2011-12-05 This release contains a variety of fixes from 8.2.22. For information about new features in the 8.2 major release, see . This is expected to be the last PostgreSQL release in the 8.2.X series. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 8.2.X. However, a longstanding error was discovered in the definition of the information_schema.referential_constraints view. If you rely on correct results from that view, you should replace its definition as explained in the first changelog item below. Also, if you are upgrading from a version earlier than 8.2.14, see . Fix bugs in information_schema.referential_constraints view (Tom Lane) This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing SHAREDIR/information_schema.sql. (Run pg_config --sharedir if you're uncertain where SHAREDIR is.) This must be repeated in each database to be fixed. Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT * FROM src or INSERT INTO dest SELECT * FROM src (Tom Lane) If a table has been modified by ALTER TABLE ADD COLUMN, attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. Fix race condition during toast table access from stale syscache entries (Tom Lane) The typical symptom was transient errors like missing chunk number 0 for toast value NNNNN in pg_toast_2619, where the cited toast table would always belong to a system catalog. Improve locale support in money type's input and output (Tom Lane) Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs (Heikki Linnakangas) transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. Change foreign-key trigger creation order to better support self-referential foreign keys (Tom Lane) For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention RI_ConstraintTrigger_NNNN. A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. Preserve blank lines within commands in psql's command history (Robert Haas) The former behavior could cause problems if an empty line was removed from within a string literal, for example. Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy (David Wheeler and Alex Hunsaker) Honor query cancel interrupts promptly in pgstatindex() (Robert Haas) Ensure VPATH builds properly install all server header files (Peter Eisentraut) Shorten file names reported in verbose error messages (Peter Eisentraut) Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Fix interpretation of Windows timezone names for Central America (Tom Lane) Map Central America Standard Time to CST6, not CST6CDT, because DST is generally not observed anywhere in Central America. Update time zone data files to tzdata release 2011n for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; also historical corrections for Alaska and British East Africa. 2011-09-26 This release contains a variety of fixes from 8.2.21. For information about new features in the 8.2 major release, see . The PostgreSQL community will stop releasing updates for the 8.2.X release series in December 2011. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Fix multiple bugs in GiST index page split processing (Heikki Linnakangas) The probability of occurrence was low, but these could lead to index corruption. Avoid possibly accessing off the end of memory in ANALYZE (Noah Misch) This fixes a very-low-probability server crash scenario. Fix race condition in relcache init file invalidation (Tom Lane) There was a window wherein a new backend process could read a stale init file but miss the inval messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically could not read block 0 in file ... later during startup. Fix memory leak at end of a GiST index scan (Tom Lane) Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak. Fix performance problem when constructing a large, lossy bitmap (Tom Lane) Fix array- and path-creating functions to ensure padding bytes are zeroes (Tom Lane) This avoids some situations where the planner will think that semantically-equal constants are not equal, resulting in poor optimization. Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) This could lead to loss of committed transactions after a server crash. Fix dump bug for VALUES in a view (Tom Lane) Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) This operation doesn't work as expected and can lead to failures. Defend against integer overflow when computing size of a hash table (Tom Lane) Fix portability bugs in use of credentials control messages for peer authentication (Tom Lane) Fix typo in pg_srand48 seed initialization (Andres Freund) This led to failure to use all bits of the provided seed. This function is not used on most platforms (only those without srandom), and the potential security exposure from a less-random-than-expected seed seems minimal in any case. Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63 (Heikki Linnakangas) Add overflow checks to int4 and int8 versions of generate_series() (Robert Haas) Fix trailing-zero removal in to_char() (Marti Raudsepp) In a format with FM and no digit positions after the decimal point, zeroes to the left of the decimal point could be removed incorrectly. Fix pg_size_pretty() to avoid overflow for inputs close to 2^63 (Tom Lane) Fix psql's counting of script file line numbers during COPY from a different file (Tom Lane) Fix pg_restore's direct-to-database mode for standard_conforming_strings (Tom Lane) pg_restore could emit incorrect commands when restoring directly to a database server from an archive file that had been made with standard_conforming_strings set to on. Fix write-past-buffer-end and memory leak in libpq's LDAP service lookup code (Albe Laurenz) In libpq, avoid failures when using nonblocking I/O and an SSL connection (Martin Pihlak, Tom Lane) Improve libpq's handling of failures during connection startup (Tom Lane) In particular, the response to a server report of fork() failure during SSL connection startup is now saner. Make ecpglib write double values with 15 digits precision (Akira Kurosawa) Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) (Tom Lane) contrib/pg_crypto's blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. Fix memory leak in contrib/seg (Heikki Linnakangas) Fix pgstatindex() to give consistent results for empty indexes (Tom Lane) Allow building with perl 5.14 (Alex Hunsaker) Update configure script's method for probing existence of system functions (Tom Lane) The version of autoconf we used in 8.3 and 8.2 could be fooled by compilers that perform link-time optimization. Fix assorted issues with build and install file paths containing spaces (Tom Lane) Update time zone data files to tzdata release 2011i for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. 2011-04-18 This release contains a variety of fixes from 8.2.20. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Avoid potential deadlock during catalog cache initialization (Nikhil Sontakke) In some cases the cache loading code would acquire share lock on a system index before locking the index's catalog. This could deadlock against processes trying to acquire exclusive locks in the other, more standard order. Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling when there was a concurrent update to the target tuple (Tom Lane) This bug has been observed to result in intermittent cannot extract system attribute from virtual tuple failures while trying to do UPDATE RETURNING ctid. There is a very small probability of more serious errors, such as generating incorrect index entries for the updated tuple. Disallow DROP TABLE when there are pending deferred trigger events for the table (Tom Lane) Formerly the DROP would go through, leading to could not open relation with OID nnn errors when the triggers were eventually fired. Fix PL/Python memory leak involving array slices (Daniel Popowich) Fix pg_restore to cope with long lines (over 1KB) in TOC files (Tom Lane) Put in more safeguards against crashing due to division-by-zero with overly enthusiastic compiler optimization (Aurelien Jarno) Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) There was a hard-wired assumption that this system function was not available on MIPS hardware on these systems. Use a compile-time test instead, since more recent versions have it. Fix compilation failures on HP-UX (Heikki Linnakangas) Fix path separator used by pg_regress on Cygwin (Andrew Dunstan) Update time zone data files to tzdata release 2011f for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, and Turkey; also historical corrections for South Australia, Alaska, and Hawaii. 2011-01-31 This release contains a variety of fixes from 8.2.19. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Avoid failures when EXPLAIN tries to display a simple-form CASE expression (Tom Lane) If the CASE's test expression was a constant, the planner could simplify the CASE into a form that confused the expression-display code, resulting in unexpected CASE WHEN clause errors. Fix assignment to an array slice that is before the existing range of subscripts (Tom Lane) If there was a gap between the newly added subscripts and the first pre-existing subscript, the code miscalculated how many entries needed to be copied from the old array's null bitmap, potentially leading to data corruption or crash. Avoid unexpected conversion overflow in planner for very distant date values (Tom Lane) The date type supports a wider range of dates than can be represented by the timestamp types, but the planner assumed it could always convert a date to timestamp with impunity. Fix pg_restore's text output for large objects (BLOBs) when standard_conforming_strings is on (Tom Lane) Although restoring directly to a database worked correctly, string escaping was incorrect if pg_restore was asked for SQL text output and standard_conforming_strings had been enabled in the source database. Fix erroneous parsing of tsquery values containing ... & !(subexpression) | ... (Tom Lane) Queries containing this combination of operators were not executed correctly. The same error existed in contrib/intarray's query_int type and contrib/ltree's ltxtquery type. Fix buffer overrun in contrib/intarray's input function for the query_int type (Apple) This bug is a security risk since the function's return address could be overwritten. Thanks to Apple Inc's security team for reporting this issue and supplying the fix. (CVE-2010-4015) Fix bug in contrib/seg's GiST picksplit algorithm (Alexander Korotkov) This could result in considerable inefficiency, though not actually incorrect answers, in a GiST index on a seg column. If you have such an index, consider REINDEXing it after installing this update. (This is identical to the bug that was fixed in contrib/cube in the previous update.) 2010-12-16 This release contains a variety of fixes from 8.2.18. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Force the default wal_sync_method to be fdatasync on Linux (Tom Lane, Marti Raudsepp) The default on Linux has actually been fdatasync for many years, but recent kernel changes caused PostgreSQL to choose open_datasync instead. This choice did not result in any performance improvement, and caused outright failures on certain filesystems, notably ext4 with the data=journal mount option. Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) This could result in bad buffer id: 0 failures or corruption of index contents during replication. Fix recovery from base backup when the starting checkpoint WAL record is not in the same WAL segment as its redo point (Jeff Davis) Add support for detecting register-stack overrun on IA64 (Tom Lane) The IA64 architecture has two hardware stacks. Full prevention of stack-overrun failures requires checking both. Add a check for stack overflow in copyObject() (Tom Lane) Certain code paths could crash due to stack overflow given a sufficiently complex query. Fix detection of page splits in temporary GiST indexes (Heikki Linnakangas) It is possible to have a concurrent page split in a temporary index, if for example there is an open cursor scanning the index when an insertion is done. GiST failed to detect this case and hence could deliver wrong results when execution of the cursor continued. Avoid memory leakage while ANALYZE'ing complex index expressions (Tom Lane) Ensure an index that uses a whole-row Var still depends on its table (Tom Lane) An index declared like create index i on t (foo(t.*)) would not automatically get dropped when its table was dropped. Do not inline a SQL function with multiple OUT parameters (Tom Lane) This avoids a possible crash due to loss of information about the expected result rowtype. Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is attached to the VALUES part of INSERT ... VALUES (Tom Lane) Fix constant-folding of COALESCE() expressions (Tom Lane) The planner would sometimes attempt to evaluate sub-expressions that in fact could never be reached, possibly leading to unexpected errors. Add print functionality for InhRelation nodes (Tom Lane) This avoids a failure when debug_print_parse is enabled and certain types of query are executed. Fix incorrect calculation of distance from a point to a horizontal line segment (Tom Lane) This bug affected several different geometric distance-measurement operators. Fix PL/pgSQL's handling of simple expressions to not fail in recursion or error-recovery cases (Tom Lane) Fix PL/Python's handling of set-returning functions (Jan Urbanski) Attempts to call SPI functions within the iterator generating a set result would fail. Fix bug in contrib/cube's GiST picksplit algorithm (Alexander Korotkov) This could result in considerable inefficiency, though not actually incorrect answers, in a GiST index on a cube column. If you have such an index, consider REINDEXing it after installing this update. Don't emit identifier will be truncated notices in contrib/dblink except when creating new connections (Itagaki Takahiro) Fix potential coredump on missing public key in contrib/pgcrypto (Marti Raudsepp) Fix memory leak in contrib/xml2's XPath query functions (Tom Lane) Update time zone data files to tzdata release 2010o for DST law changes in Fiji and Samoa; also historical corrections for Hong Kong. 2010-10-04 This release contains a variety of fixes from 8.2.17. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane) This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with (Heikki Linnakangas, Tom Lane) Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus Hagander) This bug led to the often-reported could not reattach to shared memory error message. This is a back-patch of a fix that was applied to newer branches some time ago. Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on Windows (Magnus Hagander) Under high load, Windows processes will sometimes fail at startup with this error code. Formerly the postmaster treated this as a panic condition and restarted the whole database, but that seems to be an overreaction. Fix possible duplicate scans of UNION ALL member relations (Tom Lane) Fix cannot handle unplanned sub-select error (Tom Lane) This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages (Tom Lane) This should improve the system's robustness with corrupted indexes. Prevent show_session_authorization() from crashing within autovacuum processes (Tom Lane) Defend against functions returning setof record where not all the returned rows are actually of the same rowtype (Tom Lane) Fix possible failure when hashing a pass-by-reference function result (Tao Ma, Tom Lane) Take care to fsync the contents of lockfiles (both postmaster.pid and the socket lockfile) while writing them (Tom Lane) This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. Avoid recursion while assigning XIDs to heavily-nested subtransactions (Andres Freund, Robert Haas) The original coding could result in a crash if there was limited stack space. Fix log_line_prefix's %i escape, which could produce junk early in backend startup (Tom Lane) Fix possible data corruption in ALTER TABLE ... SET TABLESPACE when archiving is enabled (Jeff Davis) Allow CREATE DATABASE and ALTER DATABASE ... SET TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr (Peter Eisentraut) Improve contrib/dblink's handling of tables containing dropped columns (Tom Lane) Fix connection leak after duplicate connection name errors in contrib/dblink (Itagaki Takahiro) Fix contrib/dblink to handle connection names longer than 62 bytes correctly (Itagaki Takahiro) Add hstore(text, text) function to contrib/hstore (Robert Haas) This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after contrib/hstore is installed or reinstalled in a particular database. Users might prefer to execute the CREATE FUNCTION command by hand, instead. Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git (Magnus Hagander and others) Update time zone data files to tzdata release 2010l for DST law changes in Egypt and Palestine; also historical corrections for Finland. This change also adds new names for two Micronesian timezones: Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over Pacific/Ponape. Make Windows' N. Central Asia Standard Time timezone map to Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander) Microsoft changed the DST behavior of this zone in the timezone update from KB976098. Asia/Novosibirsk is a better match to its new behavior. 2010-05-17 This release contains a variety of fixes from 8.2.16. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using Safe.pm (Tim Bunce, Andrew Dunstan) Recent developments have convinced us that Safe.pm is too insecure to rely on for making plperl trustable. This change removes use of Safe.pm altogether, in favor of using a separate interpreter with an opcode mask that is always applied. Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. (CVE-2010-1169) Prevent PL/Tcl from executing untrustworthy code from pltcl_modules (Tom) PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted normal Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170) Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki) This error was introduced in 8.2.16 while fixing a related failure. Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or ALTER DATABASE ... RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. Now, the ALTER will only remove the parameters that the user has permission to change. Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries (Tom) In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message. Update pl/perl's ppport.h for modern Perl versions (Andrew) Fix assorted memory leaks in pl/python (Andreas Freund, Tom) Prevent infinite recursion in psql when expanding a variable that refers to itself (Tom) Fix psql's \copy to not add spaces around a dot within \copy (select ...) (Tom) Addition of spaces around the decimal point in a numeric literal would result in a syntax error. Ensure that contrib/pgstattuple functions respond to cancel interrupts promptly (Tatsuhito Kasahara) Make server startup deal properly with the case that shmget() returns EINVAL for an existing shared memory segment (Tom) This behavior has been observed on BSD-derived kernels including OS X. It resulted in an entirely-misleading startup failure complaining that the shared memory request size was too large. Avoid possible crashes in syslogger process on Windows (Heikki) Deal more robustly with incomplete time zone information in the Windows registry (Magnus) Update the set of known Windows time zone names (Magnus) Update time zone data files to tzdata release 2010j for DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also historical corrections for Taiwan. Also, add PKST (Pakistan Summer Time) to the default set of timezone abbreviations. 2010-03-15 This release contains a variety of fixes from 8.2.15. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Add new configuration parameter ssl_renegotiation_limit to control how often we do session key renegotiation for an SSL connection (Magnus) This can be set to zero to disable renegotiation completely, which may be required if a broken SSL library is used. In particular, some vendors are shipping stopgap patches for CVE-2009-3555 that cause renegotiation attempts to fail. Fix possible deadlock during backend startup (Tom) Fix possible crashes due to not handling errors during relcache reload cleanly (Tom) Fix possible crashes when trying to recover from a failure in subtransaction start (Tom) Fix server memory leak associated with use of savepoints and a client encoding different from server's encoding (Tom) Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST index page split (Yoichi Hirai) This would result in index corruption, or even more likely an error during WAL replay, if we were unlucky enough to crash during end-of-recovery cleanup after having completed an incomplete GIST insertion. Make substring() for bit types treat any negative length as meaning all the rest of the string (Tom) The previous coding treated only -1 that way, and would produce an invalid result value for other negative values, possibly leading to a crash (CVE-2010-0442). Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits (Tom) Fix some cases of pathologically slow regular expression matching (Tom) Fix the STOP WAL LOCATION entry in backup history files to report the next WAL segment's name when the end location is exactly at a segment boundary (Itagaki Takahiro) Fix some more cases of temporary-file leakage (Heikki) This corrects a problem introduced in the previous minor release. One case that failed is when a plpgsql function returning set is called within another function's exception handler. Improve constraint exclusion processing of boolean-variable cases, in particular make it possible to exclude a partition that has a bool_column = false constraint (Tom) When reading pg_hba.conf and related files, do not treat @something as a file inclusion request if the @ appears inside quote marks; also, never treat @ by itself as a file inclusion request (Tom) This prevents erratic behavior if a role or database name starts with @. If you need to include a file whose path name contains spaces, you can still do so, but you must write @"/path to/file" rather than putting the quotes around the whole construct. Prevent infinite loop on some platforms if a directory is named as an inclusion target in pg_hba.conf and related files (Tom) Fix possible infinite loop if SSL_read or SSL_write fails without setting errno (Tom) This is reportedly possible with some Windows versions of openssl. Fix psql's numericlocale option to not format strings it shouldn't in latex and troff output formats (Heikki) Make psql return the correct exit status (3) when ON_ERROR_STOP and --single-transaction are both specified and an error occurs during the implied COMMIT (Bruce) Fix plpgsql failure in one case where a composite column is set to NULL (Tom) Fix possible failure when calling PL/Perl functions from PL/PerlU or vice versa (Tim Bunce) Add volatile markings in PL/Python to avoid possible compiler-specific misbehavior (Zdenek Kotala) Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) The only known symptom of this oversight is that the Tcl clock command misbehaves if using Tcl 8.5 or later. Prevent crash in contrib/dblink when too many key columns are specified to a dblink_build_sql_* function (Rushabh Lathia, Joe Conway) Fix assorted crashes in contrib/xml2 caused by sloppy memory management (Tom) Make building of contrib/xml2 more robust on Windows (Andrew) Fix race condition in Windows signal handling (Radu Ilie) One known symptom of this bug is that rows in pg_listener could be dropped under heavy load. Update time zone data files to tzdata release 2010e for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. 2009-12-14 This release contains a variety of fixes from 8.2.14. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see . Protect against indirect security threats caused by index functions changing session-local state (Gurjeet Singh, Tom) This change prevents allegedly-immutable index functions from possibly subverting a superuser's session (CVE-2009-4136). Reject SSL certificates containing an embedded null byte in the common name (CN) field (Magnus) This prevents unintended matching of a certificate to a server or client name during SSL validation (CVE-2009-4034). Fix possible crash during backend-startup-time cache initialization (Tom) Prevent signals from interrupting VACUUM at unsafe times (Alvaro) This fix prevents a PANIC if a VACUUM FULL is canceled after it's already committed its tuple movements, as well as transient errors if a plain VACUUM is interrupted after having truncated the table. Fix possible crash due to integer overflow in hash table size calculation (Tom) This could occur with extremely large planner estimates for the size of a hashjoin's result. Fix very rare crash in inet/cidr comparisons (Chris Mikkelson) Ensure that shared tuple-level locks held by prepared transactions are not ignored (Heikki) Fix premature drop of temporary files used for a cursor that is accessed within a subtransaction (Heikki) Fix incorrect logic for GiST index page splits, when the split depends on a non-first column of the index (Paul Ramsey) Don't error out if recycling or removing an old WAL file fails at the end of checkpoint (Heikki) It's better to treat the problem as non-fatal and allow the checkpoint to complete. Future checkpoints will retry the removal. Such problems are not expected in normal operation, but have been seen to be caused by misdesigned Windows anti-virus and backup software. Ensure WAL files aren't repeatedly archived on Windows (Heikki) This is another symptom that could happen if some other process interfered with deletion of a no-longer-needed file. Fix PAM password processing to be more robust (Tom) The previous code is known to fail with the combination of the Linux pam_krb5 PAM module with Microsoft Active Directory as the domain controller. It might have problems elsewhere too, since it was making unjustified assumptions about what arguments the PAM stack would pass to it. Fix processing of ownership dependencies during CREATE OR REPLACE FUNCTION (Tom) Fix bug with calling plperl from plperlu or vice versa (Tom) An error exit from the inner function could result in crashes due to failure to re-select the correct Perl interpreter for the outer function. Fix session-lifespan memory leak when a PL/Perl function is redefined (Tom) Ensure that Perl arrays are properly converted to PostgreSQL arrays when returned by a set-returning PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) This worked correctly already for non-set-returning functions. Fix rare crash in exception processing in PL/Python (Peter) Ensure psql's flex module is compiled with the correct system header definitions (Tom) This fixes build failures on platforms where --enable-largefile causes incompatible changes in the generated code. Make the postmaster ignore any application_name parameter in connection request packets, to improve compatibility with future libpq versions (Tom) Update the timezone abbreviation files to match current reality (Joachim Wieland) This includes adding IDT and SGT to the default timezone abbreviation set. Update time zone data files to tzdata release 2009s for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical corrections for Hong Kong. 2009-09-09 This release contains a variety of fixes from 8.2.13. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you have any hash indexes on interval columns, you must REINDEX them after updating to 8.2.14. Also, if you are upgrading from a version earlier than 8.2.11, see . Force WAL segment switch during pg_start_backup() (Heikki) This avoids corner cases that could render a base backup unusable. Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer functions (Tom, Heikki) This covers a case that was missed in the previous patch that disallowed SET ROLE and SET SESSION AUTHORIZATION inside security-definer functions. (See CVE-2007-6600) Make LOAD of an already-loaded loadable module into a no-op (Tom) Formerly, LOAD would attempt to unload and re-load the module, but this is unsafe and not all that useful. Disallow empty passwords during LDAP authentication (Magnus) Fix handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function (Tom) Fix bugs associated with fetching a whole-row value from the output of a Sort or Materialize plan node (Tom) Revert planner change that disabled partial-index and constraint exclusion optimizations when there were more than 100 clauses in an AND or OR list (Tom) Fix hash calculation for data type interval (Tom) This corrects wrong results for hash joins on interval values. It also changes the contents of hash indexes on interval columns. If you have any such indexes, you must REINDEX them after updating. Treat to_char(..., 'TH') as an uppercase ordinal suffix with 'HH'/'HH12' (Heikki) It was previously handled as 'th' (lowercase). Fix overflow for INTERVAL 'x ms' when x is more than 2 million and integer datetimes are in use (Alex Hunsaker) Fix calculation of distance between a point and a line segment (Tom) This led to incorrect results from a number of geometric operators. Fix money data type to work in locales where currency amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) Properly round datetime input like 00:12:57.9999999999999999999999999999 (Tom) Fix poor choice of page split point in GiST R-tree operator classes (Teodor) Avoid performance degradation in bulk inserts into GIN indexes when the input values are (nearly) in sorted order (Tom) Correctly enforce NOT NULL domain constraints in some contexts in PL/pgSQL (Tom) Fix portability issues in plperl initialization (Andrew Dunstan) Fix pg_ctl to not go into an infinite loop if postgresql.conf is empty (Jeff Davis) Make contrib/hstore throw an error when a key or value is too long to fit in its data structure, rather than silently truncating it (Andrew Gierth) Fix contrib/xml2's xslt_process() to properly handle the maximum number of parameters (twenty) (Tom) Improve robustness of libpq's code to recover from errors during COPY FROM STDIN (Tom) Avoid including conflicting readline and editline header files when both libraries are installed (Zdenek Kotala) Update time zone data files to tzdata release 2009l for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, Argentina/San_Luis, Cuba, Jordan (historical correction only), Mauritius, Morocco, Palestine, Syria, Tunisia. 2009-03-16 This release contains a variety of fixes from 8.2.12. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.11, see . Prevent error recursion crashes when encoding conversion fails (Tom) This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that any error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (CVE-2009-0922) Disallow CREATE CONVERSION with the wrong encodings for the specified conversion function (Heikki) This prevents one possible scenario for encoding conversion failure. The previous change is a backstop to guard against other kinds of failures in the same area. Fix core dump when to_char() is given format codes that are inappropriate for the type of the data argument (Tom) Fix possible failure in contrib/tsearch2 when C locale is used with a multi-byte encoding (Teodor) Crashes were possible on platforms where wchar_t is narrower than int; Windows in particular. Fix extreme inefficiency in contrib/tsearch2 parser's handling of an email-like string containing multiple @ characters (Heikki) Fix decompilation of CASE WHEN with an implicit coercion (Tom) This mistake could lead to Assert failures in an Assert-enabled build, or an unexpected CASE WHEN clause error message in other cases, when trying to examine or dump a view. Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) If CLUSTER or a rewriting variant of ALTER TABLE were executed by someone other than the table owner, the pg_type entry for the table's TOAST table would end up marked as owned by that someone. This caused no immediate problems, since the permissions on the TOAST rowtype aren't examined by any ordinary database operation. However, it could lead to unexpected failures if one later tried to drop the role that issued the command (in 8.1 or 8.2), or owner of data type appears to be invalid warnings from pg_dump after having done so (in 8.3). Fix PL/pgSQL to not treat INTO after INSERT as an INTO-variables clause anywhere in the string, not only at the start; in particular, don't fail for INSERT INTO within CREATE RULE (Tom) Clean up PL/pgSQL error status variables fully at block exit (Ashesh Vashi and Dave Page) This is not a problem for PL/pgSQL itself, but the omission could cause the PL/pgSQL Debugger to crash while examining the state of a function. Retry failed calls to CallNamedPipe() on Windows (Steve Marshall, Magnus) It appears that this function can sometimes fail transiently; we previously treated any failure as a hard error, which could confuse LISTEN/NOTIFY as well as other operations. Add MUST (Mauritius Island Summer Time) to the default list of known timezone abbreviations (Xavier Bugaud) 2009-02-02 This release contains a variety of fixes from 8.2.11. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.11, see . Improve handling of URLs in headline() function (Teodor) Improve handling of overlength headlines in headline() function (Teodor) Prevent possible Assert failure or misconversion if an encoding conversion is created with the wrong conversion function for the specified pair of encodings (Tom, Heikki) Fix possible Assert failure if a statement executed in PL/pgSQL is rewritten into another kind of statement, for example if an INSERT is rewritten into an UPDATE (Heikki) Ensure that a snapshot is available to datatype input functions (Tom) This primarily affects domains that are declared with CHECK constraints involving user-defined stable or immutable functions. Such functions typically fail if no snapshot has been set. Make it safer for SPI-using functions to be used within datatype I/O; in particular, to be used in domain check constraints (Tom) Avoid unnecessary locking of small tables in VACUUM (Heikki) Fix a problem that made UPDATE RETURNING tableoid return zero instead of the correct OID (Tom) Fix planner misestimation of selectivity when transitive equality is applied to an outer-join clause (Tom) This could result in bad plans for queries like ... from a left join b on a.a1 = b.b1 where a.a1 = 42 ... Improve optimizer's handling of long IN lists (Tom) This change avoids wasting large amounts of time on such lists when constraint exclusion is enabled. Ensure that the contents of a holdable cursor don't depend on the contents of TOAST tables (Tom) Previously, large field values in a cursor result might be represented as TOAST pointers, which would fail if the referenced table got dropped before the cursor is read, or if the large value is deleted and then vacuumed away. This cannot happen with an ordinary cursor, but it could with a cursor that is held past its creating transaction. Fix memory leak when a set-returning function is terminated without reading its whole result (Tom) Fix contrib/dblink's dblink_get_result(text,bool) function (Joe) Fix possible garbage output from contrib/sslinfo functions (Tom) Fix configure script to properly report failure when unable to obtain linkage information for PL/Perl (Andrew) Make all documentation reference pgsql-bugs and/or pgsql-hackers as appropriate, instead of the now-decommissioned pgsql-ports and pgsql-patches mailing lists (Tom) Update time zone data files to tzdata release 2009a (for Kathmandu and historical DST corrections in Switzerland, Cuba) 2008-11-03 This release contains a variety of fixes from 8.2.10. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.7, see . Also, if you were running a previous 8.2.X release, it is recommended to REINDEX all GiST indexes after the upgrade. Fix GiST index corruption due to marking the wrong index entry dead after a deletion (Teodor) This would result in index searches failing to find rows they should have found. Corrupted indexes can be fixed with REINDEX. Fix backend crash when the client encoding cannot represent a localized error message (Tom) We have addressed similar issues before, but it would still fail if the character has no equivalent message itself couldn't be converted. The fix is to disable localization and send the plain ASCII error message when we detect such a situation. Fix possible crash when deeply nested functions are invoked from a trigger (Tom) Improve optimization of expression IN (expression-list) queries (Tom, per an idea from Robert Haas) Cases in which there are query variables on the right-hand side had been handled less efficiently in 8.2.x and 8.3.x than in prior versions. The fix restores 8.1 behavior for such cases. Fix mis-expansion of rule queries when a sub-SELECT appears in a function call in FROM, a multi-row VALUES list, or a RETURNING list (Tom) The usual symptom of this problem is an unrecognized node type error. Fix memory leak during rescan of a hashed aggregation plan (Neil) Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function (Tom) Prevent possible collision of relfilenode numbers when moving a table to another tablespace with ALTER SET TABLESPACE (Heikki) The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory. Fix incorrect tsearch2 headline generation when single query item matches first word of text (Sushant Sinha) Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an --enable-integer-datetimes build (Ron Mayer) Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns (Tom) This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. Fix ecpg's parsing of CREATE ROLE (Michael) Fix recent breakage of pg_ctl restart (Tom) Ensure pg_control is opened in binary mode (Itagaki Takahiro) pg_controldata and pg_resetxlog did this incorrectly, and so could fail on Windows. Update time zone data files to tzdata release 2008i (for DST law changes in Argentina, Brazil, Mauritius, Syria) 2008-09-22 This release contains a variety of fixes from 8.2.9. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.7, see . Fix bug in btree WAL recovery code (Heikki) Recovery failed if the WAL ended partway through a page split operation. Fix potential miscalculation of datfrozenxid (Alvaro) This error may explain some recent reports of failure to remove old pg_clog data. Widen local lock counters from 32 to 64 bits (Tom) This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected lock is already held errors. Fix possible duplicate output of tuples during a GiST index scan (Teodor) Fix missed permissions checks when a view contains a simple UNION ALL construct (Heikki) Permissions for the referenced tables were checked properly, but not permissions for the view itself. Add checks in executor startup to ensure that the tuples produced by an INSERT or UPDATE will match the target table's current rowtype (Tom) ALTER COLUMN TYPE, followed by re-use of a previously cached plan, could produce this type of situation. The check protects against data corruption and/or crashes that could ensue. Fix possible repeated drops during DROP OWNED (Tom) This would typically result in strange errors such as cache lookup failed for relation NNN. Fix AT TIME ZONE to first try to interpret its timezone argument as a timezone abbreviation, and only try it as a full timezone name if that fails, rather than the other way around as formerly (Tom) The timestamp input functions have always resolved ambiguous zone names in this order. Making AT TIME ZONE do so as well improves consistency, and fixes a compatibility bug introduced in 8.1: in ambiguous cases we now behave the same as 8.0 and before did, since in the older versions AT TIME ZONE accepted only abbreviations. Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform (Tom) Prevent integer overflows during units conversion when displaying a configuration parameter that has units (Tom) Improve performance of writing very long log messages to syslog (Tom) Allow spaces in the suffix part of an LDAP URL in pg_hba.conf (Tom) Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query (Tom) Fix planner bug with nested sub-select expressions (Tom) If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows. Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents (Tom) This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like col IS NULL. Fix PL/pgSQL to not fail when a FOR loop's target variable is a record containing composite-type fields (Tom) Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful about the encoding of data sent to or from Tcl (Tom) On Windows, work around a Microsoft bug by preventing libpq from trying to send more than 64kB per system call (Magnus) Improve pg_dump and pg_restore's error reporting after failure to send a SQL command (Tom) Fix pg_ctl to properly preserve postmaster command-line arguments across a restart (Bruce) Update time zone data files to tzdata release 2008f (for DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, Pakistan, Palestine, and Paraguay) 2008-06-12 This release contains one serious and one minor bug fix over 8.2.8. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.7, see . Make pg_get_ruledef() parenthesize negative constants (Tom) Before this fix, a negative constant in a view or rule might be dumped as, say, -42::integer, which is subtly incorrect: it should be (-42)::integer due to operator precedence rules. Usually this would make little difference, but it could interact with another recent patch to cause PostgreSQL to reject what had been a valid SELECT DISTINCT view query. Since this could result in pg_dump output failing to reload, it is being treated as a high-priority fix. The only released versions in which dump output is actually incorrect are 8.3.1 and 8.2.7. Make ALTER AGGREGATE ... OWNER TO update pg_shdepend (Tom) This oversight could lead to problems if the aggregate was later involved in a DROP OWNED or REASSIGN OWNED operation. never released This release contains a variety of fixes from 8.2.7. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.7, see . Fix ERRORDATA_STACK_SIZE exceeded crash that occurred on Windows when using UTF-8 database encoding and a different client encoding (Tom) Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new column is correctly checked to see if it's been initialized to all non-nulls (Brendan Jurd) Previous versions neglected to check this requirement at all. Fix possible CREATE TABLE failure when inheriting the same constraint from multiple parent relations that inherited that constraint from a common ancestor (Tom) Fix pg_get_ruledef() to show the alias, if any, attached to the target table of an UPDATE or DELETE (Tom) Fix GIN bug that could result in a too many LWLocks taken failure (Teodor) Avoid possible crash when decompressing corrupted data (Zdenek Kotala) Repair two places where SIGTERM exit of a backend could leave corrupted state in shared memory (Tom) Neither case is very important if SIGTERM is used to shut down the whole database cluster together, but there was a problem if someone tried to SIGTERM individual backends. Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic Yo characters (e and E with two dots) (Sergey Burladyan) Fix several datatype input functions, notably array_in(), that were allowing unused bytes in their results to contain uninitialized, unpredictable values (Tom) This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. Fix a corner case in regular-expression substring matching (substring(string from pattern)) (Tom) The problem occurs when there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, foo). Update time zone data files to tzdata release 2008c (for DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, and Argentina/San_Luis) Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function (Michael) Fix broken GiST comparison function for contrib/tsearch2's tsquery type (Teodor) Fix possible crashes in contrib/cube functions (Tom) Fix core dump in contrib/xml2's xpath_table() function when the input query returns a NULL value (Tom) Fix contrib/xml2's makefile to not override CFLAGS (Tom) Fix DatumGetBool macro to not fail with gcc 4.3 (Tom) This problem affects old style (V0) C functions that return boolean. The fix is already in 8.3, but the need to back-patch it was not realized at the time. 2008-03-17 This release contains a variety of fixes from 8.2.6. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. However, you might need to REINDEX indexes on textual columns after updating, if you are affected by the Windows locale issue described below. Fix character string comparison for Windows locales that consider different character combinations as equal (Tom) This fix applies only on Windows and only when using UTF-8 database encoding. The same fix was made for all other cases over two years ago, but Windows with UTF-8 uses a separate code path that was not updated. If you are using a locale that considers some non-identical strings as equal, you may need to REINDEX to fix existing indexes on textual columns. Repair potential deadlock between concurrent VACUUM FULL operations on different system catalogs (Tom) Fix longstanding LISTEN/NOTIFY race condition (Tom) In rare cases a session that had just executed a LISTEN might not get a notification, even though one would be expected because the concurrent transaction executing NOTIFY was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed LISTEN command will not see any row in pg_listener for the LISTEN, should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. Disallow LISTEN and UNLISTEN within a prepared transaction (Tom) This was formerly allowed but trying to do it had various unpleasant consequences, notably that the originating backend could not exit as long as an UNLISTEN remained uncommitted. Disallow dropping a temporary table within a prepared transaction (Heikki) This was correctly disallowed by 8.1, but the check was inadvertently broken in 8.2. Fix rare crash when an error occurs during a query using a hash index (Heikki) Fix memory leaks in certain usages of set-returning functions (Neil) Fix input of datetime values for February 29 in years BC (Tom) The former coding was mistaken about which years were leap years. Fix unrecognized node type error in some variants of ALTER OWNER (Tom) Ensure pg_stat_activity.waiting flag is cleared when a lock wait is aborted (Tom) Fix handling of process permissions on Windows Vista (Dave, Magnus) In particular, this fix allows starting the server as the Administrator user. Update time zone data files to tzdata release 2008a (in particular, recent Chile changes); adjust timezone abbreviation VET (Venezuela) to mean UTC-4:30, not UTC-4:00 (Tom) Fix pg_ctl to correctly extract the postmaster's port number from command-line options (Itagaki Takahiro, Tom) Previously, pg_ctl start -w could try to contact the postmaster on the wrong port, leading to bogus reports of startup failure. Use -fwrapv to defend against possible misoptimization in recent gcc versions (Tom) This is known to be necessary when building PostgreSQL with gcc 4.3 or later. Correctly enforce statement_timeout values longer than INT_MAX microseconds (about 35 minutes) (Tom) This bug affects only builds with --enable-integer-datetimes. Fix unexpected PARAM_SUBLINK ID planner error when constant-folding simplifies a sub-select (Tom) Fix logical errors in constraint-exclusion handling of IS NULL and NOT expressions (Tom) The planner would sometimes exclude partitions that should not have been excluded because of the possibility of NULL results. Fix another cause of failed to build any N-way joins planner errors (Tom) This could happen in cases where a clauseless join needed to be forced before a join clause could be exploited. Fix incorrect constant propagation in outer-join planning (Tom) The planner could sometimes incorrectly conclude that a variable could be constrained to be equal to a constant, leading to wrong query results. Fix display of constant expressions in ORDER BY and GROUP BY (Tom) An explicitly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. Fix libpq to handle NOTICE messages correctly during COPY OUT (Tom) This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. 2008-01-07 This release contains a variety of fixes from 8.2.5, including fixes for significant security issues. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. Prevent functions in indexes from executing with the privileges of the user running VACUUM, ANALYZE, etc (Tom) Functions used in index expressions and partial-index predicates are evaluated whenever a new table entry is made. It has long been understood that this poses a risk of trojan-horse code execution if one modifies a table owned by an untrustworthy user. (Note that triggers, defaults, check constraints, etc. pose the same type of risk.) But functions in indexes pose extra danger because they will be executed by routine maintenance operations such as VACUUM FULL, which are commonly performed automatically under a superuser account. For example, a nefarious user can execute code with superuser privileges by setting up a trojan-horse index definition and waiting for the next routine vacuum. The fix arranges for standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) to execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. (CVE-2007-6600) Repair assorted bugs in the regular-expression package (Tom, Will Drewry) Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) The fix that appeared for this in 8.2.5 was incomplete, as it plugged the hole for only some dblink functions. (CVE-2007-6601, CVE-2007-3278) Fix bugs in WAL replay for GIN indexes (Teodor) Fix GIN index build to work properly when maintenance_work_mem is 4GB or more (Tom) Update time zone data files to tzdata release 2007k (in particular, recent Argentina changes) (Tom) Improve planner's handling of LIKE/regex estimation in non-C locales (Tom) Fix planning-speed problem for deep outer-join nests, as well as possible poor choice of join order (Tom) Fix planner failure in some cases of WHERE false AND var IN (SELECT ...) (Tom) Make CREATE TABLE ... SERIAL and ALTER SEQUENCE ... OWNED BY not change the currval() state of the sequence (Tom) Preserve the tablespace and storage parameters of indexes that are rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) Make archive recovery always start a new WAL timeline, rather than only when a recovery stop time was used (Simon) This avoids a corner-case risk of trying to overwrite an existing archived copy of the last WAL segment, and seems simpler and cleaner than the original definition. Make VACUUM not use all of maintenance_work_mem when the table is too small for it to be useful (Alvaro) Fix potential crash in translate() when using a multibyte database encoding (Tom) Make corr() return the correct result for negative correlation values (Neil) Fix overflow in extract(epoch from interval) for intervals exceeding 68 years (Tom) Fix PL/Perl to not fail when a UTF-8 regular expression is used in a trusted function (Andrew) Fix PL/Perl to cope when platform's Perl defines type bool as int rather than char (Tom) While this could theoretically happen anywhere, no standard build of Perl did things this way ... until Mac OS X 10.5. Fix PL/Python to work correctly with Python 2.5 on 64-bit machines (Marko Kreen) Fix PL/Python to not crash on long exception messages (Alvaro) Fix pg_dump to correctly handle inheritance child tables that have default expressions different from their parent's (Tom) Fix libpq crash when PGPASSFILE refers to a file that is not a plain file (Martin Pitt) ecpg parser fixes (Michael) Make contrib/pgcrypto defend against OpenSSL libraries that fail on keys longer than 128 bits; which is the case at least on some Solaris versions (Marko Kreen) Make contrib/tablefunc's crosstab() handle NULL rowid as a category in its own right, rather than crashing (Joe) Fix tsvector and tsquery output routines to escape backslashes correctly (Teodor, Bruce) Fix crash of to_tsvector() on huge input strings (Teodor) Require a specific version of Autoconf to be used when re-generating the configure script (Peter) This affects developers and packagers only. The change was made to prevent accidental use of untested combinations of Autoconf and PostgreSQL versions. You can remove the version check if you really want to use a different Autoconf version, but it's your responsibility whether the result works or not. Update gettimeofday configuration check so that PostgreSQL can be built on newer versions of MinGW (Magnus) 2007-09-17 This release contains a variety of fixes from 8.2.4. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. Prevent index corruption when a transaction inserts rows and then aborts close to the end of a concurrent VACUUM on the same table (Tom) Fix ALTER DOMAIN ADD CONSTRAINT for cases involving domains over domains (Tom) Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) Fix some planner problems with outer joins, notably poor size estimation for t1 LEFT JOIN t2 WHERE t2.col IS NULL (Tom) Allow the interval data type to accept input consisting only of milliseconds or microseconds (Neil) Allow timezone name to appear before the year in timestamp input (Tom) Fixes for GIN indexes used by /contrib/tsearch2 (Teodor) Speed up rtree index insertion (Teodor) Fix excessive logging of SSL error messages (Tom) Fix logging so that log messages are never interleaved when using the syslogger process (Andrew) Fix crash when log_min_error_statement logging runs out of memory (Tom) Fix incorrect handling of some foreign-key corner cases (Tom) Fix stddev_pop(numeric) and var_pop(numeric) (Tom) Prevent REINDEX and CLUSTER from failing due to attempting to process temporary tables of other sessions (Alvaro) Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) Windows socket and semaphore improvements (Magnus) Make pg_ctl -w work properly in Windows service mode (Dave Page) Fix memory allocation bug when using MIT Kerberos on Windows (Magnus) Suppress timezone name (%Z) in log timestamps on Windows because of possible encoding mismatches (Tom) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) Restrict /contrib/pgstattuple functions to superusers, for security reasons (Tom) Do not let /contrib/intarray try to make its GIN opclass the default (this caused problems at dump/restore) (Tom) 2007-04-23 This release contains a variety of fixes from 8.2.3, including a security fix. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. Support explicit placement of the temporary-table schema within search_path, and disable searching it for functions and operators (Tom) This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, an unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function (CVE-2007-2138). See CREATE FUNCTION for more information. Fix shared_preload_libraries for Windows by forcing reload in each backend (Korry Douglas) Fix to_char() so it properly upper/lower cases localized day or month names (Pavel Stehule) /contrib/tsearch2 crash fixes (Teodor) Require COMMIT PREPARED to be executed in the same database as the transaction was prepared in (Heikki) Allow pg_dump to do binary backups larger than two gigabytes on Windows (Magnus) New traditional (Taiwan) Chinese FAQ (Zhou Daojing) Prevent the statistics collector from writing to disk too frequently (Tom) Fix potential-data-corruption bug in how VACUUM FULL handles UPDATE chains (Tom, Pavan Deolasee) Fix bug in domains that use array types (Tom) Fix pg_dump so it can dump a serial column's sequence using -t when not also dumping the owning table (Tom) Planner fixes, including improving outer join and bitmap scan selection logic (Tom) Fix possible wrong answers or crash when a PL/pgSQL function tries to RETURN from within an EXCEPTION block (Tom) Fix PANIC during enlargement of a hash index (Tom) Fix POSIX-style timezone specs to follow new USA DST rules (Tom) 2007-02-07 This release contains two fixes from 8.2.2. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. Remove overly-restrictive check for type length in constraints and functional indexes(Tom) Fix optimization so MIN/MAX in subqueries can again use indexes (Tom) 2007-02-05 This release contains a variety of fixes from 8.2.1, including a security fix. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2.X. Remove security vulnerabilities that allowed connected users to read backend memory (Tom) The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access. Fix not-so-rare-anymore bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas) Fix Borland C compile scripts (L Bayuk) Properly handle to_char('CC') for years ending in 00 (Tom) Year 2000 is in the twentieth century, not the twenty-first. /contrib/tsearch2 localization improvements (Tatsuo, Teodor) Fix incorrect permission check in information_schema.key_column_usage view (Tom) The symptom is relation with OID nnnnn does not exist errors. To get this fix without using initdb, use CREATE OR REPLACE VIEW to install the corrected definition found in share/information_schema.sql. Note you will need to do this in each database. Improve VACUUM performance for databases with many tables (Tom) Fix for rare Assert() crash triggered by UNION (Tom) Fix potentially incorrect results from index searches using ROW inequality conditions (Tom) Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom) Fix bogus permission denied failures occurring on Windows due to attempts to fsync already-deleted files (Magnus, Tom) Fix bug that could cause the statistics collector to hang on Windows (Magnus) This would in turn lead to autovacuum not working. Fix possible crashes when an already-in-use PL/pgSQL function is updated (Tom) Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom) Fix possible errors in processing PL/pgSQL exception blocks (Tom) 2007-01-08 This release contains a variety of fixes from 8.2. For information about new features in the 8.2 major release, see . A dump/restore is not required for those running 8.2. Fix crash with SELECT ... LIMIT ALL (also LIMIT NULL) (Tom) Several /contrib/tsearch2 fixes (Teodor) On Windows, make log messages coming from the operating system use ASCII encoding (Hiroshi Saito) This fixes a conversion problem when there is a mismatch between the encoding of the operating system and database server. Fix Windows linking of pg_dump using win32.mak (Hiroshi Saito) Fix planner mistakes for outer join queries (Tom) Fix several problems in queries involving sub-SELECTs (Tom) Fix potential crash in SPI during subtransaction abort (Tom) This affects all PL functions since they all use SPI. Improve build speed of PDF documentation (Peter) Re-add JST (Japan) timezone abbreviation (Tom) Improve optimization decisions related to index scans (Tom) Have psql print multi-byte combining characters as before, rather than output as \u (Tom) Improve index usage of regular expressions that use parentheses (Tom) This improves psql \d performance also. Make pg_dumpall assume that databases have public CONNECT privilege, when dumping from a pre-8.2 server (Tom) This preserves the previous behavior that anyone can connect to a database if allowed by pg_hba.conf. 2006-12-05 This release adds many functionality and performance improvements that were requested by users, including: Query language enhancements including INSERT/UPDATE/DELETE RETURNING, multirow VALUES lists, and optional target-table alias in UPDATE/DELETE Index creation without blocking concurrent INSERT/UPDATE/DELETE operations Many query optimization improvements, including support for reordering outer joins Improved sorting performance with lower memory usage More efficient locking with better concurrency More efficient vacuuming Easier administration of warm standby servers New FILLFACTOR support for tables and indexes Monitoring, logging, and performance tuning additions More control over creating and dropping objects Table inheritance relationships can be defined for and removed from pre-existing tables COPY TO can copy the output of an arbitrary SELECT statement Array improvements, including nulls in arrays Aggregate-function improvements, including multiple-input aggregates and SQL:2003 statistical functions Many contrib/ improvements A dump/restore using pg_dump is required for those wishing to migrate data from any previous release. Observe the following incompatibilities: Set escape_string_warning to on by default (Bruce) This issues a warning if backslash escapes are used in non-escape (non-E'') strings. Change the row constructor syntax (ROW(...)) so that list elements foo.* will be expanded to a list of their member fields, rather than creating a nested row type field as formerly (Tom) The new behavior is substantially more useful since it allows, for example, triggers to check for data changes with IF row(new.*) IS DISTINCT FROM row(old.*). The old behavior is still available by omitting .*. Make row comparisons follow SQL standard semantics and allow them to be used in index scans (Tom) Previously, row = and <> comparisons followed the standard but < <= > >= did not. A row comparison can now be used as an index constraint for a multicolumn index matching the row value. Make row IS NOT NULL tests follow SQL standard semantics (Tom) The former behavior conformed to the standard for simple cases with IS NULL, but IS NOT NULL would return true if any row field was non-null, whereas the standard says it should return true only when all fields are non-null. Make SET CONSTRAINT affect only one constraint (Kris Jurka) In previous releases, SET CONSTRAINT modified all constraints with a matching name. In this release, the schema search path is used to modify only the first matching constraint. A schema specification is also supported. This more nearly conforms to the SQL standard. Remove RULE permission for tables, for security reasons (Tom) As of this release, only a table's owner can create or modify rules for the table. For backwards compatibility, GRANT/REVOKE RULE is still accepted, but it does nothing. Array comparison improvements (Tom) Now array dimensions are also compared. Change array concatenation to match documented behavior (Tom) This changes the previous behavior where concatenation would modify the array lower bound. Make command-line options of postmaster and postgres identical (Peter) This allows the postmaster to pass arguments to each backend without using -o. Note that some options are now only available as long-form options, because there were conflicting single-letter options. Deprecate use of postmaster symbolic link (Peter) postmaster and postgres commands now act identically, with the behavior determined by command-line options. The postmaster symbolic link is kept for compatibility, but is not really needed. Change log_duration to output even if the query is not output (Tom) In prior releases, log_duration only printed if the query appeared earlier in the log. Make to_char(time) and to_char(interval) treat HH and HH12 as 12-hour intervals Most applications should use HH24 unless they want a 12-hour display. Zero unmasked bits in conversion from INET to CIDR (Tom) This ensures that the converted value is actually valid for CIDR. Remove australian_timezones configuration variable (Joachim Wieland) This variable has been superseded by a more general facility for configuring timezone abbreviations. Improve cost estimation for nested-loop index scans (Tom) This might eliminate the need to set unrealistically small values of random_page_cost. If you have been using a very small random_page_cost, please recheck your test cases. Change behavior of pg_dump -n and -t options. (Greg Sabino Mullane) See the pg_dump manual page for details. Change libpq PQdsplen() to return a useful value (Martijn van Oosterhout) Declare libpq PQgetssl() as returning void *, rather than SSL * (Martijn van Oosterhout) This allows applications to use the function without including the OpenSSL headers. C-language loadable modules must now include a PG_MODULE_MAGIC macro call for version compatibility checking (Martijn van Oosterhout) For security's sake, modules used by a PL/PerlU function are no longer available to PL/Perl functions (Andrew) This also implies that data can no longer be shared between a PL/Perl function and a PL/PerlU function. Some Perl installations have not been compiled with the correct flags to allow multiple interpreters to exist within a single process. In this situation PL/Perl and PL/PerlU cannot both be used in a single backend. The solution is to get a Perl installation which supports multiple interpreters. In contrib/xml2/, rename xml_valid() to xml_is_well_formed() (Tom) xml_valid() will remain for backward compatibility, but its behavior will change to do schema checking in a future release. Remove contrib/ora2pg/, now at Remove contrib modules that have been migrated to PgFoundry: adddepend, dbase, dbmirror, fulltextindex, mac, userlock Remove abandoned contrib modules: mSQL-interface, tips Remove QNX and BEOS ports (Bruce) These ports no longer had active maintainers. Below you will find a detailed account of the changes between PostgreSQL 8.2 and the previous major release. Allow the planner to reorder outer joins in some circumstances (Tom) In previous releases, outer joins would always be evaluated in the order written in the query. This change allows the query optimizer to consider reordering outer joins, in cases where it can determine that the join order can be changed without altering the meaning of the query. This can make a considerable performance difference for queries involving multiple outer joins or mixed inner and outer joins. Improve efficiency of IN (list-of-expressions) clauses (Tom) Improve sorting speed and reduce memory usage (Simon, Tom) Improve subtransaction performance (Alvaro, Itagaki Takahiro, Tom) Add FILLFACTOR to table and index creation (ITAGAKI Takahiro) This leaves extra free space in each table or index page, allowing improved performance as the database grows. This is particularly valuable to maintain clustering. Increase default values for shared_buffers and max_fsm_pages (Andrew) Improve locking performance by breaking the lock manager tables into sections (Tom) This allows locking to be more fine-grained, reducing contention. Reduce locking requirements of sequential scans (Qingqing Zhou) Reduce locking required for database creation and destruction (Tom) Improve the optimizer's selectivity estimates for LIKE, ILIKE, and regular expression operations (Tom) Improve planning of joins to inherited tables and UNION ALL views (Tom) Allow constraint exclusion to be applied to inherited UPDATE and DELETE queries (Tom) SELECT already honored constraint exclusion. Improve planning of constant WHERE clauses, such as a condition that depends only on variables inherited from an outer query level (Tom) Protocol-level unnamed prepared statements are re-planned for each set of BIND values (Tom) This improves performance because the exact parameter values can be used in the plan. Speed up vacuuming of B-Tree indexes (Heikki Linnakangas, Tom) Avoid extra scan of tables without indexes during VACUUM (Greg Stark) Improve multicolumn GiST indexing (Oleg, Teodor) Remove dead index entries before B-Tree page split (Junji Teramoto) Allow a forced switch to a new transaction log file (Simon, Tom) This is valuable for keeping warm standby slave servers in sync with the master. Transaction log file switching now also happens automatically during pg_stop_backup(). This ensures that all transaction log files needed for recovery can be archived immediately. Add WAL informational functions (Simon) Add functions for interrogating the current transaction log insertion point and determining WAL filenames from the hex WAL locations displayed by pg_stop_backup() and related functions. Improve recovery from a crash during WAL replay (Simon) The server now does periodic checkpoints during WAL recovery, so if there is a crash, future WAL recovery is shortened. This also eliminates the need for warm standby servers to replay the entire log since the base backup if they crash. Improve reliability of long-term WAL replay (Heikki, Simon, Tom) Formerly, trying to roll forward through more than 2 billion transactions would not work due to XID wraparound. This meant warm standby servers had to be reloaded from fresh base backups periodically. Add archive_timeout to force transaction log file switches at a given interval (Simon) This enforces a maximum replication delay for warm standby servers. Add native LDAP authentication (Magnus Hagander) This is particularly useful for platforms that do not support PAM, such as Windows. Add GRANT CONNECT ON DATABASE (Gevik Babakhani) This gives SQL-level control over database access. It works as an additional filter on top of the existing pg_hba.conf controls. Add support for SSL Certificate Revocation List (CRL) files (Libor Hohoš) The server and libpq both recognize CRL files now. GiST indexes are now clusterable (Teodor) Remove routine autovacuum server log entries (Bruce) pg_stat_activity now shows autovacuum activity. Track maximum XID age within individual tables, instead of whole databases (Alvaro) This reduces the overhead involved in preventing transaction ID wraparound, by avoiding unnecessary VACUUMs. Add last vacuum and analyze timestamp columns to the stats collector (Larry Rosenman) These values now appear in the pg_stat_*_tables system views. Improve performance of statistics monitoring, especially stats_command_string (Tom, Bruce) This release enables stats_command_string by default, now that its overhead is minimal. This means pg_stat_activity will now show all active queries by default. Add a waiting column to pg_stat_activity (Tom) This allows pg_stat_activity to show all the information included in the ps display. Add configuration parameter update_process_title to control whether the ps display is updated for every command (Bruce) On platforms where it is expensive to update the ps display, it might be worthwhile to turn this off and rely solely on pg_stat_activity for status information. Allow units to be specified in configuration settings (Peter) For example, you can now set shared_buffers to 32MB rather than mentally converting sizes. Add support for include directives in postgresql.conf (Joachim Wieland) Improve logging of protocol-level prepare/bind/execute messages (Bruce, Tom) Such logging now shows statement names, bind parameter values, and the text of the query being executed. Also, the query text is properly included in logged error messages when enabled by log_min_error_statement. Prevent max_stack_depth from being set to unsafe values On platforms where we can determine the actual kernel stack depth limit (which is most), make sure that the initial default value of max_stack_depth is safe, and reject attempts to set it to unsafely large values. Enable highlighting of error location in query in more cases (Tom) The server is now able to report a specific error location for some semantic errors (such as unrecognized column name), rather than just for basic syntax errors as before. Fix failed to re-find parent key errors in VACUUM (Tom) Clean out pg_internal.init cache files during server restart (Simon) This avoids a hazard that the cache files might contain stale data after PITR recovery. Fix race condition for truncation of a large relation across a gigabyte boundary by VACUUM (Tom) Fix bug causing needless deadlock errors on row-level locks (Tom) Fix bugs affecting multi-gigabyte hash indexes (Tom) Each backend process is now its own process group leader (Tom) This allows query cancel to abort subprocesses invoked from a backend or archive/recovery process. Add INSERT/UPDATE/DELETE RETURNING (Jonah Harris, Tom) This allows these commands to return values, such as the computed serial key for a new row. In the UPDATE case, values from the updated version of the row are returned. Add support for multiple-row VALUES clauses, per SQL standard (Joe, Tom) This allows INSERT to insert multiple rows of constants, or queries to generate result sets using constants. For example, INSERT ... VALUES (...), (...), ...., and SELECT * FROM (VALUES (...), (...), ....) AS alias(f1, ...). Allow UPDATE and DELETE to use an alias for the target table (Atsushi Ogawa) The SQL standard does not permit an alias in these commands, but many database systems allow one anyway for notational convenience. Allow UPDATE to set multiple columns with a list of values (Susanne Ebrecht) This is basically a short-hand for assigning the columns and values in pairs. The syntax is UPDATE tab SET (column, ...) = (val, ...). Make row comparisons work per standard (Tom) The forms <, <=, >, >= now compare rows lexicographically, that is, compare the first elements, if equal compare the second elements, and so on. Formerly they expanded to an AND condition across all the elements, which was neither standard nor very useful. Add CASCADE option to TRUNCATE (Joachim Wieland) This causes TRUNCATE to automatically include all tables that reference the specified table(s) via foreign keys. While convenient, this is a dangerous tool — use with caution! Support FOR UPDATE and FOR SHARE in the same SELECT command (Tom) Add IS NOT DISTINCT FROM (Pavel Stehule) This operator is similar to equality (=), but evaluates to true when both left and right operands are NULL, and to false when just one is, rather than yielding NULL in these cases. Improve the length output used by UNION/INTERSECT/EXCEPT (Tom) When all corresponding columns are of the same defined length, that length is used for the result, rather than a generic length. Allow ILIKE to work for multi-byte encodings (Tom) Internally, ILIKE now calls lower() and then uses LIKE. Locale-specific regular expression patterns still do not work in these encodings. Enable standard_conforming_strings to be turned on (Kevin Grittner) This allows backslash escaping in strings to be disabled, making PostgreSQL more standards-compliant. The default is off for backwards compatibility, but future releases will default this to on. Do not flatten subqueries that contain volatile functions in their target lists (Jaime Casanova) This prevents surprising behavior due to multiple evaluation of a volatile function (such as random() or nextval()). It might cause performance degradation in the presence of functions that are unnecessarily marked as volatile. Add system views pg_prepared_statements and pg_cursors to show prepared statements and open cursors (Joachim Wieland, Neil) These are very useful in pooled connection setups. Support portal parameters in EXPLAIN and EXECUTE (Tom) This allows, for example, JDBC ? parameters to work in these commands. If SQL-level PREPARE parameters are unspecified, infer their types from the content of the query (Neil) Protocol-level PREPARE already did this. Allow LIMIT and OFFSET to exceed two billion (Dhanaraj M) Add TABLESPACE clause to CREATE TABLE AS (Neil) This allows a tablespace to be specified for the new table. Add ON COMMIT clause to CREATE TABLE AS (Neil) This allows temporary tables to be truncated or dropped on transaction commit. The default behavior is for the table to remain until the session ends. Add INCLUDING CONSTRAINTS to CREATE TABLE LIKE (Greg Stark) This allows easy copying of CHECK constraints to a new table. Allow the creation of placeholder (shell) types (Martijn van Oosterhout) A shell type declaration creates a type name, without specifying any of the details of the type. Making a shell type is useful because it allows cleaner declaration of the type's input/output functions, which must exist before the type can be defined for real. The syntax is CREATE TYPE typename. Aggregate functions now support multiple input parameters (Sergey Koposov, Tom) Add new aggregate creation syntax (Tom) The new syntax is CREATE AGGREGATE aggname (input_type) (parameter_list). This more naturally supports the new multi-parameter aggregate functionality. The previous syntax is still supported. Add ALTER ROLE PASSWORD NULL to remove a previously set role password (Peter) Add DROP object IF EXISTS for many object types (Andrew) This allows DROP operations on non-existent objects without generating an error. Add DROP OWNED to drop all objects owned by a role (Alvaro) Add REASSIGN OWNED to reassign ownership of all objects owned by a role (Alvaro) This, and DROP OWNED above, facilitate dropping roles. Add GRANT ON SEQUENCE syntax (Bruce) This was added for setting sequence-specific permissions. GRANT ON TABLE for sequences is still supported for backward compatibility. Add USAGE permission for sequences that allows only currval() and nextval(), not setval() (Bruce) USAGE permission allows more fine-grained control over sequence access. Granting USAGE allows users to increment a sequence, but prevents them from setting the sequence to an arbitrary value using setval(). Add ALTER TABLE [ NO ] INHERIT (Greg Stark) This allows inheritance to be adjusted dynamically, rather than just at table creation and destruction. This is very valuable when using inheritance to implement table partitioning. Allow comments on global objects to be stored globally (Kris Jurka) Previously, comments attached to databases were stored in individual databases, making them ineffective, and there was no provision at all for comments on roles or tablespaces. This change adds a new shared catalog pg_shdescription and stores comments on databases, roles, and tablespaces therein. Add option to allow indexes to be created without blocking concurrent writes to the table (Greg Stark, Tom) The new syntax is CREATE INDEX CONCURRENTLY. The default behavior is still to block table modification while an index is being created. Provide advisory locking functionality (Abhijit Menon-Sen, Tom) This is a new locking API designed to replace what used to be in /contrib/userlock. The userlock code is now on pgfoundry. Allow COPY to dump a SELECT query (Zoltan Boszormenyi, Karel Zak) This allows COPY to dump arbitrary SQL queries. The syntax is COPY (SELECT ...) TO. Make the COPY command return a command tag that includes the number of rows copied (Volkan YAZICI) Allow VACUUM to expire rows without being affected by other concurrent VACUUM operations (Hannu Krossing, Alvaro, Tom) Make initdb detect the operating system locale and set the default DateStyle accordingly (Peter) This makes it more likely that the installed postgresql.conf DateStyle value will be as desired. Reduce number of progress messages displayed by initdb (Tom) Allow full timezone names in timestamp input values (Joachim Wieland) For example, '2006-05-24 21:11 America/New_York'::timestamptz. Support configurable timezone abbreviations (Joachim Wieland) A desired set of timezone abbreviations can be chosen via the configuration parameter timezone_abbreviations. Add pg_timezone_abbrevs and pg_timezone_names views to show supported timezones (Magnus Hagander) Add clock_timestamp(), statement_timestamp(), and transaction_timestamp() (Bruce) clock_timestamp() is the current wall-clock time, statement_timestamp() is the time the current statement arrived at the server, and transaction_timestamp() is an alias for now(). Allow to_char() to print localized month and day names (Euler Taveira de Oliveira) Allow to_char(time) and to_char(interval) to output AM/PM specifications (Bruce) Intervals and times are treated as 24-hour periods, e.g. 25 hours is considered AM. Add new function justify_interval() to adjust interval units (Mark Dilger) Allow timezone offsets up to 14:59 away from GMT Kiribati uses GMT+14, so we'd better accept that. Interval computation improvements (Michael Glaesemann, Bruce) Allow arrays to contain NULL elements (Tom) Allow assignment to array elements not contiguous with the existing entries (Tom) The intervening array positions will be filled with nulls. This is per SQL standard. New built-in operators for array-subset comparisons (@>, <@, &&) (Teodor, Tom) These operators can be indexed for many data types using GiST or GIN indexes. Add convenient arithmetic operations on INET/CIDR values (Stephen R. van den Berg) The new operators are & (and), | (or), ~ (not), inet + int8, inet - int8, and inet - inet. Add new aggregate functions from SQL:2003 (Neil) The new functions are var_pop(), var_samp(), stddev_pop(), and stddev_samp(). var_samp() and stddev_samp() are merely renamings of the existing aggregates variance() and stddev(). The latter names remain available for backward compatibility. Add SQL:2003 statistical aggregates (Sergey Koposov) New functions: regr_intercept(), regr_slope(), regr_r2(), corr(), covar_samp(), covar_pop(), regr_avgx(), regr_avgy(), regr_sxy(), regr_sxx(), regr_syy(), regr_count(). Allow domains to be based on other domains (Tom) Properly enforce domain CHECK constraints everywhere (Neil, Tom) For example, the result of a user-defined function that is declared to return a domain type is now checked against the domain's constraints. This closes a significant hole in the domain implementation. Fix problems with dumping renamed SERIAL columns (Tom) The fix is to dump a SERIAL column by explicitly specifying its DEFAULT and sequence elements, and reconstructing the SERIAL column on reload using a new ALTER SEQUENCE OWNED BY command. This also allows dropping a SERIAL column specification. Add a server-side sleep function pg_sleep() (Joachim Wieland) Add all comparison operators for the tid (tuple id) data type (Mark Kirkwood, Greg Stark, Tom) Add TG_table_name and TG_table_schema to trigger parameters (Andrew) TG_relname is now deprecated. Comparable changes have been made in the trigger parameters for the other PLs as well. Allow FOR statements to return values to scalars as well as records and row types (Pavel Stehule) Add a BY clause to the FOR loop, to control the iteration increment (Jaime Casanova) Add STRICT to SELECT INTO (Matt Miller) STRICT mode throws an exception if more or less than one row is returned by the SELECT, for Oracle PL/SQL compatibility. Add table_name and table_schema to trigger parameters (Adam Sjøgren) Add prepared queries (Dmitry Karasik) Make $_TD trigger data a global variable (Andrew) Previously, it was lexical, which caused unexpected sharing violations. Run PL/Perl and PL/PerlU in separate interpreters, for security reasons (Andrew) In consequence, they can no longer share data nor loaded modules. Also, if Perl has not been compiled with the requisite flags to allow multiple interpreters, only one of these languages can be used in any given backend process. Named parameters are passed as ordinary variables, as well as in the args[] array (Sven Suursoho) Add table_name and table_schema to trigger parameters (Andrew) Allow returning of composite types and result sets (Sven Suursoho) Return result-set as list, iterator, or generator (Sven Suursoho) Allow functions to return void (Neil) Python 2.5 is now supported (Tom) Add new command \password for changing role password with client-side password encryption (Peter) Allow \c to connect to a new host and port number (David, Volkan YAZICI) Add tablespace display to \l+ (Philip Yarra) Improve \df slash command to include the argument names and modes (OUT or INOUT) of the function (David Fetter) Support binary COPY (Andreas Pflug) Add option to run the entire session in a single transaction (Simon) Use option -1 or --single-transaction. Support for automatically retrieving SELECT results in batches using a cursor (Chris Mair) This is enabled using \set FETCH_COUNT n. This feature allows large result sets to be retrieved in psql without attempting to buffer the entire result set in memory. Make multi-line values align in the proper column (Martijn van Oosterhout) Field values containing newlines are now displayed in a more readable fashion. Save multi-line statements as a single entry, rather than one line at a time (Sergey E. Koposov) This makes up-arrow recall of queries easier. (This is not available on Windows, because that platform uses the native command-line editing present in the operating system.) Make the line counter 64-bit so it can handle files with more than two billion lines (David Fetter) Report both the returned data and the command status tag for INSERT/UPDATE/DELETE RETURNING (Tom) Allow complex selection of objects to be included or excluded by pg_dump (Greg Sabino Mullane) pg_dump now supports multiple -n (schema) and -t (table) options, and adds -N and -T options to exclude objects. Also, the arguments of these switches can now be wild-card expressions rather than single object names, for example -t 'foo*', and a schema can be part of a -t or -T switch, for example -t schema1.table1. Add pg_restore --no-data-for-failed-tables option to suppress loading data if table creation failed (i.e., the table already exists) (Martin Pitt) Add pg_restore option to run the entire session in a single transaction (Simon) Use option -1 or --single-transaction. Add PQencryptPassword() to encrypt passwords (Tom) This allows passwords to be sent pre-encrypted for commands like ALTER ROLE ... PASSWORD. Add function PQisthreadsafe() (Bruce) This allows applications to query the thread-safety status of the library. Add PQdescribePrepared(), PQdescribePortal(), and related functions to return information about previously prepared statements and open cursors (Volkan YAZICI) Allow LDAP lookups from pg_service.conf (Laurenz Albe) Allow a hostname in ~/.pgpass to match the default socket directory (Bruce) A blank hostname continues to match any Unix-socket connection, but this addition allows entries that are specific to one of several postmasters on the machine. Allow SHOW to put its result into a variable (Joachim Wieland) Add COPY TO STDOUT (Joachim Wieland) Add regression tests (Joachim Wieland, Michael) Major source code cleanups (Joachim Wieland, Michael) Allow MSVC to compile the PostgreSQL server (Magnus, Hiroshi Saito) Add MSVC support for utility commands and pg_dump (Hiroshi Saito) Add support for Windows code pages 1253, 1254, 1255, and 1257 (Kris Jurka) Drop privileges on startup, so that the server can be started from an administrative account (Magnus) Stability fixes (Qingqing Zhou, Magnus) Add native semaphore implementation (Qingqing Zhou) The previous code mimicked SysV semaphores. Add GIN (Generalized Inverted iNdex) index access method (Teodor, Oleg) Remove R-tree indexing (Tom) Rtree has been re-implemented using GiST. Among other differences, this means that rtree indexes now have support for crash recovery via write-ahead logging (WAL). Reduce libraries needlessly linked into the backend (Martijn van Oosterhout, Tom) Add a configure flag to allow libedit to be preferred over GNU readline (Bruce) Use configure --with-libedit-preferred. Allow installation into directories containing spaces (Peter) Improve ability to relocate installation directories (Tom) Add support for Solaris x86_64 using the Solaris compiler (Pierre Girard, Theo Schlossnagle, Bruce) Add DTrace support (Robert Lor) Add PG_VERSION_NUM for use by third-party applications wanting to test the backend version in C using > and < comparisons (Bruce) Add XLOG_BLCKSZ as independent from BLCKSZ (Mark Wong) Add LWLOCK_STATS define to report locking activity (Tom) Emit warnings for unknown configure options (Martijn van Oosterhout) Add server support for plugin libraries that can be used for add-on tasks such as debugging and performance measurement (Korry Douglas) This consists of two features: a table of rendezvous variables that allows separately-loaded shared libraries to communicate, and a new configuration parameter local_preload_libraries that allows libraries to be loaded into specific sessions without explicit cooperation from the client application. This allows external add-ons to implement features such as a PL/pgSQL debugger. Rename existing configuration parameter preload_libraries to shared_preload_libraries (Tom) This was done for clarity in comparison to local_preload_libraries. Add new configuration parameter server_version_num (Greg Sabino Mullane) This is like server_version, but is an integer, e.g. 80200. This allows applications to make version checks more easily. Add a configuration parameter seq_page_cost (Tom) Re-implement the regression test script as a C program (Magnus, Tom) Allow loadable modules to allocate shared memory and lightweight locks (Marc Munro) Add automatic initialization and finalization of dynamically loaded libraries (Ralf Engelschall, Tom) New functions _PG_init() and _PG_fini() are called if the library defines such symbols. Hence we no longer need to specify an initialization function in shared_preload_libraries; we can assume that the library used the _PG_init() convention instead. Add PG_MODULE_MAGIC header block to all shared object files (Martijn van Oosterhout) The magic block prevents version mismatches between loadable object files and servers. Add shared library support for AIX (Laurenz Albe) New XML documentation section (Bruce) Major tsearch2 improvements (Oleg, Teodor) multibyte encoding support, including UTF8 query rewriting support improved ranking functions thesaurus dictionary support Ispell dictionaries now recognize MySpell format, used by OpenOffice GIN support Add adminpack module containing Pgadmin administration functions (Dave) These functions provide additional file system access routines not present in the default PostgreSQL server. Add sslinfo module (Victor Wagner) Reports information about the current connection's SSL certificate. Add pgrowlocks module (Tatsuo) This shows row locking information for a specified table. Add hstore module (Oleg, Teodor) Add isn module, replacing isbn_issn (Jeremy Kronuz) This new implementation supports EAN13, UPC, ISBN (books), ISMN (music), and ISSN (serials). Add index information functions to pgstattuple (ITAGAKI Takahiro, Satoshi Nagayasu) Add pg_freespacemap module to display free space map information (Mark Kirkwood) pgcrypto now has all planned functionality (Marko Kreen) Include iMath library in pgcrypto to have the public-key encryption functions always available. Add SHA224 algorithm that was missing in OpenBSD code. Activate builtin code for SHA224/256/384/512 hashes on older OpenSSL to have those algorithms always available. New function gen_random_bytes() that returns cryptographically strong randomness. Useful for generating encryption keys. Remove digest_exists(), hmac_exists() and cipher_exists() functions. Improvements to cube module (Joshua Reich) New functions are cube(float[]), cube(float[], float[]), and cube_subset(cube, int4[]). Add async query capability to dblink (Kai Londenberg, Joe Conway) New operators for array-subset comparisons (@>, <@, &&) (Tom) Various contrib packages already had these operators for their datatypes, but the naming wasn't consistent. We have now added consistently named array-subset comparison operators to the core code and all the contrib packages that have such functionality. (The old names remain available, but are deprecated.) Add uninstall scripts for all contrib packages that have install scripts (David, Josh Drake)