-2016-5423)
</para>
</listitem>
<listitem>
<para>
Fix client programs' handling of special characters in database and
role names (Noah Misch, Nathan Bossart, Michael Paquier)
</para>
<para>
Numerous places in <application>vacuumdb</application> and other client programs
could become confused by database and role names containing double
quotes or backslashes. Tighten up quoting rules to make that safe.
Also, ensure that when a conninfo string is used as a database name
parameter to these programs, it is correctly treated as such throughout.
</para>
<para>
Fix handling of paired double quotes
in <application>psql</application>'s <command>\connect</command>
and <command>\password</command> commands to match the documentation.
</para>
<para>
Introduce a new <option>-reuse-previous</option> option
in <application>psql</application>'s <command>\connect</command> command to allow
explicit control of whether to re-use connection parameters from a
previous connection. (Without this, the choice is based on whether
the database name looks like a conninfo string, as before.) This
allows secure handling of database names containing special
characters in <application>pg_dumpall</application> scripts.
</para>
<para>
<application>pg_dumpall</application> now refuses to deal with database and role
names containing carriage returns or newlines, as it seems impractical
to quote those characters safely on Windows. In future we may reject
such names on the server side, but that step has not been taken yet.
</para>
<para>
These are considered security fixes because crafted object names
containing special characters could have been used to execute
commands with superuser privileges the next time a superuser
executes <application>pg_dumpall</application> or other routine maintenance
operations. (CVE-2016-5424)
</para>
</listitem>
<listitem>
<para>
Fix corner-case misbehaviors for <literal>IS NULL</literal>/<literal>IS NOT
NULL</literal> applied to nested composite values (Andrew Gierth, Tom Lane)
</para>
<para>
The SQL standard specifies that <literal>IS NULL</literal> should return
TRUE for a row of all null values (thus <literal>ROW(NULL,NULL) IS
NULL</literal> yields TRUE), but this is not meant to apply recursively
(thus <literal>ROW(NULL, ROW(NULL,NULL)) IS NULL</literal> yields FALSE).
The core executor got this right, but certain planner optimizations
treated the test as recursive (thus producing TRUE in both cases),
and <filename>contrib/postgres_fdw</filename> could produce remote queries
that misbehaved similarly.
</para>
</listitem>
<listitem>
<para>
Make the <type>inet</type> and <type>cidr</type> data types properly reject
IPv6 addresses with too many colon-separated fields (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent crash in <function>close_ps()</function>
(the <type>point</type> <literal>##</literal> <type>lseg</type> operator)
for NaN input coordinates (Tom Lane)
</para>
<para>
Make it return NULL instead of crashing.
</para>
</listitem>
<listitem>
<para>
Fix several one-byte buffer over-reads in <function>to_number()</function>
(Peter Eisentraut)
</para>
<para>
In several cases the <function>to_number()</function> function would read one
more character than it should from the input string. There is a
small chance of a crash, if the input happens to be adjacent to the
end of memory.
</para>
</listitem>
<listitem>
<para>
Avoid unsafe intermediate state during expensive paths
through <function>heap_update()</function> (Masahiko Sawada, Andres Freund)
</para>
<para>
Previously, these cases locked the target tuple (by setting its XMAX)
but did not WAL-log that action, thus risking data integrity problems
if the page were spilled to disk and then a database crash occurred
before the tuple update could be completed.
</para>
</listitem>
<listitem>
<para>
Avoid consuming a transaction ID during <command>VACUUM</command>
(Alexander Korotkov)
</para>
<para>
Some cases in <command>VACUUM</command> unnecessarily caused an XID to be
assigned to the current transaction. Normally this is negligible,
but if one is up against the XID wraparound limit, consuming more
XIDs during anti-wraparound vacuums is a very bad thing.
</para>
</listitem>
<listitem>
<para>
Avoid canceling hot-standby queries during <command>VACUUM FREEZE</command>
(Simon Riggs, &Aacute;lvaro Herrera)
</para>
<para>
<command>VACUUM FREEZE</command> on an otherwise-idle master server could
result in unnecessary cancellations of queries on its standby
servers.
</para>
</listitem>
<listitem>
<para>
When a manual <command>ANALYZE</command> specifies a column list, don't
reset the table's <literal>changes_since_analyze</literal> counter
(Tom Lane)
</para>
<para>
If we're only analyzing some columns, we should not prevent routine
auto-analyze from happening for the other columns.
</para>
</listitem>
<listitem>
<para>
Fix <command>ANALYZE</command>'s overestimation of <literal>n_distinct</literal>
for a unique or nearly-unique column with many null entries (Tom
Lane)
</para>
<para>
The nulls could get counted as though they were themselves distinct
values, leading to serious planner misestimates in some types of
queries.
</para>
</listitem>
<listitem>
<para>
Prevent autovacuum from starting multiple workers for the same shared
catalog (&Aacute;lvaro Herrera)
</para>
<para>
Normally this isn't much of a problem because the vacuum doesn't take
long anyway; but in the case of a severely bloated catalog, it could
result in all but one worker uselessly waiting instead of doing
useful work on other tables.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/btree_gin</filename> to handle the smallest
possible <type>bigint</type> value correctly (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Teach libpq to correctly decode server version from future servers
(Peter Eisentraut)
</para>
<para>
It's planned to switch to two-part instead of three-part server
version numbers for releases after 9.6. Make sure
that <function>PQserverVersion()</function> returns the correct value for
such cases.
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</application>'s code for <literal>unsigned long long</literal>
array elements (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_basebackup</application> accept <literal>-Z 0</literal> as
specifying no compression (Fujii Masao)
</para>
</listitem>
<listitem>
<!--
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: REL9_1_STABLE [d56c02f1a] 2016-06-19 13:45:03 -0400
Branch: REL9_1_STABLE [354b3a3ac] 2016-06-19 14:01:17 -0400
-->
<para>
Revert to the old heuristic timeout for <literal>pg_ctl start -w</literal>
(Tom Lane)
</para>
<para>
The new method adopted as of release 9.1.20 does not work
when <varname>silent_mode</varname> is enabled, so go back to the old way.
</para>
</listitem>
<listitem>
<para>
Fix makefiles' rule for building AIX shared libraries to be safe for
parallel make (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix TAP tests and MSVC scripts to work when build directory's path
name contains spaces (Michael Paquier, Kyotaro Horiguchi)
</para>
</listitem>
<listitem>
<para>
Make regression tests safe for Danish and Welsh locales (Jeff Janes,
Tom Lane)
</para>
<para>
Change some test data that triggered the unusual sorting rules of
these locales.
</para>
</listitem>
<listitem>
<para>
Update our copy of the timezone code to match
IANA's <application>tzcode</application> release 2016c (Tom Lane)
</para>
<para>
This is needed to cope with anticipated future changes in the time
zone data files. It also fixes some corner-case bugs in coping with
unusual time zones.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2016f
for DST law changes in Kemerovo and Novosibirsk, plus historical
corrections for Azerbaijan, Belarus, and Morocco.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-22">
<title>Release 9.1.22</title>
<formalpara>
<title>Release date:</title>
<para>2016-05-12</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.21.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<para>
The <productname>PostgreSQL</productname> community will stop releasing updates
for the 9.1.X release series in September 2016.
Users are encouraged to update to a newer release branch soon.
</para>
<sect2>
<title>Migration to Version 9.1.22</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Clear the OpenSSL error queue before OpenSSL calls, rather than
assuming it's clear already; and make sure we leave it clear
afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut)
</para>
<para>
This change prevents problems when there are multiple connections
using OpenSSL within a single process and not all the code involved
follows the same rules for when to clear the error queue.
Failures have been reported specifically when a client application
uses SSL connections in <application>libpq</application> concurrently with
SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL.
It's possible for similar problems to arise within the server as well,
if an extension module establishes an outgoing SSL connection.
</para>
</listitem>
<listitem>
<para>
Fix <quote>failed to build any <replaceable>N</replaceable>-way joins</quote>
planner error with a full join enclosed in the right-hand side of a
left join (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible misbehavior of <literal>TH</literal>, <literal>th</literal>,
and <literal>Y,YYY</literal> format codes in <function>to_timestamp()</function>
(Tom Lane)
</para>
<para>
These could advance off the end of the input string, causing subsequent
format codes to read garbage.
</para>
</listitem>
<listitem>
<para>
Fix dumping of rules and views in which the <replaceable>array</replaceable>
argument of a <literal><replaceable>value</replaceable> <replaceable>operator</replaceable>
ANY (<replaceable>array</replaceable>)</literal> construct is a sub-SELECT
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_regress</application> use a startup timeout from the
<envar>PGCTLTIMEOUT</envar> environment variable, if that's set (Tom Lane)
</para>
<para>
This is for consistency with a behavior recently added
to <application>pg_ctl</application>; it eases automated testing on slow machines.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</application> to correctly restore extension
membership for operator families containing only one operator class
(Tom Lane)
</para>
<para>
In such a case, the operator family was restored into the new database,
but it was no longer marked as part of the extension. This had no
immediate ill effects, but would cause later <application>pg_dump</application>
runs to emit output that would cause (harmless) errors on restore.
</para>
</listitem>
<listitem>
<para>
Rename internal function <function>strtoi()</function>
to <function>strtoint()</function> to avoid conflict with a NetBSD library
function (Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix reporting of errors from <function>bind()</function>
and <function>listen()</function> system calls on Windows (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Reduce verbosity of compiler output when building with Microsoft Visual
Studio (Christian Ullrich)
</para>
</listitem>
<listitem>
<para>
Avoid possibly-unsafe use of Windows' <function>FormatMessage()</function>
function (Christian Ullrich)
</para>
<para>
Use the <literal>FORMAT_MESSAGE_IGNORE_INSERTS</literal> flag where
appropriate. No live bug is known to exist here, but it seems like a
good idea to be careful.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2016d
for DST law changes in Russia and Venezuela. There are new zone
names <literal>Europe/Kirov</literal> and <literal>Asia/Tomsk</literal> to reflect
the fact that these regions now have different time zone histories from
adjacent regions.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-21">
<title>Release 9.1.21</title>
<formalpara>
<title>Release date:</title>
<para>2016-03-31</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.20.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.21</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix incorrect handling of NULL index entries in
indexed <literal>ROW()</literal> comparisons (Tom Lane)
</para>
<para>
An index search using a row comparison such as <literal>ROW(a, b) &gt;
ROW('x', 'y')</literal> would stop upon reaching a NULL entry in
the <structfield>b</structfield> column, ignoring the fact that there might be
non-NULL <structfield>b</structfield> values associated with later values
of <structfield>a</structfield>.
</para>
</listitem>
<listitem>
<para>
Avoid unlikely data-loss scenarios due to renaming files without
adequate <function>fsync()</function> calls before and after (Michael Paquier,
Tomas Vondra, Andres Freund)
</para>
</listitem>
<listitem>
<para>
Correctly handle cases where <literal>pg_subtrans</literal> is close to XID
wraparound during server startup (Jeff Janes)
</para>
</listitem>
<listitem>
<para>
Fix corner-case crash due to trying to free <function>localeconv()</function>
output strings more than once (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix parsing of affix files for <literal>ispell</literal> dictionaries
(Tom Lane)
</para>
<para>
The code could go wrong if the affix file contained any characters
whose byte length changes during case-folding, for
example <literal>I</literal> in Turkish UTF8 locales.
</para>
</listitem>
<listitem>
<para>
Avoid use of <function>sscanf()</function> to parse <literal>ispell</literal>
dictionary files (Artur Zakirov)
</para>
<para>
This dodges a portability problem on FreeBSD-derived platforms
(including macOS).
</para>
</listitem>
<listitem>
<para>
Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an
AVX2-capable CPU and a Postgres build done with Visual Studio 2013
(Christian Ullrich)
</para>
<para>
This is a workaround for a bug in Visual Studio 2013's runtime
library, which Microsoft have stated they will not fix in that
version.
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</application>'s tab completion logic to handle multibyte
characters properly (Kyotaro Horiguchi, Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</application>'s tab completion for
<literal>SECURITY LABEL</literal> (Tom Lane)
</para>
<para>
Pressing TAB after <literal>SECURITY LABEL</literal> might cause a crash
or offering of inappropriate keywords.
</para>
</listitem>
<listitem>
<para>
Make <application>pg_ctl</application> accept a wait timeout from the
<envar>PGCTLTIMEOUT</envar> environment variable, if none is specified on
the command line (Noah Misch)
</para>
<para>
This eases testing of slower buildfarm members by allowing them
to globally specify a longer-than-normal timeout for postmaster
startup and shutdown.
</para>
</listitem>
<listitem>
<para>
Fix incorrect test for Windows service status
in <application>pg_ctl</application> (Manuel Mathar)
</para>
<para>
The previous set of minor releases attempted to
fix <application>pg_ctl</application> to properly determine whether to send log
messages to Window's Event Log, but got the test backwards.
</para>
</listitem>
<listitem>
<para>
Fix <application>pgbench</application> to correctly handle the combination
of <literal>-C</literal> and <literal>-M prepared</literal> options (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In PL/Perl, properly translate empty Postgres arrays into empty Perl
arrays (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Make PL/Python cope with function names that aren't valid Python
identifiers (Jim Nasby)
</para>
</listitem>
<listitem>
<para>
Fix multiple mistakes in the statistics returned
by <filename>contrib/pgstattuple</filename>'s <function>pgstatindex()</function>
function (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Remove dependency on <literal>psed</literal> in MSVC builds, since it's no
longer provided by core Perl (Michael Paquier, Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2016c
for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia
(Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus
historical corrections for Lithuania, Moldova, and Russia
(Kaliningrad, Samara, Volgograd).
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-20">
<title>Release 9.1.20</title>
<formalpara>
<title>Release date:</title>
<para>2016-02-11</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.19.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.20</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix infinite loops and buffer-overrun problems in regular expressions
(Tom Lane)
</para>
<para>
Very large character ranges in bracket expressions could cause
infinite loops in some cases, and memory overwrites in other cases.
(CVE-2016-0773)
</para>
</listitem>
<listitem>
<para>
Perform an immediate shutdown if the <filename>postmaster.pid</filename> file
is removed (Tom Lane)
</para>
<para>
The postmaster now checks every minute or so
that <filename>postmaster.pid</filename> is still there and still contains its
own PID. If not, it performs an immediate shutdown, as though it had
received <systemitem>SIGQUIT</systemitem>. The main motivation for this change
is to ensure that failed buildfarm runs will get cleaned up without
manual intervention; but it also serves to limit the bad effects if a
DBA forcibly removes <filename>postmaster.pid</filename> and then starts a new
postmaster.
</para>
</listitem>
<listitem>
<para>
In <literal>SERIALIZABLE</literal> transaction isolation mode, serialization
anomalies could be missed due to race conditions during insertions
(Kevin Grittner, Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix failure to emit appropriate WAL records when doing <literal>ALTER
TABLE ... SET TABLESPACE</literal> for unlogged relations (Michael Paquier,
Andres Freund)
</para>
<para>
Even though the relation's data is unlogged, the move must be logged or
the relation will be inaccessible after a standby is promoted to master.
</para>
</listitem>
<listitem>
<para>
Fix possible misinitialization of unlogged relations at the end of
crash recovery (Andres Freund, Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER COLUMN TYPE</command> to reconstruct inherited check
constraints properly (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</command> to change ownership of composite types
properly (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</command> and <command>ALTER OWNER</command> to correctly
update granted-permissions lists when changing owners of data types,
foreign data wrappers, or foreign servers (Bruce Momjian,
&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</command> to ignore foreign user mappings,
rather than fail (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Add more defenses against bad planner cost estimates for GIN index
scans when the index's internal statistics are very out-of-date
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make planner cope with hypothetical GIN indexes suggested by an index
advisor plug-in (Julien Rouhaud)
</para>
</listitem>
<listitem>
<para>
Fix dumping of whole-row Vars in <literal>ROW()</literal>
and <literal>VALUES()</literal> lists (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible internal overflow in <type>numeric</type> division
(Dean Rasheed)
</para>
</listitem>
<listitem>
<para>
Fix enforcement of restrictions inside parentheses within regular
expression lookahead constraints (Tom Lane)
</para>
<para>
Lookahead constraints aren't allowed to contain backrefs, and
parentheses within them are always considered non-capturing, according
to the manual. However, the code failed to handle these cases properly
inside a parenthesized subexpression, and would give unexpected
results.
</para>
</listitem>
<listitem>
<para>
Conversion of regular expressions to indexscan bounds could produce
incorrect bounds from regexps containing lookahead constraints
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix regular-expression compiler to handle loops of constraint arcs
(Tom Lane)
</para>
<para>
The code added for CVE-2007-4772 was both incomplete, in that it didn't
handle loops involving more than one state, and incorrect, in that it
could cause assertion failures (though there seem to be no bad
consequences of that in a non-assert build). Multi-state loops would
cause the compiler to run until the query was canceled or it reached
the too-many-states error condition.
</para>
</listitem>
<listitem>
<para>
Improve memory-usage accounting in regular-expression compiler
(Tom Lane)
</para>
<para>
This causes the code to emit <quote>regular expression is too
complex</quote> errors in some cases that previously used unreasonable
amounts of time and memory.
</para>
</listitem>
<listitem>
<para>
Improve performance of regular-expression compiler (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <literal>%h</literal> and <literal>%r</literal> escapes
in <varname>log_line_prefix</varname> work for messages emitted due
to <varname>log_connections</varname> (Tom Lane)
</para>
<para>
Previously, <literal>%h</literal>/<literal>%r</literal> started to work just after a
new session had emitted the <quote>connection received</quote> log message;
now they work for that message too.
</para>
</listitem>
<listitem>
<para>
On Windows, ensure the shared-memory mapping handle gets closed in
child processes that don't need it (Tom Lane, Amit Kapila)
</para>
<para>
This oversight resulted in failure to recover from crashes
whenever <varname>logging_collector</varname> is turned on.
</para>
</listitem>
<listitem>
<para>
Fix possible failure to detect socket EOF in non-blocking mode on
Windows (Tom Lane)
</para>
<para>
It's not entirely clear whether this problem can happen in pre-9.5
branches, but if it did, the symptom would be that a walsender process
would wait indefinitely rather than noticing a loss of connection.
</para>
</listitem>
<listitem>
<para>
Avoid leaking a token handle during SSPI authentication
(Christian Ullrich)
</para>
</listitem>
<listitem>
<para>
In <application>psql</application>, ensure that <application>libreadline</application>'s idea
of the screen size is updated when the terminal window size changes
(Merlin Moncure)
</para>
<para>
Previously, <application>libreadline</application> did not notice if the window
was resized during query output, leading to strange behavior during
later input of multiline queries.
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</application>'s <literal>\det</literal> command to interpret its
pattern argument the same way as other <literal>\d</literal> commands with
potentially schema-qualified patterns do (Reece Hart)
</para>
</listitem>
<listitem>
<para>
Avoid possible crash in <application>psql</application>'s <literal>\c</literal> command
when previous connection was via Unix socket and command specifies a
new hostname and same username (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In <literal>pg_ctl start -w</literal>, test child process status directly
rather than relying on heuristics (Tom Lane, Michael Paquier)
</para>
<para>
Previously, <application>pg_ctl</application> relied on an assumption that the new
postmaster would always create <filename>postmaster.pid</filename> within five
seconds. But that can fail on heavily-loaded systems,
causing <application>pg_ctl</application> to report incorrectly that the
postmaster failed to start.
</para>
<para>
Except on Windows, this change also means that a <literal>pg_ctl start
-w</literal> done immediately after another such command will now reliably
fail, whereas previously it would report success if done within two
seconds of the first command.
</para>
</listitem>
<listitem>
<para>
In <literal>pg_ctl start -w</literal>, don't attempt to use a wildcard listen
address to connect to the postmaster (Kondo Yuta)
</para>
<para>
On Windows, <application>pg_ctl</application> would fail to detect postmaster
startup if <varname>listen_addresses</varname> is set to <literal>0.0.0.0</literal>
or <literal>::</literal>, because it would try to use that value verbatim as
the address to connect to, which doesn't work. Instead assume
that <literal>127.0.0.1</literal> or <literal>::1</literal>, respectively, is the
right thing to use.
</para>
</listitem>
<listitem>
<para>
In <application>pg_ctl</application> on Windows, check service status to decide
where to send output, rather than checking if standard output is a
terminal (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</application> and <application>pg_basebackup</application>, adopt
the GNU convention for handling tar-archive members exceeding 8GB
(Tom Lane)
</para>
<para>
The POSIX standard for <literal>tar</literal> file format does not allow
archive member files to exceed 8GB, but most modern implementations
of <application>tar</application> support an extension that fixes that. Adopt
this extension so that <application>pg_dump</application> with <option>-Ft</option> no
longer fails on tables with more than 8GB of data, and so
that <application>pg_basebackup</application> can handle files larger than 8GB.
In addition, fix some portability issues that could cause failures for
members between 4GB and 8GB on some platforms. Potentially these
problems could cause unrecoverable data loss due to unreadable backup
files.
</para>
</listitem>
<listitem>
<para>
Fix assorted corner-case bugs in <application>pg_dump</application>'s processing
of extension member objects (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</application> mark a view's triggers as needing to be
processed after its rule, to prevent possible failure during
parallel <application>pg_restore</application> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that relation option values are properly quoted
in <application>pg_dump</application> (Kouhei Sutou, Tom Lane)
</para>
<para>
A reloption value that isn't a simple identifier or number could lead
to dump/reload failures due to syntax errors in CREATE statements
issued by <application>pg_dump</application>. This is not an issue with any
reloption currently supported by core <productname>PostgreSQL</productname>, but
extensions could allow reloptions that cause the problem.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</application>'s file-copying code to handle errors
properly on Windows (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Install guards in <application>pgbench</application> against corner-case overflow
conditions during evaluation of script-specified division or modulo
operators (Fabien Coelho, Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Prevent certain <application>PL/Java</application> parameters from being set by
non-superusers (Noah Misch)
</para>
<para>
This change mitigates a <application>PL/Java</application> security bug
(CVE-2016-0766), which was fixed in <application>PL/Java</application> by marking
these parameters as superuser-only. To fix the security hazard for
sites that update <productname>PostgreSQL</productname> more frequently
than <application>PL/Java</application>, make the core code aware of them also.
</para>
</listitem>
<listitem>
<para>
Improve <application>libpq</application>'s handling of out-of-memory situations
(Michael Paquier, Amit Kapila, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix order of arguments
in <application>ecpg</application>-generated <literal>typedef</literal> statements
(Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Use <literal>%g</literal> not <literal>%f</literal> format
in <application>ecpg</application>'s <function>PGTYPESnumeric_from_double()</function>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</application>-supplied header files to not contain comments
continued from a preprocessor directive line onto the next line
(Michael Meskes)
</para>
<para>
Such a comment is rejected by <application>ecpg</application>. It's not yet clear
whether <application>ecpg</application> itself should be changed.
</para>
</listitem>
<listitem>
<para>
Ensure that <filename>contrib/pgcrypto</filename>'s <function>crypt()</function>
function can be interrupted by query cancel (Andreas Karlsson)
</para>
</listitem>
<listitem>
<para>
Accept <application>flex</application> versions later than 2.5.x
(Tom Lane, Michael Paquier)
</para>
<para>
Now that flex 2.6.0 has been released, the version checks in our build
scripts needed to be adjusted.
</para>
</listitem>
<listitem>
<para>
Install our <filename>missing</filename> script where PGXS builds can find it
(Jim Nasby)
</para>
<para>
This allows sane behavior in a PGXS build done on a machine where build
tools such as <application>bison</application> are missing.
</para>
</listitem>
<listitem>
<para>
Ensure that <filename>dynloader.h</filename> is included in the installed
header files in MSVC builds (Bruce Momjian, Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Add variant regression test expected-output file to match behavior of
current <application>libxml2</application> (Tom Lane)
</para>
<para>
The fix for <application>libxml2</application>'s CVE-2015-7499 causes it not to
output error context reports in some cases where it used to do so.
This seems to be a bug, but we'll probably have to live with it for
some time, so work around it.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2016a for
DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-19">
<title>Release 9.1.19</title>
<formalpara>
<title>Release date:</title>
<para>2015-10-08</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.18.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.19</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</filename> to detect and report
too-short <function>crypt()</function> salts (Josh Kupershmidt)
</para>
<para>
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
</para>
</listitem>
<listitem>
<para>
Fix subtransaction cleanup after a portal (cursor) belonging to an
outer subtransaction fails (Tom Lane, Michael Paquier)
</para>
<para>
A function executed in an outer-subtransaction cursor could cause an
assertion failure or crash by referencing a relation created within an
inner subtransaction.
</para>
</listitem>
<listitem>
<para>
Fix insertion of relations into the relation cache <quote>init file</quote>
(Tom Lane)
</para>
<para>
An oversight in a patch in the most recent minor releases
caused <structname>pg_trigger_tgrelid_tgname_index</structname> to be omitted
from the init file. Subsequent sessions detected this, then deemed the
init file to be broken and silently ignored it, resulting in a
significant degradation in session startup time. In addition to fixing
the bug, install some guards so that any similar future mistake will be
more obvious.
</para>
</listitem>
<listitem>
<para>
Avoid O(N^2) behavior when inserting many tuples into a SPI query
result (Neil Conway)
</para>
</listitem>
<listitem>
<para>
Improve <command>LISTEN</command> startup time when there are many unread
notifications (Matt Newell)
</para>
</listitem>
<listitem>
<para>
Back-patch 9.3-era addition of per-resource-owner lock caches
(Jeff Janes)
</para>
<para>
This substantially improves performance when <application>pg_dump</application>
tries to dump a large number of tables.
</para>
</listitem>
<listitem>
<para>
Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
</para>
<para>
While use of SSL renegotiation is a good idea in theory, we have seen
too many bugs in practice, both in the underlying OpenSSL library and
in our usage of it. Renegotiation will be removed entirely in 9.5 and
later. In the older branches, just change the default value
of <varname>ssl_renegotiation_limit</varname> to zero (disabled).
</para>
</listitem>
<listitem>
<para>
Lower the minimum values of the <literal>*_freeze_max_age</literal> parameters
(Andres Freund)
</para>
<para>
This is mainly to make tests of related behavior less time-consuming,
but it may also be of value for installations with limited disk space.
</para>
</listitem>
<listitem>
<para>
Limit the maximum value of <varname>wal_buffers</varname> to 2GB to avoid
server crashes (Josh Berkus)
</para>
</listitem>
<listitem>
<para>
Fix rare internal overflow in multiplication of <type>numeric</type> values
(Dean Rasheed)
</para>
</listitem>
<listitem>
<para>
Guard against hard-to-reach stack overflows involving record types,
range types, <type>json</type>, <type>jsonb</type>, <type>tsquery</type>,
<type>ltxtquery</type> and <type>query_int</type> (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix handling of <literal>DOW</literal> and <literal>DOY</literal> in datetime input
(Greg Stark)
</para>
<para>
These tokens aren't meant to be used in datetime values, but previously
they resulted in opaque internal error messages rather
than <quote>invalid input syntax</quote>.
</para>
</listitem>
<listitem>
<para>
Add more query-cancel checks to regular expression matching (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add recursion depth protections to regular expression, <literal>SIMILAR
TO</literal>, and <literal>LIKE</literal> matching (Tom Lane)
</para>
<para>
Suitable search patterns and a low stack depth limit could lead to
stack-overrun crashes.
</para>
</listitem>
<listitem>
<para>
Fix potential infinite loop in regular expression execution (Tom Lane)
</para>
<para>
A search pattern that can apparently match a zero-length string, but
actually doesn't match because of a back reference, could lead to an
infinite loop.
</para>
</listitem>
<listitem>
<para>
Fix low-memory failures in regular expression compilation
(Andreas Seltenreich)
</para>
</listitem>
<listitem>
<para>
Fix low-probability memory leak during regular expression execution
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix rare low-memory failure in lock cleanup during transaction abort
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>unexpected out-of-memory situation during sort</quote> errors
when using tuplestores with small <varname>work_mem</varname> settings (Tom
Lane)
</para>
</listitem>
<listitem>
<para>
Fix very-low-probability stack overrun in <function>qsort</function> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>invalid memory alloc request size</quote> failure in hash joins
with large <varname>work_mem</varname> settings (Tomas Vondra, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix assorted planner bugs (Tom Lane)
</para>
<para>
These mistakes could lead to incorrect query plans that would give wrong
answers, or to assertion failures in assert-enabled builds, or to odd
planner errors such as <quote>could not devise a query plan for the
given query</quote>, <quote>could not find pathkey item to
sort</quote>, <quote>plan should not reference subplan's variable</quote>,
or <quote>failed to assign all NestLoopParams to plan nodes</quote>.
Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz
testing that exposed these problems.
</para>
</listitem>
<!--
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: REL9_1_STABLE [3218f8c33] 2015-08-15 11:02:33 -0400
Branch: REL9_0_STABLE [9d6af7367] 2015-08-15 11:02:34 -0400
-->
<listitem>
<para>
Use fuzzy path cost tiebreaking rule in all supported branches (Tom Lane)
</para>
<para>
This change is meant to avoid platform-specific behavior when
alternative plan choices have effectively-identical estimated costs.
</para>
</listitem>
<listitem>
<para>
Ensure standby promotion trigger files are removed at postmaster
startup (Michael Paquier, Fujii Masao)
</para>
<para>
This prevents unwanted promotion from occurring if these files appear
in a database backup that is used to initialize a new standby server.
</para>
</listitem>
<listitem>
<para>
During postmaster shutdown, ensure that per-socket lock files are
removed and listen sockets are closed before we remove
the <filename>postmaster.pid</filename> file (Tom Lane)
</para>
<para>
This avoids race-condition failures if an external script attempts to
start a new postmaster as soon as <literal>pg_ctl stop</literal> returns.
</para>
</listitem>
<listitem>
<para>
Fix postmaster's handling of a startup-process crash during crash
recovery (Tom Lane)
</para>
<para>
If, during a crash recovery cycle, the startup process crashes without
having restored database consistency, we'd try to launch a new startup
process, which typically would just crash again, leading to an infinite
loop.
</para>
</listitem>
<listitem>
<para>
Do not print a <literal>WARNING</literal> when an autovacuum worker is already
gone when we attempt to signal it, and reduce log verbosity for such
signals (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent autovacuum launcher from sleeping unduly long if the server
clock is moved backwards a large amount (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Ensure that cleanup of a GIN index's pending-insertions list is
interruptable by cancel requests (Jeff Janes)
</para>
</listitem>
<listitem>
<para>
Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas)
</para>
<para>
Such a page might be left behind after a crash.
</para>
</listitem>
<listitem>
<para>
Fix off-by-one error that led to otherwise-harmless warnings
about <quote>apparent wraparound</quote> in subtrans/multixact truncation
(Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix misreporting of <command>CONTINUE</command> and <command>MOVE</command> statement
types in <application>PL/pgSQL</application>'s error context messages
(Pavel Stehule, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/Perl</application> to handle non-<acronym>ASCII</acronym> error
message texts correctly (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/Python</application> crash when returning the string
representation of a <type>record</type> result (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix some places in <application>PL/Tcl</application> that neglected to check for
failure of <function>malloc()</function> calls (Michael Paquier, &Aacute;lvaro
Herrera)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/isn</filename>, fix output of ISBN-13 numbers that begin
with 979 (Fabien Coelho)
</para>
<para>
EANs beginning with 979 (but not 9790) are considered ISBNs, but they
must be printed in the new 13-digit format, not the 10-digit format.
</para>
</listitem>
<listitem>
<para>
Improve <application>libpq</application>'s handling of out-of-memory conditions
(Michael Paquier, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix memory leaks and missing out-of-memory checks
in <application>ecpg</application> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</application>'s code for locale-aware formatting of numeric
output (Tom Lane)
</para>
<para>
The formatting code invoked by <literal>\pset numericlocale on</literal>
did the wrong thing for some uncommon cases such as numbers with an
exponent but no decimal point. It could also mangle already-localized
output from the <type>money</type> data type.
</para>
</listitem>
<listitem>
<para>
Prevent crash in <application>psql</application>'s <command>\c</command> command when
there is no current connection (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix selection of default <application>zlib</application> compression level
in <application>pg_dump</application>'s directory output format (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Ensure that temporary files created during a <application>pg_dump</application>
run with <acronym>tar</acronym>-format output are not world-readable (Michael
Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</application> and <application>pg_upgrade</application> to support
cases where the <literal>postgres</literal> or <literal>template1</literal> database
is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</application> to handle object privileges sanely when
dumping from a server too old to have a particular privilege type
(Tom Lane)
</para>
<para>
When dumping functions or procedural languages from pre-7.3
servers, <application>pg_dump</application> would
produce <command>GRANT</command>/<command>REVOKE</command> commands that revoked the
owner's grantable privileges and instead granted all privileges
to <literal>PUBLIC</literal>. Since the privileges involved are
just <literal>USAGE</literal> and <literal>EXECUTE</literal>, this isn't a security
problem, but it's certainly a surprising representation of the older
systems' behavior. Fix it to leave the default privilege state alone
in these cases.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</application> to dump shell types (Tom Lane)
</para>
<para>
Shell types (that is, not-yet-fully-defined types) aren't useful for
much, but nonetheless <application>pg_dump</application> should dump them.
</para>
</listitem>
<listitem>
<para>
Fix assorted minor memory leaks in <application>pg_dump</application> and other
client-side programs (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix spinlock assembly code for PPC hardware to be compatible
with <acronym>AIX</acronym>'s native assembler (Tom Lane)
</para>
<para>
Building with <application>gcc</application> didn't work if <application>gcc</application>
had been configured to use the native assembler, which is becoming more
common.
</para>
</listitem>
<listitem>
<para>
On <acronym>AIX</acronym>, test the <literal>-qlonglong</literal> compiler option
rather than just assuming it's safe to use (Noah Misch)
</para>
</listitem>
<listitem>
<para>
On <acronym>AIX</acronym>, use <literal>-Wl,-brtllib</literal> link option to allow
symbols to be resolved at runtime (Noah Misch)
</para>
<para>
Perl relies on this ability in 5.8.0 and later.
</para>
</listitem>
<listitem>
<para>
Avoid use of inline functions when compiling with
32-bit <application>xlc</application>, due to compiler bugs (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Use <filename>librt</filename> for <function>sched_yield()</function> when necessary,
which it is on some Solaris versions (Oskari Saarenmaa)
</para>
</listitem>
<listitem>
<para>
Fix Windows <filename>install.bat</filename> script to handle target directory
names that contain spaces (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Make the numeric form of the <productname>PostgreSQL</productname> version number
(e.g., <literal>90405</literal>) readily available to extension Makefiles,
as a variable named <varname>VERSION_NUM</varname> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2015g for
DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
Island, North Korea, Turkey, and Uruguay. There is a new zone name
<literal>America/Fort_Nelson</literal> for the Canadian Northern Rockies.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-18">
<title>Release 9.1.18</title>
<formalpara>
<title>Release date:</title>
<para>2015-06-12</para>
</formalpara>
<para>
This release contains a small number of fixes from 9.1.17.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.18</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix rare failure to invalidate relation cache init file (Tom Lane)
</para>
<para>
With just the wrong timing of concurrent activity, a <command>VACUUM
FULL</command> on a system catalog might fail to update the <quote>init file</quote>
that's used to avoid cache-loading work for new sessions. This would
result in later sessions being unable to access that catalog at all.
This is a very ancient bug, but it's so hard to trigger that no
reproducible case had been seen until recently.
</para>
</listitem>
<listitem>
<para>
Avoid deadlock between incoming sessions and <literal>CREATE/DROP
DATABASE</literal> (Tom Lane)
</para>
<para>
A new session starting in a database that is the target of
a <command>DROP DATABASE</command> command, or is the template for
a <command>CREATE DATABASE</command> command, could cause the command to wait
for five seconds and then fail, even if the new session would have
exited before that.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-17">
<title>Release 9.1.17</title>
<formalpara>
<title>Release date:</title>
<para>2015-06-04</para>
</formalpara>
<para>
This release contains a small number of fixes from 9.1.16.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.17</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.16,
see <xref linkend="release-9-1-16"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Avoid failures while <function>fsync</function>'ing data directory during
crash restart (Abhijit Menon-Sen, Tom Lane)
</para>
<para>
In the previous minor releases we added a patch to <function>fsync</function>
everything in the data directory after a crash. Unfortunately its
response to any error condition was to fail, thereby preventing the
server from starting up, even when the problem was quite harmless.
An example is that an unwritable file in the data directory would
prevent restart on some platforms; but it is common to make SSL
certificate files unwritable by the server. Revise this behavior so
that permissions failures are ignored altogether, and other types of
failures are logged but do not prevent continuing.
</para>
</listitem>
<listitem>
<para>
Remove <application>configure</application>'s check prohibiting linking to a
threaded <application>libpython</application>
on <systemitem class="osname">OpenBSD</systemitem> (Tom Lane)
</para>
<para>
The failure this restriction was meant to prevent seems to not be a
problem anymore on current <systemitem class="osname">OpenBSD</systemitem>
versions.
</para>
</listitem>
<listitem>
<para>
Allow <application>libpq</application> to use TLS protocol versions beyond v1
(Noah Misch)
</para>
<para>
For a long time, <application>libpq</application> was coded so that the only SSL
protocol it would allow was TLS v1. Now that newer TLS versions are
becoming popular, allow it to negotiate the highest commonly-supported
TLS version with the server. (<productname>PostgreSQL</productname> servers were
already capable of such negotiation, so no change is needed on the
server side.) This is a back-patch of a change already released in
9.4.0.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-16">
<title>Release 9.1.16</title>
<formalpara>
<title>Release date:</title>
<para>2015-05-22</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.15.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.16</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you use <filename>contrib/citext</filename>'s
<function>regexp_matches()</function> functions, see the changelog entry below
about that.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.1.14,
see <xref linkend="release-9-1-14"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Avoid possible crash when client disconnects just before the
authentication timeout expires (Benkocs Norbert Attila)
</para>
<para>
If the timeout interrupt fired partway through the session shutdown
sequence, SSL-related state would be freed twice, typically causing a
crash and hence denial of service to other sessions. Experimentation
shows that an unauthenticated remote attacker could trigger the bug
somewhat consistently, hence treat as security issue.
(CVE-2015-3165)
</para>
</listitem>
<listitem>
<para>
Improve detection of system-call failures (Noah Misch)
</para>
<para>
Our replacement implementation of <function>snprintf()</function> failed to
check for errors reported by the underlying system library calls;
the main case that might be missed is out-of-memory situations.
In the worst case this might lead to information exposure, due to our
code assuming that a buffer had been overwritten when it hadn't been.
Also, there were a few places in which security-relevant calls of other
system library functions did not check for failure.
</para>
<para>
It remains possible that some calls of the <function>*printf()</function>
family of functions are vulnerable to information disclosure if an
out-of-memory error occurs at just the wrong time. We judge the risk
to not be large, but will continue analysis in this area.
(CVE-2015-3166)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/pgcrypto</filename>, uniformly report decryption failures
as <quote>Wrong key or corrupt data</quote> (Noah Misch)
</para>
<para>
Previously, some cases of decryption with an incorrect key could report
other error message texts. It has been shown that such variance in
error reports can aid attackers in recovering keys from other systems.
While it's unknown whether <filename>pgcrypto</filename>'s specific behaviors
are likewise exploitable, it seems better to avoid the risk by using a
one-size-fits-all message.
(CVE-2015-3167)
</para>
</listitem>
<listitem>
<para>
Fix incorrect declaration of <filename>contrib/citext</filename>'s
<function>regexp_matches()</function> functions (Tom Lane)
</para>
<para>
These functions should return <type>setof text[]</type>, like the core
functions they are wrappers for; but they were incorrectly declared as
returning just <type>text[]</type>. This mistake had two results: first,
if there was no match you got a scalar null result, whereas what you
should get is an empty set (zero rows). Second, the <literal>g</literal> flag
was effectively ignored, since you would get only one result array even
if there were multiple matches.
</para>
<para>
While the latter behavior is clearly a bug, there might be applications
depending on the former behavior; therefore the function declarations
will not be changed by default until <productname>PostgreSQL</productname> 9.5.
In pre-9.5 branches, the old behavior exists in version 1.0 of
the <literal>citext</literal> extension, while we have provided corrected
declarations in version 1.1 (which is <emphasis>not</emphasis> installed by
default). To adopt the fix in pre-9.5 branches, execute
<literal>ALTER EXTENSION citext UPDATE TO '1.1'</literal> in each database in
which <literal>citext</literal> is installed. (You can also <quote>update</quote>
back to 1.0 if you need to undo that.) Be aware that either update
direction will require dropping and recreating any views or rules that
use <filename>citext</filename>'s <function>regexp_matches()</function> functions.
</para>
</listitem>
<listitem>
<para>
Fix incorrect checking of deferred exclusion constraints after a HOT
update (Tom Lane)
</para>
<para>
If a new row that potentially violates a deferred exclusion constraint
is HOT-updated (that is, no indexed columns change and the row can be
stored back onto the same table page) later in the same transaction,
the exclusion constraint would be reported as violated when the check
finally occurred, even if the row(s) the new row originally conflicted
with had been deleted.
</para>
</listitem>
<listitem>
<para>
Prevent improper reordering of antijoins (NOT EXISTS joins) versus
other outer joins (Tom Lane)
</para>
<para>
This oversight in the planner has been observed to cause <quote>could
not find RelOptInfo for given relids</quote> errors, but it seems possible
that sometimes an incorrect query plan might get past that consistency
check and result in silently-wrong query output.
</para>
</listitem>
<listitem>
<para>
Fix incorrect matching of subexpressions in outer-join plan nodes
(Tom Lane)
</para>
<para>
Previously, if textually identical non-strict subexpressions were used
both above and below an outer join, the planner might try to re-use
the value computed below the join, which would be incorrect because the
executor would force the value to NULL in case of an unmatched outer row.
</para>
</listitem>
<listitem>
<para>
Fix GEQO planner to cope with failure of its join order heuristic
(Tom Lane)
</para>
<para>
This oversight has been seen to lead to <quote>failed to join all
relations together</quote> errors in queries involving <literal>LATERAL</literal>,
and that might happen in other cases as well.
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock at startup
when <literal>max_prepared_transactions</literal> is too small
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Don't archive useless preallocated WAL files after a timeline switch
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Avoid <quote>cannot GetMultiXactIdMembers() during recovery</quote> error
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Recursively <function>fsync()</function> the data directory after a crash
(Abhijit Menon-Sen, Robert Haas)
</para>
<para>
This ensures consistency if another crash occurs shortly later. (The
second crash would have to be a system-level crash, not just a database
crash, for there to be a problem.)
</para>
</listitem>
<listitem>
<para>
Fix autovacuum launcher's possible failure to shut down, if an error
occurs after it receives SIGTERM (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Cope with unexpected signals in <function>LockBufferForCleanup()</function>
(Andres Freund)
</para>
<para>
This oversight could result in spurious errors about <quote>multiple
backends attempting to wait for pincount 1</quote>.
</para>
</listitem>
<listitem>
<para>
Avoid waiting for WAL flush or synchronous replication during commit of
a transaction that was read-only so far as the user is concerned
(Andres Freund)
</para>
<para>
Previously, a delay could occur at commit in transactions that had
written WAL due to HOT page pruning, leading to undesirable effects
such as sessions getting stuck at startup if all synchronous replicas
are down. Sessions have also been observed to get stuck in catchup
interrupt processing when using synchronous replication; this will fix
that problem as well.
</para>
</listitem>
<listitem>
<para>
Fix crash when manipulating hash indexes on temporary tables
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix possible failure during hash index bucket split, if other processes
are modifying the index concurrently (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Check for interrupts while analyzing index expressions (Jeff Janes)
</para>
<para>
<command>ANALYZE</command> executes index expressions many times; if there are
slow functions in such an expression, it's desirable to be able to
cancel the <command>ANALYZE</command> before that loop finishes.
</para>
</listitem>
<listitem>
<para>
Ensure <structfield>tableoid</structfield> of a foreign table is reported
correctly when a <literal>READ COMMITTED</literal> recheck occurs after
locking rows in <command>SELECT FOR UPDATE</command>, <command>UPDATE</command>,
or <command>DELETE</command> (Etsuro Fujita)
</para>
</listitem>
<listitem>
<para>
Add the name of the target server to object description strings for
foreign-server user mappings (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Recommend setting <literal>include_realm</literal> to 1 when using
Kerberos/GSSAPI/SSPI authentication (Stephen Frost)
</para>
<para>
Without this, identically-named users from different realms cannot be
distinguished. For the moment this is only a documentation change, but
it will become the default setting in <productname>PostgreSQL</productname> 9.5.
</para>
</listitem>
<listitem>
<para>
Remove code for matching IPv4 <filename>pg_hba.conf</filename> entries to
IPv4-in-IPv6 addresses (Tom Lane)
</para>
<para>
This hack was added in 2003 in response to a report that some Linux
kernels of the time would report IPv4 connections as having
IPv4-in-IPv6 addresses. However, the logic was accidentally broken in
9.0. The lack of any field complaints since then shows that it's not
needed anymore. Now we have reports that the broken code causes
crashes on some systems, so let's just remove it rather than fix it.
(Had we chosen to fix it, that would make for a subtle and potentially
security-sensitive change in the effective meaning of
IPv4 <filename>pg_hba.conf</filename> entries, which does not seem like a good
thing to do in minor releases.)
</para>
</listitem>
<listitem>
<para>
Report WAL flush, not insert, position in <literal>IDENTIFY_SYSTEM</literal>
replication command (Heikki Linnakangas)
</para>
<para>
This avoids a possible startup failure
in <application>pg_receivexlog</application>.
</para>
</listitem>
<listitem>
<para>
While shutting down service on Windows, periodically send status
updates to the Service Control Manager to prevent it from killing the
service too soon; and ensure that <application>pg_ctl</application> will wait for
shutdown (Krystian Bigaj)
</para>
</listitem>
<listitem>
<para>
Reduce risk of network deadlock when using <application>libpq</application>'s
non-blocking mode (Heikki Linnakangas)
</para>
<para>
When sending large volumes of data, it's important to drain the input
buffer every so often, in case the server has sent enough response data
to cause it to block on output. (A typical scenario is that the server
is sending a stream of NOTICE messages during <literal>COPY FROM
STDIN</literal>.) This worked properly in the normal blocking mode, but not
so much in non-blocking mode. We've modified <application>libpq</application>
to opportunistically drain input when it can, but a full defense
against this problem requires application cooperation: the application
should watch for socket read-ready as well as write-ready conditions,
and be sure to call <function>PQconsumeInput()</function> upon read-ready.
</para>
</listitem>
<listitem>
<para>
Fix array handling in <application>ecpg</application> (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</application> to sanely handle URIs and conninfo strings as
the first parameter to <command>\connect</command>
(David Fetter, Andrew Dunstan, &Aacute;lvaro Herrera)
</para>
<para>
This syntax has been accepted (but undocumented) for a long time, but
previously some parameters might be taken from the old connection
instead of the given string, which was agreed to be undesirable.
</para>
</listitem>
<listitem>
<para>
Suppress incorrect complaints from <application>psql</application> on some
platforms that it failed to write <filename>~/.psql_history</filename> at exit
(Tom Lane)
</para>
<para>
This misbehavior was caused by a workaround for a bug in very old
(pre-2006) versions of <application>libedit</application>. We fixed it by
removing the workaround, which will cause a similar failure to appear
for anyone still using such versions of <application>libedit</application>.
Recommendation: upgrade that library, or use <application>libreadline</application>.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</application>'s rule for deciding which casts are
system-provided casts that should not be dumped (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</application>, fix failure to honor <literal>-Z</literal>
compression level option together with <literal>-Fd</literal>
(Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</application> consider foreign key relationships
between extension configuration tables while choosing dump order
(Gilles Darold, Michael Paquier, Stephen Frost)
</para>
<para>
This oversight could result in producing dumps that fail to reload
because foreign key constraints are transiently violated.
</para>
</listitem>
<listitem>
<para>
Fix dumping of views that are just <literal>VALUES(...)</literal> but have
column aliases (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</application>, force timeline 1 in the new cluster
(Bruce Momjian)
</para>
<para>
This change prevents upgrade failures caused by bogus complaints about
missing WAL history files.
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</application>, check for improperly non-connectable
databases before proceeding
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</application>, quote directory paths
properly in the generated <literal>delete_old_cluster</literal> script
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</application>, preserve database-level freezing info
properly
(Bruce Momjian)
</para>
<para>
This oversight could cause missing-clog-file errors for tables within
the <literal>postgres</literal> and <literal>template1</literal> databases.
</para>
</listitem>
<listitem>
<para>
Run <application>pg_upgrade</application> and <application>pg_resetxlog</application> with
restricted privileges on Windows, so that they don't fail when run by
an administrator (Muhammad Asif Naeem)
</para>
</listitem>
<listitem>
<para>
Improve handling of <function>readdir()</function> failures when scanning
directories in <application>initdb</application> and <application>pg_basebackup</application>
(Marco Nenciarini)
</para>
</listitem>
<listitem>
<para>
Fix slow sorting algorithm in <filename>contrib/intarray</filename> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix compile failure on Sparc V8 machines (Rob Rowan)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2015d
for DST law changes in Egypt, Mongolia, and Palestine, plus historical
changes in Canada and Chile. Also adopt revised zone abbreviations for
the America/Adak zone (HST/HDT not HAST/HADT).
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-15">
<title>Release 9.1.15</title>
<formalpara>
<title>Release date:</title>
<para>2015-02-05</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.14.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.15</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.14,
see <xref linkend="release-9-1-14"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix buffer overruns in <function>to_char()</function>
(Bruce Momjian)
</para>
<para>
When <function>to_char()</function> processes a numeric formatting template
calling for a large number of digits, <productname>PostgreSQL</productname>
would read past the end of a buffer. When processing a crafted
timestamp formatting template, <productname>PostgreSQL</productname> would write
past the end of a buffer. Either case could crash the server.
We have not ruled out the possibility of attacks that lead to
privilege escalation, though they seem unlikely.
(CVE-2015-0241)
</para>
</listitem>
<listitem>
<para>
Fix buffer overrun in replacement <function>*printf()</function> functions
(Tom Lane)
</para>
<para>
<productname>PostgreSQL</productname> includes a replacement implementation
of <function>printf</function> and related functions. This code will overrun
a stack buffer when formatting a floating point number (conversion
specifiers <literal>e</literal>, <literal>E</literal>, <literal>f</literal>, <literal>F</literal>,
<literal>g</literal> or <literal>G</literal>) with requested precision greater than
about 500. This will crash the server, and we have not ruled out the
possibility of attacks that lead to privilege escalation.
A database user can trigger such a buffer overrun through
the <function>to_char()</function> SQL function. While that is the only
affected core <productname>PostgreSQL</productname> functionality, extension
modules that use printf-family functions may be at risk as well.
</para>
<para>
This issue primarily affects <productname>PostgreSQL</productname> on Windows.
<productname>PostgreSQL</productname> uses the system implementation of these
functions where adequate, which it is on other modern platforms.
(CVE-2015-0242)
</para>
</listitem>
<listitem>
<para>
Fix buffer overruns in <filename>contrib/pgcrypto</filename>
(Marko Tiikkaja, Noah Misch)
</para>
<para>
Errors in memory size tracking within the <filename>pgcrypto</filename>
module permitted stack buffer overruns and improper dependence on the
contents of uninitialized memory. The buffer overrun cases can
crash the server, and we have not ruled out the possibility of
attacks that lead to privilege escalation.
(CVE-2015-0243)
</para>
</listitem>
<listitem>
<para>
Fix possible loss of frontend/backend protocol synchronization after
an error
(Heikki Linnakangas)
</para>
<para>
If any error occurred while the server was in the middle of reading a
protocol message from the client, it could lose synchronization and
incorrectly try to interpret part of the message's data as a new
protocol message. An attacker able to submit crafted binary data
within a command parameter might succeed in injecting his own SQL
commands this way. Statement timeout and query cancellation are the
most likely sources of errors triggering this scenario. Particularly
vulnerable are applications that use a timeout and also submit
arbitrary user-crafted data as binary query parameters. Disabling
statement timeout will reduce, but not eliminate, the risk of
exploit. Our thanks to Emil Lenngren for reporting this issue.
(CVE-2015-0244)
</para>
</listitem>
<listitem>
<para>
Fix information leak via constraint-violation error messages
(Stephen Frost)
</para>
<para>
Some server error messages show the values of columns that violate
a constraint, such as a unique constraint. If the user does not have
<literal>SELECT</literal> privilege on all columns of the table, this could
mean exposing values that the user should not be able to see. Adjust
the code so that values are displayed only when they came from the SQL
command or could be selected by the user.
(CVE-2014-8161)
</para>
</listitem>
<listitem>
<para>
Lock down regression testing's temporary installations on Windows
(Noah Misch)
</para>
<para>
Use SSPI authentication to allow connections only from the OS user
who launched the test suite. This closes on Windows the same
vulnerability previously closed on other platforms, namely that other
users might be able to connect to the test postmaster.
(CVE-2014-0067)
</para>
</listitem>
<listitem>
<para>
Avoid possible data corruption if <command>ALTER DATABASE SET
TABLESPACE</command> is used to move a database to a new tablespace and then
shortly later move it back to its original tablespace (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Avoid corrupting tables when <command>ANALYZE</command> inside a transaction
is rolled back (Andres Freund, Tom Lane, Michael Paquier)
</para>
<para>
If the failing transaction had earlier removed the last index, rule, or
trigger from the table, the table would be left in a corrupted state
with the relevant <structname>pg_class</structname> flags not set though they
should be.
</para>
</listitem>
<listitem>
<para>
Ensure that unlogged tables are copied correctly
during <command>CREATE DATABASE</command> or <command>ALTER DATABASE SET
TABLESPACE</command> (Pavan Deolasee, Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix <command>DROP</command>'s dependency searching to correctly handle the
case where a table column is recursively visited before its table
(Petr Jelinek, Tom Lane)
</para>
<para>
This case is only known to arise when an extension creates both a
datatype and a table using that datatype. The faulty code might
refuse a <command>DROP EXTENSION</command> unless <literal>CASCADE</literal> is
specified, which should not be required.
</para>
</listitem>
<listitem>
<para>
Fix use-of-already-freed-memory problem in EvalPlanQual processing
(Tom Lane)
</para>
<para>
In <literal>READ COMMITTED</literal> mode, queries that lock or update
recently-updated rows could crash as a result of this bug.
</para>
</listitem>
<listitem>
<para>
Fix planning of <command>SELECT FOR UPDATE</command> when using a partial
index on a child table (Kyotaro Horiguchi)
</para>
<para>
In <literal>READ COMMITTED</literal> mode, <command>SELECT FOR UPDATE</command> must
also recheck the partial index's <literal>WHERE</literal> condition when
rechecking a recently-updated row to see if it still satisfies the
query's <literal>WHERE</literal> condition. This requirement was missed if the
index belonged to an inheritance child table, so that it was possible
to incorrectly return rows that no longer satisfy the query condition.
</para>
</listitem>
<listitem>
<para>
Fix corner case wherein <command>SELECT FOR UPDATE</command> could return a row
twice, and possibly miss returning other rows (Tom Lane)
</para>
<para>
In <literal>READ COMMITTED</literal> mode, a <command>SELECT FOR UPDATE</command>
that is scanning an inheritance tree could incorrectly return a row
from a prior child table instead of the one it should return from a
later child table.
</para>
</listitem>
<listitem>
<para>
Reject duplicate column names in the referenced-columns list of
a <literal>FOREIGN KEY</literal> declaration (David Rowley)
</para>
<para>
This restriction is per SQL standard. Previously we did not reject
the case explicitly, but later on the code would fail with
bizarre-looking errors.
</para>
</listitem>
<listitem>
<para>
Fix bugs in raising a <type>numeric</type> value to a large integral power
(Tom Lane)
</para>
<para>
The previous code could get a wrong answer, or consume excessive
amounts of time and memory before realizing that the answer must
overflow.
</para>
</listitem>
<listitem>
<para>
In <function>numeric_recv()</function>, truncate away any fractional digits
that would be hidden according to the value's <literal>dscale</literal> field
(Tom Lane)
</para>
<para>
A <type>numeric</type> value's display scale (<literal>dscale</literal>) should
never be less than the number of nonzero fractional digits; but
apparently there's at least one broken client application that
transmits binary <type>numeric</type> values in which that's true.
This leads to strange behavior since the extra digits are taken into
account by arithmetic operations even though they aren't printed.
The least risky fix seems to be to truncate away such <quote>hidden</quote>
digits on receipt, so that the value is indeed what it prints as.
</para>
</listitem>
<listitem>
<para>
Reject out-of-range numeric timezone specifications (Tom Lane)
</para>
<para>
Simple numeric timezone specifications exceeding +/- 168 hours (one
week) would be accepted, but could then cause null-pointer dereference
crashes in certain operations. There's no use-case for such large UTC
offsets, so reject them.
</para>
</listitem>
<listitem>
<para>
Fix bugs in <type>tsquery</type> <literal>@&gt;</literal> <type>tsquery</type>
operator (Heikki Linnakangas)
</para>
<para>
Two different terms would be considered to match if they had the same
CRC. Also, if the second operand had more terms than the first, it
would be assumed not to be contained in the first; which is wrong
since it might contain duplicate terms.
</para>
</listitem>
<listitem>
<para>
Improve ispell dictionary's defenses against bad affix files (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
</para>
<para>
The previous coding could crash on an oversize dictionary, so this was
deemed a back-patchable bug fix rather than a feature addition.
</para>
</listitem>
<listitem>
<para>
Fix namespace handling in <function>xpath()</function> (Ali Akbar)
</para>
<para>
Previously, the <type>xml</type> value resulting from
an <function>xpath()</function> call would not have namespace declarations if
the namespace declarations were attached to an ancestor element in the
input <type>xml</type> value, rather than to the specific element being
returned. Propagate the ancestral declaration so that the result is
correct when considered in isolation.
</para>
</listitem>
<listitem>
<para>
Fix planner problems with nested append relations, such as inherited
tables within <literal>UNION ALL</literal> subqueries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fail cleanly when a GiST index tuple doesn't fit on a page, rather
than going into infinite recursion (Andrew Gierth)
</para>
</listitem>
<listitem>
<para>
Exempt tables that have per-table <varname>cost_limit</varname>
and/or <varname>cost_delay</varname> settings from autovacuum's global cost
balancing rules (&Aacute;lvaro Herrera)
</para>
<para>
The previous behavior resulted in basically ignoring these per-table
settings, which was unintended. Now, a table having such settings
will be vacuumed using those settings, independently of what is going
on in other autovacuum workers. This may result in heavier total I/O
load than before, so such settings should be re-examined for sanity.
</para>
</listitem>
<listitem>
<para>
Avoid wholesale autovacuuming when autovacuum is nominally off
(Tom Lane)
</para>
<para>
Even when autovacuum is nominally off, we will still launch autovacuum
worker processes to vacuum tables that are at risk of XID wraparound.
However, such a worker process then proceeded to vacuum all tables in
the target database, if they met the usual thresholds for
autovacuuming. This is at best pretty unexpected; at worst it delays
response to the wraparound threat. Fix it so that if autovacuum is
turned off, workers <emphasis>only</emphasis> do anti-wraparound vacuums and
not any other work.
</para>
</listitem>
<listitem>
<para>
During crash recovery, ensure that unlogged relations are rewritten as
empty and are synced to disk before recovery is considered complete
(Abhijit Menon-Sen, Andres Freund)
</para>
<para>
This prevents scenarios in which unlogged relations might contain
garbage data following database crash recovery.
</para>
</listitem>
<listitem>
<para>
Fix race condition between hot standby queries and replaying a
full-page image (Heikki Linnakangas)
</para>
<para>
This mistake could result in transient errors in queries being
executed in hot standby.
</para>
</listitem>
<listitem>
<para>
Fix several cases where recovery logic improperly ignored WAL records
for <literal>COMMIT/ABORT PREPARED</literal> (Heikki Linnakangas)
</para>
<para>
The most notable oversight was
that <varname>recovery_target_xid</varname> could not be used to stop at
a two-phase commit.
</para>
</listitem>
<listitem>
<para>
Avoid creating unnecessary <filename>.ready</filename> marker files for
timeline history files (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix possible null pointer dereference when an empty prepared statement
is used and the <varname>log_statement</varname> setting is <literal>mod</literal>
or <literal>ddl</literal> (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Change <quote>pgstat wait timeout</quote> warning message to be LOG level,
and rephrase it to be more understandable (Tom Lane)
</para>
<para>
This message was originally thought to be essentially a can't-happen
case, but it occurs often enough on our slower buildfarm members to be
a nuisance. Reduce it to LOG level, and expend a bit more effort on
the wording: it now reads <quote>using stale statistics instead of
current ones because stats collector is not responding</quote>.
</para>
</listitem>
<listitem>
<para>
Fix SPARC spinlock implementation to ensure correctness if the CPU is
being run in a non-TSO coherency mode, as some non-Solaris kernels do
(Andres Freund)
</para>
</listitem>
<listitem>
<para>
Warn if macOS's <function>setlocale()</function> starts an unwanted extra
thread inside the postmaster (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix processing of repeated <literal>dbname</literal> parameters
in <function>PQconnectdbParams()</function> (Alex Shulgin)
</para>
<para>
Unexpected behavior ensued if the first occurrence
of <literal>dbname</literal> contained a connection string or URI to be
expanded.
</para>
</listitem>
<listitem>
<para>
Ensure that <application>libpq</application> reports a suitable error message on
unexpected socket EOF (Marko Tiikkaja, Tom Lane)
</para>
<para>
Depending on kernel behavior, <application>libpq</application> might return an
empty error string rather than something useful when the server
unexpectedly closed the socket.
</para>
</listitem>
<listitem>
<para>
Clear any old error message during <function>PQreset()</function>
(Heikki Linnakangas)
</para>
<para>
If <function>PQreset()</function> is called repeatedly, and the connection
cannot be re-established, error messages from the failed connection
attempts kept accumulating in the <structname>PGconn</structname>'s error
string.
</para>
</listitem>
<listitem>
<para>
Properly handle out-of-memory conditions while parsing connection
options in <application>libpq</application> (Alex Shulgin, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix array overrun in <application>ecpg</application>'s version
of <function>ParseDateTime()</function> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
In <application>initdb</application>, give a clearer error message if a password
file is specified but is empty (Mats Erik Andersson)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</application>'s <command>\s</command> command to work nicely with
libedit, and add pager support (Stepan Rutz, Tom Lane)
</para>
<para>
When using libedit rather than readline, <command>\s</command> printed the
command history in a fairly unreadable encoded format, and on recent
libedit versions might fail altogether. Fix that by printing the
history ourselves rather than having the library do it. A pleasant
side-effect is that the pager is used if appropriate.
</para>
<para>
This patch also fixes a bug that caused newline encoding to be applied
inconsistently when saving the command history with libedit.
Multiline history entries written by older <application>psql</application>
versions will be read cleanly with this patch, but perhaps not
vice versa, depending on the exact libedit versions involved.
</para>
</listitem>
<listitem>
<para>
Improve consistency of parsing of <application>psql</application>'s special
variables (Tom Lane)
</para>
<para>
Allow variant spellings of <literal>on</literal> and <literal>off</literal> (such
as <literal>1</literal>/<literal>0</literal>) for <literal>ECHO_HIDDEN</literal>
and <literal>ON_ERROR_ROLLBACK</literal>. Report a warning for unrecognized
values for <literal>COMP_KEYWORD_CASE</literal>, <literal>ECHO</literal>,
<literal>ECHO_HIDDEN</literal>, <literal>HISTCONTROL</literal>,
<literal>ON_ERROR_ROLLBACK</literal>, and <literal>VERBOSITY</literal>. Recognize
all values for all these variables case-insensitively; previously
there was a mishmash of case-sensitive and case-insensitive behaviors.
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</application>'s expanded-mode display to work
consistently when using <literal>border</literal> = 3
and <literal>linestyle</literal> = <literal>ascii</literal> or <literal>unicode</literal>
(Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Improve performance of <application>pg_dump</application> when the database
contains many instances of multiple dependency paths between the same
two objects (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock during parallel restore of a schema-only dump
(Robert Haas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix core dump in <literal>pg_dump --binary-upgrade</literal> on zero-column
composite type (Rushabh Lathia)
</para>
</listitem>
<listitem>
<para>
Prevent WAL files created by <literal>pg_basebackup -x/-X</literal> from
being archived again when the standby is promoted (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix upgrade-from-unpackaged script for <filename>contrib/citext</filename>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix block number checking
in <filename>contrib/pageinspect</filename>'s <function>get_raw_page()</function>
(Tom Lane)
</para>
<para>
The incorrect checking logic could prevent access to some pages in
non-main relation forks.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</filename>'s <function>pgp_sym_decrypt()</function>
to not fail on messages whose length is 6 less than a power of 2
(Marko Tiikkaja)
</para>
</listitem>
<listitem>
<para>
Fix file descriptor leak in <filename>contrib/pg_test_fsync</filename>
(Jeff Janes)
</para>
<para>
This could cause failure to remove temporary files on Windows.
</para>
</listitem>
<listitem>
<para>
Handle unexpected query results, especially NULLs, safely in
<filename>contrib/tablefunc</filename>'s <function>connectby()</function>
(Michael Paquier)
</para>
<para>
<function>connectby()</function> previously crashed if it encountered a NULL
key value. It now prints that row but doesn't recurse further.
</para>
</listitem>
<listitem>
<para>
Avoid a possible crash in <filename>contrib/xml2</filename>'s
<function>xslt_process()</function> (Mark Simonetti)
</para>
<para>
<application>libxslt</application> seems to have an undocumented dependency on
the order in which resources are freed; reorder our calls to avoid a
crash.
</para>
</listitem>
<listitem>
<para>
Mark some <filename>contrib</filename> I/O functions with correct volatility
properties (Tom Lane)
</para>
<para>
The previous over-conservative marking was immaterial in normal use,
but could cause optimization problems or rejection of valid index
expression definitions. Since the consequences are not large, we've
just adjusted the function definitions in the extension modules'
scripts, without changing version numbers.
</para>
</listitem>
<listitem>
<para>
Numerous cleanups of warnings from Coverity static code analyzer
(Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
</para>
<para>
These changes are mostly cosmetic but in some cases fix corner-case
bugs, for example a crash rather than a proper error report after an
out-of-memory failure. None are believed to represent security
issues.
</para>
</listitem>
<listitem>
<para>
Detect incompatible OpenLDAP versions during build (Noah Misch)
</para>
<para>
With OpenLDAP versions 2.4.24 through 2.4.31,
inclusive, <productname>PostgreSQL</productname> backends can crash at exit.
Raise a warning during <application>configure</application> based on the
compile-time OpenLDAP version number, and test the crashing scenario
in the <filename>contrib/dblink</filename> regression test.
</para>
</listitem>
<listitem>
<para>
In non-MSVC Windows builds, ensure <filename>libpq.dll</filename> is installed
with execute permissions (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_regress</application> remove any temporary installation it
created upon successful exit (Tom Lane)
</para>
<para>
This results in a very substantial reduction in disk space usage
during <literal>make check-world</literal>, since that sequence involves
creation of numerous temporary installations.
</para>
</listitem>
<listitem>
<para>
Support time zone abbreviations that change UTC offset from time to
time (Tom Lane)
</para>
<para>
Previously, <productname>PostgreSQL</productname> assumed that the UTC offset
associated with a time zone abbreviation (such as <literal>EST</literal>)
never changes in the usage of any particular locale. However this
assumption fails in the real world, so introduce the ability for a
zone abbreviation to represent a UTC offset that sometimes changes.
Update the zone abbreviation definition files to make use of this
feature in timezone locales that have changed the UTC offset of their
abbreviations since 1970 (according to the IANA timezone database).
In such timezones, <productname>PostgreSQL</productname> will now associate the
correct UTC offset with the abbreviation depending on the given date.
</para>
</listitem>
<listitem>
<para>
Update time zone abbreviations lists (Tom Lane)
</para>
<para>
Add CST (China Standard Time) to our lists.
Remove references to ADT as <quote>Arabia Daylight Time</quote>, an
abbreviation that's been out of use since 2007; therefore, claiming
there is a conflict with <quote>Atlantic Daylight Time</quote> doesn't seem
especially helpful.
Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
(Fiji); we didn't even have them on the proper side of the date line.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2015a.
</para>
<para>
The IANA timezone database has adopted abbreviations of the form
<literal>A<replaceable>x</replaceable>ST</literal>/<literal>A<replaceable>x</replaceable>DT</literal>
for all Australian time zones, reflecting what they believe to be
current majority practice Down Under. These names do not conflict
with usage elsewhere (other than ACST for Acre Summer Time, which has
been in disuse since 1994). Accordingly, adopt these names into
our <quote>Default</quote> timezone abbreviation set.
The <quote>Australia</quote> abbreviation set now contains only CST, EAST,
EST, SAST, SAT, and WST, all of which are thought to be mostly
historical usage. Note that SAST has also been changed to be South
Africa Standard Time in the <quote>Default</quote> abbreviation set.
</para>
<para>
Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
(Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
DST law changes in Chile, Mexico, the Turks &amp; Caicos Islands
(America/Grand_Turk), and Fiji. There is a new zone
Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
corrections for historical (pre-1970) time zone data.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-14">
<title>Release 9.1.14</title>
<formalpara>
<title>Release date:</title>
<para>2014-07-24</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.13.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.14</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, this release corrects an index corruption problem in some GiST
indexes. See the first changelog entry below to find out whether your
installation has been affected and what steps you should take if so.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.1.11,
see <xref linkend="release-9-1-11"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Correctly initialize padding bytes in <filename>contrib/btree_gist</filename>
indexes on <type>bit</type> columns (Heikki Linnakangas)
</para>
<para>
This error could result in incorrect query results due to values that
should compare equal not being seen as equal.
Users with GiST indexes on <type>bit</type> or <type>bit varying</type>
columns should <command>REINDEX</command> those indexes after installing this
update.
</para>
</listitem>
<listitem>
<para>
Protect against torn pages when deleting GIN list pages (Heikki
Linnakangas)
</para>
<para>
This fix prevents possible index corruption if a system crash occurs
while the page update is being written to disk.
</para>
</listitem>
<listitem>
<para>
Don't clear the right-link of a GiST index page while replaying
updates from WAL (Heikki Linnakangas)
</para>
<para>
This error could lead to transiently wrong answers from GiST index
scans performed in Hot Standby.
</para>
</listitem>
<listitem>
<para>
Fix feedback status when <xref linkend="guc-hot-standby-feedback"/> is
turned off on-the-fly (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Fix possibly-incorrect cache invalidation during nested calls
to <function>ReceiveSharedInvalidMessages</function> (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix <quote>could not find pathkey item to sort</quote> planner failures
with <literal>UNION ALL</literal> over subqueries reading from tables with
inheritance children (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Don't assume a subquery's output is unique if there's a set-returning
function in its targetlist (David Rowley)
</para>
<para>
This oversight could lead to misoptimization of constructs
like <literal>WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP
BY y)</literal>.
</para>
</listitem>
<listitem>
<para>
Fix failure to detoast fields in composite elements of structured
types (Tom Lane)
</para>
<para>
This corrects cases where TOAST pointers could be copied into other
tables without being dereferenced. If the original data is later
deleted, it would lead to errors like <quote>missing chunk number 0
for toast value ...</quote> when the now-dangling pointer is used.
</para>
</listitem>
<listitem>
<para>
Fix <quote>record type has not been registered</quote> failures with
whole-row references to the output of Append plan nodes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible crash when invoking a user-defined function while
rewinding a cursor (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix query-lifespan memory leak while evaluating the arguments for a
function in <literal>FROM</literal> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix session-lifespan memory leaks in regular-expression processing
(Tom Lane, Arthur O'Dwyer, Greg Stark)
</para>
</listitem>
<listitem>
<para>
Fix data encoding error in <filename>hungarian.stop</filename> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent foreign tables from being created with OIDS
when <xref linkend="guc-default-with-oids"/> is true
(Etsuro Fujita)
</para>
</listitem>
<listitem>
<para>
Fix liveness checks for rows that were inserted in the current
transaction and then deleted by a now-rolled-back subtransaction
(Andres Freund)
</para>
<para>
This could cause problems (at least spurious warnings, and at worst an
infinite loop) if <command>CREATE INDEX</command> or <command>CLUSTER</command> were
done later in the same transaction.
</para>
</listitem>
<listitem>
<para>
Clear <structname>pg_stat_activity</structname>.<structfield>xact_start</structfield>
during <command>PREPARE TRANSACTION</command> (Andres Freund)
</para>
<para>
After the <command>PREPARE</command>, the originating session is no longer in
a transaction, so it should not continue to display a transaction
start time.
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</command> to not fail for text search objects
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Block signals during postmaster startup (Tom Lane)
</para>
<para>
This ensures that the postmaster will properly clean up after itself
if, for example, it receives <systemitem>SIGINT</systemitem> while still
starting up.
</para>
</listitem>
<listitem>
<para>
Fix client host name lookup when processing <filename>pg_hba.conf</filename>
entries that specify host names instead of IP addresses (Tom Lane)
</para>
<para>
Ensure that reverse-DNS lookup failures are reported, instead of just
silently not matching such entries. Also ensure that we make only
one reverse-DNS lookup attempt per connection, not one per host name
entry, which is what previously happened if the lookup attempts failed.
</para>
</listitem>
<listitem>
<para>
Secure Unix-domain sockets of temporary postmasters started during
<literal>make check</literal> (Noah Misch)
</para>
<para>
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory
of <filename>/tmp</filename>. The hazard remains however on platforms where
Unix sockets are not supported, notably Windows, because then the
temporary postmaster must accept local TCP connections.
</para>
<para>
A useful side effect of this change is to simplify
<literal>make check</literal> testing in builds that
override <literal>DEFAULT_PGSOCKET_DIR</literal>. Popular non-default values
like <filename>/var/run/postgresql</filename> are often not writable by the
build user, requiring workarounds that will no longer be necessary.
</para>
</listitem>
<listitem>
<para>
Fix tablespace creation WAL replay to work on Windows (MauMau)
</para>
</listitem>
<listitem>
<para>
Fix detection of socket creation failures on Windows (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
On Windows, allow new sessions to absorb values of PGC_BACKEND
parameters (such as <xref linkend="guc-log-connections"/>) from the
configuration file (Amit Kapila)
</para>
<para>
Previously, if such a parameter were changed in the file post-startup,
the change would have no effect.
</para>
</listitem>
<listitem>
<para>
Properly quote executable path names on Windows (Nikhil Deshpande)
</para>
<para>
This oversight could cause <application>initdb</application>
and <application>pg_upgrade</application> to fail on Windows, if the installation
path contained both spaces and <literal>@</literal> signs.
</para>
</listitem>
<listitem>
<para>
Fix linking of <application>libpython</application> on macOS (Tom Lane)
</para>
<para>
The method we previously used can fail with the Python library
supplied by Xcode 5.0 and later.
</para>
</listitem>
<listitem>
<para>
Avoid buffer bloat in <application>libpq</application> when the server
consistently sends data faster than the client can absorb it
(Shin-ichi Morita, Tom Lane)
</para>
<para>
<application>libpq</application> could be coerced into enlarging its input buffer
until it runs out of memory (which would be reported misleadingly
as <quote>lost synchronization with server</quote>). Under ordinary
circumstances it's quite far-fetched that data could be continuously
transmitted more quickly than the <function>recv()</function> loop can
absorb it, but this has been observed when the client is artificially
slowed by scheduler constraints.
</para>
</listitem>
<listitem>
<para>
Ensure that LDAP lookup attempts in <application>libpq</application> time out as
intended (Laurenz Albe)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</application> to do the right thing when an array
of <type>char *</type> is the target for a FETCH statement returning more
than one row, as well as some other array-handling fixes
(Ashutosh Bapat)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</application>'s processing of old-style large object
comments (Tom Lane)
</para>
<para>
A direct-to-database restore from an archive file generated by a
pre-9.0 version of <application>pg_dump</application> would usually fail if the
archive contained more than a few comments for large objects.
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/pgcrypto</filename> functions, ensure sensitive
information is cleared from stack variables before returning
(Marko Kreen)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/uuid-ossp</filename>, cache the state of the OSSP UUID
library across calls (Tom Lane)
</para>
<para>
This improves the efficiency of UUID generation and reduces the amount
of entropy drawn from <filename>/dev/urandom</filename>, on platforms that
have that.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2014e
for DST law changes in Crimea, Egypt, and Morocco.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-13">
<title>Release 9.1.13</title>
<formalpara>
<title>Release date:</title>
<para>2014-03-20</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.12.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.13</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.11,
see <xref linkend="release-9-1-11"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Restore GIN metapages unconditionally to avoid torn-page risk
(Heikki Linnakangas)
</para>
<para>
Although this oversight could theoretically result in a corrupted
index, it is unlikely to have caused any problems in practice, since
the active part of a GIN metapage is smaller than a standard 512-byte
disk sector.
</para>
</listitem>
<listitem>
<para>
Avoid race condition in checking transaction commit status during
receipt of a <command>NOTIFY</command> message (Marko Tiikkaja)
</para>
<para>
This prevents a scenario wherein a sufficiently fast client might
respond to a notification before database updates made by the
notifier have become visible to the recipient.
</para>
</listitem>
<listitem>
<para>
Allow regular-expression operators to be terminated early by query
cancel requests (Tom Lane)
</para>
<para>
This prevents scenarios wherein a pathological regular expression
could lock up a server process uninterruptibly for a long time.
</para>
</listitem>
<listitem>
<para>
Remove incorrect code that tried to allow <literal>OVERLAPS</literal> with
single-element row arguments (Joshua Yanovski)
</para>
<para>
This code never worked correctly, and since the case is neither
specified by the SQL standard nor documented, it seemed better to
remove it than fix it.
</para>
</listitem>
<listitem>
<para>
Avoid getting more than <literal>AccessShareLock</literal> when de-parsing a
rule or view (Dean Rasheed)
</para>
<para>
This oversight resulted in <application>pg_dump</application> unexpectedly
acquiring <literal>RowExclusiveLock</literal> locks on tables mentioned as
the targets of <literal>INSERT</literal>/<literal>UPDATE</literal>/<literal>DELETE</literal>
commands in rules. While usually harmless, that could interfere with
concurrent transactions that tried to acquire, for example,
<literal>ShareLock</literal> on those tables.
</para>
</listitem>
<listitem>
<para>
Improve performance of index endpoint probes during planning (Tom Lane)
</para>
<para>
This change fixes a significant performance problem that occurred
when there were many not-yet-committed rows at the end of the index,
which is a common situation for indexes on sequentially-assigned
values such as timestamps or sequence-generated identifiers.
</para>
</listitem>
<listitem>
<para>
Fix <application>walsender</application>'s failure to shut down cleanly when client
is <application>pg_receivexlog</application> (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix test to see if hot standby connections can be allowed immediately
after a crash (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Prevent interrupts while reporting non-<literal>ERROR</literal> messages
(Tom Lane)
</para>
<para>
This guards against rare server-process freezeups due to recursive
entry to <function>syslog()</function>, and perhaps other related problems.
</para>
</listitem>
<listitem>
<para>
Fix memory leak in PL/Perl when returning a composite result, including
multiple-OUT-parameter cases (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Prevent intermittent <quote>could not reserve shared memory region</quote>
failures on recent Windows versions (MauMau)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2014a
for DST law changes in Fiji and Turkey, plus historical changes in
Israel and Ukraine.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-12">
<title>Release 9.1.12</title>
<formalpara>
<title>Release date:</title>
<para>2014-02-20</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.11.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.12</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.11,
see <xref linkend="release-9-1-11"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Shore up <literal>GRANT ... WITH ADMIN OPTION</literal> restrictions
(Noah Misch)
</para>
<para>
Granting a role without <literal>ADMIN OPTION</literal> is supposed to
prevent the grantee from adding or removing members from the granted
role, but this restriction was easily bypassed by doing <literal>SET
ROLE</literal> first. The security impact is mostly that a role member can
revoke the access of others, contrary to the wishes of his grantor.
Unapproved role member additions are a lesser concern, since an
uncooperative role member could provide most of his rights to others
anyway by creating views or <literal>SECURITY DEFINER</literal> functions.
(CVE-2014-0060)
</para>
</listitem>
<listitem>
<para>
Prevent privilege escalation via manual calls to PL validator
functions (Andres Freund)
</para>
<para>
The primary role of PL validator functions is to be called implicitly
during <command>CREATE FUNCTION</command>, but they are also normal SQL
functions that a user can call explicitly. Calling a validator on
a function actually written in some other language was not checked
for and could be exploited for privilege-escalation purposes.
The fix involves adding a call to a privilege-checking function in
each validator function. Non-core procedural languages will also
need to make this change to their own validator functions, if any.
(CVE-2014-0061)
</para>
</listitem>
<listitem>
<para>
Avoid multiple name lookups during table and index DDL
(Robert Haas, Andres Freund)
</para>
<para>
If the name lookups come to different conclusions due to concurrent
activity, we might perform some parts of the DDL on a different table
than other parts. At least in the case of <command>CREATE INDEX</command>,
this can be used to cause the permissions checks to be performed
against a different table than the index creation, allowing for a
privilege escalation attack.
(CVE-2014-0062)
</para>
</listitem>
<listitem>
<para>
Prevent buffer overrun with long datetime strings (Noah Misch)
</para>
<para>
The <literal>MAXDATELEN</literal> constant was too small for the longest
possible value of type <type>interval</type>, allowing a buffer overrun
in <function>interval_out()</function>. Although the datetime input
functions were more careful about avoiding buffer overrun, the limit
was short enough to cause them to reject some valid inputs, such as
input containing a very long timezone name. The <application>ecpg</application>
library contained these vulnerabilities along with some of its own.
(CVE-2014-0063)
</para>
</listitem>
<listitem>
<para>
Prevent buffer overrun due to integer overflow in size calculations
(Noah Misch, Heikki Linnakangas)
</para>
<para>
Several functions, mostly type input functions, calculated an
allocation size without checking for overflow. If overflow did
occur, a too-small buffer would be allocated and then written past.
(CVE-2014-0064)
</para>
</listitem>
<listitem>
<para>
Prevent overruns of fixed-size buffers
(Peter Eisentraut, Jozef Mlich)
</para>
<para>
Use <function>strlcpy()</function> and related functions to provide a clear
guarantee that fixed-size buffers are not overrun. Unlike the
preceding items, it is unclear whether these cases really represent
live issues, since in most cases there appear to be previous
constraints on the size of the input string. Nonetheless it seems
prudent to silence all Coverity warnings of this type.
(CVE-2014-0065)
</para>
</listitem>
<listitem>
<para>
Avoid crashing if <function>crypt()</function> returns NULL (Honza Horak,
Bruce Momjian)
</para>
<para>
There are relatively few scenarios in which <function>crypt()</function>
could return NULL, but <filename>contrib/chkpass</filename> would crash
if it did. One practical case in which this could be an issue is
if <application>libc</application> is configured to refuse to execute unapproved
hashing algorithms (e.g., <quote>FIPS mode</quote>).
(CVE-2014-0066)
</para>
</listitem>
<listitem>
<para>
Document risks of <literal>make check</literal> in the regression testing
instructions (Noah Misch, Tom Lane)
</para>
<para>
Since the temporary server started by <literal>make check</literal>
uses <quote>trust</quote> authentication, another user on the same machine
could connect to it as database superuser, and then potentially
exploit the privileges of the operating-system user who started the
tests. A future release will probably incorporate changes in the
testing procedure to prevent this risk, but some public discussion is
needed first. So for the moment, just warn people against using
<literal>make check</literal> when there are untrusted users on the
same machine.
(CVE-2014-0067)
</para>
</listitem>
<listitem>
<para>
Fix possible mis-replay of WAL records when some segments of a
relation aren't full size (Greg Stark, Tom Lane)
</para>
<para>
The WAL update could be applied to the wrong page, potentially many
pages past where it should have been. Aside from corrupting data,
this error has been observed to result in significant <quote>bloat</quote>
of standby servers compared to their masters, due to updates being
applied far beyond where the end-of-file should have been. This
failure mode does not appear to be a significant risk during crash
recovery, only when initially synchronizing a standby created from a
base backup taken from a quickly-changing master.
</para>
</listitem>
<listitem>
<para>
Fix bug in determining when recovery has reached consistency
(Tomonari Katsumata, Heikki Linnakangas)
</para>
<para>
In some cases WAL replay would mistakenly conclude that the database
was already consistent at the start of replay, thus possibly allowing
hot-standby queries before the database was really consistent. Other
symptoms such as <quote>PANIC: WAL contains references to invalid
pages</quote> were also possible.
</para>
</listitem>
<listitem>
<para>
Fix improper locking of btree index pages while replaying
a <literal>VACUUM</literal> operation in hot-standby mode (Andres Freund,
Heikki Linnakangas, Tom Lane)
</para>
<para>
This error could result in <quote>PANIC: WAL contains references to
invalid pages</quote> failures.
</para>
</listitem>
<listitem>
<para>
Ensure that insertions into non-leaf GIN index pages write a full-page
WAL record when appropriate (Heikki Linnakangas)
</para>
<para>
The previous coding risked index corruption in the event of a
partial-page write during a system crash.
</para>
</listitem>
<listitem>
<para>
When <literal>pause_at_recovery_target</literal>
and <literal>recovery_target_inclusive</literal> are both set, ensure the
target record is applied before pausing, not after (Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix race conditions during server process exit (Robert Haas)
</para>
<para>
Ensure that signal handlers don't attempt to use the
process's <varname>MyProc</varname> pointer after it's no longer valid.
</para>
</listitem>
<listitem>
<para>
Fix race conditions in walsender shutdown logic and walreceiver
SIGHUP signal handler (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix unsafe references to <varname>errno</varname> within error reporting
logic (Christian Kruse)
</para>
<para>
This would typically lead to odd behaviors such as missing or
inappropriate <literal>HINT</literal> fields.
</para>
</listitem>
<listitem>
<para>
Fix possible crashes from using <function>ereport()</function> too early
during server startup (Tom Lane)
</para>
<para>
The principal case we've seen in the field is a crash if the server
is started in a directory it doesn't have permission to read.
</para>
</listitem>
<listitem>
<para>
Clear retry flags properly in OpenSSL socket write
function (Alexander Kukushkin)
</para>
<para>
This omission could result in a server lockup after unexpected loss
of an SSL-encrypted connection.
</para>
</listitem>
<listitem>
<para>
Fix length checking for Unicode identifiers (<literal>U&amp;"..."</literal>
syntax) containing escapes (Tom Lane)
</para>
<para>
A spurious truncation warning would be printed for such identifiers
if the escaped form of the identifier was too long, but the
identifier actually didn't need truncation after de-escaping.
</para>
</listitem>
<listitem>
<para>
Allow keywords that are type names to be used in lists of roles
(Stephen Frost)
</para>
<para>
A previous patch allowed such keywords to be used without quoting
in places such as role identifiers; but it missed cases where a
list of role identifiers was permitted, such as <literal>DROP ROLE</literal>.
</para>
</listitem>
<listitem>
<para>
Fix parser crash for <literal>EXISTS(SELECT * FROM
zero_column_table)</literal> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible crash due to invalid plan for nested sub-selects, such
as <literal>WHERE (... x IN (SELECT ...) ...) IN (SELECT ...)</literal>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that <command>ANALYZE</command> creates statistics for a table column
even when all the values in it are <quote>too wide</quote> (Tom Lane)
</para>
<para>
<command>ANALYZE</command> intentionally omits very wide values from its
histogram and most-common-values calculations, but it neglected to do
something sane in the case that all the sampled entries are too wide.
</para>
</listitem>
<listitem>
<para>
In <literal>ALTER TABLE ... SET TABLESPACE</literal>, allow the database's
default tablespace to be used without a permissions check
(Stephen Frost)
</para>
<para>
<literal>CREATE TABLE</literal> has always allowed such usage,
but <literal>ALTER TABLE</literal> didn't get the memo.
</para>
</listitem>
<listitem>
<para>
Fix <quote>cannot accept a set</quote> error when some arms of
a <literal>CASE</literal> return a set and others don't (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix checks for all-zero client addresses in pgstat functions (Kevin
Grittner)
</para>
</listitem>
<listitem>
<para>
Fix possible misclassification of multibyte characters by the text
search parser (Tom Lane)
</para>
<para>
Non-ASCII characters could be misclassified when using C locale with
a multibyte encoding. On Cygwin, non-C locales could fail as well.
</para>
</listitem>
<listitem>
<para>
Fix possible misbehavior in <function>plainto_tsquery()</function>
(Heikki Linnakangas)
</para>
<para>
Use <function>memmove()</function> not <function>memcpy()</function> for copying
overlapping memory regions. There have been no field reports of
this actually causing trouble, but it's certainly risky.
</para>
</listitem>
<listitem>
<para>
Fix placement of permissions checks in <function>pg_start_backup()</function>
and <function>pg_stop_backup()</function> (Andres Freund, Magnus Hagander)
</para>
<para>
The previous coding might attempt to do catalog access when it
shouldn't.
</para>
</listitem>
<listitem>
<para>
Accept <literal>SHIFT_JIS</literal> as an encoding name for locale checking
purposes (Tatsuo Ishii)
</para>
</listitem>
<listitem>
<para>
Fix misbehavior of <function>PQhost()</function> on Windows (Fujii Masao)
</para>
<para>
It should return <literal>localhost</literal> if no host has been specified.
</para>
</listitem>
<listitem>
<para>
Improve error handling in <application>libpq</application> and <application>psql</application>
for failures during <literal>COPY TO STDOUT/FROM STDIN</literal> (Tom Lane)
</para>
<para>
In particular this fixes an infinite loop that could occur in 9.2 and
up if the server connection was lost during <literal>COPY FROM
STDIN</literal>. Variants of that scenario might be possible in older
versions, or with other client applications.
</para>
</listitem>
<listitem>
<para>
Fix possible incorrect printing of filenames
in <application>pg_basebackup</application>'s verbose mode (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Avoid including tablespaces inside PGDATA twice in base backups
(Dimitri Fontaine, Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Fix misaligned descriptors in <application>ecpg</application> (MauMau)
</para>
</listitem>
<listitem>
<para>
In <application>ecpg</application>, handle lack of a hostname in the connection
parameters properly (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix performance regression in <filename>contrib/dblink</filename> connection
startup (Joe Conway)
</para>
<para>
Avoid an unnecessary round trip when client and server encodings match.
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/isn</filename>, fix incorrect calculation of the check
digit for ISMN values (Fabien Coelho)
</para>
</listitem>
<listitem>
<para>
Ensure client-code-only installation procedure works as documented
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
In Mingw and Cygwin builds, install the <application>libpq</application> DLL
in the <filename>bin</filename> directory (Andrew Dunstan)
</para>
<para>
This duplicates what the MSVC build has long done. It should fix
problems with programs like <application>psql</application> failing to start
because they can't find the DLL.
</para>
</listitem>
<listitem>
<para>
Avoid using the deprecated <literal>dllwrap</literal> tool in Cygwin builds
(Marco Atzeri)
</para>
</listitem>
<listitem>
<para>
Don't generate plain-text <filename>HISTORY</filename>
and <filename>src/test/regress/README</filename> files anymore (Tom Lane)
</para>
<para>
These text files duplicated the main HTML and PDF documentation
formats. The trouble involved in maintaining them greatly outweighs
the likely audience for plain-text format. Distribution tarballs
will still contain files by these names, but they'll just be stubs
directing the reader to consult the main documentation.
The plain-text <filename>INSTALL</filename> file will still be maintained, as
there is arguably a use-case for that.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2013i
for DST law changes in Jordan and historical changes in Cuba.
</para>
<para>
In addition, the zones <literal>Asia/Riyadh87</literal>,
<literal>Asia/Riyadh88</literal>, and <literal>Asia/Riyadh89</literal> have been
removed, as they are no longer maintained by IANA, and never
represented actual civil timekeeping practice.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-11">
<title>Release 9.1.11</title>
<formalpara>
<title>Release date:</title>
<para>2013-12-05</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.10.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.11</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, this release corrects a number of potential data corruption
issues. See the first two changelog entries below to find out whether
your installation has been affected and what steps you can take if so.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.1.9,
see <xref linkend="release-9-1-9"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <command>VACUUM</command>'s tests to see whether it can
update <structfield>relfrozenxid</structfield> (Andres Freund)
</para>
<para>
In some cases <command>VACUUM</command> (either manual or autovacuum) could
incorrectly advance a table's <structfield>relfrozenxid</structfield> value,
allowing tuples to escape freezing, causing those rows to become
invisible once 2^31 transactions have elapsed. The probability of
data loss is fairly low since multiple incorrect advancements would
need to happen before actual loss occurs, but it's not zero. Users
upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but
all later versions contain the bug.
</para>
<para>
The issue can be ameliorated by, after upgrading, vacuuming all tables
in all databases while having <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</varname></link>
set to zero. This will fix any latent corruption but will not be able
to fix all pre-existing data errors. However, an installation can be
presumed safe after performing this vacuuming if it has executed fewer
than 2^31 update transactions in its lifetime (check this with
<literal>SELECT txid_current() &lt; 2^31</literal>).
</para>
</listitem>
<listitem>
<para>
Fix initialization of <filename>pg_clog</filename> and <filename>pg_subtrans</filename>
during hot standby startup (Andres Freund, Heikki Linnakangas)
</para>
<para>
This bug can cause data loss on standby servers at the moment they
start to accept hot-standby queries, by marking committed transactions
as uncommitted. The likelihood of such corruption is small unless, at
the time of standby startup, the primary server has executed many
updating transactions since its last checkpoint. Symptoms include
missing rows, rows that should have been deleted being still visible,
and obsolete versions of updated rows being still visible alongside
their newer versions.
</para>
<para>
This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14.
Standby servers that have only been running earlier releases are not
at risk. It's recommended that standby servers that have ever run any
of the buggy releases be re-cloned from the primary (e.g., with a new
base backup) after upgrading.
</para>
</listitem>
<listitem>
<para>
Truncate <filename>pg_multixact</filename> contents during WAL replay
(Andres Freund)
</para>
<para>
This avoids ever-increasing disk space consumption in standby servers.
</para>
</listitem>
<listitem>
<para>
Fix race condition in GIN index posting tree page deletion (Heikki
Linnakangas)
</para>
<para>
This could lead to transient wrong answers or query failures.
</para>
</listitem>
<listitem>
<para>
Avoid flattening a subquery whose <literal>SELECT</literal> list contains a
volatile function wrapped inside a sub-<literal>SELECT</literal> (Tom Lane)
</para>
<para>
This avoids unexpected results due to extra evaluations of the
volatile function.
</para>
</listitem>
<listitem>
<para>
Fix planner's processing of non-simple-variable subquery outputs
nested within outer joins (Tom Lane)
</para>
<para>
This error could lead to incorrect plans for queries involving
multiple levels of subqueries within <literal>JOIN</literal> syntax.
</para>
</listitem>
<listitem>
<para>
Fix incorrect generation of optimized MIN()/MAX() plans for
inheritance trees (Tom Lane)
</para>
<para>
The planner could fail in cases where the MIN()/MAX() argument was an
expression rather than a simple variable.
</para>
</listitem>
<listitem>
<para>
Fix premature deletion of temporary files (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix possible read past end of memory in rule printing (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix array slicing of <type>int2vector</type> and <type>oidvector</type> values
(Tom Lane)
</para>
<para>
Expressions of this kind are now implicitly promoted to
regular <type>int2</type> or <type>oid</type> arrays.
</para>
</listitem>
<listitem>
<para>
Fix incorrect behaviors when using a SQL-standard, simple GMT offset
timezone (Tom Lane)
</para>
<para>
In some cases, the system would use the simple GMT offset value when
it should have used the regular timezone setting that had prevailed
before the simple offset was selected. This change also causes
the <function>timeofday</function> function to honor the simple GMT offset
zone.
</para>
</listitem>
<listitem>
<para>
Prevent possible misbehavior when logging translations of Windows
error codes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Properly quote generated command lines in <application>pg_ctl</application>
(Naoya Anzai and Tom Lane)
</para>
<para>
This fix applies only to Windows.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dumpall</application> to work when a source database
sets <link
linkend="guc-default-transaction-read-only"><varname>default_transaction_read_only</varname></link>
via <command>ALTER DATABASE SET</command> (Kevin Grittner)
</para>
<para>
Previously, the generated script would fail during restore.
</para>
</listitem>
<listitem>
<para>
Make <application>ecpg</application> search for quoted cursor names
case-sensitively (Zolt&aacute;n B&ouml;sz&ouml;rm&eacute;nyi)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</application>'s processing of lists of variables
declared <type>varchar</type> (Zolt&aacute;n B&ouml;sz&ouml;rm&eacute;nyi)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/lo</filename> defend against incorrect trigger definitions
(Marc Cousin)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2013h
for DST law changes in Argentina, Brazil, Jordan, Libya,
Liechtenstein, Morocco, and Palestine. Also, new timezone
abbreviations WIB, WIT, WITA for Indonesia.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-10">
<title>Release 9.1.10</title>
<formalpara>
<title>Release date:</title>
<para>2013-10-10</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.9.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.10</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.9,
see <xref linkend="release-9-1-9"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent corruption of multi-byte characters when attempting to
case-fold identifiers (Andrew Dunstan)
</para>
<para>
<productname>PostgreSQL</productname> case-folds non-ASCII characters only
when using a single-byte server encoding.
</para>
</listitem>
<listitem>
<para>
Fix checkpoint memory leak in background writer when <literal>wal_level =
hot_standby</literal> (Naoya Anzai)
</para>
</listitem>
<listitem>
<para>
Fix memory leak caused by <function>lo_open()</function> failure
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix memory overcommit bug when <varname>work_mem</varname> is using more
than 24GB of memory (Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix deadlock bug in libpq when using SSL (Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Fix possible SSL state corruption in threaded libpq applications
(Nick Phillips, Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Properly compute row estimates for boolean columns containing many NULL
values (Andrew Gierth)
</para>
<para>
Previously tests like <literal>col IS NOT TRUE</literal> and <literal>col IS
NOT FALSE</literal> did not properly factor in NULL values when estimating
plan costs.
</para>
</listitem>
<listitem>
<para>
Prevent pushing down <literal>WHERE</literal> clauses into unsafe
<literal>UNION/INTERSECT</literal> subqueries (Tom Lane)
</para>
<para>
Subqueries of a <literal>UNION</literal> or <literal>INTERSECT</literal> that
contain set-returning functions or volatile functions in their
<literal>SELECT</literal> lists could be improperly optimized, leading to
run-time errors or incorrect query results.
</para>
</listitem>
<listitem>
<para>
Fix rare case of <quote>failed to locate grouping columns</quote>
planner failure (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</application> of foreign tables with dropped columns (Andrew Dunstan)
</para>
<para>
Previously such cases could cause a <application>pg_upgrade</application> error.
</para>
</listitem>
<listitem>
<para>
Reorder <application>pg_dump</application> processing of extension-related
rules and event triggers (Joe Conway)
</para>
</listitem>
<listitem>
<para>
Force dumping of extension tables if specified by <command>pg_dump
-t</command> or <literal>-n</literal> (Joe Conway)
</para>
</listitem>
<listitem>
<para>
Improve view dumping code's handling of dropped columns in referenced
tables (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <command>pg_restore -l</command> with the directory archive to display
the correct format name (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Properly record index comments created using <literal>UNIQUE</literal>
and <literal>PRIMARY KEY</literal> syntax (Andres Freund)
</para>
<para>
This fixes a parallel <application>pg_restore</application> failure.
</para>
</listitem>
<listitem>
<para>
Properly guarantee transmission of WAL files before clean switchover
(Fujii Masao)
</para>
<para>
Previously, the streaming replication connection might close before all
WAL files had been replayed on the standby.
</para>
</listitem>
<listitem>
<para>
Fix WAL segment timeline handling during recovery (Mitsumasa Kondo,
Heikki Linnakangas)
</para>
<para>
WAL file recycling during standby recovery could lead to premature
recovery completion, resulting in data loss.
</para>
</listitem>
<listitem>
<para>
Fix <command>REINDEX TABLE</command> and <command>REINDEX DATABASE</command>
to properly revalidate constraints and mark invalidated indexes as
valid (Noah Misch)
</para>
<para>
<command>REINDEX INDEX</command> has always worked properly.
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock during concurrent <command>CREATE INDEX
CONCURRENTLY</command> operations (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>regexp_matches()</function> handling of zero-length matches
(Jeevan Chalke)
</para>
<para>
Previously, zero-length matches like '^' could return too many matches.
</para>
</listitem>
<listitem>
<para>
Fix crash for overly-complex regular expressions (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix regular expression match failures for back references combined with
non-greedy quantifiers (Jeevan Chalke)
</para>
</listitem>
<listitem>
<para>
Prevent <command>CREATE FUNCTION</command> from checking <command>SET</command>
variables unless function body checking is enabled (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow <command>ALTER DEFAULT PRIVILEGES</command> to operate on schemas
without requiring CREATE permission (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Loosen restriction on keywords used in queries (Tom Lane)
</para>
<para>
Specifically, lessen keyword restrictions for role names, language
names, <command>EXPLAIN</command> and <command>COPY</command> options, and
<command>SET</command> values. This allows <literal>COPY ... (FORMAT
BINARY)</literal> to work as expected; previously <literal>BINARY</literal> needed
to be quoted.
</para>
</listitem>
<listitem>
<para>
Fix <function>pgp_pub_decrypt()</function> so it works for secret keys with
passwords (Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_upgrade</application> use <literal>pg_dump
--quote-all-identifiers</literal> to avoid problems with keyword changes
between releases (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Remove rare inaccurate warning during vacuum of index-less tables
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ensure that <command>VACUUM ANALYZE</command> still runs the ANALYZE phase
if its attempt to truncate the file is cancelled due to lock conflicts
(Kevin Grittner)
</para>
</listitem>
<listitem>
<para>
Avoid possible failure when performing transaction control commands (e.g
<command>ROLLBACK</command>) in prepared queries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that floating-point data input accepts standard spellings
of <quote>infinity</quote> on all platforms (Tom Lane)
</para>
<para>
The C99 standard says that allowable spellings are <literal>inf</literal>,
<literal>+inf</literal>, <literal>-inf</literal>, <literal>infinity</literal>,
<literal>+infinity</literal>, and <literal>-infinity</literal>. Make sure we
recognize these even if the platform's <function>strtod</function> function
doesn't.
</para>
</listitem>
<listitem>
<para>
Expand ability to compare rows to records and arrays (Rafal Rzepecki,
Tom Lane)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2013d
for DST law changes in Israel, Morocco, Palestine, and Paraguay.
Also, historical zone data corrections for Macquarie Island.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-9">
<title>Release 9.1.9</title>
<formalpara>
<title>Release date:</title>
<para>2013-04-04</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.8.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.9</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, this release corrects several errors in management of GiST
indexes. After installing this update, it is advisable to
<command>REINDEX</command> any GiST indexes that meet one or more of the
conditions described below.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.1.6,
see <xref linkend="release-9-1-6"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix insecure parsing of server command-line switches (Mitsumasa
Kondo, Kyotaro Horiguchi)
</para>
<para>
A connection request containing a database name that begins with
<quote><literal>-</literal></quote> could be crafted to damage or destroy
files within the server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
</para>
</listitem>
<listitem>
<para>
Reset OpenSSL randomness state in each postmaster child process
(Marko Kreen)
</para>
<para>
This avoids a scenario wherein random numbers generated by
<filename>contrib/pgcrypto</filename> functions might be relatively easy for
another database user to guess. The risk is only significant when
the postmaster is configured with <varname>ssl</varname> = <literal>on</literal>
but most connections don't use SSL encryption. (CVE-2013-1900)
</para>
</listitem>
<listitem>
<para>
Make REPLICATION privilege checks test current user not authenticated
user (Noah Misch)
</para>
<para>
An unprivileged database user could exploit this mistake to call
<function>pg_start_backup()</function> or <function>pg_stop_backup()</function>,
thus possibly interfering with creation of routine backups.
(CVE-2013-1901)
</para>
</listitem>
<listitem>
<para>
Fix GiST indexes to not use <quote>fuzzy</quote> geometric comparisons when
it's not appropriate to do so (Alexander Korotkov)
</para>
<para>
The core geometric types perform comparisons using <quote>fuzzy</quote>
equality, but <function>gist_box_same</function> must do exact comparisons,
else GiST indexes using it might become inconsistent. After installing
this update, users should <command>REINDEX</command> any GiST indexes on
<type>box</type>, <type>polygon</type>, <type>circle</type>, or <type>point</type>
columns, since all of these use <function>gist_box_same</function>.
</para>
</listitem>
<listitem>
<para>
Fix erroneous range-union and penalty logic in GiST indexes that use
<filename>contrib/btree_gist</filename> for variable-width data types, that is
<type>text</type>, <type>bytea</type>, <type>bit</type>, and <type>numeric</type>
columns (Tom Lane)
</para>
<para>
These errors could result in inconsistent indexes in which some keys
that are present would not be found by searches, and also in useless
index bloat. Users are advised to <command>REINDEX</command> such indexes
after installing this update.
</para>
</listitem>
<listitem>
<para>
Fix bugs in GiST page splitting code for multi-column indexes
(Tom Lane)
</para>
<para>
These errors could result in inconsistent indexes in which some keys
that are present would not be found by searches, and also in indexes
that are unnecessarily inefficient to search. Users are advised to
<command>REINDEX</command> multi-column GiST indexes after installing this
update.
</para>
</listitem>
<listitem>
<para>
Fix <function>gist_point_consistent</function>
to handle fuzziness consistently (Alexander Korotkov)
</para>
<para>
Index scans on GiST indexes on <type>point</type> columns would sometimes
yield results different from a sequential scan, because
<function>gist_point_consistent</function> disagreed with the underlying
operator code about whether to do comparisons exactly or fuzzily.
</para>
</listitem>
<listitem>
<para>
Fix buffer leak in WAL replay (Heikki Linnakangas)
</para>
<para>
This bug could result in <quote>incorrect local pin count</quote> errors
during replay, making recovery impossible.
</para>
</listitem>
<listitem>
<para>
Fix race condition in <command>DELETE RETURNING</command> (Tom Lane)
</para>
<para>
Under the right circumstances, <command>DELETE RETURNING</command> could
attempt to fetch data from a shared buffer that the current process
no longer has any pin on. If some other process changed the buffer
meanwhile, this would lead to garbage <literal>RETURNING</literal> output, or
even a crash.
</para>
</listitem>
<listitem>
<para>
Fix infinite-loop risk in regular expression compilation (Tom Lane,
Don Porter)
</para>
</listitem>
<listitem>
<para>
Fix potential null-pointer dereference in regular expression compilation
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>to_char()</function> to use ASCII-only case-folding rules where
appropriate (Tom Lane)
</para>
<para>
This fixes misbehavior of some template patterns that should be
locale-independent, but mishandled <quote><literal>I</literal></quote> and
<quote><literal>i</literal></quote> in Turkish locales.
</para>
</listitem>
<listitem>
<para>
Fix unwanted rejection of timestamp <literal>1999-12-31 24:00:00</literal>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix logic error when a single transaction does <command>UNLISTEN</command>
then <command>LISTEN</command> (Tom Lane)
</para>
<para>
The session wound up not listening for notify events at all, though it
surely should listen in this case.
</para>
</listitem>
<listitem>
<para>
Fix possible planner crash after columns have been added to a view
that's depended on by another view (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Remove useless <quote>picksplit doesn't support secondary split</quote> log
messages (Josh Hansen, Tom Lane)
</para>
<para>
This message seems to have been added in expectation of code that was
never written, and probably never will be, since GiST's default
handling of secondary splits is actually pretty good. So stop nagging
end users about it.
</para>
</listitem>
<listitem>
<para>
Fix possible failure to send a session's last few transaction
commit/abort counts to the statistics collector (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Eliminate memory leaks in PL/Perl's <function>spi_prepare()</function> function
(Alex Hunsaker, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dumpall</application> to handle database names containing
<quote><literal>=</literal></quote> correctly (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Avoid crash in <application>pg_dump</application> when an incorrect connection
string is given (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ignore invalid indexes in <application>pg_dump</application> and
<application>pg_upgrade</application> (Michael Paquier, Bruce Momjian)
</para>
<para>
Dumping invalid indexes can cause problems at restore time, for example
if the reason the index creation failed was because it tried to enforce
a uniqueness condition not satisfied by the table's data. Also, if the
index creation is in fact still in progress, it seems reasonable to
consider it to be an uncommitted DDL change, which
<application>pg_dump</application> wouldn't be expected to dump anyway.
<application>pg_upgrade</application> now also skips invalid indexes rather than
failing.
</para>
</listitem>
<listitem>
<para>
In <application>pg_basebackup</application>, include only the current server
version's subdirectory when backing up a tablespace (Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Add a server version check in <application>pg_basebackup</application> and
<application>pg_receivexlog</application>, so they fail cleanly with version
combinations that won't work (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pg_trgm</filename>'s <function>similarity()</function> function
to return zero for trigram-less strings (Tom Lane)
</para>
<para>
Previously it returned <literal>NaN</literal> due to internal division by zero.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2013b
for DST law changes in Chile, Haiti, Morocco, Paraguay, and some
Russian areas. Also, historical zone data corrections for numerous
places.
</para>
<para>
Also, update the time zone abbreviation files for recent changes in
Russia and elsewhere: <literal>CHOT</literal>, <literal>GET</literal>,
<literal>IRKT</literal>, <literal>KGT</literal>, <literal>KRAT</literal>, <literal>MAGT</literal>,
<literal>MAWT</literal>, <literal>MSK</literal>, <literal>NOVT</literal>, <literal>OMST</literal>,
<literal>TKT</literal>, <literal>VLAT</literal>, <literal>WST</literal>, <literal>YAKT</literal>,
<literal>YEKT</literal> now follow their current meanings, and
<literal>VOLT</literal> (Europe/Volgograd) and <literal>MIST</literal>
(Antarctica/Macquarie) are added to the default abbreviations list.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-8">
<title>Release 9.1.8</title>
<formalpara>
<title>Release date:</title>
<para>2013-02-07</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.7.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.8</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.6,
see <xref linkend="release-9-1-6"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent execution of <function>enum_recv</function> from SQL (Tom Lane)
</para>
<para>
The function was misdeclared, allowing a simple SQL command to crash the
server. In principle an attacker might be able to use it to examine the
contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
for reporting this issue. (CVE-2013-0255)
</para>
</listitem>
<listitem>
<para>
Fix multiple problems in detection of when a consistent database
state has been reached during WAL replay (Fujii Masao, Heikki
Linnakangas, Simon Riggs, Andres Freund)
</para>
</listitem>
<listitem>
<para>
Update minimum recovery point when truncating a relation file (Heikki
Linnakangas)
</para>
<para>
Once data has been discarded, it's no longer safe to stop recovery at
an earlier point in the timeline.
</para>
</listitem>
<listitem>
<para>
Fix recycling of WAL segments after changing recovery target timeline
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs)
</para>
<para>
The need to cancel conflicting hot-standby queries would sometimes be
missed, allowing those queries to see inconsistent data.
</para>
</listitem>
<listitem>
<para>
Prevent recovery pause feature from pausing before users can connect
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix SQL grammar to allow subscripting or field selection from a
sub-SELECT result (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix performance problems with autovacuum truncation in busy workloads
(Jan Wieck)
</para>
<para>
Truncation of empty pages at the end of a table requires exclusive
lock, but autovacuum was coded to fail (and release the table lock)
when there are conflicting lock requests. Under load, it is easily
possible that truncation would never occur, resulting in table bloat.
Fix by performing a partial truncation, releasing the lock, then
attempting to re-acquire the lock and continue. This fix also greatly
reduces the average time before autovacuum releases the lock after a
conflicting request arrives.
</para>
</listitem>
<listitem>
<para>
Protect against race conditions when scanning
<structname>pg_tablespace</structname> (Stephen Frost, Tom Lane)
</para>
<para>
<command>CREATE DATABASE</command> and <command>DROP DATABASE</command> could
misbehave if there were concurrent updates of
<structname>pg_tablespace</structname> entries.
</para>
</listitem>
<listitem>
<para>
Prevent <command>DROP OWNED</command> from trying to drop whole databases or
tablespaces (&Aacute;lvaro Herrera)
</para>
<para>
For safety, ownership of these objects must be reassigned, not dropped.
</para>
</listitem>
<listitem>
<para>
Fix error in <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</varname></link>
implementation (Andres Freund)
</para>
<para>
In installations that have existed for more than <link
linkend="guc-vacuum-freeze-min-age"><varname>vacuum_freeze_min_age</varname></link>
transactions, this mistake prevented autovacuum from using partial-table
scans, so that a full-table scan would always happen instead.
</para>
</listitem>
<listitem>
<para>
Prevent misbehavior when a <symbol>RowExpr</symbol> or <symbol>XmlExpr</symbol>
is parse-analyzed twice (Andres Freund, Tom Lane)
</para>
<para>
This mistake could be user-visible in contexts such as
<literal>CREATE TABLE LIKE INCLUDING INDEXES</literal>.
</para>
</listitem>
<listitem>
<para>
Improve defenses against integer overflow in hashtable sizing
calculations (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Fix failure to ignore leftover temporary tables after a server crash
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Reject out-of-range dates in <function>to_date()</function> (Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Fix <function>pg_extension_config_dump()</function> to handle
extension-update cases properly (Tom Lane)
</para>
<para>
This function will now replace any existing entry for the target
table, making it usable in extension update scripts.
</para>
</listitem>
<listitem>
<para>
Fix PL/Python's handling of functions used as triggers on multiple
tables (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Ensure that non-ASCII prompt strings are translated to the correct
code page on Windows (Alexander Law, Noah Misch)
</para>
<para>
This bug affected <application>psql</application> and some other client programs.
</para>
</listitem>
<listitem>
<para>
Fix possible crash in <application>psql</application>'s <command>\?</command> command
when not connected to a database (Meng Qingzhong)
</para>
</listitem>
<listitem>
<para>
Fix possible error if a relation file is removed while
<application>pg_basebackup</application> is running (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</application> exclude data of unlogged tables when
running on a hot-standby server (Magnus Hagander)
</para>
<para>
This would fail anyway because the data is not available on the standby
server, so it seems most convenient to assume
<option>--no-unlogged-table-data</option> automatically.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</application> to deal with invalid indexes safely
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Fix one-byte buffer overrun in <application>libpq</application>'s
<function>PQprintTuples</function> (Xi Wang)
</para>
<para>
This ancient function is not used anywhere by
<productname>PostgreSQL</productname> itself, but it might still be used by some
client code.
</para>
</listitem>
<listitem>
<para>
Make <application>ecpglib</application> use translated messages properly
(Chen Huajun)
</para>
</listitem>
<listitem>
<para>
Properly install <application>ecpg_compat</application> and
<application>pgtypes</application> libraries on MSVC (Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Include our version of <function>isinf()</function> in
<application>libecpg</application> if it's not provided by the system
(Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Rearrange configure's tests for supplied functions so it is not
fooled by bogus exports from libedit/libreadline (Christoph Berg)
</para>
</listitem>
<listitem>
<para>
Ensure Windows build number increases over time (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Make <application>pgxs</application> build executables with the right
<literal>.exe</literal> suffix when cross-compiling for Windows
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Add new timezone abbreviation <literal>FET</literal> (Tom Lane)
</para>
<para>
This is now used in some eastern-European time zones.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-7">
<title>Release 9.1.7</title>
<formalpara>
<title>Release date:</title>
<para>2012-12-06</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.6.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.7</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.6,
see <xref linkend="release-9-1-6"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix multiple bugs associated with <command>CREATE INDEX
CONCURRENTLY</command> (Andres Freund, Tom Lane)
</para>
<para>
Fix <command>CREATE INDEX CONCURRENTLY</command> to use
in-place updates when changing the state of an index's
<structname>pg_index</structname> row. This prevents race conditions that could
cause concurrent sessions to miss updating the target index, thus
resulting in corrupt concurrently-created indexes.
</para>
<para>
Also, fix various other operations to ensure that they ignore
invalid indexes resulting from a failed <command>CREATE INDEX
CONCURRENTLY</command> command. The most important of these is
<command>VACUUM</command>, because an auto-vacuum could easily be launched
on the table before corrective action can be taken to fix or remove
the invalid index.
</para>
</listitem>
<listitem>
<para>
Fix buffer locking during WAL replay (Tom Lane)
</para>
<para>
The WAL replay code was insufficiently careful about locking buffers
when replaying WAL records that affect more than one page. This could
result in hot standby queries transiently seeing inconsistent states,
resulting in wrong answers or unexpected failures.
</para>
</listitem>
<listitem>
<para>
Fix an error in WAL generation logic for GIN indexes (Tom Lane)
</para>
<para>
This could result in index corruption, if a torn-page failure occurred.
</para>
</listitem>
<listitem>
<para>
Properly remove startup process's virtual XID lock when promoting a
hot standby server to normal running (Simon Riggs)
</para>
<para>
This oversight could prevent subsequent execution of certain
operations such as <command>CREATE INDEX CONCURRENTLY</command>.
</para>
</listitem>
<listitem>
<para>
Avoid bogus <quote>out-of-sequence timeline ID</quote> errors in standby
mode (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Prevent the postmaster from launching new child processes after it's
received a shutdown signal (Tom Lane)
</para>
<para>
This mistake could result in shutdown taking longer than it should, or
even never completing at all without additional user action.
</para>
</listitem>
<listitem>
<para>
Avoid corruption of internal hash tables when out of memory
(Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Prevent file descriptors for dropped tables from being held open past
transaction end (Tom Lane)
</para>
<para>
This should reduce problems with long-since-dropped tables continuing
to occupy disk space.
</para>
</listitem>
<listitem>
<para>
Prevent database-wide crash and restart when a new child process is
unable to create a pipe for its latch (Tom Lane)
</para>
<para>
Although the new process must fail, there is no good reason to force a
database-wide restart, so avoid that. This improves robustness when
the kernel is nearly out of file descriptors.
</para>
</listitem>
<listitem>
<para>
Fix planning of non-strict equivalence clauses above outer joins
(Tom Lane)
</para>
<para>
The planner could derive incorrect constraints from a clause equating
a non-strict construct to something else, for example
<literal>WHERE COALESCE(foo, 0) = 0</literal>
when <literal>foo</literal> is coming from the nullable side of an outer join.
</para>
</listitem>
<listitem>
<para>
Fix <command>SELECT DISTINCT</command> with index-optimized
<function>MIN</function>/<function>MAX</function> on an inheritance tree (Tom Lane)
</para>
<para>
The planner would fail with <quote>failed to re-find MinMaxAggInfo
record</quote> given this combination of factors.
</para>
</listitem>
<listitem>
<para>
Improve planner's ability to prove exclusion constraints from
equivalence classes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix partial-row matching in hashed subplans to handle cross-type cases
correctly (Tom Lane)
</para>
<para>
This affects multicolumn <literal>NOT IN</literal> subplans, such as
<literal>WHERE (a, b) NOT IN (SELECT x, y FROM ...)</literal>
when for instance <literal>b</literal> and <literal>y</literal> are <type>int4</type>
and <type>int8</type> respectively. This mistake led to wrong answers
or crashes depending on the specific datatypes involved.
</para>
</listitem>
<listitem>
<para>
Acquire buffer lock when re-fetching the old tuple for an
<literal>AFTER ROW UPDATE/DELETE</literal> trigger (Andres Freund)
</para>
<para>
In very unusual circumstances, this oversight could result in passing
incorrect data to a trigger <literal>WHEN</literal> condition, or to the
precheck logic for a foreign-key enforcement trigger. That could
result in a crash, or in an incorrect decision about whether to
fire the trigger.
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER COLUMN TYPE</command> to handle inherited check
constraints properly (Pavan Deolasee)
</para>
<para>
This worked correctly in pre-8.4 releases, and now works correctly
in 8.4 and later.
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER EXTENSION SET SCHEMA</command>'s failure to move some
subsidiary objects into the new schema (&Aacute;lvaro Herrera, Dimitri
Fontaine)
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</command> to handle grants on tablespaces
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Ignore incorrect <structname>pg_attribute</structname> entries for system
columns for views (Tom Lane)
</para>
<para>
Views do not have any system columns. However, we forgot to
remove such entries when converting a table to a view. That's fixed
properly for 9.3 and later, but in previous branches we need to defend
against existing mis-converted views.
</para>
</listitem>
<listitem>
<para>
Fix rule printing to dump <literal>INSERT INTO <replaceable>table</replaceable>
DEFAULT VALUES</literal> correctly (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Guard against stack overflow when there are too many
<literal>UNION</literal>/<literal>INTERSECT</literal>/<literal>EXCEPT</literal> clauses
in a query (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent platform-dependent failures when dividing the minimum possible
integer value by -1 (Xi Wang, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible access past end of string in date parsing
(Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Fix failure to advance XID epoch if XID wraparound happens during a
checkpoint and <varname>wal_level</varname> is <literal>hot_standby</literal>
(Tom Lane, Andres Freund)
</para>
<para>
While this mistake had no particular impact on
<productname>PostgreSQL</productname> itself, it was bad for
applications that rely on <function>txid_current()</function> and related
functions: the TXID value would appear to go backwards.
</para>
</listitem>
<listitem>
<para>
Fix display of
<structname>pg_stat_replication</structname>.<structfield>sync_state</structfield> at a
page boundary (Kyotaro Horiguchi)
</para>
</listitem>
<listitem>
<para>
Produce an understandable error message if the length of the path name
for a Unix-domain socket exceeds the platform-specific limit
(Tom Lane, Andrew Dunstan)
</para>
<para>
Formerly, this would result in something quite unhelpful, such as
<quote>Non-recoverable failure in name resolution</quote>.
</para>
</listitem>
<listitem>
<para>
Fix memory leaks when sending composite column values to the client
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_ctl</application> more robust about reading the
<filename>postmaster.pid</filename> file (Heikki Linnakangas)
</para>
<para>
Fix race conditions and possible file descriptor leakage.
</para>
</listitem>
<listitem>
<para>
Fix possible crash in <application>psql</application> if incorrectly-encoded data
is presented and the <varname>client_encoding</varname> setting is a
client-only encoding, such as SJIS (Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</application> dump <literal>SEQUENCE SET</literal> items in
the data not pre-data section of the archive (Tom Lane)
</para>
<para>
This change fixes dumping of sequences that are marked as extension
configuration tables.
</para>
</listitem>
<listitem>
<para>
Fix bugs in the <filename>restore.sql</filename> script emitted by
<application>pg_dump</application> in <literal>tar</literal> output format (Tom Lane)
</para>
<para>
The script would fail outright on tables whose names include
upper-case characters. Also, make the script capable of restoring
data in <option>--inserts</option> mode as well as the regular COPY mode.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</application> to accept POSIX-conformant
<literal>tar</literal> files (Brian Weaver, Tom Lane)
</para>
<para>
The original coding of <application>pg_dump</application>'s <literal>tar</literal>
output mode produced files that are not fully conformant with the
POSIX standard. This has been corrected for version 9.3. This
patch updates previous branches so that they will accept both the
incorrect and the corrected formats, in hopes of avoiding
compatibility problems when 9.3 comes out.
</para>
</listitem>
<listitem>
<para>
Fix <literal>tar</literal> files emitted by <application>pg_basebackup</application> to
be POSIX conformant (Brian Weaver, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_resetxlog</application> to locate <filename>postmaster.pid</filename>
correctly when given a relative path to the data directory (Tom Lane)
</para>
<para>
This mistake could lead to <application>pg_resetxlog</application> not noticing
that there is an active postmaster using the data directory.
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</application>'s <function>lo_import()</function> and
<function>lo_export()</function> functions to report file I/O errors properly
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</application>'s processing of nested structure pointer
variables (Muhammad Usama)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</application>'s <function>ecpg_get_data</function> function to
handle arrays properly (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/pageinspect</filename>'s btree page inspection
functions take buffer locks while examining pages (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that <literal>make install</literal> for an extension creates the
<filename>extension</filename> installation directory (C&eacute;dric Villemain)
</para>
<para>
Previously, this step was missed if <varname>MODULEDIR</varname> was set in
the extension's Makefile.
</para>
</listitem>
<listitem>
<para>
Fix <application>pgxs</application> support for building loadable modules on AIX
(Tom Lane)
</para>
<para>
Building modules outside the original source tree didn't work on AIX.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2012j
for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western
Samoa, and portions of Brazil.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-6">
<title>Release 9.1.6</title>
<formalpara>
<title>Release date:</title>
<para>2012-09-24</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.5.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.6</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, you may need to perform <command>REINDEX</command> operations to
recover from the effects of the data corruption bug described in the
first changelog item below.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.1.4,
see <xref linkend="release-9-1-4"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix persistence marking of shared buffers during WAL replay
(Jeff Davis)
</para>
<para>
This mistake can result in buffers not being written out during
checkpoints, resulting in data corruption if the server later crashes
without ever having written those buffers. Corruption can occur on
any server following crash recovery, but it is significantly more
likely to occur on standby slave servers since those perform much
more WAL replay. There is a low probability of corruption of btree
and GIN indexes. There is a much higher probability of corruption of
table <quote>visibility maps</quote>. Fortunately, visibility maps are
non-critical data in 9.1, so the worst consequence of such corruption
in 9.1 installations is transient inefficiency of vacuuming. Table
data proper cannot be corrupted by this bug.
</para>
<para>
While no index corruption due to this bug is known to have occurred
in the field, as a precautionary measure it is recommended that
production installations <command>REINDEX</command> all btree and GIN
indexes at a convenient time after upgrading to 9.1.6.
</para>
<para>
Also, if you intend to do an in-place upgrade to 9.2.X, before doing
so it is recommended to perform a <command>VACUUM</command> of all tables
while having <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</varname></link>
set to zero. This will ensure that any lingering wrong data in the
visibility maps is corrected before 9.2.X can depend on it. <link
linkend="guc-vacuum-cost-delay"><varname>vacuum_cost_delay</varname></link>
can be adjusted to reduce the performance impact of vacuuming, while
causing it to take longer to finish.
</para>
</listitem>
<listitem>
<para>
Fix planner's assignment of executor parameters, and fix executor's
rescan logic for CTE plan nodes (Tom Lane)
</para>
<para>
These errors could result in wrong answers from queries that scan the
same <literal>WITH</literal> subquery multiple times.
</para>
</listitem>
<listitem>
<para>
Fix misbehavior when <link
linkend="guc-default-transaction-isolation"><varname>default_transaction_isolation</varname></link>
is set to <literal>serializable</literal> (Kevin Grittner, Tom Lane, Heikki
Linnakangas)
</para>
<para>
Symptoms include crashes at process start on Windows, and crashes in
hot standby operation.
</para>
</listitem>
<listitem>
<para>
Improve selectivity estimation for text search queries involving
prefixes, i.e. <replaceable>word</replaceable><literal>:*</literal> patterns (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve page-splitting decisions in GiST indexes (Alexander Korotkov,
Robert Haas, Tom Lane)
</para>
<para>
Multi-column GiST indexes might suffer unexpected bloat due to this
error.
</para>
</listitem>
<listitem>
<para>
Fix cascading privilege revoke to stop if privileges are still held
(Tom Lane)
</para>
<para>
If we revoke a grant option from some role <replaceable>X</replaceable>, but
<replaceable>X</replaceable> still holds that option via a grant from someone
else, we should not recursively revoke the corresponding privilege
from role(s) <replaceable>Y</replaceable> that <replaceable>X</replaceable> had granted it
to.
</para>
</listitem>
<listitem>
<para>
Disallow extensions from containing the schema they are assigned to
(Thom Brown)
</para>
<para>
This situation creates circular dependencies that confuse
<application>pg_dump</application> and probably other things. It's confusing
for humans too, so disallow it.
</para>
</listitem>
<listitem>
<para>
Improve error messages for Hot Standby misconfiguration errors
(Gurjeet Singh)
</para>
</listitem>
<listitem>
<para>
Make <application>configure</application> probe for <function>mbstowcs_l</function> (Tom
Lane)
</para>
<para>
This fixes build failures on some versions of AIX.
</para>
</listitem>
<listitem>
<para>
Fix handling of <literal>SIGFPE</literal> when PL/Perl is in use (Andres Freund)
</para>
<para>
Perl resets the process's <literal>SIGFPE</literal> handler to
<literal>SIG_IGN</literal>, which could result in crashes later on. Restore
the normal Postgres signal handler after initializing PL/Perl.
</para>
</listitem>
<listitem>
<para>
Prevent PL/Perl from crashing if a recursive PL/Perl function is
redefined while being executed (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Work around possible misoptimization in PL/Perl (Tom Lane)
</para>
<para>
Some Linux distributions contain an incorrect version of
<filename>pthread.h</filename> that results in incorrect compiled code in
PL/Perl, leading to crashes if a PL/Perl function calls another one
that throws an error.
</para>
</listitem>
<listitem>
<para>
Fix bugs in <filename>contrib/pg_trgm</filename>'s <literal>LIKE</literal> pattern
analysis code (Fujii Masao)
</para>
<para>
<literal>LIKE</literal> queries using a trigram index could produce wrong
results if the pattern contained <literal>LIKE</literal> escape characters.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</application>'s handling of line endings on Windows
(Andrew Dunstan)
</para>
<para>
Previously, <application>pg_upgrade</application> might add or remove carriage
returns in places such as function bodies.
</para>
</listitem>
<listitem>
<para>
On Windows, make <application>pg_upgrade</application> use backslash path
separators in the scripts it emits (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Remove unnecessary dependency on <application>pg_config</application> from
<application>pg_upgrade</application> (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2012f
for DST law changes in Fiji
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-5">
<title>Release 9.1.5</title>
<formalpara>
<title>Release date:</title>
<para>2012-08-17</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.4.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.5</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.4,
see <xref linkend="release-9-1-4"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent access to external files/URLs via XML entity references
(Noah Misch, Tom Lane)
</para>
<para>
<function>xml_parse()</function> would attempt to fetch external files or
URLs as needed to resolve DTD and entity references in an XML value,
thus allowing unprivileged database users to attempt to fetch data
with the privileges of the database server. While the external data
wouldn't get returned directly to the user, portions of it could be
exposed in error messages if the data didn't parse as valid XML; and
in any case the mere ability to check existence of a file might be
useful to an attacker. (CVE-2012-3489)
</para>
</listitem>
<listitem>
<para>
Prevent access to external files/URLs via <filename>contrib/xml2</filename>'s
<function>xslt_process()</function> (Peter Eisentraut)
</para>
<para>
<application>libxslt</application> offers the ability to read and write both
files and URLs through stylesheet commands, thus allowing
unprivileged database users to both read and write data with the
privileges of the database server. Disable that through proper use
of <application>libxslt</application>'s security options. (CVE-2012-3488)
</para>
<para>
Also, remove <function>xslt_process()</function>'s ability to fetch documents
and stylesheets from external files/URLs. While this was a
documented <quote>feature</quote>, it was long regarded as a bad idea.
The fix for CVE-2012-3489 broke that capability, and rather than
expend effort on trying to fix it, we're just going to summarily
remove it.
</para>
</listitem>
<listitem>
<para>
Prevent too-early recycling of btree index pages (Noah Misch)
</para>
<para>
When we allowed read-only transactions to skip assigning XIDs, we
introduced the possibility that a deleted btree page could be
recycled while a read-only transaction was still in flight to it.
This would result in incorrect index search results. The probability
of such an error occurring in the field seems very low because of the
timing requirements, but nonetheless it should be fixed.
</para>
</listitem>
<listitem>
<para>
Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane)
</para>
<para>
If <command>ALTER SEQUENCE</command> was executed on a freshly created or
reset sequence, and then precisely one <function>nextval()</function> call
was made on it, and then the server crashed, WAL replay would restore
the sequence to a state in which it appeared that no
<function>nextval()</function> had been done, thus allowing the first
sequence value to be returned again by the next
<function>nextval()</function> call. In particular this could manifest for
<type>serial</type> columns, since creation of a serial column's sequence
includes an <command>ALTER SEQUENCE OWNED BY</command> step.
</para>
</listitem>
<listitem>
<para>
Fix race condition in <literal>enum</literal>-type value comparisons (Robert
Haas, Tom Lane)
</para>
<para>
Comparisons could fail when encountering an enum value added since
the current query started.
</para>
</listitem>
<listitem>
<para>
Fix <function>txid_current()</function> to report the correct epoch when not
in hot standby (Heikki Linnakangas)
</para>
<para>
This fixes a regression introduced in the previous minor release.
</para>
</listitem>
<listitem>
<para>
Prevent selection of unsuitable replication connections as
the synchronous standby (Fujii Masao)
</para>
<para>
The master might improperly choose pseudo-servers such as
<application>pg_receivexlog</application> or <application>pg_basebackup</application>
as the synchronous standby, and then wait indefinitely for them.
</para>
</listitem>
<listitem>
<para>
Fix bug in startup of Hot Standby when a master transaction has many
subtransactions (Andres Freund)
</para>
<para>
This mistake led to failures reported as <quote>out-of-order XID
insertion in KnownAssignedXids</quote>.
</para>
</listitem>
<listitem>
<para>
Ensure the <filename>backup_label</filename> file is fsync'd after
<function>pg_start_backup()</function> (Dave Kerr)
</para>
</listitem>
<listitem>
<para>
Fix timeout handling in walsender processes (Tom Lane)
</para>
<para>
WAL sender background processes neglected to establish a
<systemitem>SIGALRM</systemitem> handler, meaning they would wait forever in
some corner cases where a timeout ought to happen.
</para>
</listitem>
<listitem>
<para>
Wake walsenders after each background flush by walwriter (Andres
Freund, Simon Riggs)
</para>
<para>
This greatly reduces replication delay when the workload contains
only asynchronously-committed transactions.
</para>
</listitem>
<listitem>
<para>
Fix <literal>LISTEN</literal>/<literal>NOTIFY</literal> to cope better with I/O
problems, such as out of disk space (Tom Lane)
</para>
<para>
After a write failure, all subsequent attempts to send more
<literal>NOTIFY</literal> messages would fail with messages like
<quote>Could not read from file "pg_notify/<replaceable>nnnn</replaceable>" at
offset <replaceable>nnnnn</replaceable>: Success</quote>.
</para>
</listitem>
<listitem>
<para>
Only allow autovacuum to be auto-canceled by a directly blocked
process (Tom Lane)
</para>
<para>
The original coding could allow inconsistent behavior in some cases;
in particular, an autovacuum could get canceled after less than
<literal>deadlock_timeout</literal> grace period.
</para>
</listitem>
<listitem>
<para>
Improve logging of autovacuum cancels (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix log collector so that <literal>log_truncate_on_rotation</literal> works
during the very first log rotation after server start (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <literal>WITH</literal> attached to a nested set operation
(<literal>UNION</literal>/<literal>INTERSECT</literal>/<literal>EXCEPT</literal>)
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that a whole-row reference to a subquery doesn't include any
extra <literal>GROUP BY</literal> or <literal>ORDER BY</literal> columns (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix dependencies generated during <literal>ALTER TABLE ... ADD
CONSTRAINT USING INDEX</literal> (Tom Lane)
</para>
<para>
This command left behind a redundant <structname>pg_depend</structname> entry
for the index, which could confuse later operations, notably
<literal>ALTER TABLE ... ALTER COLUMN TYPE</literal> on one of the indexed
columns.
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</command> to work on extensions (Alvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Disallow copying whole-row references in <literal>CHECK</literal>
constraints and index definitions during <command>CREATE TABLE</command>
(Tom Lane)
</para>
<para>
This situation can arise in <command>CREATE TABLE</command> with
<literal>LIKE</literal> or <literal>INHERITS</literal>. The copied whole-row
variable was incorrectly labeled with the row type of the original
table not the new one. Rejecting the case seems reasonable for
<literal>LIKE</literal>, since the row types might well diverge later. For
<literal>INHERITS</literal> we should ideally allow it, with an implicit
coercion to the parent table's row type; but that will require more
work than seems safe to back-patch.
</para>
</listitem>
<listitem>
<para>
Fix memory leak in <literal>ARRAY(SELECT ...)</literal> subqueries (Heikki
Linnakangas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix planner to pass correct collation to operator selectivity
estimators (Tom Lane)
</para>
<para>
This was not previously required by any core selectivity estimation
function, but third-party code might need it.
</para>
</listitem>
<listitem>
<para>
Fix extraction of common prefixes from regular expressions (Tom Lane)
</para>
<para>
The code could get confused by quantified parenthesized
subexpressions, such as <literal>^(foo)?bar</literal>. This would lead to
incorrect index optimization of searches for such patterns.
</para>
</listitem>
<listitem>
<para>
Fix bugs with parsing signed
<replaceable>hh</replaceable><literal>:</literal><replaceable>mm</replaceable> and
<replaceable>hh</replaceable><literal>:</literal><replaceable>mm</replaceable><literal>:</literal><replaceable>ss</replaceable>
fields in <type>interval</type> constants (Amit Kapila, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</application> to better handle views containing partial
<literal>GROUP BY</literal> lists (Tom Lane)
</para>
<para>
A view that lists only a primary key column in <literal>GROUP BY</literal>,
but uses other table columns as if they were grouped, gets marked as
depending on the primary key. Improper handling of such primary key
dependencies in <application>pg_dump</application> resulted in poorly-ordered
dumps, which at best would be inefficient to restore and at worst
could result in outright failure of a parallel
<application>pg_restore</application> run.
</para>
</listitem>
<listitem>
<para>
In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding
(Alex Hunsaker, Kyotaro Horiguchi, Alvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Use Postgres' encoding conversion functions, not Python's, when
converting a Python Unicode string to the server encoding in
PL/Python (Jan Urbanski)
</para>
<para>
This avoids some corner-case problems, notably that Python doesn't
support all the encodings Postgres does. A notable functional change
is that if the server encoding is SQL_ASCII, you will get the UTF-8
representation of the string; formerly, any non-ASCII characters in
the string would result in an error.
</para>
</listitem>
<listitem>
<para>
Fix mapping of PostgreSQL encodings to Python encodings in PL/Python
(Jan Urbanski)
</para>
</listitem>
<listitem>
<para>
Report errors properly in <filename>contrib/xml2</filename>'s
<function>xslt_process()</function> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2012e
for DST law changes in Morocco and Tokelau
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-4">
<title>Release 9.1.4</title>
<formalpara>
<title>Release date:</title>
<para>2012-06-04</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.3.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.4</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you use the <type>citext</type> data type, and you upgraded
from a previous major release by running <application>pg_upgrade</application>,
you should run <literal>CREATE EXTENSION citext FROM unpackaged</literal>
to avoid collation-related failures in <type>citext</type> operations.
The same is necessary if you restore a dump from a pre-9.1 database
that contains an instance of the <type>citext</type> data type.
If you've already run the <command>CREATE EXTENSION</command> command before
upgrading to 9.1.4, you will instead need to do manual catalog updates
as explained in the third changelog item below.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.1.2,
see <xref linkend="release-9-1-2"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix incorrect password transformation in
<filename>contrib/pgcrypto</filename>'s DES <function>crypt()</function> function
(Solar Designer)
</para>
<para>
If a password string contained the byte value <literal>0x80</literal>, the
remainder of the password was ignored, causing the password to be much
weaker than it appeared. With this fix, the rest of the string is
properly included in the DES hash. Any stored password values that are
affected by this bug will thus no longer match, so the stored values may
need to be updated. (CVE-2012-2143)
</para>
</listitem>
<listitem>
<para>
Ignore <literal>SECURITY DEFINER</literal> and <literal>SET</literal> attributes for
a procedural language's call handler (Tom Lane)
</para>
<para>
Applying such attributes to a call handler could crash the server.
(CVE-2012-2655)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/citext</filename>'s upgrade script fix collations of
<type>citext</type> arrays and domains over <type>citext</type>
(Tom Lane)
</para>
<para>
Release 9.1.2 provided a fix for collations of <type>citext</type> columns
and indexes in databases upgraded or reloaded from pre-9.1
installations, but that fix was incomplete: it neglected to handle arrays
and domains over <type>citext</type>. This release extends the module's
upgrade script to handle these cases. As before, if you have already
run the upgrade script, you'll need to run the collation update
commands by hand instead. See the 9.1.2 release notes for more
information about doing this.
</para>
</listitem>
<listitem>
<para>
Allow numeric timezone offsets in <type>timestamp</type> input to be up to
16 hours away from UTC (Tom Lane)
</para>
<para>
Some historical time zones have offsets larger than 15 hours, the
previous limit. This could result in dumped data values being rejected
during reload.
</para>
</listitem>
<listitem>
<para>
Fix timestamp conversion to cope when the given time is exactly the
last DST transition time for the current timezone (Tom Lane)
</para>
<para>
This oversight has been there a long time, but was not noticed
previously because most DST-using zones are presumed to have an
indefinite sequence of future DST transitions.
</para>
</listitem>
<listitem>
<para>
Fix <type>text</type> to <type>name</type> and <type>char</type> to <type>name</type>
casts to perform string truncation correctly in multibyte encodings
(Karl Schnaitter)
</para>
</listitem>
<listitem>
<para>
Fix memory copying bug in <function>to_tsquery()</function> (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ensure <function>txid_current()</function> reports the correct epoch when
executed in hot standby (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Fix planner's handling of outer PlaceHolderVars within subqueries (Tom
Lane)
</para>
<para>
This bug concerns sub-SELECTs that reference variables coming from the
nullable side of an outer join of the surrounding query.
In 9.1, queries affected by this bug would fail with <quote>ERROR:
Upper-level PlaceHolderVar found where not expected</quote>. But in 9.0 and
8.4, you'd silently get possibly-wrong answers, since the value
transmitted into the subquery wouldn't go to null when it should.
</para>
</listitem>
<listitem>
<para>
Fix planning of <literal>UNION ALL</literal> subqueries with output columns
that are not simple variables (Tom Lane)
</para>
<para>
Planning of such cases got noticeably worse in 9.1 as a result of a
misguided fix for <quote>MergeAppend child's targetlist doesn't match
MergeAppend</quote> errors. Revert that fix and do it another way.
</para>
</listitem>
<listitem>
<para>
Fix slow session startup when <structname>pg_attribute</structname> is very large
(Tom Lane)
</para>
<para>
If <structname>pg_attribute</structname> exceeds one-fourth of
<varname>shared_buffers</varname>, cache rebuilding code that is sometimes
needed during session start would trigger the synchronized-scan logic,
causing it to take many times longer than normal. The problem was
particularly acute if many new sessions were starting at once.
</para>
</listitem>
<listitem>
<para>
Ensure sequential scans check for query cancel reasonably often (Merlin
Moncure)
</para>
<para>
A scan encountering many consecutive pages that contain no live tuples
would not respond to interrupts meanwhile.
</para>
</listitem>
<listitem>
<para>
Ensure the Windows implementation of <function>PGSemaphoreLock()</function>
clears <varname>ImmediateInterruptOK</varname> before returning (Tom Lane)
</para>
<para>
This oversight meant that a query-cancel interrupt received later
in the same query could be accepted at an unsafe time, with
unpredictable but not good consequences.
</para>
</listitem>
<listitem>
<para>
Show whole-row variables safely when printing views or rules
(Abbas Butt, Tom Lane)
</para>
<para>
Corner cases involving ambiguous names (that is, the name could be
either a table or column name of the query) were printed in an
ambiguous way, risking that the view or rule would be interpreted
differently after dump and reload. Avoid the ambiguous case by
attaching a no-op cast.
</para>
</listitem>
<listitem>
<para>
Fix <command>COPY FROM</command> to properly handle null marker strings that
correspond to invalid encoding (Tom Lane)
</para>
<para>
A null marker string such as <literal>E'\\0'</literal> should work, and did
work in the past, but the case got broken in 8.4.
</para>
</listitem>
<listitem>
<para>
Fix <command>EXPLAIN VERBOSE</command> for writable CTEs containing
<literal>RETURNING</literal> clauses (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <command>PREPARE TRANSACTION</command> to work correctly in the presence
of advisory locks (Tom Lane)
</para>
<para>
Historically, <command>PREPARE TRANSACTION</command> has simply ignored any
session-level advisory locks the session holds, but this case was
accidentally broken in 9.1.
</para>
</listitem>
<listitem>
<para>
Fix truncation of unlogged tables (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Ignore missing schemas during non-interactive assignments of
<varname>search_path</varname> (Tom Lane)
</para>
<para>
This re-aligns 9.1's behavior with that of older branches. Previously
9.1 would throw an error for nonexistent schemas mentioned in
<varname>search_path</varname> settings obtained from places such as
<command>ALTER DATABASE SET</command>.
</para>
</listitem>
<listitem>
<para>
Fix bugs with temporary or transient tables used in extension scripts
(Tom Lane)
</para>
<para>
This includes cases such as a rewriting <command>ALTER TABLE</command> within
an extension update script, since that uses a transient table behind
the scenes.
</para>
</listitem>
<listitem>
<para>
Ensure autovacuum worker processes perform stack depth checking
properly (Heikki Linnakangas)
</para>
<para>
Previously, infinite recursion in a function invoked by
auto-<command>ANALYZE</command> could crash worker processes.
</para>
</listitem>
<listitem>
<para>
Fix logging collector to not lose log coherency under high load (Andrew
Dunstan)
</para>
<para>
The collector previously could fail to reassemble large messages if it
got too busy.
</para>
</listitem>
<listitem>
<para>
Fix logging collector to ensure it will restart file rotation
after receiving <systemitem>SIGHUP</systemitem> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>too many LWLocks taken</quote> failure in GiST indexes (Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix WAL replay logic for GIN indexes to not fail if the index was
subsequently dropped (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Correctly detect SSI conflicts of prepared transactions after a crash
(Dan Ports)
</para>
</listitem>
<listitem>
<para>
Avoid synchronous replication delay when committing a transaction that
only modified temporary tables (Heikki Linnakangas)
</para>
<para>
In such a case the transaction's commit record need not be flushed to
standby servers, but some of the code didn't know that and waited for
it to happen anyway.
</para>
</listitem>
<listitem>
<para>
Fix error handling in <application>pg_basebackup</application>
(Thomas Ogrisegg, Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix <application>walsender</application> to not go into a busy loop if connection
is terminated (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix memory leak in PL/pgSQL's <command>RETURN NEXT</command> command (Joe
Conway)
</para>
</listitem>
<listitem>
<para>
Fix PL/pgSQL's <command>GET DIAGNOSTICS</command> command when the target
is the function's first variable (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that PL/Perl package-qualifies the <varname>_TD</varname> variable
(Alex Hunsaker)
</para>
<para>
This bug caused trigger invocations to fail when they are nested
within a function invocation that changes the current package.
</para>
</listitem>
<listitem>
<para>
Fix PL/Python functions returning composite types to accept a string
for their result value (Jan Urbanski)
</para>
<para>
This case was accidentally broken by the 9.1 additions to allow a
composite result value to be supplied in other formats, such as
dictionaries.
</para>
</listitem>
<listitem>
<para>
Fix potential access off the end of memory in <application>psql</application>'s
expanded display (<command>\x</command>) mode (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix several performance problems in <application>pg_dump</application> when
the database contains many objects (Jeff Janes, Tom Lane)
</para>
<para>
<application>pg_dump</application> could get very slow if the database contained
many schemas, or if many objects are in dependency loops, or if there
are many owned sequences.
</para>
</listitem>
<listitem>
<para>
Fix memory and file descriptor leaks in <application>pg_restore</application>
when reading a directory-format archive (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</application> for the case that a database stored in a
non-default tablespace contains a table in the cluster's default
tablespace (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>ecpg</application>, fix rare memory leaks and possible overwrite
of one byte after the <structname>sqlca_t</structname> structure (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/dblink</filename>'s <function>dblink_exec()</function> to not leak
temporary database connections upon error (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/dblink</filename> to report the correct connection name in
error messages (Kyotaro Horiguchi)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/vacuumlo</filename> to use multiple transactions when
dropping many large objects (Tim Lewis, Robert Haas, Tom Lane)
</para>
<para>
This change avoids exceeding <varname>max_locks_per_transaction</varname> when
many objects need to be dropped. The behavior can be adjusted with the
new <literal>-l</literal> (limit) option.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2012c
for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland
Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands;
also historical corrections for Canada.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-3">
<title>Release 9.1.3</title>
<formalpara>
<title>Release date:</title>
<para>2012-02-27</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.2.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.3</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.1.2,
see <xref linkend="release-9-1-2"/>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Require execute permission on the trigger function for
<command>CREATE TRIGGER</command> (Robert Haas)
</para>
<para>
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he owns.
This is only of significance for trigger functions marked
<literal>SECURITY DEFINER</literal>, since otherwise trigger functions run
as the table owner anyway. (CVE-2012-0866)
</para>
</listitem>
<listitem>
<para>
Remove arbitrary limitation on length of common name in SSL
certificates (Heikki Linnakangas)
</para>
<para>
Both <application>libpq</application> and the server truncated the common name
extracted from an SSL certificate at 32 bytes. Normally this would
cause nothing worse than an unexpected verification failure, but there
are some rather-implausible scenarios in which it might allow one
certificate holder to impersonate another. The victim would have to
have a common name exactly 32 bytes long, and the attacker would have
to persuade a trusted CA to issue a certificate in which the common
name has that string as a prefix. Impersonating a server would also
require some additional exploit to redirect client connections.
(CVE-2012-0867)
</para>
</listitem>
<listitem>
<para>
Convert newlines to spaces in names written in <application>pg_dump</application>
comments (Robert Haas)
</para>
<para>
<application>pg_dump</application> was incautious about sanitizing object names
that are emitted within SQL comments in its output script. A name
containing a newline would at least render the script syntactically
incorrect. Maliciously crafted object names could present a SQL
injection risk when the script is reloaded. (CVE-2012-0868)
</para>
</listitem>
<listitem>
<para>
Fix btree index corruption from insertions concurrent with vacuuming
(Tom Lane)
</para>
<para>
An index page split caused by an insertion could sometimes cause a
concurrently-running <command>VACUUM</command> to miss removing index entries
that it should remove. After the corresponding table rows are removed,
the dangling index entries would cause errors (such as <quote>could not
read block N in file ...</quote>) or worse, silently wrong query results
after unrelated rows are re-inserted at the now-free table locations.
This bug has been present since release 8.2, but occurs so infrequently
that it was not diagnosed until now. If you have reason to suspect
that it has happened in your database, reindexing the affected index
will fix things.
</para>
</listitem>
<listitem>
<para>
Fix transient zeroing of shared buffers during WAL replay (Tom Lane)
</para>
<para>
The replay logic would sometimes zero and refill a shared buffer, so
that the contents were transiently invalid. In hot standby mode this
can result in a query that's executing in parallel seeing garbage data.
Various symptoms could result from that, but the most common one seems
to be <quote>invalid memory alloc request size</quote>.
</para>
</listitem>
<listitem>
<para>
Fix handling of data-modifying <literal>WITH</literal> subplans in
<literal>READ COMMITTED</literal> rechecking (Tom Lane)
</para>
<para>
A <literal>WITH</literal> clause containing
<command>INSERT</command>/<command>UPDATE</command>/<command>DELETE</command> would crash
if the parent <command>UPDATE</command> or <command>DELETE</command> command needed
to be re-evaluated at one or more rows due to concurrent updates
in <literal>READ COMMITTED</literal> mode.
</para>
</listitem>
<listitem>
<para>
Fix corner case in SSI transaction cleanup
(Dan Ports)
</para>
<para>
When finishing up a read-write serializable transaction,
a crash could occur if all remaining active serializable transactions
are read-only.
</para>
</listitem>
<listitem>
<para>
Fix postmaster to attempt restart after a hot-standby crash (Tom Lane)
</para>
<para>
A logic error caused the postmaster to terminate, rather than attempt
to restart the cluster, if any backend process crashed while operating
in hot standby mode.
</para>
</listitem>
<listitem>
<para>
Fix <command>CLUSTER</command>/<command>VACUUM FULL</command> handling of toast
values owned by recently-updated rows (Tom Lane)
</para>
<para>
This oversight could lead to <quote>duplicate key value violates unique
constraint</quote> errors being reported against the toast table's index
during one of these commands.
</para>
</listitem>
<listitem>
<para>
Update per-column permissions, not only per-table permissions, when
changing table owner (Tom Lane)
</para>
<para>
Failure to do this meant that any previously granted column permissions
were still shown as having been granted by the old owner. This meant
that neither the new owner nor a superuser could revoke the
now-untraceable-to-table-owner permissions.
</para>
</listitem>
<listitem>
<para>
Support foreign data wrappers and foreign servers in
<command>REASSIGN OWNED</command> (Alvaro Herrera)
</para>
<para>
This command failed with <quote>unexpected classid</quote> errors if
it needed to change the ownership of any such objects.
</para>
</listitem>
<listitem>
<para>
Allow non-existent values for some settings in <command>ALTER
USER/DATABASE SET</command> (Heikki Linnakangas)
</para>
<para>
Allow <varname>default_text_search_config</varname>,
<varname>default_tablespace</varname>, and <varname>temp_tablespaces</varname> to be
set to names that are not known. This is because they might be known
in another database where the setting is intended to be used, or for the
tablespace cases because the tablespace might not be created yet. The
same issue was previously recognized for <varname>search_path</varname>, and
these settings now act like that one.
</para>
</listitem>
<listitem>
<para>
Fix <quote>unsupported node type</quote> error caused by <literal>COLLATE</literal>
in an <command>INSERT</command> expression (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Avoid crashing when we have problems deleting table files post-commit
(Tom Lane)
</para>
<para>
Dropping a table should lead to deleting the underlying disk files only
after the transaction commits. In event of failure then (for instance,
because of wrong file permissions) the code is supposed to just emit a
warning message and go on, since it's too late to abort the
transaction. This logic got broken as of release 8.4, causing such
situations to result in a PANIC and an unrestartable database.
</para>
</listitem>
<listitem>
<para>
Recover from errors occurring during WAL replay of <command>DROP
TABLESPACE</command> (Tom Lane)
</para>
<para>
Replay will attempt to remove the tablespace's directories, but there
are various reasons why this might fail (for example, incorrect
ownership or permissions on those directories). Formerly the replay
code would panic, rendering the database unrestartable without manual
intervention. It seems better to log the problem and continue, since
the only consequence of failure to remove the directories is some
wasted disk space.
</para>
</listitem>
<listitem>
<para>
Fix race condition in logging AccessExclusiveLocks for hot standby
(Simon Riggs)
</para>
<para>
Sometimes a lock would be logged as being held by <quote>transaction
zero</quote>. This is at least known to produce assertion failures on
slave servers, and might be the cause of more serious problems.
</para>
</listitem>
<listitem>
<para>
Track the OID counter correctly during WAL replay, even when it wraps
around (Tom Lane)
</para>
<para>
Previously the OID counter would remain stuck at a high value until the
system exited replay mode. The practical consequences of that are
usually nil, but there are scenarios wherein a standby server that's
been promoted to master might take a long time to advance the OID
counter to a reasonable value once values are needed.
</para>
</listitem>
<listitem>
<para>
Prevent emitting misleading <quote>consistent recovery state reached</quote>
log message at the beginning of crash recovery (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix initial value of
<structname>pg_stat_replication</structname>.<structfield>replay_location</structfield>
(Fujii Masao)
</para>
<para>
Previously, the value shown would be wrong until at least one WAL
record had been replayed.
</para>
</listitem>
<listitem>
<para>
Fix regular expression back-references with <literal>*</literal> attached
(Tom Lane)
</para>
<para>
Rather than enforcing an exact string match, the code would effectively
accept any string that satisfies the pattern sub-expression referenced
by the back-reference symbol.
</para>
<para>
A similar problem still afflicts back-references that are embedded in a
larger quantified expression, rather than being the immediate subject
of the quantifier. This will be addressed in a future
<productname>PostgreSQL</productname> release.
</para>
</listitem>
<listitem>
<para>
Fix recently-introduced memory leak in processing of
<type>inet</type>/<type>cidr</type> values (Heikki Linnakangas)
</para>
<para>
A patch in the December 2011 releases of <productname>PostgreSQL</productname>
caused memory leakage in these operations, which could be significant
in scenarios such as building a btree index on such a column.
</para>
</listitem>
<listitem>
<para>
Fix planner's ability to push down index-expression restrictions
through <literal>UNION ALL</literal> (Tom Lane)
</para>
<para>
This type of optimization was inadvertently disabled by a fix for
another problem in 9.1.2.
</para>
</listitem>
<listitem>
<para>
Fix planning of <literal>WITH</literal> clauses referenced in
<command>UPDATE</command>/<command>DELETE</command> on an inherited table
(Tom Lane)
</para>
<para>
This bug led to <quote>could not find plan for CTE</quote> failures.
</para>
</listitem>
<listitem>
<para>
Fix GIN cost estimation to handle <literal>column IN (...)</literal>
index conditions (Marti Raudsepp)
</para>
<para>
This oversight would usually lead to crashes if such a condition could
be used with a GIN index.
</para>
</listitem>
<listitem>
<para>
Prevent assertion failure when exiting a session with an open, failed
transaction (Tom Lane)
</para>
<para>
This bug has no impact on normal builds with asserts not enabled.
</para>
</listitem>
<listitem>
<para>
Fix dangling pointer after <command>CREATE TABLE AS</command>/<command>SELECT
INTO</command> in a SQL-language function (Tom Lane)
</para>
<para>
In most cases this only led to an assertion failure in assert-enabled
builds, but worse consequences seem possible.
</para>
</listitem>
<listitem>
<para>
Avoid double close of file handle in syslogger on Windows (MauMau)
</para>
<para>
Ordinarily this error was invisible, but it would cause an exception
when running on a debug version of Windows.
</para>
</listitem>
<listitem>
<para>
Fix I/O-conversion-related memory leaks in plpgsql
(Andres Freund, Jan Urbanski, Tom Lane)
</para>
<para>
Certain operations would leak memory until the end of the current
function.
</para>
</listitem>
<listitem>
<para>
Work around bug in perl's SvPVutf8() function (Andrew Dunstan)
</para>
<para>
This function crashes when handed a typeglob or certain read-only
objects such as <literal>$^V</literal>. Make plperl avoid passing those to
it.
</para>
</listitem>
<listitem>
<para>
In <application>pg_dump</application>, don't dump contents of an extension's
configuration tables if the extension itself is not being dumped
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve <application>pg_dump</application>'s handling of inherited table columns
(Tom Lane)
</para>
<para>
<application>pg_dump</application> mishandled situations where a child column has
a different default expression than its parent column. If the default
is textually identical to the parent's default, but not actually the
same (for instance, because of schema search path differences) it would
not be recognized as different, so that after dump and restore the
child would be allowed to inherit the parent's default. Child columns
that are <literal>NOT NULL</literal> where their parent is not could also be
restored subtly incorrectly.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</application>'s direct-to-database mode for
INSERT-style table data (Tom Lane)
</para>
<para>
Direct-to-database restores from archive files made with
<option>--inserts</option> or <option>--column-inserts</option> options fail when
using <application>pg_restore</application> from a release dated September or
December 2011, as a result of an oversight in a fix for another
problem. The archive file itself is not at fault, and text-mode
output is okay.
</para>
</listitem>
<listitem>
<para>
Teach <application>pg_upgrade</application> to handle renaming of
<application>plpython</application>'s shared library (Bruce Momjian)
</para>
<para>
Upgrading a pre-9.1 database that included plpython would fail because
of this oversight.
</para>
</listitem>
<listitem>
<para>
Allow <application>pg_upgrade</application> to process tables containing
<type>regclass</type> columns (Bruce Momjian)
</para>
<para>
Since <application>pg_upgrade</application> now takes care to preserve
<structname>pg_class</structname> OIDs, there was no longer any reason for this
restriction.
</para>
</listitem>
<listitem>
<para>
Make <application>libpq</application> ignore <literal>ENOTDIR</literal> errors
when looking for an SSL client certificate file
(Magnus Hagander)
</para>
<para>
This allows SSL connections to be established, though without a
certificate, even when the user's home directory is set to something
like <literal>/dev/null</literal>.
</para>
</listitem>
<listitem>
<para>
Fix some more field alignment issues in <application>ecpg</application>'s SQLDA area
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Allow <literal>AT</literal> option in <application>ecpg</application>
<literal>DEALLOCATE</literal> statements (Michael Meskes)
</para>
<para>
The infrastructure to support this has been there for awhile, but
through an oversight there was still an error check rejecting the case.
</para>
</listitem>
<listitem>
<para>
Do not use the variable name when defining a varchar structure in ecpg
(Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/auto_explain</filename>'s JSON output mode to produce
valid JSON (Andrew Dunstan)
</para>
<para>
The output used brackets at the top level, when it should have used
braces.
</para>
</listitem>
<listitem>
<para>
Fix error in <filename>contrib/intarray</filename>'s <literal>int[] &amp;
int[]</literal> operator (Guillaume Lelarge)
</para>
<para>
If the smallest integer the two input arrays have in common is 1,
and there are smaller values in either array, then 1 would be
incorrectly omitted from the result.
</para>
</listitem>
<listitem>
<para>
Fix error detection in <filename>contrib/pgcrypto</filename>'s
<function>encrypt_iv()</function> and <function>decrypt_iv()</function>
(Marko Kreen)
</para>
<para>
These functions failed to report certain types of invalid-input errors,
and would instead return random garbage values for incorrect input.
</para>
</listitem>
<listitem>
<para>
Fix one-byte buffer overrun in <filename>contrib/test_parser</filename>
(Paul Guyot)
</para>
<para>
The code would try to read one more byte than it should, which would
crash in corner cases.
Since <filename>contrib/test_parser</filename> is only example code, this is
not a security issue in itself, but bad example code is still bad.
</para>
</listitem>
<listitem>
<para>
Use <function>__sync_lock_test_and_set()</function> for spinlocks on ARM, if
available (Martin Pitt)
</para>
<para>
This function replaces our previous use of the <literal>SWPB</literal>
instruction, which is deprecated and not available on ARMv6 and later.
Reports suggest that the old code doesn't fail in an obvious way on
recent ARM boards, but simply doesn't interlock concurrent accesses,
leading to bizarre failures in multiprocess operation.
</para>
</listitem>
<listitem>
<para>
Use <option>-fexcess-precision=standard</option> option when building with
gcc versions that accept it (Andrew Dunstan)
</para>
<para>
This prevents assorted scenarios wherein recent versions of gcc will
produce creative results.
</para>
</listitem>
<listitem>
<para>
Allow use of threaded Python on FreeBSD (Chris Rees)
</para>
<para>
Our configure script previously believed that this combination wouldn't
work; but FreeBSD fixed the problem, so remove that error check.
</para>
</listitem>
<listitem>
<para>
Allow MinGW builds to use standardly-named OpenSSL libraries
(Tomasz Ostrowski)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-2">
<title>Release 9.1.2</title>
<formalpara>
<title>Release date:</title>
<para>2011-12-05</para>
</formalpara>
<para>
This release contains a variety of fixes from 9.1.1.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.2</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
<para>
However, a longstanding error was discovered in the definition of the
<literal>information_schema.referential_constraints</literal> view. If you
rely on correct results from that view, you should replace its
definition as explained in the first changelog item below.
</para>
<para>
Also, if you use the <type>citext</type> data type, and you upgraded
from a previous major release by running <application>pg_upgrade</application>,
you should run <literal>CREATE EXTENSION citext FROM unpackaged</literal>
to avoid collation-related failures in <type>citext</type> operations.
The same is necessary if you restore a dump from a pre-9.1 database
that contains an instance of the <type>citext</type> data type.
If you've already run the <command>CREATE EXTENSION</command> command before
upgrading to 9.1.2, you will instead need to do manual catalog updates
as explained in the second changelog item.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix bugs in <literal>information_schema.referential_constraints</literal> view
(Tom Lane)
</para>
<para>
This view was being insufficiently careful about matching the
foreign-key constraint to the depended-on primary or unique key
constraint. That could result in failure to show a foreign key
constraint at all, or showing it multiple times, or claiming that it
depends on a different constraint than the one it really does.
</para>
<para>
Since the view definition is installed by <application>initdb</application>,
merely upgrading will not fix the problem. If you need to fix this
in an existing installation, you can (as a superuser) drop the
<literal>information_schema</literal> schema then re-create it by sourcing
<filename><replaceable>SHAREDIR</replaceable>/information_schema.sql</filename>.
(Run <literal>pg_config --sharedir</literal> if you're uncertain where
<replaceable>SHAREDIR</replaceable> is.) This must be repeated in each database
to be fixed.
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/citext</filename>'s upgrade script fix collations of
<type>citext</type> columns and indexes (Tom Lane)
</para>
<para>
Existing <type>citext</type> columns and indexes aren't correctly marked as
being of a collatable data type during <application>pg_upgrade</application> from
a pre-9.1 server, or when a pre-9.1 dump containing the <type>citext</type>
type is loaded into a 9.1 server.
That leads to operations on these columns failing with errors
such as <quote>could not determine which collation to use for string
comparison</quote>. This change allows them to be fixed by the same
script that upgrades the <type>citext</type> module into a proper 9.1
extension during <literal>CREATE EXTENSION citext FROM unpackaged</literal>.
</para>
<para>
If you have a previously-upgraded database that is suffering from this
problem, and you already ran the <command>CREATE EXTENSION</command> command,
you can manually run (as superuser) the <command>UPDATE</command> commands
found at the end of
<filename><replaceable>SHAREDIR</replaceable>/extension/citext--unpackaged--1.0.sql</filename>.
(Run <literal>pg_config --sharedir</literal> if you're uncertain where
<replaceable>SHAREDIR</replaceable> is.)
There is no harm in doing this again if unsure.
</para>
</listitem>
<listitem>
<para>
Fix possible crash during <command>UPDATE</command> or <command>DELETE</command> that
joins to the output of a scalar-returning function (Tom Lane)
</para>
<para>
A crash could only occur if the target row had been concurrently
updated, so this problem surfaced only intermittently.
</para>
</listitem>
<listitem>
<para>
Fix incorrect replay of WAL records for GIN index updates
(Tom Lane)
</para>
<para>
This could result in transiently failing to find index entries after
a crash, or on a hot-standby server. The problem would be repaired
by the next <command>VACUUM</command> of the index, however.
</para>
</listitem>
<listitem>
<para>
Fix TOAST-related data corruption during <literal>CREATE TABLE dest AS
SELECT * FROM src</literal> or <literal>INSERT INTO dest SELECT * FROM src</literal>
(Tom Lane)
</para>
<para>
If a table has been modified by <command>ALTER TABLE ADD COLUMN</command>,
attempts to copy its data verbatim to another table could produce
corrupt results in certain corner cases.
The problem can only manifest in this precise form in 8.4 and later,
but we patched earlier versions as well in case there are other code
paths that could trigger the same bug.
</para>
</listitem>
<listitem>
<para>
Fix possible failures during hot standby startup (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Start hot standby faster when initial snapshot is incomplete
(Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Fix race condition during toast table access from stale syscache entries
(Tom Lane)
</para>
<para>
The typical symptom was transient errors like <quote>missing chunk
number 0 for toast value NNNNN in pg_toast_2619</quote>, where the cited
toast table would always belong to a system catalog.
</para>
</listitem>
<listitem>
<para>
Track dependencies of functions on items used in parameter default
expressions (Tom Lane)
</para>
<para>
Previously, a referenced object could be dropped without having dropped
or modified the function, leading to misbehavior when the function was
used. Note that merely installing this update will not fix the missing
dependency entries; to do that, you'd need to <command>CREATE OR
REPLACE</command> each such function afterwards. If you have functions whose
defaults depend on non-built-in objects, doing so is recommended.
</para>
</listitem>
<listitem>
<para>
Fix incorrect management of placeholder variables in nestloop joins
(Tom Lane)
</para>
<para>
This bug is known to lead to <quote>variable not found in subplan target
list</quote> planner errors, and could possibly result in wrong query output
when outer joins are involved.
</para>
</listitem>
<listitem>
<para>
Fix window functions that sort by expressions involving aggregates
(Tom Lane)
</para>
<para>
Previously these could fail with <quote>could not find pathkey item to
sort</quote> planner errors.
</para>
</listitem>
<listitem>
<para>
Fix <quote>MergeAppend child's targetlist doesn't match MergeAppend</quote>
planner errors (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix index matching for operators with both collatable and noncollatable
inputs (Tom Lane)
</para>
<para>
In 9.1.0, an indexable operator that has a non-collatable left-hand
input type and a collatable right-hand input type would not be
recognized as matching the left-hand column's index. An example is
the <type>hstore</type> <literal>?</literal> <type>text</type> operator.
</para>
</listitem>
<listitem>
<para>
Allow inlining of set-returning SQL functions with multiple OUT
parameters (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Don't trust deferred-unique indexes for join removal (Tom Lane and Marti
Raudsepp)
</para>
<para>
A deferred uniqueness constraint might not hold intra-transaction,
so assuming that it does could give incorrect query results.
</para>
</listitem>
<listitem>
<para>
Make <function>DatumGetInetP()</function> unpack inet datums that have a 1-byte
header, and add a new macro, <function>DatumGetInetPP()</function>, that does
not (Heikki Linnakangas)
</para>
<para>
This change affects no core code, but might prevent crashes in add-on
code that expects <function>DatumGetInetP()</function> to produce an unpacked
datum as per usual convention.
</para>
</listitem>
<listitem>
<para>
Improve locale support in <type>money</type> type's input and output
(Tom Lane)
</para>
<para>
Aside from not supporting all standard
<link linkend="guc-lc-monetary"><varname>lc_monetary</varname></link>
formatting options, the input and output functions were inconsistent,
meaning there were locales in which dumped <type>money</type> values could
not be re-read.
</para>
</listitem>
<listitem>
<para>
Don't let <link
linkend="guc-transform-null-equals"><varname>transform_null_equals</varname></link>
affect <literal>CASE foo WHEN NULL ...</literal> constructs
(Heikki Linnakangas)
</para>
<para>
<varname>transform_null_equals</varname> is only supposed to affect
<literal>foo = NULL</literal> expressions written directly by the user, not
equality checks generated internally by this form of <literal>CASE</literal>.
</para>
</listitem>
<listitem>
<para>
Change foreign-key trigger creation order to better support
self-referential foreign keys (Tom Lane)
</para>
<para>
For a cascading foreign key that references its own table, a row update
will fire both the <literal>ON UPDATE</literal> trigger and the
<literal>CHECK</literal> trigger as one event. The <literal>ON UPDATE</literal>
trigger must execute first, else the <literal>CHECK</literal> will check a
non-final state of the row and possibly throw an inappropriate error.
However, the firing order of these triggers is determined by their
names, which generally sort in creation order since the triggers have
auto-generated names following the convention
<quote>RI_ConstraintTrigger_NNNN</quote>. A proper fix would require
modifying that convention, which we will do in 9.2, but it seems risky
to change it in existing releases. So this patch just changes the
creation order of the triggers. Users encountering this type of error
should drop and re-create the foreign key constraint to get its
triggers into the right order.
</para>
</listitem>
<listitem>
<para>
Fix <literal>IF EXISTS</literal> to work correctly in <command>DROP OPERATOR
FAMILY</command> (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Disallow dropping of an extension from within its own script
(Tom Lane)
</para>
<para>
This prevents odd behavior in case of incorrect management of extension
dependencies.
</para>
</listitem>
<listitem>
<para>
Don't mark auto-generated types as extension members (Robert Haas)
</para>
<para>
Relation rowtypes and automatically-generated array types do not need to
have their own extension membership entries in <structname>pg_depend</structname>,
and creating such entries complicates matters for extension upgrades.
</para>
</listitem>
<listitem>
<para>
Cope with invalid pre-existing <varname>search_path</varname> settings during
<command>CREATE EXTENSION</command> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Avoid floating-point underflow while tracking buffer allocation rate
(Greg Matthews)
</para>
<para>
While harmless in itself, on certain platforms this would result in
annoying kernel log messages.
</para>
</listitem>
<listitem>
<para>
Prevent autovacuum transactions from running in serializable mode
(Tom Lane)
</para>
<para>
Autovacuum formerly used the cluster-wide default transaction isolation
level, but there is no need for it to use anything higher than READ
COMMITTED, and using SERIALIZABLE could result in unnecessary delays
for other processes.
</para>
</listitem>
<listitem>
<para>
Ensure walsender processes respond promptly to <systemitem>SIGTERM</systemitem>
(Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Exclude <filename>postmaster.opts</filename> from base backups
(Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Preserve configuration file name and line number values when starting
child processes under Windows (Tom Lane)
</para>
<para>
Formerly, these would not be displayed correctly in the
<structname>pg_settings</structname> view.
</para>
</listitem>
<listitem>
<para>
Fix incorrect field alignment in <application>ecpg</application>'s SQLDA area
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Preserve blank lines within commands in <application>psql</application>'s command
history (Robert Haas)
</para>
<para>
The former behavior could cause problems if an empty line was removed
from within a string literal, for example.
</para>
</listitem>
<listitem>
<para>
Avoid platform-specific infinite loop in <application>pg_dump</application>
(Steve Singer)
</para>
</listitem>
<listitem>
<para>
Fix compression of plain-text output format in <application>pg_dump</application>
(Adrian Klaver and Tom Lane)
</para>
<para>
<application>pg_dump</application> has historically understood <literal>-Z</literal> with
no <literal>-F</literal> switch to mean that it should emit a gzip-compressed
version of its plain text output. Restore that behavior.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</application> to dump user-defined casts between
auto-generated types, such as table rowtypes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix missed quoting of foreign server names in <application>pg_dump</application>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Assorted fixes for <application>pg_upgrade</application> (Bruce Momjian)
</para>
<para>
Handle exclusion constraints correctly, avoid failures on Windows,
don't complain about mismatched toast table names in 8.4 databases.
</para>
</listitem>
<listitem>
<para>
In PL/pgSQL, allow foreign tables to define row types
(Alexander Soudakov)
</para>
</listitem>
<listitem>
<para>
Fix up conversions of PL/Perl functions' results
(Alex Hunsaker and Tom Lane)
</para>
<para>
Restore the pre-9.1 behavior that PL/Perl functions returning
<type>void</type> ignore the result value of their last Perl statement;
9.1.0 would throw an error if that statement returned a reference.
Also, make sure it works to return a string value for a composite type,
so long as the string meets the type's input format.
In addition, throw errors for attempts to return Perl arrays or hashes
when the function's declared result type is not an array or composite
type, respectively. (Pre-9.1 versions rather uselessly returned
strings like <literal>ARRAY(0x221a9a0)</literal> or
<literal>HASH(0x221aa90)</literal> in such cases.)
</para>
</listitem>
<listitem>
<para>
Ensure PL/Perl strings are always correctly UTF8-encoded
(Amit Khandekar and Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Use the preferred version of <application>xsubpp</application> to build PL/Perl,
not necessarily the operating system's main copy
(David Wheeler and Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Correctly propagate SQLSTATE in PL/Python exceptions
(Mika Eloranta and Jan Urbanski)
</para>
</listitem>
<listitem>
<para>
Do not install PL/Python extension files for Python major versions
other than the one built against (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Change all the <filename>contrib</filename> extension script files to report
a useful error message if they are fed to <application>psql</application>
(Andrew Dunstan and Tom Lane)
</para>
<para>
This should help teach people about the new method of using
<command>CREATE EXTENSION</command> to load these files. In most cases,
sourcing the scripts directly would fail anyway, but with
harder-to-interpret messages.
</para>
</listitem>
<listitem>
<para>
Fix incorrect coding in <filename>contrib/dict_int</filename> and
<filename>contrib/dict_xsyn</filename> (Tom Lane)
</para>
<para>
Some functions incorrectly assumed that memory returned by
<function>palloc()</function> is guaranteed zeroed.
</para>
</listitem>
<listitem>
<para>
Remove <filename>contrib/sepgsql</filename> tests from the regular regression
test mechanism (Tom Lane)
</para>
<para>
Since these tests require root privileges for setup, they're impractical
to run automatically. Switch over to a manual approach instead, and
provide a testing script to help with that.
</para>
</listitem>
<listitem>
<para>
Fix assorted errors in <filename>contrib/unaccent</filename>'s configuration
file parsing (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Honor query cancel interrupts promptly in <function>pgstatindex()</function>
(Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix incorrect quoting of log file name in macOS start script
(Sidar Lopez)
</para>
</listitem>
<listitem>
<para>
Revert unintentional enabling of <literal>WAL_DEBUG</literal> (Robert Haas)
</para>
<para>
Fortunately, as debugging tools go, this one is pretty cheap;
but it's not intended to be enabled by default, so revert.
</para>
</listitem>
<listitem>
<para>
Ensure VPATH builds properly install all server header files
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Shorten file names reported in verbose error messages (Peter Eisentraut)
</para>
<para>
Regular builds have always reported just the name of the C file
containing the error message call, but VPATH builds formerly
reported an absolute path name.
</para>
</listitem>
<listitem>
<para>
Fix interpretation of Windows timezone names for Central America
(Tom Lane)
</para>
<para>
Map <quote>Central America Standard Time</quote> to <literal>CST6</literal>, not
<literal>CST6CDT</literal>, because DST is generally not observed anywhere in
Central America.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</application> release 2011n
for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa;
also historical corrections for Alaska and British East Africa.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1-1">
<title>Release 9.1.1</title>
<formalpara>
<title>Release date:</title>
<para>2011-09-26</para>
</formalpara>
<para>
This release contains a small number of fixes from 9.1.0.
For information about new features in the 9.1 major release, see
<xref linkend="release-9-1"/>.
</para>
<sect2>
<title>Migration to Version 9.1.1</title>
<para>
A dump/restore is not required for those running 9.1.X.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Make <function>pg_options_to_table</function> return NULL for an option with no
value (Tom Lane)
</para>
<para>
Previously such cases would result in a server crash.
</para>
</listitem>
<listitem>
<para>
Fix memory leak at end of a GiST index scan (Tom Lane)
</para>
<para>
Commands that perform many separate GiST index scans, such as
verification of a new GiST-based exclusion constraint on a table
already containing many rows, could transiently require large amounts of
memory due to this leak.
</para>
</listitem>
<listitem>
<para>
Fix explicit reference to <literal>pg_temp</literal> schema in <command>CREATE
TEMPORARY TABLE</command> (Robert Haas)
</para>
<para>
This used to be allowed, but failed in 9.1.0.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-1">
<title>Release 9.1</title>
<formalpara>
<title>Release date:</title>
<para>2011-09-12</para>
</formalpara>
<sect2>
<title>Overview</title>
<para>
This release shows <productname>PostgreSQL</productname> moving beyond the
traditional relational-database feature set with new, ground-breaking
functionality that is unique to <productname>PostgreSQL</productname>.
The streaming replication feature introduced in release 9.0 is
significantly enhanced by adding a synchronous-replication option,
streaming backups, and monitoring improvements.
Major enhancements include:
</para>
<itemizedlist>
<!-- This list duplicates items below, but without authors or details-->
<listitem>
<para>
Allow <link linkend="synchronous-replication">synchronous
replication</link>
</para>
</listitem>
<listitem>
<para>
Add support for <link linkend="sql-createforeigntable">foreign
tables</link>
</para>
</listitem>
<listitem>
<para>
Add per-column <link
linkend="collation">collation</link> support
</para>
</listitem>
<listitem>
<para>
Add <link linkend="extend-extensions">extensions</link> which
simplify packaging of additions to <productname>PostgreSQL</productname>
</para>
</listitem>
<listitem>
<para>
Add a true <link
linkend="xact-serializable">serializable isolation level</link>
</para>
</listitem>
<listitem>
<para>
Support unlogged tables using the <literal>UNLOGGED</literal>
option in <link linkend="sql-createtable"><command>CREATE
TABLE</command></link>
</para>
</listitem>
<listitem>
<para>
Allow data-modification commands
(<command>INSERT</command>/<command>UPDATE</command>/<command>DELETE</command>) in
<link linkend="queries-with"><literal>WITH</literal></link> clauses
</para>
</listitem>
<listitem>
<para>
Add nearest-neighbor (order-by-operator) searching to <link
linkend="gist"><acronym>GiST</acronym> indexes</link>
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="sql-security-label"><command>SECURITY
LABEL</command></link> command and support for
<link linkend="sepgsql"><acronym>SELinux</acronym> permissions control</link>
</para>
</listitem>
<listitem>
<para>
Update the <link linkend="plpython">PL/Python</link> server-side
language
</para>
</listitem>
</itemizedlist>
<para>
The above items are explained in more detail in the sections below.
</para>
</sect2>
<sect2>
<title>Migration to Version 9.1</title>
<para>
A dump/restore using <application>pg_dump</application>,
or use of <application>pg_upgrade</application>, is required
for those wishing to migrate data from any previous
release.
</para>
<para>
Version 9.1 contains a number of changes that may affect compatibility
with previous releases. Observe the following incompatibilities:
</para>
<sect3>
<title>Strings</title>
<itemizedlist>
<listitem>
<para>
Change the default value of <link
linkend="guc-standard-conforming-strings"><varname>standard_conforming_strings</varname></link>
to on (Robert Haas)
</para>
<para>
By default, backslashes are now ordinary characters in string literals,
not escape characters. This change removes a long-standing
incompatibility with the SQL standard. <link
linkend="guc-escape-string-warning"><varname>escape_string_warning</varname></link>
has produced warnings about this usage for years. <literal>E''</literal>
strings are the proper way to embed backslash escapes in strings and are
unaffected by this change.
</para>
<warning>
<para>
This change can break applications that are not expecting it and
do their own string escaping according to the old rules. The
consequences could be as severe as introducing SQL-injection security
holes. Be sure to test applications that are exposed to untrusted
input, to ensure that they correctly handle single quotes and
backslashes in text strings.
</para>
</warning>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Casting</title>
<itemizedlist>
<listitem>
<para>
Disallow function-style and attribute-style data type casts for
composite types (Tom Lane)
</para>
<para>
For example, disallow
<literal><replaceable>composite_value</replaceable>.text</literal> and
<literal>text(<replaceable>composite_value</replaceable>)</literal>.
Unintentional uses of this syntax have frequently resulted in bug
reports; although it was not a bug, it seems better to go back to
rejecting such expressions.
The <literal>CAST</literal> and <literal>::</literal> syntaxes are still available
for use when a cast of an entire composite value is actually intended.
</para>
</listitem>
<listitem>
<para>
Tighten casting checks for domains based on arrays (Tom Lane)
</para>
<para>
When a domain is based on an array type, it is allowed to <quote>look
through</quote> the domain type to access the array elements, including
subscripting the domain value to fetch or assign an element.
Assignment to an element of such a domain value, for instance via
<literal>UPDATE ... SET domaincol[5] = ...</literal>, will now result in
rechecking the domain type's constraints, whereas before the checks
were skipped.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Arrays</title>
<itemizedlist>
<listitem>
<para>
Change <link
linkend="array-functions-table"><function>string_to_array()</function></link>
to return an empty array for a zero-length string (Pavel
Stehule)
</para>
<para>
Previously this returned a null value.
</para>
</listitem>
<listitem>
<para>
Change <link
linkend="array-functions-table"><function>string_to_array()</function></link>
so a <literal>NULL</literal> separator splits the string into characters
(Pavel Stehule)
</para>
<para>
Previously this returned a null value.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Object Modification</title>
<itemizedlist>
<listitem>
<para>
Fix improper checks for before/after triggers (Tom Lane)
</para>
<para>
Triggers can now be fired in three cases: <literal>BEFORE</literal>,
<literal>AFTER</literal>, or <literal>INSTEAD OF</literal> some action.
Trigger function authors should verify that their logic behaves
sanely in all three cases.
</para>
</listitem>
<listitem>
<para>
Require superuser or <literal>CREATEROLE</literal> permissions in order to
set comments on roles (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Server Settings</title>
<itemizedlist>
<listitem>
<para>
Change <link
linkend="functions-recovery-info-table"><function>pg_last_xlog_receive_location()</function></link>
so it never moves backwards (Fujii Masao)
</para>
<para>
Previously, the value of <function>pg_last_xlog_receive_location()</function>
could move backward when streaming replication is restarted.
</para>
</listitem>
<listitem>
<para>
Have logging of replication connections honor <link
linkend="guc-log-connections"><varname>log_connections</varname></link>
(Magnus Hagander)
</para>
<para>
Previously, replication connections were always logged.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title><link linkend="plpgsql">PL/pgSQL</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Change PL/pgSQL's <literal>RAISE</literal> command without parameters
to be catchable by the attached exception block (Piyush Newe)
</para>
<para>
Previously <literal>RAISE</literal> in a code block was always scoped to
an attached exception block, so it was uncatchable at the same
scope.
</para>
</listitem>
<listitem>
<para>
Adjust PL/pgSQL's error line numbering code to be consistent
with other PLs (Pavel Stehule)
</para>
<para>
Previously, PL/pgSQL would ignore (not count) an empty line at the
start of the function body. Since this was inconsistent with all
other languages, the special case was removed.
</para>
</listitem>
<listitem>
<para>
Make PL/pgSQL complain about conflicting IN and OUT parameter names
(Tom Lane)
</para>
<para>
Formerly, the collision was not detected, and the name would just
silently refer to only the OUT parameter.
</para>
</listitem>
<listitem>
<para>
Type modifiers of PL/pgSQL variables are now visible to the SQL parser
(Tom Lane)
</para>
<para>
A type modifier (such as a varchar length limit) attached to a PL/pgSQL
variable was formerly enforced during assignments, but was ignored for
all other purposes. Such variables will now behave more like table
columns declared with the same modifier. This is not expected to make
any visible difference in most cases, but it could result in subtle
changes for some SQL commands issued by PL/pgSQL functions.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Contrib</title>
<itemizedlist>
<listitem>
<para>
All contrib modules are now installed with <link
linkend="sql-createextension"><command>CREATE EXTENSION</command></link>
rather than by manually invoking their SQL scripts
(Dimitri Fontaine, Tom Lane)
</para>
<para>
To update an existing database containing the 9.0 version of a contrib
module, use <literal>CREATE EXTENSION ... FROM unpackaged</literal>
to wrap the existing contrib module's objects into an extension. When
updating from a pre-9.0 version, drop the contrib module's objects
using its old uninstall script, then use <literal>CREATE EXTENSION</literal>.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Other Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
Make <link
linkend="monitoring-stats-funcs-table"><function>pg_stat_reset()</function></link>
reset all database-level statistics (Tomas Vondra)
</para>
<para>
Some <structname>pg_stat_database</structname> counters were not being reset.
</para>
</listitem>
<listitem>
<para>
Fix some <link
linkend="infoschema-triggers"><structname>information_schema.triggers</structname></link>
column names to match the new SQL-standard names (Dean Rasheed)
</para>
</listitem>
<listitem>
<para>
Treat <application>ECPG</application> cursor names as case-insensitive
(Zoltan Boszormenyi)
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
<sect2>
<title>Changes</title>
<para>
Below you will find a detailed account of the changes between
<productname>PostgreSQL</productname> 9.1 and the previous major
release.
</para>
<sect3>
<title>Server</title>
<sect4>
<title>Performance</title>
<itemizedlist>
<listitem>
<para>
Support unlogged tables using the <literal>UNLOGGED</literal>
option in <link linkend="sql-createtable"><command>CREATE
TABLE</command></link> (Robert Haas)
</para>
<para>
Such tables provide better update performance than regular tables,
but are not crash-safe: their contents are automatically cleared in
case of a server crash. Their contents do not propagate to
replication slaves, either.
</para>
</listitem>
<listitem>
<para>
Allow <literal>FULL OUTER JOIN</literal> to be implemented as a
hash join, and allow either side of a <literal>LEFT OUTER JOIN</literal>
or <literal>RIGHT OUTER JOIN</literal> to be hashed (Tom Lane)
</para>
<para>
Previously <literal>FULL OUTER JOIN</literal> could only be
implemented as a merge join, and <literal>LEFT OUTER JOIN</literal>
and <literal>RIGHT OUTER JOIN</literal> could hash only the nullable
side of the join. These changes provide additional query optimization
possibilities.
</para>
</listitem>
<listitem>
<para>
Merge duplicate fsync requests (Robert Haas, Greg Smith)
</para>
<para>
This greatly improves performance under heavy write loads.
</para>
</listitem>
<listitem>
<para>
Improve performance of <link
linkend="guc-commit-siblings"><varname>commit_siblings</varname></link>
(Greg Smith)
</para>
<para>
This allows the use of <varname>commit_siblings</varname> with
less overhead.
</para>
</listitem>
<listitem>
<para>
Reduce the memory requirement for large ispell dictionaries
(Pavel Stehule, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Avoid leaving data files open after <quote>blind writes</quote>
(Alvaro Herrera)
</para>
<para>
This fixes scenarios in which backends might hold files open long
after they were deleted, preventing the kernel from reclaiming
disk space.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Optimizer</title>
<itemizedlist>
<listitem>
<para>
Allow inheritance table scans to return meaningfully-sorted
results (Greg Stark, Hans-Jurgen Schonig, Robert Haas, Tom Lane)
</para>
<para>
This allows better optimization of queries that use <literal>ORDER
BY</literal>, <literal>LIMIT</literal>, or <literal>MIN</literal>/<literal>MAX</literal> with
inherited tables.
</para>
</listitem>
<listitem>
<para>
Improve GIN index scan cost estimation (Teodor Sigaev)
</para>
</listitem>
<listitem>
<para>
Improve cost estimation for aggregates and window functions (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Authentication</title>
<itemizedlist>
<listitem>
<para>
Support host names and host suffixes
(e.g. <literal>.example.com</literal>) in <link
linkend="auth-pg-hba-conf"><filename>pg_hba.conf</filename></link>
(Peter Eisentraut)
</para>
<para>
Previously only host <acronym>IP</acronym> addresses and <acronym>CIDR</acronym>
values were supported.
</para>
</listitem>
<listitem>
<para>
Support the key word <literal>all</literal> in the host column of <link
linkend="auth-pg-hba-conf"><filename>pg_hba.conf</filename></link>
(Peter Eisentraut)
</para>
<para>
Previously people used <literal>0.0.0.0/0</literal> or <literal>::/0</literal>
for this.
</para>
</listitem>
<listitem>
<para>
Reject <literal>local</literal> lines in <link
linkend="auth-pg-hba-conf"><filename>pg_hba.conf</filename></link>
on platforms that don't support Unix-socket connections
(Magnus Hagander)
</para>
<para>
Formerly, such lines were silently ignored, which could be surprising.
This makes the behavior more like other unsupported cases.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="gssapi-auth"><acronym>GSSAPI</acronym></link>
to be used to authenticate to servers via <link
linkend="sspi-auth"><acronym>SSPI</acronym></link> (Christian Ullrich)
</para>
<para>
Specifically this allows Unix-based <acronym>GSSAPI</acronym> clients
to do <acronym>SSPI</acronym> authentication with Windows servers.
</para>
</listitem>
<listitem>
<para>
<link linkend="auth-ident"><literal>ident</literal></link>
authentication over local sockets is now known as
<link linkend="auth-peer"><literal>peer</literal></link>
(Magnus Hagander)
</para>
<para>
The old term is still accepted for backward compatibility, but since
the two methods are fundamentally different, it seemed better to adopt
different names for them.
</para>
</listitem>
<listitem>
<para>
Rewrite <link linkend="auth-peer"><acronym>peer</acronym></link>
authentication to avoid use of credential control messages (Tom Lane)
</para>
<para>
This change makes the peer authentication code simpler and
better-performing. However, it requires the platform to provide the
<function>getpeereid</function> function or an equivalent socket operation.
So far as is known, the only platform for which peer authentication
worked before and now will not is pre-5.0 NetBSD.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Monitoring</title>
<itemizedlist>
<listitem>
<para>
Add details to the logging of restartpoints and checkpoints,
which is controlled by <link
linkend="guc-log-checkpoints"><varname>log_checkpoints</varname></link>
(Fujii Masao, Greg Smith)
</para>
<para>
New details include <acronym>WAL</acronym> file and sync activity.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="guc-log-file-mode"><varname>log_file_mode</varname></link>
which controls the permissions on log files created by the
logging collector (Martin Pihlak)
</para>
</listitem>
<listitem>
<para>
Reduce the default maximum line length for <application>syslog</application>
logging to 900 bytes plus prefixes (Noah Misch)
</para>
<para>
This avoids truncation of long log lines on syslog implementations
that have a 1KB length limit, rather than the more common 2KB.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Statistical Views</title>
<itemizedlist>
<listitem>
<para>
Add <structfield>client_hostname</structfield> column to <link
linkend="monitoring-stats-views-table"><structname>pg_stat_activity</structname></link>
(Peter Eisentraut)
</para>
<para>
Previously only the client address was reported.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="monitoring-stats-views-table"><structname>pg_stat_xact_*</structname></link>
statistics functions and views (Joel Jacobson)
</para>
<para>
These are like the database-wide statistics counter views, but
reflect counts for only the current transaction.
</para>
</listitem>
<listitem>
<para>
Add time of last reset in database-level and background writer
statistics views (Tomas Vondra)
</para>
</listitem>
<listitem>
<para>
Add columns showing the number of vacuum and analyze operations
in <link
linkend="monitoring-stats-views-table"><structname>pg_stat_*_tables</structname></link>
views (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Add <structfield>buffers_backend_fsync</structfield> column to <link
linkend="monitoring-stats-views-table"><structname>pg_stat_bgwriter</structname></link>
(Greg Smith)
</para>
<para>
This new column counts the number of times a backend fsyncs a
buffer.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Server Settings</title>
<itemizedlist>
<listitem>
<para>
Provide auto-tuning of <link
linkend="guc-wal-buffers"><varname>wal_buffers</varname></link> (Greg
Smith)
</para>
<para>
By default, the value of <varname>wal_buffers</varname> is now chosen
automatically based on the value of <varname>shared_buffers</varname>.
</para>
</listitem>
<listitem>
<para>
Increase the maximum values for
<link linkend="guc-deadlock-timeout"><varname>deadlock_timeout</varname></link>,
<link linkend="guc-log-min-duration-statement"><varname>log_min_duration_statement</varname></link>, and
<link linkend="guc-log-autovacuum-min-duration"><varname>log_autovacuum_min_duration</varname></link>
(Peter Eisentraut)
</para>
<para>
The maximum value for each of these parameters was previously
only about 35 minutes. Much larger values are now allowed.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Replication and Recovery</title>
<sect4>
<title>Streaming Replication and Continuous Archiving</title>
<itemizedlist>
<listitem>
<para>
Allow <link linkend="synchronous-replication">synchronous
replication</link> (Simon Riggs, Fujii Masao)
</para>
<para>
This allows the primary server to wait for a standby to write a
transaction's information to disk before acknowledging the commit.
One standby at a time can take the role of the synchronous standby,
as controlled by the
<link linkend="guc-synchronous-standby-names"><varname>synchronous_standby_names</varname></link>
setting. Synchronous replication can be enabled or disabled on a
per-transaction basis using the
<link linkend="guc-synchronous-commit"><varname>synchronous_commit</varname></link>
setting.
</para>
</listitem>
<listitem>
<para>
Add protocol support for sending file system backups to standby servers
using the streaming replication network connection (Magnus Hagander,
Heikki Linnakangas)
</para>
<para>
This avoids the requirement of manually transferring a file
system backup when setting up a standby server.
</para>
</listitem>
<listitem>
<para>
Add
<varname>replication_timeout</varname>
setting (Fujii Masao, Heikki Linnakangas)
</para>
<para>
Replication connections that are idle for more than the
<varname>replication_timeout</varname> interval will be terminated
automatically. Formerly, a failed connection was typically not
detected until the TCP timeout elapsed, which is inconveniently
long in many situations.
</para>
</listitem>
<listitem>
<para>
Add command-line tool <link
linkend="app-pgbasebackup"><application>pg_basebackup</application></link>
for creating a new standby server or database backup (Magnus
Hagander)
</para>
</listitem>
<listitem>
<para>
Add a <link linkend="sql-createrole">replication permission</link>
for roles (Magnus Hagander)
</para>
<para>
This is a read-only permission used for streaming replication.
It allows a non-superuser role to be used for replication connections.
Previously only superusers could initiate replication
connections; superusers still have this permission by default.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Replication Monitoring</title>
<itemizedlist>
<listitem>
<para>
Add system view <link
linkend="pg-stat-replication-view"><structname>pg_stat_replication</structname></link>
which displays activity of <acronym>WAL</acronym> sender processes (Itagaki
Takahiro, Simon Riggs)
</para>
<para>
This reports the status of all connected standby servers.
</para>
</listitem>
<listitem>
<para>
Add monitoring function <link
linkend="functions-recovery-info-table"><function>pg_last_xact_replay_timestamp()</function></link>
(Fujii Masao)
</para>
<para>
This returns the time at which the primary generated the most
recent commit or abort record applied on the standby.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Hot Standby</title>
<itemizedlist>
<listitem>
<para>
Add configuration parameter <link
linkend="guc-hot-standby-feedback"><varname>hot_standby_feedback</varname></link>
to enable standbys to postpone cleanup of old row versions on the
primary (Simon Riggs)
</para>
<para>
This helps avoid canceling long-running queries on the standby.
</para>
</listitem>
<listitem>
<para>
Add the <link
linkend="monitoring-stats-views-table"><structname>pg_stat_database_conflicts</structname></link>
system view to show queries that have been canceled and the
reason (Magnus Hagander)
</para>
<para>
Cancellations can occur because of dropped tablespaces, lock
timeouts, old snapshots, pinned buffers, and deadlocks.
</para>
</listitem>
<listitem>
<para>
Add a <structfield>conflicts</structfield> count to <link
linkend="monitoring-stats-views-table"><structname>pg_stat_database</structname></link>
(Magnus Hagander)
</para>
<para>
This is the number of conflicts that occurred in the database.
</para>
</listitem>
<listitem>
<para>
Increase the maximum values for
<link linkend="guc-max-standby-archive-delay"><varname>max_standby_archive_delay</varname></link> and
<link linkend="guc-max-standby-streaming-delay"><varname>max_standby_streaming_delay</varname></link>
</para>
<para>
The maximum value for each of these parameters was previously
only about 35 minutes. Much larger values are now allowed.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="errcodes-table"><literal>ERRCODE_T_R_DATABASE_DROPPED</literal></link>
error code to report recovery conflicts due to dropped databases
(Tatsuo Ishii)
</para>
<para>
This is useful for connection pooling software.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Recovery Control</title>
<itemizedlist>
<listitem>
<para>
Add functions to control streaming replication replay (Simon Riggs)
</para>
<para>
The new functions are <link
linkend="functions-recovery-control-table"><function>pg_xlog_replay_pause()</function></link>,
<link
linkend="functions-recovery-control-table"><function>pg_xlog_replay_resume()</function></link>,
and the status function <link
linkend="functions-recovery-control-table"><function>pg_is_xlog_replay_paused()</function></link>.
</para>
</listitem>
<listitem>
<para>
Add <filename>recovery.conf</filename> setting
<varname>pause_at_recovery_target</varname>
to pause recovery at target (Simon Riggs)
</para>
<para>
This allows a recovery server to be queried to check whether
the recovery point is the one desired.
</para>
</listitem>
<listitem>
<para>
Add the ability to create named restore points using <link
linkend="functions-admin-backup-table"><function>pg_create_restore_point()</function></link>
(Jaime Casanova)
</para>
<para>
These named restore points can be specified as recovery
targets using the new <filename>recovery.conf</filename> setting
<link linkend="recovery-target-name"><varname>recovery_target_name</varname></link>.
</para>
</listitem>
<listitem>
<para>
Allow standby recovery to switch to a new timeline automatically
(Heikki Linnakangas)
</para>
<para>
Now standby servers scan the archive directory for new
timelines periodically.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="guc-restart-after-crash"><varname>restart_after_crash</varname></link>
setting which disables automatic server restart after a backend
crash (Robert Haas)
</para>
<para>
This allows external cluster management software to control
whether the database server restarts or not.
</para>
</listitem>
<listitem>
<para>
Allow <link
linkend="recovery-config"><filename>recovery.conf</filename></link>
to use the same quoting behavior as <filename>postgresql.conf</filename>
(Dimitri Fontaine)
</para>
<para>
Previously all values had to be quoted.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Queries</title>
<itemizedlist>
<listitem>
<para>
Add a true <link
linkend="xact-serializable">serializable isolation level</link>
(Kevin Grittner, Dan Ports)
</para>
<para>
Previously, asking for serializable isolation guaranteed only that a
single MVCC snapshot would be used for the entire transaction, which
allowed certain documented anomalies. The old snapshot isolation
behavior is still available by requesting the <link
linkend="xact-repeatable-read"><literal>REPEATABLE READ</literal></link>
isolation level.
</para>
</listitem>
<listitem>
<para>
Allow data-modification commands
(<command>INSERT</command>/<command>UPDATE</command>/<command>DELETE</command>) in
<link linkend="queries-with"><literal>WITH</literal></link> clauses
(Marko Tiikkaja, Hitoshi Harada)
</para>
<para>
These commands can use <literal>RETURNING</literal> to pass data up to the
containing query.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="queries-with"><literal>WITH</literal></link>
clauses to be attached to <command>INSERT</command>, <command>UPDATE</command>,
<command>DELETE</command> statements (Marko Tiikkaja, Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Allow non-<link linkend="queries-group"><literal>GROUP
BY</literal></link> columns in the query target list when the primary
key is specified in the <literal>GROUP BY</literal> clause (Peter
Eisentraut)
</para>
<para>
The SQL standard allows this behavior, and
because of the primary key, the result is unambiguous.
</para>
</listitem>
<listitem>
<para>
Allow use of the key word <literal>DISTINCT</literal> in <link
linkend="queries-union"><literal>UNION</literal>/<literal>INTERSECT</literal>/<literal>EXCEPT</literal></link>
clauses (Tom Lane)
</para>
<para>
<literal>DISTINCT</literal> is the default behavior so use of this
key word is redundant, but the SQL standard allows it.
</para>
</listitem>
<listitem>
<para>
Fix ordinary queries with rules to use the same snapshot behavior
as <command>EXPLAIN ANALYZE</command> (Marko Tiikkaja)
</para>
<para>
Previously <command>EXPLAIN ANALYZE</command> used slightly different
snapshot timing for queries involving rules. The
<command>EXPLAIN ANALYZE</command> behavior was judged to be more logical.
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Strings</title>
<itemizedlist>
<listitem>
<para>
Add per-column <link
linkend="collation">collation</link> support
(Peter Eisentraut, Tom Lane)
</para>
<para>
Previously collation (the sort ordering of text strings) could only be
chosen at database creation.
Collation can now be set per column, domain, index, or
expression, via the SQL-standard <literal>COLLATE</literal> clause.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Object Manipulation</title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="extend-extensions">extensions</link> which
simplify packaging of additions to <productname>PostgreSQL</productname>
(Dimitri Fontaine, Tom Lane)
</para>
<para>
Extensions are controlled by the new <link
linkend="sql-createextension"><command>CREATE</command></link>/<link
linkend="sql-alterextension"><command>ALTER</command></link>/<link
linkend="sql-dropextension"><command>DROP EXTENSION</command></link>
commands. This replaces ad-hoc methods of grouping objects that
are added to a <productname>PostgreSQL</productname> installation.
</para>
</listitem>
<listitem>
<para>
Add support for <link linkend="sql-createforeigntable">foreign
tables</link> (Shigeru Hanada, Robert Haas, Jan Urbanski,
Heikki Linnakangas)
</para>
<para>
This allows data stored outside the database to be used like
native <productname>PostgreSQL</productname>-stored data. Foreign tables
are currently read-only, however.
</para>
</listitem>
<listitem>
<para>
Allow new values to be added to an existing enum type via
<link linkend="sql-altertype"><command>ALTER TYPE</command></link> (Andrew
Dunstan)
</para>
</listitem>
<listitem>
<para>
Add <link linkend="sql-altertype"><command>ALTER TYPE ...
ADD/DROP/ALTER/RENAME ATTRIBUTE</command></link> (Peter Eisentraut)
</para>
<para>
This allows modification of composite types.
</para>
</listitem>
</itemizedlist>
<sect4>
<title><command>ALTER</command> Object</title>
<itemizedlist>
<listitem>
<para>
Add <literal>RESTRICT</literal>/<literal>CASCADE</literal> to <link
linkend="sql-altertype"><command>ALTER TYPE</command></link> operations
on typed tables (Peter Eisentraut)
</para>
<para>
This controls
<literal>ADD</literal>/<literal>DROP</literal>/<literal>ALTER</literal>/<literal>RENAME
ATTRIBUTE</literal> cascading behavior.
</para>
</listitem>
<listitem>
<para>
Support <literal>ALTER TABLE <replaceable>name</replaceable> {OF | NOT OF}
<replaceable>type</replaceable></literal>
(Noah Misch)
</para>
<para>
This syntax allows a standalone table to be made into a typed table,
or a typed table to be made standalone.
</para>
</listitem>
<listitem>
<para>
Add support for more object types in <command>ALTER ... SET
SCHEMA</command> commands (Dimitri Fontaine)
</para>
<para>
This command is now supported for conversions, operators, operator
classes, operator families, text search configurations, text search
dictionaries, text search parsers, and text search templates.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="sql-createtable"><command>CREATE/ALTER TABLE</command></link></title>
<itemizedlist>
<listitem>
<para>
Add <command>ALTER TABLE ...
ADD UNIQUE/PRIMARY KEY USING INDEX</command>
(Gurjeet Singh)
</para>
<para>
This allows a primary key or unique constraint to be defined using an
existing unique index, including a concurrently created unique index.
</para>
</listitem>
<listitem>
<para>
Allow <command>ALTER TABLE</command>
to add foreign keys without validation (Simon Riggs)
</para>
<para>
The new option is called <literal>NOT VALID</literal>. The constraint's
state can later be modified to <literal>VALIDATED</literal> and validation
checks performed. Together these allow you to add a foreign key
with minimal impact on read and write operations.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="sql-altertable"><command>ALTER TABLE
... SET DATA TYPE</command></link> to avoid table rewrites in
appropriate cases (Noah Misch, Robert Haas)
</para>
<para>
For example, converting a <type>varchar</type> column to
<type>text</type> no longer requires a rewrite of the table.
However, increasing the length constraint on a
<type>varchar</type> column still requires a table rewrite.
</para>
</listitem>
<listitem>
<para>
Add <link linkend="sql-createtable"><command>CREATE TABLE IF
NOT EXISTS</command></link> syntax (Robert Haas)
</para>
<para>
This allows table creation without causing an error if the
table already exists.
</para>
</listitem>
<listitem>
<para>
Fix possible <quote>tuple concurrently updated</quote> error
when two backends attempt to add an inheritance
child to the same table at the same time (Robert Haas)
</para>
<para>
<link linkend="sql-altertable"><command>ALTER TABLE</command></link>
now takes a stronger lock on the parent table, so that the sessions
cannot try to update it simultaneously.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Object Permissions</title>
<itemizedlist>
<listitem>
<para>
Add a <link linkend="sql-security-label"><command>SECURITY
LABEL</command></link> command (KaiGai Kohei)
</para>
<para>
This allows security labels to be assigned to objects.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Utility Operations</title>
<itemizedlist>
<listitem>
<para>
Add transaction-level <link linkend="advisory-locks">advisory
locks</link> (Marko Tiikkaja)
</para>
<para>
These are similar to the existing session-level advisory locks,
but such locks are automatically released at transaction end.
</para>
</listitem>
<listitem>
<para>
Make <link linkend="sql-truncate"><command>TRUNCATE ... RESTART
IDENTITY</command></link> restart sequences transactionally (Steve
Singer)
</para>
<para>
Previously the counter could have been left out of sync if a
backend crashed between the on-commit truncation activity and
commit completion.
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="sql-copy"><command>COPY</command></link></title>
<itemizedlist>
<listitem>
<para>
Add <literal>ENCODING</literal> option to <link
linkend="sql-copy"><command>COPY TO/FROM</command></link> (Hitoshi
Harada, Itagaki Takahiro)
</para>
<para>
This allows the encoding of the <command>COPY</command> file to be
specified separately from client encoding.
</para>
</listitem>
<listitem>
<para>
Add bidirectional <link linkend="sql-copy"><command>COPY</command></link>
protocol support (Fujii Masao)
</para>
<para>
This is currently only used by streaming replication.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="sql-explain"><command>EXPLAIN</command></link></title>
<itemizedlist>
<listitem>
<para>
Make <command>EXPLAIN VERBOSE</command> show the function call expression
in a <literal>FunctionScan</literal> node (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="sql-vacuum"><command>VACUUM</command></link></title>
<itemizedlist>
<listitem>
<para>
Add additional details to the output of <link
linkend="sql-vacuum"><command>VACUUM FULL VERBOSE</command></link>
and <link linkend="sql-cluster"><command>CLUSTER VERBOSE</command></link>
(Itagaki Takahiro)
</para>
<para>
New information includes the live and dead tuple count and
whether <command>CLUSTER</command> is using an index to rebuild.
</para>
</listitem>
<listitem>
<para>
Prevent <link linkend="autovacuum">autovacuum</link> from
waiting if it cannot acquire a table lock (Robert Haas)
</para>
<para>
It will try to vacuum that table later.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="sql-cluster"><command>CLUSTER</command></link></title>
<itemizedlist>
<listitem>
<para>
Allow <command>CLUSTER</command> to sort the table rather than scanning
the index when it seems likely to be cheaper (Leonardo Francalanci)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Indexes</title>
<itemizedlist>
<listitem>
<para>
Add nearest-neighbor (order-by-operator) searching to <link
linkend="gist"><acronym>GiST</acronym> indexes</link> (Teodor Sigaev, Tom Lane)
</para>
<para>
This allows <acronym>GiST</acronym> indexes to quickly return the
<replaceable>N</replaceable> closest values in a query with <literal>LIMIT</literal>.
For example
<programlisting><![CDATA[
SELECT * FROM places ORDER BY location <-> point '(101,456)' LIMIT 10;
]]>
</programlisting>
finds the ten places closest to a given target point.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="gin"><acronym>GIN</acronym> indexes</link> to index null
and empty values (Tom Lane)
</para>
<para>
This allows full <acronym>GIN</acronym> index scans, and fixes various
corner cases in which GIN scans would fail.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="gin"><acronym>GIN</acronym> indexes</link> to
better recognize duplicate search entries (Tom Lane)
</para>
<para>
This reduces the cost of index scans, especially in cases where
it avoids unnecessary full index scans.
</para>
</listitem>
<listitem>
<para>
Fix <link linkend="gist"><acronym>GiST</acronym> indexes</link> to be fully
crash-safe (Heikki Linnakangas)
</para>
<para>
Previously there were rare cases where a <command>REINDEX</command>
would be required (you would be informed).
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Data Types</title>
<itemizedlist>
<listitem>
<para>
Allow <type>numeric</type> to use a more compact, two-byte header
in common cases (Robert Haas)
</para>
<para>
Previously all <type>numeric</type> values had four-byte headers;
this change saves on disk storage.
</para>
</listitem>
<listitem>
<para>
Add support for dividing <type>money</type> by <type>money</type>
(Andy Balholm)
</para>
</listitem>
<listitem>
<para>
Allow binary I/O on type <type>void</type> (Radoslaw Smogura)
</para>
</listitem>
<listitem>
<para>
Improve hypotenuse calculations for geometric operators (Paul Matthews)
</para>
<para>
This avoids unnecessary overflows, and may also be more accurate.
</para>
</listitem>
<listitem>
<para>
Support hashing array values (Tom Lane)
</para>
<para>
This provides additional query optimization possibilities.
</para>
</listitem>
<listitem>
<para>
Don't treat a composite type as sortable unless all its column types
are sortable (Tom Lane)
</para>
<para>
This avoids possible <quote>could not identify a comparison function</quote>
failures at runtime, if it is possible to implement the query without
sorting. Also, <command>ANALYZE</command> won't try to use inappropriate
statistics-gathering methods for columns of such composite types.
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Casting</title>
<itemizedlist>
<listitem>
<para>
Add support for casting between <type>money</type> and <type>numeric</type>
(Andy Balholm)
</para>
</listitem>
<listitem>
<para>
Add support for casting from <type>int4</type> and <type>int8</type>
to <type>money</type> (Joey Adams)
</para>
</listitem>
<listitem>
<para>
Allow casting a table's row type to the table's supertype if
it's a typed table (Peter Eisentraut)
</para>
<para>
This is analogous to the existing facility that allows casting a row
type to a supertable's row type.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="functions-xml"><acronym>XML</acronym></link></title>
<itemizedlist>
<listitem>
<para>
Add <acronym>XML</acronym> function <link
linkend="xml-exists"><literal>XMLEXISTS</literal></link> and <link
linkend="xml-exists"><function>xpath_exists()</function></link>
functions (Mike Fowler)
</para>
<para>
These are used for XPath matching.
</para>
</listitem>
<listitem>
<para>
Add <acronym>XML</acronym> functions <link
linkend="xml-is-well-formed"><function>xml_is_well_formed()</function></link>,
<link
linkend="xml-is-well-formed"><function>xml_is_well_formed_document()</function></link>,
<link
linkend="xml-is-well-formed"><function>xml_is_well_formed_content()</function></link>
(Mike Fowler)
</para>
<para>
These check whether the input is properly-formed <acronym>XML</acronym>.
They provide functionality that was previously available only in
the deprecated <filename>contrib/xml2</filename> module.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Functions</title>
<itemizedlist>
<listitem>
<para>
Add SQL function <link
linkend="format"><function>format(text, ...)</function></link>, which
behaves analogously to C's <function>printf()</function> (Pavel Stehule,
Robert Haas)
</para>
<para>
It currently supports formats for strings, SQL literals, and
SQL identifiers.
</para>
</listitem>
<listitem>
<para>
Add string functions <link
linkend="functions-string-other"><function>concat()</function></link>,
<link
linkend="functions-string-other"><function>concat_ws()</function></link>,
<link linkend="functions-string-other"><function>left()</function></link>,
<link linkend="functions-string-other"><function>right()</function></link>,
and <link
linkend="functions-string-other"><function>reverse()</function></link>
(Pavel Stehule)
</para>
<para>
These improve compatibility with other database products.
</para>
</listitem>
<listitem>
<para>
Add function <link
linkend="functions-admin-genfile"><function>pg_read_binary_file()</function></link>
to read binary files (Dimitri Fontaine, Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Add a single-parameter version of function <link
linkend="functions-admin-genfile"><function>pg_read_file()</function></link>
to read an entire file (Dimitri Fontaine, Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Add three-parameter forms of <link
linkend="array-functions-table"><function>array_to_string()</function></link>
and <link
linkend="array-functions-table"><function>string_to_array()</function></link>
for null value processing control (Pavel Stehule)
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Object Information Functions</title>
<itemizedlist>
<listitem>
<para>
Add the <link
linkend="functions-info-catalog-table"><function>pg_describe_object()</function></link>
function (Alvaro Herrera)
</para>
<para>
This function is used to obtain a human-readable string describing
an object, based on the <link
linkend="catalog-pg-class"><structname>pg_class</structname></link>
OID, object OID, and sub-object ID. It can be used to help
interpret the contents of <link
linkend="catalog-pg-depend"><structname>pg_depend</structname></link>.
</para>
</listitem>
<listitem>
<para>
Update comments for built-in operators and their underlying
functions (Tom Lane)
</para>
<para>
Functions that are meant to be used via an associated operator
are now commented as such.
</para>
</listitem>
<listitem>
<para>
Add variable <link
linkend="guc-quote-all-identifiers"><varname>quote_all_identifiers</varname></link>
to force the quoting of all identifiers in <command>EXPLAIN</command>
and in system catalog functions like <link
linkend="functions-info-catalog-table"><function>pg_get_viewdef()</function></link>
(Robert Haas)
</para>
<para>
This makes exporting schemas to tools and other databases with
different quoting rules easier.
</para>
</listitem>
<listitem>
<para>
Add columns to the <link
linkend="infoschema-sequences"><structname>information_schema.sequences</structname></link>
system view (Peter Eisentraut)
</para>
<para>
Previously, though the view existed, the columns about the
sequence parameters were unimplemented.
</para>
</listitem>
<listitem>
<para>
Allow <literal>public</literal> as a pseudo-role name in <link
linkend="functions-info-access-table"><function>has_table_privilege()</function></link>
and related functions (Alvaro Herrera)
</para>
<para>
This allows checking for public permissions.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Function and Trigger Creation</title>
<itemizedlist>
<listitem>
<para>
Support <link linkend="sql-createtrigger"><literal>INSTEAD
OF</literal></link> triggers on views (Dean Rasheed)
</para>
<para>
This feature can be used to implement fully updatable views.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Server-Side Languages</title>
<sect4>
<title><link linkend="plpgsql">PL/pgSQL</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="plpgsql-foreach-array"><command>FOREACH IN
ARRAY</command></link> to PL/pgSQL
(Pavel Stehule)
</para>
<para>
This is more efficient and readable than previous methods of
iterating through the elements of an array value.
</para>
</listitem>
<listitem>
<para>
Allow <command>RAISE</command> without parameters to be caught in
the same places that could catch a <command>RAISE ERROR</command>
from the same location (Piyush Newe)
</para>
<para>
The previous coding threw the error
from the block containing the active exception handler.
The new behavior is more consistent with other DBMS products.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="plperl">PL/Perl</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Allow generic record arguments to PL/Perl functions (Andrew
Dunstan)
</para>
<para>
PL/Perl functions can now be declared to accept type <type>record</type>.
The behavior is the same as for any named composite type.
</para>
</listitem>
<listitem>
<para>
Convert PL/Perl array arguments to Perl arrays (Alexey Klyukin,
Alex Hunsaker)
</para>
<para>
String representations are still available.
</para>
</listitem>
<listitem>
<para>
Convert PL/Perl composite-type arguments to Perl hashes
(Alexey Klyukin, Alex Hunsaker)
</para>
<para>
String representations are still available.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="plpython">PL/Python</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Add table function support for PL/Python (Jan Urbanski)
</para>
<para>
PL/Python can now return multiple <literal>OUT</literal> parameters
and record sets.
</para>
</listitem>
<listitem>
<para>
Add a validator to PL/Python (Jan Urbanski)
</para>
<para>
This allows PL/Python functions to be syntax-checked at function
creation time.
</para>
</listitem>
<listitem>
<para>
Allow exceptions for SQL queries in PL/Python (Jan Urbanski)
</para>
<para>
This allows access to SQL-generated exception error codes from
PL/Python exception blocks.
</para>
</listitem>
<listitem>
<para>
Add explicit subtransactions to PL/Python (Jan Urbanski)
</para>
</listitem>
<listitem>
<para>
Add PL/Python functions for quoting strings (Jan Urbanski)
</para>
<para>
These functions are <link
linkend="plpython-util"><literal>plpy.quote_ident</literal></link>,
<link linkend="plpython-util"><literal>plpy.quote_literal</literal></link>,
and <link
linkend="plpython-util"><literal>plpy.quote_nullable</literal></link>.
</para>
</listitem>
<listitem>
<para>
Add traceback information to PL/Python errors (Jan Urbanski)
</para>
</listitem>
<listitem>
<para>
Report PL/Python errors from iterators with <literal>PLy_elog</literal> (Jan
Urbanski)
</para>
</listitem>
<listitem>
<para>
Fix exception handling with Python 3 (Jan Urbanski)
</para>
<para>
Exception classes were previously not available in
<literal>plpy</literal> under Python 3.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Client Applications</title>
<itemizedlist>
<listitem>
<para>
Mark <application>createlang</application> and <application>droplang</application>
as deprecated now that they just invoke extension commands (Tom
Lane)
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="app-psql"><application>psql</application></link></title>
<itemizedlist>
<listitem>
<para>
Add <application>psql</application> command <literal>\conninfo</literal>
to show current connection information (David Christensen)
</para>
</listitem>
<listitem>
<para>
Add <application>psql</application> command <literal>\sf</literal> to
show a function's definition (Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Add <application>psql</application> command <literal>\dL</literal> to list
languages (Fernando Ike)
</para>
</listitem>
<listitem>
<para>
Add the <option>S</option> (<quote>system</quote>) option to <application>psql</application>'s
<literal>\dn</literal> (list schemas) command (Tom Lane)
</para>
<para>
<literal>\dn</literal> without <literal>S</literal> now suppresses system
schemas.
</para>
</listitem>
<listitem>
<para>
Allow <application>psql</application>'s <literal>\e</literal> and <literal>\ef</literal>
commands to accept a line number to be used to position the
cursor in the editor (Pavel Stehule)
</para>
<para>
This is passed to the editor according to the
<envar>PSQL_EDITOR_LINENUMBER_ARG</envar> environment variable.
</para>
</listitem>
<listitem>
<para>
Have <application>psql</application> set the client encoding from the
operating system locale by default (Heikki Linnakangas)
</para>
<para>
This only happens if the <envar>PGCLIENTENCODING</envar> environment
variable is not set.
</para>
</listitem>
<listitem>
<para>
Make <literal>\d</literal> distinguish between unique
indexes and unique constraints (Josh Kupershmidt)
</para>
</listitem>
<listitem>
<para>
Make <literal>\dt+</literal> report <function>pg_table_size</function>
instead of <function>pg_relation_size</function> when talking to 9.0 or
later servers (Bernd Helmle)
</para>
<para>
This is a more useful measure of table size, but note that it is
not identical to what was previously reported in the same display.
</para>
</listitem>
<listitem>
<para>
Additional tab completion support (Itagaki Takahiro, Pavel Stehule,
Andrey Popp, Christoph Berg, David Fetter, Josh Kupershmidt)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="app-pgdump"><application>pg_dump</application></link></title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="app-pgdump"><application>pg_dump</application></link>
and <link
linkend="app-pg-dumpall"><application>pg_dumpall</application></link>
option <option>--quote-all-identifiers</option> to force quoting
of all identifiers (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Add <literal>directory</literal> format to <application>pg_dump</application>
(Joachim Wieland, Heikki Linnakangas)
</para>
<para>
This is internally similar to the <literal>tar</literal>
<application>pg_dump</application> format.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="app-pg-ctl"><application>pg_ctl</application></link></title>
<itemizedlist>
<listitem>
<para>
Fix <application>pg_ctl</application>
so it no longer incorrectly reports that the server is not
running (Bruce Momjian)
</para>
<para>
Previously this could happen if the server was running but
<application>pg_ctl</application> could not authenticate.
</para>
</listitem>
<listitem>
<para>
Improve <application>pg_ctl</application> start's <quote>wait</quote>
(<option>-w</option>) option (Bruce Momjian, Tom Lane)
</para>
<para>
The wait mode is now significantly more robust. It will not get
confused by non-default postmaster port numbers, non-default
Unix-domain socket locations, permission problems, or stale
postmaster lock files.
</para>
</listitem>
<listitem>
<para>
Add <literal>promote</literal> option to <application>pg_ctl</application> to
switch a standby server to primary (Fujii Masao)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title><application>Development Tools</application></title>
<sect4>
<title><link linkend="libpq"><application>libpq</application></link></title>
<itemizedlist>
<listitem>
<para>
Add a libpq connection option <link
linkend="libpq-connect-client-encoding"><literal>client_encoding</literal></link>
which behaves like the <envar>PGCLIENTENCODING</envar> environment
variable (Heikki Linnakangas)
</para>
<para>
The value <literal>auto</literal> sets the client encoding based on
the operating system locale.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="libpq-pqlibversion"><function>PQlibVersion()</function></link>
function which returns the libpq library version (Magnus
Hagander)
</para>
<para>
libpq already had <function>PQserverVersion()</function> which returns
the server version.
</para>
</listitem>
<listitem>
<para>
Allow libpq-using clients to
check the user name of the server process
when connecting via Unix-domain sockets, with the new <link
linkend="libpq-connect-requirepeer"><literal>requirepeer</literal></link>
connection option
(Peter Eisentraut)
</para>
<para>
<productname>PostgreSQL</productname> already allowed servers to check
the client user name when connecting via Unix-domain sockets.
</para>
</listitem>
<listitem>
<para>
Add <link linkend="libpq-pqping"><function>PQping()</function></link>
and <link
linkend="libpq-pqpingparams"><function>PQpingParams()</function></link>
to libpq (Bruce Momjian, Tom Lane)
</para>
<para>
These functions allow detection of the server's status without
trying to open a new session.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="ecpg"><application>ECPG</application></link></title>
<itemizedlist>
<listitem>
<para>
Allow ECPG to accept dynamic cursor names even in
<literal>WHERE CURRENT OF</literal> clauses
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Make <application>ecpglib</application> write <type>double</type> values with a
precision of 15 digits, not 14 as formerly (Akira Kurosawa)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Build Options</title>
<itemizedlist>
<listitem>
<para>
Use <literal>+Olibmerrno</literal> compile flag with HP-UX C compilers
that accept it (Ibrar Ahmed)
</para>
<para>
This avoids possible misbehavior of math library calls on recent
HP platforms.
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Makefiles</title>
<itemizedlist>
<listitem>
<para>
Improved parallel make support (Peter Eisentraut)
</para>
<para>
This allows for faster compiles. Also, <literal>make -k</literal>
now works more consistently.
</para>
</listitem>
<listitem>
<para>
Require <acronym>GNU</acronym> <link
linkend="install-requirements"><application>make</application></link>
3.80 or newer (Peter Eisentraut)
</para>
<para>
This is necessary because of the parallel-make improvements.
</para>
</listitem>
<listitem>
<para>
Add <literal>make maintainer-check</literal> target
(Peter Eisentraut)
</para>
<para>
This target performs various source code checks that are not
appropriate for either the build or the regression tests. Currently:
duplicate_oids, SGML syntax and tabs check, NLS syntax check.
</para>
</listitem>
<listitem>
<para>
Support <literal>make check</literal> in <filename>contrib</filename>
(Peter Eisentraut)
</para>
<para>
Formerly only <literal>make installcheck</literal> worked, but now
there is support for testing in a temporary installation.
The top-level <literal>make check-world</literal> target now includes
testing <filename>contrib</filename> this way.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Windows</title>
<itemizedlist>
<listitem>
<para>
On Windows, allow <link
linkend="app-pg-ctl"><application>pg_ctl</application></link> to register
the service as auto-start or start-on-demand (Quan Zongliang)
</para>
</listitem>
<listitem>
<para>
Add support for collecting <link linkend="windows-crash-dumps">crash
dumps</link> on Windows (Craig Ringer, Magnus Hagander)
</para>
<para>
<productname>minidumps</productname> can now be generated by non-debug
Windows binaries and analyzed by standard debugging tools.
</para>
</listitem>
<listitem>
<para>
Enable building with the MinGW64 compiler (Andrew Dunstan)
</para>
<para>
This allows building 64-bit Windows binaries even on non-Windows
platforms via cross-compiling.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Source Code</title>
<itemizedlist>
<listitem>
<para>
Revise the API for GUC variable assign hooks (Tom Lane)
</para>
<para>
The previous functions of assign hooks are now split between check
hooks and assign hooks, where the former can fail but the latter
shouldn't. This change will impact add-on modules that define custom
GUC parameters.
</para>
</listitem>
<listitem>
<para>
Add latches to the source code to support waiting for events (Heikki
Linnakangas)
</para>
</listitem>
<listitem>
<para>
Centralize data modification permissions-checking logic
(KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Add missing <function>get_<replaceable>object</replaceable>_oid()</function> functions, for consistency
(Robert Haas)
</para>
</listitem>
<listitem>
<para>
Improve ability to use C++ compilers for <link
linkend="xfunc-c">compiling add-on modules</link> by removing
conflicting key words (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add support for DragonFly <acronym>BSD</acronym> (Rumko)
</para>
</listitem>
<listitem>
<para>
Expose <function>quote_literal_cstr()</function> for backend use
(Robert Haas)
</para>
</listitem>
<listitem>
<para>
Run <link linkend="build">regression tests</link> in the
default encoding (Peter Eisentraut)
</para>
<para>
Regression tests were previously always run with
<literal>SQL_ASCII</literal> encoding.
</para>
</listitem>
<listitem>
<para>
Add <application>src/tools/git_changelog</application> to replace
<application>cvs2cl</application> and <application>pgcvslog</application> (Robert
Haas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add <application>git-external-diff</application> script to
<filename>src/tools</filename> (Bruce Momjian)
</para>
<para>
This is used to generate context diffs from git.
</para>
</listitem>
<listitem>
<para>
Improve support for building with
<application>Clang</application> (Peter Eisentraut)
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Server Hooks</title>
<itemizedlist>
<listitem>
<para>
Add source code hooks to check permissions (Robert Haas,
Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Add post-object-creation function hooks for use by security
frameworks (KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
Add a client authentication hook (KaiGai Kohei)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Contrib</title>
<itemizedlist>
<listitem>
<para>
Modify <filename>contrib</filename> modules and procedural
languages to install via the new <link
linkend="extend-extensions">extension</link> mechanism (Tom Lane,
Dimitri Fontaine)
</para>
</listitem>
<listitem>
<para>
Add <link linkend="file-fdw"><filename>contrib/file_fdw</filename></link>
foreign-data wrapper (Shigeru Hanada)
</para>
<para>
Foreign tables using this foreign data wrapper can read flat files
in a manner very similar to <command>COPY</command>.
</para>
</listitem>
<listitem>
<para>
Add nearest-neighbor search support to <link
linkend="pgtrgm"><filename>contrib/pg_trgm</filename></link> and <link
linkend="btree-gist"><filename>contrib/btree_gist</filename></link>
(Teodor Sigaev)
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="btree-gist"><filename>contrib/btree_gist</filename></link>
support for searching on not-equals (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Fix <link
linkend="fuzzystrmatch"><filename>contrib/fuzzystrmatch</filename></link>'s
<function>levenshtein()</function> function to handle multibyte characters
(Alexander Korotkov)
</para>
</listitem>
<listitem>
<para>
Add <function>ssl_cipher()</function> and <function>ssl_version()</function>
functions to <link
linkend="sslinfo"><filename>contrib/sslinfo</filename></link> (Robert
Haas)
</para>
</listitem>
<listitem>
<para>
Fix <link linkend="intarray"><filename>contrib/intarray</filename></link>
and <link linkend="hstore"><filename>contrib/hstore</filename></link>
to give consistent results with indexed empty arrays (Tom Lane)
</para>
<para>
Previously an empty-array query that used an index might return
different results from one that used a sequential scan.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="intarray"><filename>contrib/intarray</filename></link>
to work properly on multidimensional arrays (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In
<link linkend="intarray"><filename>contrib/intarray</filename></link>,
avoid errors complaining about the presence of nulls in cases where no
nulls are actually present (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In
<link linkend="intarray"><filename>contrib/intarray</filename></link>,
fix behavior of containment operators with respect to empty arrays
(Tom Lane)
</para>
<para>
Empty arrays are now correctly considered to be contained in any other
array.
</para>
</listitem>
<listitem>
<para>
Remove <link linkend="xml2"><filename>contrib/xml2</filename></link>'s
arbitrary limit on the number of
<replaceable>parameter</replaceable>=<replaceable>value</replaceable> pairs that can be
handled by <function>xslt_process()</function> (Pavel Stehule)
</para>
<para>
The previous limit was 10.
</para>
</listitem>
<listitem>
<para>
In <link linkend="pageinspect"><filename>contrib/pageinspect</filename></link>,
fix heap_page_item to return infomasks as 32-bit values (Alvaro Herrera)
</para>
<para>
This avoids returning negative values, which was confusing. The
underlying value is a 16-bit unsigned integer.
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Security</title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="sepgsql"><filename>contrib/sepgsql</filename></link>
to interface permission checks with <acronym>SELinux</acronym> (KaiGai Kohei)
</para>
<para>
This uses the new <link
linkend="sql-security-label"><command>SECURITY LABEL</command></link>
facility.
</para>
</listitem>
<listitem>
<para>
Add contrib module <link
linkend="auth-delay"><filename>auth_delay</filename></link> (KaiGai
Kohei)
</para>
<para>
This causes the server to pause before returning authentication
failure; it is designed to make brute force password attacks
more difficult.
</para>
</listitem>
<listitem>
<para>
Add <filename>dummy_seclabel</filename>
contrib module (KaiGai Kohei)
</para>
<para>
This is used for permission regression testing.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Performance</title>
<itemizedlist>
<listitem>
<para>
Add support for <literal>LIKE</literal> and <literal>ILIKE</literal> index
searches to <link
linkend="pgtrgm"><filename>contrib/pg_trgm</filename></link> (Alexander
Korotkov)
</para>
</listitem>
<listitem>
<para>
Add <function>levenshtein_less_equal()</function> function to <link
linkend="fuzzystrmatch"><filename>contrib/fuzzystrmatch</filename></link>,
which is optimized for small distances (Alexander Korotkov)
</para>
</listitem>
<listitem>
<para>
Improve performance of index lookups on <link
linkend="seg"><filename>contrib/seg</filename></link> columns (Alexander
Korotkov)
</para>
</listitem>
<listitem>
<para>
Improve performance of <link
linkend="pgupgrade"><application>pg_upgrade</application></link> for
databases with many relations (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Add flag to <link
linkend="pgbench"><filename>contrib/pgbench</filename></link> to
report per-statement latencies (Florian Pflug)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Fsync Testing</title>
<itemizedlist>
<listitem>
<para>
Move <filename>src/tools/test_fsync</filename> to <link
linkend="pgtestfsync"><filename>contrib/pg_test_fsync</filename></link>
(Bruce Momjian, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add <literal>O_DIRECT</literal> support to <link
linkend="pgtestfsync"><filename>contrib/pg_test_fsync</filename></link>
(Bruce Momjian)
</para>
<para>
This matches the use of <literal>O_DIRECT</literal> by <link
linkend="guc-wal-sync-method"><varname>wal_sync_method</varname></link>.
</para>
</listitem>
<listitem>
<para>
Add new tests to <link
linkend="pgtestfsync"><filename>contrib/pg_test_fsync</filename></link>
(Bruce Momjian)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Documentation</title>
<itemizedlist>
<listitem>
<para>
Extensive <link linkend="ecpg"><application>ECPG</application></link>
documentation improvements (Satoshi Nagayasu)
</para>
</listitem>
<listitem>
<para>
Extensive proofreading and documentation improvements
(Thom Brown, Josh Kupershmidt, Susanne Ebrecht)
</para>
</listitem>
<listitem>
<para>
Add documentation for <link
linkend="guc-exit-on-error"><varname>exit_on_error</varname></link>
(Robert Haas)
</para>
<para>
This parameter causes sessions to exit on any error.
</para>
</listitem>
<listitem>
<para>
Add documentation for <link
linkend="functions-info-catalog-table"><function>pg_options_to_table()</function></link>
(Josh Berkus)
</para>
<para>
This function shows table storage options in a readable form.
</para>
</listitem>
<listitem>
<para>
Document that it is possible to access all composite type
fields using <link
linkend="field-selection"><literal>(compositeval).*</literal></link>
syntax (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Document that <link
linkend="functions-string-other"><function>translate()</function></link>
removes characters in <literal>from</literal> that don't have a
corresponding <literal>to</literal> character (Josh Kupershmidt)
</para>
</listitem>
<listitem>
<para>
Merge documentation for <command>CREATE CONSTRAINT TRIGGER</command> and <link
linkend="sql-createtrigger"><command>CREATE TRIGGER</command></link>
(Alvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Centralize <link linkend="ddl-priv">permission</link> and <link
linkend="upgrading">upgrade</link> documentation (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Add <link linkend="sysvipc-parameters">kernel tuning
documentation</link> for Solaris 10 (Josh Berkus)
</para>
<para>
Previously only Solaris 9 kernel tuning was documented.
</para>
</listitem>
<listitem>
<para>
Handle non-ASCII characters consistently in <filename>HISTORY</filename> file
(Peter Eisentraut)
</para>
<para>
While the <filename>HISTORY</filename> file is in English, we do have to deal
with non-ASCII letters in contributor names. These are now
transliterated so that they are reasonably legible without assumptions
about character set.
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink