-
Notifications
You must be signed in to change notification settings - Fork 0
/
HISTORY
17225 lines (15401 loc) · 841 KB
/
HISTORY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Release Notes
The release notes contain the significant changes in each PostgreSQL
release, with major features and migration issues listed at the top.
The release notes do not contain changes that affect only a few users
or changes that are internal and therefore not user-visible. For
example, the optimizer is improved in almost every release, but the
improvements are usually observed by users as simply faster queries.
A complete list of changes for each release can be obtained by viewing
the Git logs for each release. The pgsql-committers email list records
all source code changes as well. There is also a web interface that
shows changes to specific files.
The name appearing next to each item represents the major developer for
that item. Of course all changes involve community discussion and patch
review, so each item is truly a community effort.
__________________________________________________________________
Release 8.3.23
Release Date: 2013-02-07
This release contains a variety of fixes from 8.3.22. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
This is expected to be the last PostgreSQL release in the 8.3.X series.
Users are encouraged to update to a newer release branch soon.
__________________________________________________________________
Migration to Version 8.3.23
A dump/restore is not required for those running 8.3.X.
However, if you are upgrading from a version earlier than 8.3.17, see
the release notes for 8.3.17.
__________________________________________________________________
Changes
* Prevent execution of enum_recv from SQL (Tom Lane)
The function was misdeclared, allowing a simple SQL command to
crash the server. In principle an attacker might be able to use it
to examine the contents of server memory. Our thanks to Sumit Soni
(via Secunia SVCRP) for reporting this issue. (CVE-2013-0255)
* Fix SQL grammar to allow subscripting or field selection from a
sub-SELECT result (Tom Lane)
* Protect against race conditions when scanning pg_tablespace
(Stephen Frost, Tom Lane)
"CREATE DATABASE" and "DROP DATABASE" could misbehave if there were
concurrent updates of pg_tablespace entries.
* Prevent "DROP OWNED" from trying to drop whole databases or
tablespaces (Álvaro Herrera)
For safety, ownership of these objects must be reassigned, not
dropped.
* Prevent misbehavior when a RowExpr or XmlExpr is parse-analyzed
twice (Andres Freund, Tom Lane)
This mistake could be user-visible in contexts such as CREATE TABLE
LIKE INCLUDING INDEXES.
* Improve defenses against integer overflow in hashtable sizing
calculations (Jeff Davis)
* Ensure that non-ASCII prompt strings are translated to the correct
code page on Windows (Alexander Law, Noah Misch)
This bug affected psql and some other client programs.
* Fix possible crash in psql's "\?" command when not connected to a
database (Meng Qingzhong)
* Fix one-byte buffer overrun in libpq's PQprintTuples (Xi Wang)
This ancient function is not used anywhere by PostgreSQL itself,
but it might still be used by some client code.
* Rearrange configure's tests for supplied functions so it is not
fooled by bogus exports from libedit/libreadline (Christoph Berg)
* Ensure Windows build number increases over time (Magnus Hagander)
* Make pgxs build executables with the right .exe suffix when
cross-compiling for Windows (Zoltan Boszormenyi)
* Add new timezone abbreviation FET (Tom Lane)
This is now used in some eastern-European time zones.
__________________________________________________________________
Release 8.3.22
Release Date: 2012-12-06
This release contains a variety of fixes from 8.3.21. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
The PostgreSQL community will stop releasing updates for the 8.3.X
release series in February 2013. Users are encouraged to update to a
newer release branch soon.
__________________________________________________________________
Migration to Version 8.3.22
A dump/restore is not required for those running 8.3.X.
However, if you are upgrading from a version earlier than 8.3.17, see
the release notes for 8.3.17.
__________________________________________________________________
Changes
* Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY"
(Andres Freund, Tom Lane)
Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
changing the state of an index's pg_index row. This prevents race
conditions that could cause concurrent sessions to miss updating
the target index, thus resulting in corrupt concurrently-created
indexes.
Also, fix various other operations to ensure that they ignore
invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
command. The most important of these is "VACUUM", because an
auto-vacuum could easily be launched on the table before corrective
action can be taken to fix or remove the invalid index.
* Avoid corruption of internal hash tables when out of memory
(Hitoshi Harada)
* Fix planning of non-strict equivalence clauses above outer joins
(Tom Lane)
The planner could derive incorrect constraints from a clause
equating a non-strict construct to something else, for example
WHERE COALESCE(foo, 0) = 0 when foo is coming from the nullable
side of an outer join.
* Improve planner's ability to prove exclusion constraints from
equivalence classes (Tom Lane)
* Fix partial-row matching in hashed subplans to handle cross-type
cases correctly (Tom Lane)
This affects multicolumn NOT IN subplans, such as WHERE (a, b) NOT
IN (SELECT x, y FROM ...) when for instance b and y are int4 and
int8 respectively. This mistake led to wrong answers or crashes
depending on the specific datatypes involved.
* Acquire buffer lock when re-fetching the old tuple for an AFTER ROW
UPDATE/DELETE trigger (Andres Freund)
In very unusual circumstances, this oversight could result in
passing incorrect data to the precheck logic for a foreign-key
enforcement trigger. That could result in a crash, or in an
incorrect decision about whether to fire the trigger.
* Fix "REASSIGN OWNED" to handle grants on tablespaces (Álvaro
Herrera)
* Ignore incorrect pg_attribute entries for system columns for views
(Tom Lane)
Views do not have any system columns. However, we forgot to remove
such entries when converting a table to a view. That's fixed
properly for 9.3 and later, but in previous branches we need to
defend against existing mis-converted views.
* Fix rule printing to dump INSERT INTO table DEFAULT VALUES
correctly (Tom Lane)
* Guard against stack overflow when there are too many
UNION/INTERSECT/EXCEPT clauses in a query (Tom Lane)
* Prevent platform-dependent failures when dividing the minimum
possible integer value by -1 (Xi Wang, Tom Lane)
* Fix possible access past end of string in date parsing (Hitoshi
Harada)
* Produce an understandable error message if the length of the path
name for a Unix-domain socket exceeds the platform-specific limit
(Tom Lane, Andrew Dunstan)
Formerly, this would result in something quite unhelpful, such as
"Non-recoverable failure in name resolution".
* Fix memory leaks when sending composite column values to the client
(Tom Lane)
* Make pg_ctl more robust about reading the "postmaster.pid" file
(Heikki Linnakangas)
Fix race conditions and possible file descriptor leakage.
* Fix possible crash in psql if incorrectly-encoded data is presented
and the client_encoding setting is a client-only encoding, such as
SJIS (Jiang Guiqing)
* Fix bugs in the "restore.sql" script emitted by pg_dump in tar
output format (Tom Lane)
The script would fail outright on tables whose names include
upper-case characters. Also, make the script capable of restoring
data in "--inserts" mode as well as the regular COPY mode.
* Fix pg_restore to accept POSIX-conformant tar files (Brian Weaver,
Tom Lane)
The original coding of pg_dump's tar output mode produced files
that are not fully conformant with the POSIX standard. This has
been corrected for version 9.3. This patch updates previous
branches so that they will accept both the incorrect and the
corrected formats, in hopes of avoiding compatibility problems when
9.3 comes out.
* Fix pg_resetxlog to locate "postmaster.pid" correctly when given a
relative path to the data directory (Tom Lane)
This mistake could lead to pg_resetxlog not noticing that there is
an active postmaster using the data directory.
* Fix libpq's lo_import() and lo_export() functions to report file
I/O errors properly (Tom Lane)
* Fix ecpg's processing of nested structure pointer variables
(Muhammad Usama)
* Make "contrib/pageinspect"'s btree page inspection functions take
buffer locks while examining pages (Tom Lane)
* Fix pgxs support for building loadable modules on AIX (Tom Lane)
Building modules outside the original source tree didn't work on
AIX.
* Update time zone data files to tzdata release 2012j for DST law
changes in Cuba, Israel, Jordan, Libya, Palestine, Western Samoa,
and portions of Brazil.
__________________________________________________________________
Release 8.3.21
Release Date: 2012-09-24
This release contains a variety of fixes from 8.3.20. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
The PostgreSQL community will stop releasing updates for the 8.3.X
release series in February 2013. Users are encouraged to update to a
newer release branch soon.
__________________________________________________________________
Migration to Version 8.3.21
A dump/restore is not required for those running 8.3.X.
However, if you are upgrading from a version earlier than 8.3.17, see
the release notes for 8.3.17.
__________________________________________________________________
Changes
* Improve page-splitting decisions in GiST indexes (Alexander
Korotkov, Robert Haas, Tom Lane)
Multi-column GiST indexes might suffer unexpected bloat due to this
error.
* Fix cascading privilege revoke to stop if privileges are still held
(Tom Lane)
If we revoke a grant option from some role "X", but "X" still holds
that option via a grant from someone else, we should not
recursively revoke the corresponding privilege from role(s) "Y"
that "X" had granted it to.
* Fix handling of SIGFPE when PL/Perl is in use (Andres Freund)
Perl resets the process's SIGFPE handler to SIG_IGN, which could
result in crashes later on. Restore the normal Postgres signal
handler after initializing PL/Perl.
* Prevent PL/Perl from crashing if a recursive PL/Perl function is
redefined while being executed (Tom Lane)
* Work around possible misoptimization in PL/Perl (Tom Lane)
Some Linux distributions contain an incorrect version of
"pthread.h" that results in incorrect compiled code in PL/Perl,
leading to crashes if a PL/Perl function calls another one that
throws an error.
* Update time zone data files to tzdata release 2012f for DST law
changes in Fiji
__________________________________________________________________
Release 8.3.20
Release Date: 2012-08-17
This release contains a variety of fixes from 8.3.19. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
The PostgreSQL community will stop releasing updates for the 8.3.X
release series in February 2013. Users are encouraged to update to a
newer release branch soon.
__________________________________________________________________
Migration to Version 8.3.20
A dump/restore is not required for those running 8.3.X.
However, if you are upgrading from a version earlier than 8.3.17, see
the release notes for 8.3.17.
__________________________________________________________________
Changes
* Prevent access to external files/URLs via XML entity references
(Noah Misch, Tom Lane)
xml_parse() would attempt to fetch external files or URLs as needed
to resolve DTD and entity references in an XML value, thus allowing
unprivileged database users to attempt to fetch data with the
privileges of the database server. While the external data wouldn't
get returned directly to the user, portions of it could be exposed
in error messages if the data didn't parse as valid XML; and in any
case the mere ability to check existence of a file might be useful
to an attacker. (CVE-2012-3489)
* Prevent access to external files/URLs via "contrib/xml2"'s
xslt_process() (Peter Eisentraut)
libxslt offers the ability to read and write both files and URLs
through stylesheet commands, thus allowing unprivileged database
users to both read and write data with the privileges of the
database server. Disable that through proper use of libxslt's
security options. (CVE-2012-3488)
Also, remove xslt_process()'s ability to fetch documents and
stylesheets from external files/URLs. While this was a documented
"feature", it was long regarded as a bad idea. The fix for
CVE-2012-3489 broke that capability, and rather than expend effort
on trying to fix it, we're just going to summarily remove it.
* Prevent too-early recycling of btree index pages (Noah Misch)
When we allowed read-only transactions to skip assigning XIDs, we
introduced the possibility that a deleted btree page could be
recycled while a read-only transaction was still in flight to it.
This would result in incorrect index search results. The
probability of such an error occurring in the field seems very low
because of the timing requirements, but nonetheless it should be
fixed.
* Fix crash-safety bug with newly-created-or-reset sequences (Tom
Lane)
If "ALTER SEQUENCE" was executed on a freshly created or reset
sequence, and then precisely one nextval() call was made on it, and
then the server crashed, WAL replay would restore the sequence to a
state in which it appeared that no nextval() had been done, thus
allowing the first sequence value to be returned again by the next
nextval() call. In particular this could manifest for serial
columns, since creation of a serial column's sequence includes an
"ALTER SEQUENCE OWNED BY" step.
* Ensure the "backup_label" file is fsync'd after pg_start_backup()
(Dave Kerr)
* Back-patch 9.1 improvement to compress the fsync request queue
(Robert Haas)
This improves performance during checkpoints. The 9.1 change has
now seen enough field testing to seem safe to back-patch.
* Only allow autovacuum to be auto-canceled by a directly blocked
process (Tom Lane)
The original coding could allow inconsistent behavior in some
cases; in particular, an autovacuum could get canceled after less
than deadlock_timeout grace period.
* Improve logging of autovacuum cancels (Robert Haas)
* Fix log collector so that log_truncate_on_rotation works during the
very first log rotation after server start (Tom Lane)
* Ensure that a whole-row reference to a subquery doesn't include any
extra GROUP BY or ORDER BY columns (Tom Lane)
* Disallow copying whole-row references in CHECK constraints and
index definitions during "CREATE TABLE" (Tom Lane)
This situation can arise in "CREATE TABLE" with LIKE or INHERITS.
The copied whole-row variable was incorrectly labeled with the row
type of the original table not the new one. Rejecting the case
seems reasonable for LIKE, since the row types might well diverge
later. For INHERITS we should ideally allow it, with an implicit
coercion to the parent table's row type; but that will require more
work than seems safe to back-patch.
* Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki
Linnakangas, Tom Lane)
* Fix extraction of common prefixes from regular expressions (Tom
Lane)
The code could get confused by quantified parenthesized
subexpressions, such as ^(foo)?bar. This would lead to incorrect
index optimization of searches for such patterns.
* Report errors properly in "contrib/xml2"'s xslt_process() (Tom
Lane)
* Update time zone data files to tzdata release 2012e for DST law
changes in Morocco and Tokelau
__________________________________________________________________
Release 8.3.19
Release Date: 2012-06-04
This release contains a variety of fixes from 8.3.18. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________
Migration to Version 8.3.19
A dump/restore is not required for those running 8.3.X.
However, if you are upgrading from a version earlier than 8.3.17, see
the release notes for 8.3.17.
__________________________________________________________________
Changes
* Fix incorrect password transformation in "contrib/pgcrypto"'s DES
crypt() function (Solar Designer)
If a password string contained the byte value 0x80, the remainder
of the password was ignored, causing the password to be much weaker
than it appeared. With this fix, the rest of the string is properly
included in the DES hash. Any stored password values that are
affected by this bug will thus no longer match, so the stored
values may need to be updated. (CVE-2012-2143)
* Ignore SECURITY DEFINER and SET attributes for a procedural
language's call handler (Tom Lane)
Applying such attributes to a call handler could crash the server.
(CVE-2012-2655)
* Allow numeric timezone offsets in timestamp input to be up to 16
hours away from UTC (Tom Lane)
Some historical time zones have offsets larger than 15 hours, the
previous limit. This could result in dumped data values being
rejected during reload.
* Fix timestamp conversion to cope when the given time is exactly the
last DST transition time for the current timezone (Tom Lane)
This oversight has been there a long time, but was not noticed
previously because most DST-using zones are presumed to have an
indefinite sequence of future DST transitions.
* Fix text to name and char to name casts to perform string
truncation correctly in multibyte encodings (Karl Schnaitter)
* Fix memory copying bug in to_tsquery() (Heikki Linnakangas)
* Fix slow session startup when pg_attribute is very large (Tom Lane)
If pg_attribute exceeds one-fourth of shared_buffers, cache
rebuilding code that is sometimes needed during session start would
trigger the synchronized-scan logic, causing it to take many times
longer than normal. The problem was particularly acute if many new
sessions were starting at once.
* Ensure sequential scans check for query cancel reasonably often
(Merlin Moncure)
A scan encountering many consecutive pages that contain no live
tuples would not respond to interrupts meanwhile.
* Ensure the Windows implementation of PGSemaphoreLock() clears
ImmediateInterruptOK before returning (Tom Lane)
This oversight meant that a query-cancel interrupt received later
in the same query could be accepted at an unsafe time, with
unpredictable but not good consequences.
* Show whole-row variables safely when printing views or rules (Abbas
Butt, Tom Lane)
Corner cases involving ambiguous names (that is, the name could be
either a table or column name of the query) were printed in an
ambiguous way, risking that the view or rule would be interpreted
differently after dump and reload. Avoid the ambiguous case by
attaching a no-op cast.
* Ensure autovacuum worker processes perform stack depth checking
properly (Heikki Linnakangas)
Previously, infinite recursion in a function invoked by
auto-"ANALYZE" could crash worker processes.
* Fix logging collector to not lose log coherency under high load
(Andrew Dunstan)
The collector previously could fail to reassemble large messages if
it got too busy.
* Fix logging collector to ensure it will restart file rotation after
receiving SIGHUP (Tom Lane)
* Fix PL/pgSQL's "GET DIAGNOSTICS" command when the target is the
function's first variable (Tom Lane)
* Fix several performance problems in pg_dump when the database
contains many objects (Jeff Janes, Tom Lane)
pg_dump could get very slow if the database contained many schemas,
or if many objects are in dependency loops, or if there are many
owned sequences.
* Fix "contrib/dblink"'s dblink_exec() to not leak temporary database
connections upon error (Tom Lane)
* Update time zone data files to tzdata release 2012c for DST law
changes in Antarctica, Armenia, Chile, Cuba, Falkland Islands,
Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; also
historical corrections for Canada.
__________________________________________________________________
Release 8.3.18
Release Date: 2012-02-27
This release contains a variety of fixes from 8.3.17. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________
Migration to Version 8.3.18
A dump/restore is not required for those running 8.3.X.
However, if you are upgrading from a version earlier than 8.3.17, see
the release notes for 8.3.17.
__________________________________________________________________
Changes
* Require execute permission on the trigger function for "CREATE
TRIGGER" (Robert Haas)
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he
owns. This is only of significance for trigger functions marked
SECURITY DEFINER, since otherwise trigger functions run as the
table owner anyway. (CVE-2012-0866)
* Convert newlines to spaces in names written in pg_dump comments
(Robert Haas)
pg_dump was incautious about sanitizing object names that are
emitted within SQL comments in its output script. A name containing
a newline would at least render the script syntactically incorrect.
Maliciously crafted object names could present a SQL injection risk
when the script is reloaded. (CVE-2012-0868)
* Fix btree index corruption from insertions concurrent with
vacuuming (Tom Lane)
An index page split caused by an insertion could sometimes cause a
concurrently-running "VACUUM" to miss removing index entries that
it should remove. After the corresponding table rows are removed,
the dangling index entries would cause errors (such as "could not
read block N in file ...") or worse, silently wrong query results
after unrelated rows are re-inserted at the now-free table
locations. This bug has been present since release 8.2, but occurs
so infrequently that it was not diagnosed until now. If you have
reason to suspect that it has happened in your database, reindexing
the affected index will fix things.
* Allow non-existent values for some settings in "ALTER USER/DATABASE
SET" (Heikki Linnakangas)
Allow default_text_search_config, default_tablespace, and
temp_tablespaces to be set to names that are not known. This is
because they might be known in another database where the setting
is intended to be used, or for the tablespace cases because the
tablespace might not be created yet. The same issue was previously
recognized for search_path, and these settings now act like that
one.
* Track the OID counter correctly during WAL replay, even when it
wraps around (Tom Lane)
Previously the OID counter would remain stuck at a high value until
the system exited replay mode. The practical consequences of that
are usually nil, but there are scenarios wherein a standby server
that's been promoted to master might take a long time to advance
the OID counter to a reasonable value once values are needed.
* Fix regular expression back-references with * attached (Tom Lane)
Rather than enforcing an exact string match, the code would
effectively accept any string that satisfies the pattern
sub-expression referenced by the back-reference symbol.
A similar problem still afflicts back-references that are embedded
in a larger quantified expression, rather than being the immediate
subject of the quantifier. This will be addressed in a future
PostgreSQL release.
* Fix recently-introduced memory leak in processing of inet/cidr
values (Heikki Linnakangas)
A patch in the December 2011 releases of PostgreSQL caused memory
leakage in these operations, which could be significant in
scenarios such as building a btree index on such a column.
* Avoid double close of file handle in syslogger on Windows (MauMau)
Ordinarily this error was invisible, but it would cause an
exception when running on a debug version of Windows.
* Fix I/O-conversion-related memory leaks in plpgsql (Andres Freund,
Jan Urbanski, Tom Lane)
Certain operations would leak memory until the end of the current
function.
* Improve pg_dump's handling of inherited table columns (Tom Lane)
pg_dump mishandled situations where a child column has a different
default expression than its parent column. If the default is
textually identical to the parent's default, but not actually the
same (for instance, because of schema search path differences) it
would not be recognized as different, so that after dump and
restore the child would be allowed to inherit the parent's default.
Child columns that are NOT NULL where their parent is not could
also be restored subtly incorrectly.
* Fix pg_restore's direct-to-database mode for INSERT-style table
data (Tom Lane)
Direct-to-database restores from archive files made with
"--inserts" or "--column-inserts" options fail when using
pg_restore from a release dated September or December 2011, as a
result of an oversight in a fix for another problem. The archive
file itself is not at fault, and text-mode output is okay.
* Fix error in "contrib/intarray"'s int[] & int[] operator (Guillaume
Lelarge)
If the smallest integer the two input arrays have in common is 1,
and there are smaller values in either array, then 1 would be
incorrectly omitted from the result.
* Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and
decrypt_iv() (Marko Kreen)
These functions failed to report certain types of invalid-input
errors, and would instead return random garbage values for
incorrect input.
* Fix one-byte buffer overrun in "contrib/test_parser" (Paul Guyot)
The code would try to read one more byte than it should, which
would crash in corner cases. Since "contrib/test_parser" is only
example code, this is not a security issue in itself, but bad
example code is still bad.
* Use __sync_lock_test_and_set() for spinlocks on ARM, if available
(Martin Pitt)
This function replaces our previous use of the SWPB instruction,
which is deprecated and not available on ARMv6 and later. Reports
suggest that the old code doesn't fail in an obvious way on recent
ARM boards, but simply doesn't interlock concurrent accesses,
leading to bizarre failures in multiprocess operation.
* Use "-fexcess-precision=standard" option when building with gcc
versions that accept it (Andrew Dunstan)
This prevents assorted scenarios wherein recent versions of gcc
will produce creative results.
* Allow use of threaded Python on FreeBSD (Chris Rees)
Our configure script previously believed that this combination
wouldn't work; but FreeBSD fixed the problem, so remove that error
check.
__________________________________________________________________
Release 8.3.17
Release Date: 2011-12-05
This release contains a variety of fixes from 8.3.16. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________
Migration to Version 8.3.17
A dump/restore is not required for those running 8.3.X.
However, a longstanding error was discovered in the definition of the
information_schema.referential_constraints view. If you rely on correct
results from that view, you should replace its definition as explained
in the first changelog item below.
Also, if you are upgrading from a version earlier than 8.3.8, see the
release notes for 8.3.8.
__________________________________________________________________
Changes
* Fix bugs in information_schema.referential_constraints view (Tom
Lane)
This view was being insufficiently careful about matching the
foreign-key constraint to the depended-on primary or unique key
constraint. That could result in failure to show a foreign key
constraint at all, or showing it multiple times, or claiming that
it depends on a different constraint than the one it really does.
Since the view definition is installed by initdb, merely upgrading
will not fix the problem. If you need to fix this in an existing
installation, you can (as a superuser) drop the information_schema
schema then re-create it by sourcing
"SHAREDIR/information_schema.sql". (Run pg_config --sharedir if
you're uncertain where "SHAREDIR" is.) This must be repeated in
each database to be fixed.
* Fix TOAST-related data corruption during CREATE TABLE dest AS
SELECT * FROM src or INSERT INTO dest SELECT * FROM src (Tom Lane)
If a table has been modified by "ALTER TABLE ADD COLUMN", attempts
to copy its data verbatim to another table could produce corrupt
results in certain corner cases. The problem can only manifest in
this precise form in 8.4 and later, but we patched earlier versions
as well in case there are other code paths that could trigger the
same bug.
* Fix race condition during toast table access from stale syscache
entries (Tom Lane)
The typical symptom was transient errors like "missing chunk number
0 for toast value NNNNN in pg_toast_2619", where the cited toast
table would always belong to a system catalog.
* Make DatumGetInetP() unpack inet datums that have a 1-byte header,
and add a new macro, DatumGetInetPP(), that does not (Heikki
Linnakangas)
This change affects no core code, but might prevent crashes in
add-on code that expects DatumGetInetP() to produce an unpacked
datum as per usual convention.
* Improve locale support in money type's input and output (Tom Lane)
Aside from not supporting all standard lc_monetary formatting
options, the input and output functions were inconsistent, meaning
there were locales in which dumped money values could not be
re-read.
* Don't let transform_null_equals affect CASE foo WHEN NULL ...
constructs (Heikki Linnakangas)
transform_null_equals is only supposed to affect foo = NULL
expressions written directly by the user, not equality checks
generated internally by this form of CASE.
* Change foreign-key trigger creation order to better support
self-referential foreign keys (Tom Lane)
For a cascading foreign key that references its own table, a row
update will fire both the ON UPDATE trigger and the CHECK trigger
as one event. The ON UPDATE trigger must execute first, else the
CHECK will check a non-final state of the row and possibly throw an
inappropriate error. However, the firing order of these triggers is
determined by their names, which generally sort in creation order
since the triggers have auto-generated names following the
convention "RI_ConstraintTrigger_NNNN". A proper fix would require
modifying that convention, which we will do in 9.2, but it seems
risky to change it in existing releases. So this patch just changes
the creation order of the triggers. Users encountering this type of
error should drop and re-create the foreign key constraint to get
its triggers into the right order.
* Avoid floating-point underflow while tracking buffer allocation
rate (Greg Matthews)
While harmless in itself, on certain platforms this would result in
annoying kernel log messages.
* Preserve blank lines within commands in psql's command history
(Robert Haas)
The former behavior could cause problems if an empty line was
removed from within a string literal, for example.
* Fix pg_dump to dump user-defined casts between auto-generated
types, such as table rowtypes (Tom Lane)
* Use the preferred version of xsubpp to build PL/Perl, not
necessarily the operating system's main copy (David Wheeler and
Alex Hunsaker)
* Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn"
(Tom Lane)
Some functions incorrectly assumed that memory returned by palloc()
is guaranteed zeroed.
* Honor query cancel interrupts promptly in pgstatindex() (Robert
Haas)
* Ensure VPATH builds properly install all server header files (Peter
Eisentraut)
* Shorten file names reported in verbose error messages (Peter
Eisentraut)
Regular builds have always reported just the name of the C file
containing the error message call, but VPATH builds formerly
reported an absolute path name.
* Fix interpretation of Windows timezone names for Central America
(Tom Lane)
Map "Central America Standard Time" to CST6, not CST6CDT, because
DST is generally not observed anywhere in Central America.
* Update time zone data files to tzdata release 2011n for DST law
changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; also
historical corrections for Alaska and British East Africa.
__________________________________________________________________
Release 8.3.16
Release Date: 2011-09-26
This release contains a variety of fixes from 8.3.15. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________
Migration to Version 8.3.16
A dump/restore is not required for those running 8.3.X. However, if you
are upgrading from a version earlier than 8.3.8, see the release notes
for 8.3.8.
__________________________________________________________________
Changes
* Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane)
These bugs could result in index corruption after reindexing a
system catalog. They are not believed to affect user indexes.
* Fix multiple bugs in GiST index page split processing (Heikki
Linnakangas)
The probability of occurrence was low, but these could lead to
index corruption.
* Fix possible buffer overrun in tsvector_concat() (Tom Lane)
The function could underestimate the amount of memory needed for
its result, leading to server crashes.
* Fix crash in xml_recv when processing a "standalone" parameter (Tom
Lane)
* Avoid possibly accessing off the end of memory in "ANALYZE" and in
SJIS-2004 encoding conversion (Noah Misch)
This fixes some very-low-probability server crash scenarios.
* Fix race condition in relcache init file invalidation (Tom Lane)
There was a window wherein a new backend process could read a stale
init file but miss the inval messages that would tell it the data
is stale. The result would be bizarre failures in catalog accesses,
typically "could not read block 0 in file ..." later during
startup.
* Fix memory leak at end of a GiST index scan (Tom Lane)
Commands that perform many separate GiST index scans, such as
verification of a new GiST-based exclusion constraint on a table
already containing many rows, could transiently require large
amounts of memory due to this leak.
* Fix performance problem when constructing a large, lossy bitmap
(Tom Lane)
* Fix array- and path-creating functions to ensure padding bytes are
zeroes (Tom Lane)
This avoids some situations where the planner will think that
semantically-equal constants are not equal, resulting in poor
optimization.
* Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane)
This could lead to loss of committed transactions after a server
crash.
* Fix dump bug for VALUES in a view (Tom Lane)
* Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane)
This operation doesn't work as expected and can lead to failures.
* Defend against integer overflow when computing size of a hash table
(Tom Lane)
* Fix cases where "CLUSTER" might attempt to access already-removed
TOAST data (Tom Lane)
* Fix portability bugs in use of credentials control messages for
"peer" authentication (Tom Lane)
* Fix SSPI login when multiple roundtrips are required (Ahmed
Shinwari, Magnus Hagander)
The typical symptom of this problem was "The function requested is
not supported" errors during SSPI login.
* Fix typo in pg_srand48 seed initialization (Andres Freund)
This led to failure to use all bits of the provided seed. This
function is not used on most platforms (only those without
srandom), and the potential security exposure from a
less-random-than-expected seed seems minimal in any case.
* Avoid integer overflow when the sum of LIMIT and OFFSET values
exceeds 2^63 (Heikki Linnakangas)
* Add overflow checks to int4 and int8 versions of generate_series()
(Robert Haas)
* Fix trailing-zero removal in to_char() (Marti Raudsepp)
In a format with FM and no digit positions after the decimal point,
zeroes to the left of the decimal point could be removed
incorrectly.
* Fix pg_size_pretty() to avoid overflow for inputs close to 2^63
(Tom Lane)
* In pg_ctl, support silent mode for service registrations on Windows
(MauMau)
* Fix psql's counting of script file line numbers during COPY from a
different file (Tom Lane)
* Fix pg_restore's direct-to-database mode for
standard_conforming_strings (Tom Lane)
pg_restore could emit incorrect commands when restoring directly to
a database server from an archive file that had been made with
standard_conforming_strings set to on.
* Fix write-past-buffer-end and memory leak in libpq's LDAP service
lookup code (Albe Laurenz)
* In libpq, avoid failures when using nonblocking I/O and an SSL
connection (Martin Pihlak, Tom Lane)
* Improve libpq's handling of failures during connection startup (Tom
Lane)
In particular, the response to a server report of fork() failure
during SSL connection startup is now saner.
* Improve libpq's error reporting for SSL failures (Tom Lane)
* Make ecpglib write double values with 15 digits precision (Akira
Kurosawa)
* In ecpglib, be sure LC_NUMERIC setting is restored after an error
(Michael Meskes)
* Apply upstream fix for blowfish signed-character bug
(CVE-2011-2483) (Tom Lane)
"contrib/pg_crypto"'s blowfish encryption code could give wrong
results on platforms where char is signed (which is most), leading
to encrypted passwords being weaker than they should be.
* Fix memory leak in "contrib/seg" (Heikki Linnakangas)
* Fix pgstatindex() to give consistent results for empty indexes (Tom
Lane)
* Allow building with perl 5.14 (Alex Hunsaker)
* Update configure script's method for probing existence of system
functions (Tom Lane)
The version of autoconf we used in 8.3 and 8.2 could be fooled by
compilers that perform link-time optimization.
* Fix assorted issues with build and install file paths containing
spaces (Tom Lane)
* Update time zone data files to tzdata release 2011i for DST law
changes in Canada, Egypt, Russia, Samoa, and South Sudan.
__________________________________________________________________
Release 8.3.15
Release Date: 2011-04-18
This release contains a variety of fixes from 8.3.14. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________
Migration to Version 8.3.15
A dump/restore is not required for those running 8.3.X. However, if you
are upgrading from a version earlier than 8.3.8, see the release notes
for 8.3.8.
__________________________________________________________________
Changes
* Disallow including a composite type in itself (Tom Lane)
This prevents scenarios wherein the server could recurse infinitely
while processing the composite type. While there are some possible
uses for such a structure, they don't seem compelling enough to
justify the effort required to make sure it always works safely.
* Avoid potential deadlock during catalog cache initialization
(Nikhil Sontakke)
In some cases the cache loading code would acquire share lock on a
system index before locking the index's catalog. This could
deadlock against processes trying to acquire exclusive locks in the
other, more standard order.
* Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling
when there was a concurrent update to the target tuple (Tom Lane)
This bug has been observed to result in intermittent "cannot
extract system attribute from virtual tuple" failures while trying
to do UPDATE RETURNING ctid. There is a very small probability of
more serious errors, such as generating incorrect index entries for
the updated tuple.
* Disallow "DROP TABLE" when there are pending deferred trigger
events for the table (Tom Lane)
Formerly the "DROP" would go through, leading to "could not open
relation with OID nnn" errors when the triggers were eventually
fired.
* Fix PL/Python memory leak involving array slices (Daniel Popowich)
* Fix pg_restore to cope with long lines (over 1KB) in TOC files (Tom
Lane)
* Put in more safeguards against crashing due to division-by-zero
with overly enthusiastic compiler optimization (Aurelien Jarno)
* Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane)
There was a hard-wired assumption that this system function was not
available on MIPS hardware on these systems. Use a compile-time
test instead, since more recent versions have it.
* Fix compilation failures on HP-UX (Heikki Linnakangas)
* Fix version-incompatibility problem with libintl on Windows
(Hiroshi Inoue)
* Fix usage of xcopy in Windows build scripts to work correctly under
Windows 7 (Andrew Dunstan)
This affects the build scripts only, not installation or usage.
* Fix path separator used by pg_regress on Cygwin (Andrew Dunstan)
* Update time zone data files to tzdata release 2011f for DST law
changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, and
Turkey; also historical corrections for South Australia, Alaska,
and Hawaii.
__________________________________________________________________
Release 8.3.14
Release Date: 2011-01-31
This release contains a variety of fixes from 8.3.13. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________
Migration to Version 8.3.14
A dump/restore is not required for those running 8.3.X. However, if you
are upgrading from a version earlier than 8.3.8, see the release notes
for 8.3.8.
__________________________________________________________________
Changes
* Avoid failures when "EXPLAIN" tries to display a simple-form CASE
expression (Tom Lane)
If the CASE's test expression was a constant, the planner could
simplify the CASE into a form that confused the expression-display
code, resulting in "unexpected CASE WHEN clause" errors.
* Fix assignment to an array slice that is before the existing range
of subscripts (Tom Lane)
If there was a gap between the newly added subscripts and the first
pre-existing subscript, the code miscalculated how many entries
needed to be copied from the old array's null bitmap, potentially
leading to data corruption or crash.
* Avoid unexpected conversion overflow in planner for very distant
date values (Tom Lane)
The date type supports a wider range of dates than can be
represented by the timestamp types, but the planner assumed it
could always convert a date to timestamp with impunity.
* Fix pg_restore's text output for large objects (BLOBs) when
standard_conforming_strings is on (Tom Lane)
Although restoring directly to a database worked correctly, string
escaping was incorrect if pg_restore was asked for SQL text output
and standard_conforming_strings had been enabled in the source
database.
* Fix erroneous parsing of tsquery values containing ... &
!(subexpression) | ... (Tom Lane)
Queries containing this combination of operators were not executed
correctly. The same error existed in "contrib/intarray"'s query_int
type and "contrib/ltree"'s ltxtquery type.
* Fix buffer overrun in "contrib/intarray"'s input function for the
query_int type (Apple)
This bug is a security risk since the function's return address
could be overwritten. Thanks to Apple Inc's security team for
reporting this issue and supplying the fix. (CVE-2010-4015)
* Fix bug in "contrib/seg"'s GiST picksplit algorithm (Alexander
Korotkov)
This could result in considerable inefficiency, though not actually
incorrect answers, in a GiST index on a seg column. If you have
such an index, consider "REINDEX"ing it after installing this
update. (This is identical to the bug that was fixed in
"contrib/cube" in the previous update.)
__________________________________________________________________
Release 8.3.13
Release Date: 2010-12-16
This release contains a variety of fixes from 8.3.12. For information
about new features in the 8.3 major release, see the Section called
Release 8.3.
__________________________________________________________________
Migration to Version 8.3.13
A dump/restore is not required for those running 8.3.X. However, if you
are upgrading from a version earlier than 8.3.8, see the release notes
for 8.3.8.
__________________________________________________________________
Changes
* Force the default wal_sync_method to be fdatasync on Linux (Tom
Lane, Marti Raudsepp)
The default on Linux has actually been fdatasync for many years,
but recent kernel changes caused PostgreSQL to choose open_datasync
instead. This choice did not result in any performance improvement,
and caused outright failures on certain filesystems, notably ext4
with the data=journal mount option.
* Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane)
This could result in "bad buffer id: 0" failures or corruption of
index contents during replication.
* Fix recovery from base backup when the starting checkpoint WAL
record is not in the same WAL segment as its redo point (Jeff
Davis)
* Fix persistent slowdown of autovacuum workers when multiple workers
remain active for a long time (Tom Lane)
The effective vacuum_cost_limit for an autovacuum worker could drop
to nearly zero if it processed enough tables, causing it to run
extremely slowly.
* Add support for detecting register-stack overrun on IA64 (Tom Lane)
The IA64 architecture has two hardware stacks. Full prevention of
stack-overrun failures requires checking both.
* Add a check for stack overflow in copyObject() (Tom Lane)
Certain code paths could crash due to stack overflow given a
sufficiently complex query.
* Fix detection of page splits in temporary GiST indexes (Heikki
Linnakangas)
It is possible to have a "concurrent" page split in a temporary
index, if for example there is an open cursor scanning the index
when an insertion is done. GiST failed to detect this case and
hence could deliver wrong results when execution of the cursor
continued.
* Avoid memory leakage while "ANALYZE"'ing complex index expressions
(Tom Lane)
* Ensure an index that uses a whole-row Var still depends on its
table (Tom Lane)
An index declared like create index i on t (foo(t.*)) would not
automatically get dropped when its table was dropped.
* Do not "inline" a SQL function with multiple OUT parameters (Tom
Lane)
This avoids a possible crash due to loss of information about the
expected result rowtype.
* Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is
attached to the VALUES part of INSERT ... VALUES (Tom Lane)
* Fix constant-folding of COALESCE() expressions (Tom Lane)
The planner would sometimes attempt to evaluate sub-expressions
that in fact could never be reached, possibly leading to unexpected
errors.
* Fix postmaster crash when connection acceptance (accept() or one of
the calls made immediately after it) fails, and the postmaster was
compiled with GSSAPI support (Alexander Chernikov)
* Fix missed unlink of temporary files when log_temp_files is active
(Tom Lane)
If an error occurred while attempting to emit the log message, the
unlink was not done, resulting in accumulation of temp files.
* Add print functionality for InhRelation nodes (Tom Lane)