2012-06-04 This release contains a variety of fixes from 9.0.7. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. However, if you are upgrading from a version earlier than 9.0.6, see the release notes for 9.0.6. Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer) If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. (CVE-2012-2143) Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane) Applying such attributes to a call handler could crash the server. (CVE-2012-2655) Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC (Tom Lane) Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload. Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone (Tom Lane) This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions. Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings (Karl Schnaitter) Fix memory copying bug in to_tsquery() (Heikki Linnakangas) Ensure txid_current() reports the correct epoch when executed in hot standby (Simon Riggs) Fix planner's handling of outer PlaceHolderVars within subqueries (Tom Lane) This bug concerns sub-SELECTs that reference variables coming from the nullable side of an outer join of the surrounding query. In 9.1, queries affected by this bug would fail with ERROR: Upper-level PlaceHolderVar found where not expected. But in 9.0 and 8.4, you'd silently get possibly-wrong answers, since the value transmitted into the subquery wouldn't go to null when it should. Fix slow session startup when pg_attribute is very large (Tom Lane) If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once. Ensure sequential scans check for query cancel reasonably often (Merlin Moncure) A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile. Ensure the Windows implementation of PGSemaphoreLock() clears ImmediateInterruptOK before returning (Tom Lane) This oversight meant that a query-cancel interrupt received later in the same query could be accepted at an unsafe time, with unpredictable but not good consequences. Show whole-row variables safely when printing views or rules (Abbas Butt, Tom Lane) Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast. Fix COPY FROM to properly handle null marker strings that correspond to invalid encoding (Tom Lane) A null marker string such as E'\\0' should work, and did work in the past, but the case got broken in 8.4. Ensure autovacuum worker processes perform stack depth checking properly (Heikki Linnakangas) Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes. Fix logging collector to not lose log coherency under high load (Andrew Dunstan) The collector previously could fail to reassemble large messages if it got too busy. Fix logging collector to ensure it will restart file rotation after receiving SIGHUP (Tom Lane) Fix WAL replay logic for GIN indexes to not fail if the index was subsequently dropped (Tom Lane) Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe Conway) Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable (Tom Lane) Fix potential access off the end of memory in psql's expanded display (\x) mode (Peter Eisentraut) Fix several performance problems in pg_dump when the database contains many objects (Jeff Janes, Tom Lane) pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences. Fix pg_upgrade for the case that a database stored in a non-default tablespace contains a table in the cluster's default tablespace (Bruce Momjian) In ecpg, fix rare memory leaks and possible overwrite of one byte after the sqlca_t structure (Peter Eisentraut) Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error (Tom Lane) Fix contrib/dblink to report the correct connection name in error messages (Kyotaro Horiguchi) Fix contrib/vacuumlo to use multiple transactions when dropping many large objects (Tim Lewis, Robert Haas, Tom Lane) This change avoids exceeding max_locks_per_transaction when many objects need to be dropped. The behavior can be adjusted with the new -l (limit) option. Update time zone data files to tzdata release 2012c for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; also historical corrections for Canada. 2012-02-27 This release contains a variety of fixes from 9.0.6. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. However, if you are upgrading from a version earlier than 9.0.6, see the release notes for 9.0.6. Require execute permission on the trigger function for CREATE TRIGGER (Robert Haas) This missing check could allow another user to execute a trigger function with forged input data, by installing it on a table he owns. This is only of significance for trigger functions marked SECURITY DEFINER, since otherwise trigger functions run as the table owner anyway. (CVE-2012-0866) Remove arbitrary limitation on length of common name in SSL certificates (Heikki Linnakangas) Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867) Convert newlines to spaces in names written in pg_dump comments (Robert Haas) pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868) Fix btree index corruption from insertions concurrent with vacuuming (Tom Lane) An index page split caused by an insertion could sometimes cause a concurrently-running VACUUM to miss removing index entries that it should remove. After the corresponding table rows are removed, the dangling index entries would cause errors (such as could not read block N in file ...) or worse, silently wrong query results after unrelated rows are re-inserted at the now-free table locations. This bug has been present since release 8.2, but occurs so infrequently that it was not diagnosed until now. If you have reason to suspect that it has happened in your database, reindexing the affected index will fix things. Fix transient zeroing of shared buffers during WAL replay (Tom Lane) The replay logic would sometimes zero and refill a shared buffer, so that the contents were transiently invalid. In hot standby mode this can result in a query that's executing in parallel seeing garbage data. Various symptoms could result from that, but the most common one seems to be invalid memory alloc request size. Fix postmaster to attempt restart after a hot-standby crash (Tom Lane) A logic error caused the postmaster to terminate, rather than attempt to restart the cluster, if any backend process crashed while operating in hot standby mode. Fix CLUSTER/VACUUM FULL handling of toast values owned by recently-updated rows (Tom Lane) This oversight could lead to duplicate key value violates unique constraint errors being reported against the toast table's index during one of these commands. Update per-column permissions, not only per-table permissions, when changing table owner (Tom Lane) Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions. Support foreign data wrappers and foreign servers in REASSIGN OWNED (Alvaro Herrera) This command failed with unexpected classid errors if it needed to change the ownership of any such objects. Allow non-existent values for some settings in ALTER USER/DATABASE SET (Heikki Linnakangas) Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that are not known. This is because they might be known in another database where the setting is intended to be used, or for the tablespace cases because the tablespace might not be created yet. The same issue was previously recognized for search_path, and these settings now act like that one. Avoid crashing when we have problems deleting table files post-commit (Tom Lane) Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database. Recover from errors occurring during WAL replay of DROP TABLESPACE (Tom Lane) Replay will attempt to remove the tablespace's directories, but there are various reasons why this might fail (for example, incorrect ownership or permissions on those directories). Formerly the replay code would panic, rendering the database unrestartable without manual intervention. It seems better to log the problem and continue, since the only consequence of failure to remove the directories is some wasted disk space. Fix race condition in logging AccessExclusiveLocks for hot standby (Simon Riggs) Sometimes a lock would be logged as being held by transaction zero. This is at least known to produce assertion failures on slave servers, and might be the cause of more serious problems. Track the OID counter correctly during WAL replay, even when it wraps around (Tom Lane) Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed. Prevent emitting misleading consistent recovery state reached log message at the beginning of crash recovery (Heikki Linnakangas) Fix initial value of pg_stat_replication.replay_location (Fujii Masao) Previously, the value shown would be wrong until at least one WAL record had been replayed. Fix regular expression back-references with * attached (Tom Lane) Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol. A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release. Fix recently-introduced memory leak in processing of inet/cidr values (Heikki Linnakangas) A patch in the December 2011 releases of PostgreSQL caused memory leakage in these operations, which could be significant in scenarios such as building a btree index on such a column. Fix dangling pointer after CREATE TABLE AS/SELECT INTO in a SQL-language function (Tom Lane) In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible. Avoid double close of file handle in syslogger on Windows (MauMau) Ordinarily this error was invisible, but it would cause an exception when running on a debug version of Windows. Fix I/O-conversion-related memory leaks in plpgsql (Andres Freund, Jan Urbanski, Tom Lane) Certain operations would leak memory until the end of the current function. Improve pg_dump's handling of inherited table columns (Tom Lane) pg_dump mishandled situations where a child column has a different default expression than its parent column. If the default is textually identical to the parent's default, but not actually the same (for instance, because of schema search path differences) it would not be recognized as different, so that after dump and restore the child would be allowed to inherit the parent's default. Child columns that are NOT NULL where their parent is not could also be restored subtly incorrectly. Fix pg_restore's direct-to-database mode for INSERT-style table data (Tom Lane) Direct-to-database restores from archive files made with --inserts or --column-inserts options fail when using pg_restore from a release dated September or December 2011, as a result of an oversight in a fix for another problem. The archive file itself is not at fault, and text-mode output is okay. Allow pg_upgrade to process tables containing regclass columns (Bruce Momjian) Since pg_upgrade now takes care to preserve pg_class OIDs, there was no longer any reason for this restriction. Make libpq ignore ENOTDIR errors when looking for an SSL client certificate file (Magnus Hagander) This allows SSL connections to be established, though without a certificate, even when the user's home directory is set to something like /dev/null. Fix some more field alignment issues in ecpg's SQLDA area (Zoltan Boszormenyi) Allow AT option in ecpg DEALLOCATE statements (Michael Meskes) The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case. Do not use the variable name when defining a varchar structure in ecpg (Michael Meskes) Fix contrib/auto_explain's JSON output mode to produce valid JSON (Andrew Dunstan) The output used brackets at the top level, when it should have used braces. Fix error in contrib/intarray's int[] & int[] operator (Guillaume Lelarge) If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result. Fix error detection in contrib/pgcrypto's encrypt_iv() and decrypt_iv() (Marko Kreen) These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input. Fix one-byte buffer overrun in contrib/test_parser (Paul Guyot) The code would try to read one more byte than it should, which would crash in corner cases. Since contrib/test_parser is only example code, this is not a security issue in itself, but bad example code is still bad. Use __sync_lock_test_and_set() for spinlocks on ARM, if available (Martin Pitt) This function replaces our previous use of the SWPB instruction, which is deprecated and not available on ARMv6 and later. Reports suggest that the old code doesn't fail in an obvious way on recent ARM boards, but simply doesn't interlock concurrent accesses, leading to bizarre failures in multiprocess operation. Use -fexcess-precision=standard option when building with gcc versions that accept it (Andrew Dunstan) This prevents assorted scenarios wherein recent versions of gcc will produce creative results. Allow use of threaded Python on FreeBSD (Chris Rees) Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check. 2011-12-05 This release contains a variety of fixes from 9.0.5. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. However, a longstanding error was discovered in the definition of the information_schema.referential_constraints view. If you rely on correct results from that view, you should replace its definition as explained in the first changelog item below. Also, if you are upgrading from a version earlier than 9.0.4, see the release notes for 9.0.4. Fix bugs in information_schema.referential_constraints view (Tom Lane) This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does. Since the view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can (as a superuser) drop the information_schema schema then re-create it by sourcing SHAREDIR/information_schema.sql. (Run pg_config --sharedir if you're uncertain where SHAREDIR is.) This must be repeated in each database to be fixed. Fix possible crash during UPDATE or DELETE that joins to the output of a scalar-returning function (Tom Lane) A crash could only occur if the target row had been concurrently updated, so this problem surfaced only intermittently. Fix incorrect replay of WAL records for GIN index updates (Tom Lane) This could result in transiently failing to find index entries after a crash, or on a hot-standby server. The problem would be repaired by the next VACUUM of the index, however. Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT * FROM src or INSERT INTO dest SELECT * FROM src (Tom Lane) If a table has been modified by ALTER TABLE ADD COLUMN, attempts to copy its data verbatim to another table could produce corrupt results in certain corner cases. The problem can only manifest in this precise form in 8.4 and later, but we patched earlier versions as well in case there are other code paths that could trigger the same bug. Fix possible failures during hot standby startup (Simon Riggs) Start hot standby faster when initial snapshot is incomplete (Simon Riggs) Fix race condition during toast table access from stale syscache entries (Tom Lane) The typical symptom was transient errors like missing chunk number 0 for toast value NNNNN in pg_toast_2619, where the cited toast table would always belong to a system catalog. Track dependencies of functions on items used in parameter default expressions (Tom Lane) Previously, a referenced object could be dropped without having dropped or modified the function, leading to misbehavior when the function was used. Note that merely installing this update will not fix the missing dependency entries; to do that, you'd need to CREATE OR REPLACE each such function afterwards. If you have functions whose defaults depend on non-built-in objects, doing so is recommended. Allow inlining of set-returning SQL functions with multiple OUT parameters (Tom Lane) Don't trust deferred-unique indexes for join removal (Tom Lane and Marti Raudsepp) A deferred uniqueness constraint might not hold intra-transaction, so assuming that it does could give incorrect query results. Make DatumGetInetP() unpack inet datums that have a 1-byte header, and add a new macro, DatumGetInetPP(), that does not (Heikki Linnakangas) This change affects no core code, but might prevent crashes in add-on code that expects DatumGetInetP() to produce an unpacked datum as per usual convention. Improve locale support in money type's input and output (Tom Lane) Aside from not supporting all standard lc_monetary formatting options, the input and output functions were inconsistent, meaning there were locales in which dumped money values could not be re-read. Don't let transform_null_equals affect CASE foo WHEN NULL ... constructs (Heikki Linnakangas) transform_null_equals is only supposed to affect foo = NULL expressions written directly by the user, not equality checks generated internally by this form of CASE. Change foreign-key trigger creation order to better support self-referential foreign keys (Tom Lane) For a cascading foreign key that references its own table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The ON UPDATE trigger must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error. However, the firing order of these triggers is determined by their names, which generally sort in creation order since the triggers have auto-generated names following the convention RI_ConstraintTrigger_NNNN. A proper fix would require modifying that convention, which we will do in 9.2, but it seems risky to change it in existing releases. So this patch just changes the creation order of the triggers. Users encountering this type of error should drop and re-create the foreign key constraint to get its triggers into the right order. Avoid floating-point underflow while tracking buffer allocation rate (Greg Matthews) While harmless in itself, on certain platforms this would result in annoying kernel log messages. Preserve configuration file name and line number values when starting child processes under Windows (Tom Lane) Formerly, these would not be displayed correctly in the pg_settings view. Fix incorrect field alignment in ecpg's SQLDA area (Zoltan Boszormenyi) Preserve blank lines within commands in psql's command history (Robert Haas) The former behavior could cause problems if an empty line was removed from within a string literal, for example. Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes (Tom Lane) Assorted fixes for pg_upgrade (Bruce Momjian) Handle exclusion constraints correctly, avoid failures on Windows, don't complain about mismatched toast table names in 8.4 databases. Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy (David Wheeler and Alex Hunsaker) Fix incorrect coding in contrib/dict_int and contrib/dict_xsyn (Tom Lane) Some functions incorrectly assumed that memory returned by palloc() is guaranteed zeroed. Fix assorted errors in contrib/unaccent's configuration file parsing (Tom Lane) Honor query cancel interrupts promptly in pgstatindex() (Robert Haas) Fix incorrect quoting of log file name in Mac OS X start script (Sidar Lopez) Ensure VPATH builds properly install all server header files (Peter Eisentraut) Shorten file names reported in verbose error messages (Peter Eisentraut) Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name. Fix interpretation of Windows timezone names for Central America (Tom Lane) Map Central America Standard Time to CST6, not CST6CDT, because DST is generally not observed anywhere in Central America. Update time zone data files to tzdata release 2011n for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; also historical corrections for Alaska and British East Africa. 2011-09-26 This release contains a variety of fixes from 9.0.4. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. However, if you are upgrading from a version earlier than 9.0.4, see the release notes for 9.0.4. Fix catalog cache invalidation after a VACUUM FULL or CLUSTER on a system catalog (Tom Lane) In some cases the relocation of a system catalog row to another place would not be recognized by concurrent server processes, allowing catalog corruption to occur if they then tried to update that row. The worst-case outcome could be as bad as complete loss of a table. Fix incorrect order of operations during sinval reset processing, and ensure that TOAST OIDs are preserved in system catalogs (Tom Lane) These mistakes could lead to transient failures after a VACUUM FULL or CLUSTER on a system catalog. Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane) These bugs could result in index corruption after reindexing a system catalog. They are not believed to affect user indexes. Fix multiple bugs in GiST index page split processing (Heikki Linnakangas) The probability of occurrence was low, but these could lead to index corruption. Fix possible buffer overrun in tsvector_concat() (Tom Lane) The function could underestimate the amount of memory needed for its result, leading to server crashes. Fix crash in xml_recv when processing a standalone parameter (Tom Lane) Make pg_options_to_table return NULL for an option with no value (Tom Lane) Previously such cases would result in a server crash. Avoid possibly accessing off the end of memory in ANALYZE and in SJIS-2004 encoding conversion (Noah Misch) This fixes some very-low-probability server crash scenarios. Protect pg_stat_reset_shared() against NULL input (Magnus Hagander) Fix possible failure when a recovery conflict deadlock is detected within a sub-transaction (Tom Lane) Avoid spurious conflicts while recycling btree index pages during hot standby (Noah Misch, Simon Riggs) Shut down WAL receiver if it's still running at end of recovery (Heikki Linnakangas) The postmaster formerly panicked in this situation, but it's actually a legitimate case. Fix race condition in relcache init file invalidation (Tom Lane) There was a window wherein a new backend process could read a stale init file but miss the inval messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically could not read block 0 in file ... later during startup. Fix memory leak at end of a GiST index scan (Tom Lane) Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak. Fix memory leak when encoding conversion has to be done on incoming command strings and LISTEN is active (Tom Lane) Fix incorrect memory accounting (leading to possible memory bloat) in tuplestores supporting holdable cursors and plpgsql's RETURN NEXT command (Tom Lane) Fix trigger WHEN conditions when both BEFORE and AFTER triggers exist (Tom Lane) Evaluation of WHEN conditions for AFTER ROW UPDATE triggers could crash if there had been a BEFORE ROW trigger fired for the same update. Fix performance problem when constructing a large, lossy bitmap (Tom Lane) Fix join selectivity estimation for unique columns (Tom Lane) This fixes an erroneous planner heuristic that could lead to poor estimates of the result size of a join. Fix nested PlaceHolderVar expressions that appear only in sub-select target lists (Tom Lane) This mistake could result in outputs of an outer join incorrectly appearing as NULL. Allow the planner to assume that empty parent tables really are empty (Tom Lane) Normally an empty table is assumed to have a certain minimum size for planning purposes; but this heuristic seems to do more harm than good for the parent table of an inheritance hierarchy, which often is permanently empty. Allow nested EXISTS queries to be optimized properly (Tom Lane) Fix array- and path-creating functions to ensure padding bytes are zeroes (Tom Lane) This avoids some situations where the planner will think that semantically-equal constants are not equal, resulting in poor optimization. Fix EXPLAIN to handle gating Result nodes within inner-indexscan subplans (Tom Lane) The usual symptom of this oversight was bogus varno errors. Fix btree preprocessing of indexedcol IS NULL conditions (Dean Rasheed) Such a condition is unsatisfiable if combined with any other type of btree-indexable condition on the same index column. The case was handled incorrectly in 9.0.0 and later, leading to query output where there should be none. Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) This could lead to loss of committed transactions after a server crash. Fix dump bug for VALUES in a view (Tom Lane) Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) This operation doesn't work as expected and can lead to failures. Fix VACUUM so that it always updates pg_class.reltuples/relpages (Tom Lane) This fixes some scenarios where autovacuum could make increasingly poor decisions about when to vacuum tables. Defend against integer overflow when computing size of a hash table (Tom Lane) Fix cases where CLUSTER might attempt to access already-removed TOAST data (Tom Lane) Fix premature timeout failures during initial authentication transaction (Tom Lane) Fix portability bugs in use of credentials control messages for peer authentication (Tom Lane) Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari, Magnus Hagander) The typical symptom of this problem was The function requested is not supported errors during SSPI login. Fix failure when adding a new variable of a custom variable class to postgresql.conf (Tom Lane) Throw an error if pg_hba.conf contains hostssl but SSL is disabled (Tom Lane) This was concluded to be more user-friendly than the previous behavior of silently ignoring such lines. Fix failure when DROP OWNED BY attempts to remove default privileges on sequences (Shigeru Hanada) Fix typo in pg_srand48 seed initialization (Andres Freund) This led to failure to use all bits of the provided seed. This function is not used on most platforms (only those without srandom), and the potential security exposure from a less-random-than-expected seed seems minimal in any case. Avoid integer overflow when the sum of LIMIT and OFFSET values exceeds 2^63 (Heikki Linnakangas) Add overflow checks to int4 and int8 versions of generate_series() (Robert Haas) Fix trailing-zero removal in to_char() (Marti Raudsepp) In a format with FM and no digit positions after the decimal point, zeroes to the left of the decimal point could be removed incorrectly. Fix pg_size_pretty() to avoid overflow for inputs close to 2^63 (Tom Lane) Weaken plpgsql's check for typmod matching in record values (Tom Lane) An overly enthusiastic check could lead to discarding length modifiers that should have been kept. Correctly handle quotes in locale names during initdb (Heikki Linnakangas) The case can arise with some Windows locales, such as People's Republic of China. In pg_upgrade, avoid dumping orphaned temporary tables (Bruce Momjian) This prevents situations wherein table OID assignments could get out of sync between old and new installations. Fix pg_upgrade to preserve toast tables' relfrozenxids during an upgrade from 8.3 (Bruce Momjian) Failure to do this could lead to pg_clog files being removed too soon after the upgrade. In pg_upgrade, fix the -l (log) option to work on Windows (Bruce Momjian) In pg_ctl, support silent mode for service registrations on Windows (MauMau) Fix psql's counting of script file line numbers during COPY from a different file (Tom Lane) Fix pg_restore's direct-to-database mode for standard_conforming_strings (Tom Lane) pg_restore could emit incorrect commands when restoring directly to a database server from an archive file that had been made with standard_conforming_strings set to on. Be more user-friendly about unsupported cases for parallel pg_restore (Tom Lane) This change ensures that such cases are detected and reported before any restore actions have been taken. Fix write-past-buffer-end and memory leak in libpq's LDAP service lookup code (Albe Laurenz) In libpq, avoid failures when using nonblocking I/O and an SSL connection (Martin Pihlak, Tom Lane) Improve libpq's handling of failures during connection startup (Tom Lane) In particular, the response to a server report of fork() failure during SSL connection startup is now saner. Improve libpq's error reporting for SSL failures (Tom Lane) Fix PQsetvalue() to avoid possible crash when adding a new tuple to a PGresult originally obtained from a server query (Andrew Chernow) Make ecpglib write double values with 15 digits precision (Akira Kurosawa) In ecpglib, be sure LC_NUMERIC setting is restored after an error (Michael Meskes) Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) (Tom Lane) contrib/pg_crypto's blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. Fix memory leak in contrib/seg (Heikki Linnakangas) Fix pgstatindex() to give consistent results for empty indexes (Tom Lane) Allow building with perl 5.14 (Alex Hunsaker) Fix assorted issues with build and install file paths containing spaces (Tom Lane) Update time zone data files to tzdata release 2011i for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. 2011-04-18 This release contains a variety of fixes from 9.0.3. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. However, if your installation was upgraded from a previous major release by running pg_upgrade, you should take action to prevent possible data loss due to a now-fixed bug in pg_upgrade. The recommended solution is to run VACUUM FREEZE on all TOAST tables. More information is available at http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix. Fix pg_upgrade's handling of TOAST tables (Bruce Momjian) The pg_class.relfrozenxid value for TOAST tables was not correctly copied into the new installation during pg_upgrade. This could later result in pg_clog files being discarded while they were still needed to validate tuples in the TOAST tables, leading to could not access status of transaction failures. This error poses a significant risk of data loss for installations that have been upgraded with pg_upgrade. This patch corrects the problem for future uses of pg_upgrade, but does not in itself cure the issue in installations that have been processed with a buggy version of pg_upgrade. Suppress incorrect PD_ALL_VISIBLE flag was incorrectly set warning (Heikki Linnakangas) VACUUM would sometimes issue this warning in cases that are actually valid. Use better SQLSTATE error codes for hot standby conflict cases (Tatsuo Ishii and Simon Riggs) All retryable conflict errors now have an error code that indicates that a retry is possible. Also, session closure due to the database being dropped on the master is now reported as ERRCODE_DATABASE_DROPPED, rather than ERRCODE_ADMIN_SHUTDOWN, so that connection poolers can handle the situation correctly. Prevent intermittent hang in interactions of startup process with bgwriter process (Simon Riggs) This affected recovery in non-hot-standby cases. Disallow including a composite type in itself (Tom Lane) This prevents scenarios wherein the server could recurse infinitely while processing the composite type. While there are some possible uses for such a structure, they don't seem compelling enough to justify the effort required to make sure it always works safely. Avoid potential deadlock during catalog cache initialization (Nikhil Sontakke) In some cases the cache loading code would acquire share lock on a system index before locking the index's catalog. This could deadlock against processes trying to acquire exclusive locks in the other, more standard order. Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling when there was a concurrent update to the target tuple (Tom Lane) This bug has been observed to result in intermittent cannot extract system attribute from virtual tuple failures while trying to do UPDATE RETURNING ctid. There is a very small probability of more serious errors, such as generating incorrect index entries for the updated tuple. Disallow DROP TABLE when there are pending deferred trigger events for the table (Tom Lane) Formerly the DROP would go through, leading to could not open relation with OID nnn errors when the triggers were eventually fired. Allow replication as a user name in pg_hba.conf (Andrew Dunstan) replication is special in the database name column, but it was mistakenly also treated as special in the user name column. Prevent crash triggered by constant-false WHERE conditions during GEQO optimization (Tom Lane) Improve planner's handling of semi-join and anti-join cases (Tom Lane) Fix handling of SELECT FOR UPDATE in a sub-SELECT (Tom Lane) This bug typically led to cannot extract system attribute from virtual tuple errors. Fix selectivity estimation for text search to account for NULLs (Jesper Krogh) Fix get_actual_variable_range() to support hypothetical indexes injected by an index adviser plugin (Gurjeet Singh) Fix PL/Python memory leak involving array slices (Daniel Popowich) Allow libpq's SSL initialization to succeed when user's home directory is unavailable (Tom Lane) If the SSL mode is such that a root certificate file is not required, there is no need to fail. This change restores the behavior to what it was in pre-9.0 releases. Fix libpq to return a useful error message for errors detected in conninfo_array_parse (Joseph Adams) A typo caused the library to return NULL, rather than the PGconn structure containing the error message, to the application. Fix ecpg preprocessor's handling of float constants (Heikki Linnakangas) Fix parallel pg_restore to handle comments on POST_DATA items correctly (Arnd Hannemann) Fix pg_restore to cope with long lines (over 1KB) in TOC files (Tom Lane) Put in more safeguards against crashing due to division-by-zero with overly enthusiastic compiler optimization (Aurelien Jarno) Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) There was a hard-wired assumption that this system function was not available on MIPS hardware on these systems. Use a compile-time test instead, since more recent versions have it. Fix compilation failures on HP-UX (Heikki Linnakangas) Avoid crash when trying to write to the Windows console very early in process startup (Rushabh Lathia) Support building with MinGW 64 bit compiler for Windows (Andrew Dunstan) Fix version-incompatibility problem with libintl on Windows (Hiroshi Inoue) Fix usage of xcopy in Windows build scripts to work correctly under Windows 7 (Andrew Dunstan) This affects the build scripts only, not installation or usage. Fix path separator used by pg_regress on Cygwin (Andrew Dunstan) Update time zone data files to tzdata release 2011f for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, and Turkey; also historical corrections for South Australia, Alaska, and Hawaii. 2011-01-31 This release contains a variety of fixes from 9.0.2. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. Before exiting walreceiver, ensure all the received WAL is fsync'd to disk (Heikki Linnakangas) Otherwise the standby server could replay some un-synced WAL, conceivably leading to data corruption if the system crashes just at that point. Avoid excess fsync activity in walreceiver (Heikki Linnakangas) Make ALTER TABLE revalidate uniqueness and exclusion constraints when needed (Noah Misch) This was broken in 9.0 by a change that was intended to suppress revalidation during VACUUM FULL and CLUSTER, but unintentionally affected ALTER TABLE as well. Fix EvalPlanQual for UPDATE of an inheritance tree in which the tables are not all alike (Tom Lane) Any variation in the table row types (including dropped columns present in only some child tables) would confuse the EvalPlanQual code, leading to misbehavior or even crashes. Since EvalPlanQual is only executed during concurrent updates to the same row, the problem was only seen intermittently. Avoid failures when EXPLAIN tries to display a simple-form CASE expression (Tom Lane) If the CASE's test expression was a constant, the planner could simplify the CASE into a form that confused the expression-display code, resulting in unexpected CASE WHEN clause errors. Fix assignment to an array slice that is before the existing range of subscripts (Tom Lane) If there was a gap between the newly added subscripts and the first pre-existing subscript, the code miscalculated how many entries needed to be copied from the old array's null bitmap, potentially leading to data corruption or crash. Avoid unexpected conversion overflow in planner for very distant date values (Tom Lane) The date type supports a wider range of dates than can be represented by the timestamp types, but the planner assumed it could always convert a date to timestamp with impunity. Fix PL/Python crash when an array contains null entries (Alex Hunsaker) Remove ecpg's fixed length limit for constants defining an array dimension (Michael Meskes) Fix erroneous parsing of tsquery values containing ... & !(subexpression) | ... (Tom Lane) Queries containing this combination of operators were not executed correctly. The same error existed in contrib/intarray's query_int type and contrib/ltree's ltxtquery type. Fix buffer overrun in contrib/intarray's input function for the query_int type (Apple) This bug is a security risk since the function's return address could be overwritten. Thanks to Apple Inc's security team for reporting this issue and supplying the fix. (CVE-2010-4015) Fix bug in contrib/seg's GiST picksplit algorithm (Alexander Korotkov) This could result in considerable inefficiency, though not actually incorrect answers, in a GiST index on a seg column. If you have such an index, consider REINDEXing it after installing this update. (This is identical to the bug that was fixed in contrib/cube in the previous update.) 2010-12-16 This release contains a variety of fixes from 9.0.1. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. Force the default wal_sync_method to be fdatasync on Linux (Tom Lane, Marti Raudsepp) The default on Linux has actually been fdatasync for many years, but recent kernel changes caused PostgreSQL to choose open_datasync instead. This choice did not result in any performance improvement, and caused outright failures on certain filesystems, notably ext4 with the data=journal mount option. Fix too many KnownAssignedXids error during Hot Standby replay (Heikki Linnakangas) Fix race condition in lock acquisition during Hot Standby (Simon Riggs) Avoid unnecessary conflicts during Hot Standby (Simon Riggs) This fixes some cases where replay was considered to conflict with standby queries (causing delay of replay or possibly cancellation of the queries), but there was no real conflict. Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) This could result in bad buffer id: 0 failures or corruption of index contents during replication. Fix recovery from base backup when the starting checkpoint WAL record is not in the same WAL segment as its redo point (Jeff Davis) Fix corner-case bug when streaming replication is enabled immediately after creating the master database cluster (Heikki Linnakangas) Fix persistent slowdown of autovacuum workers when multiple workers remain active for a long time (Tom Lane) The effective vacuum_cost_limit for an autovacuum worker could drop to nearly zero if it processed enough tables, causing it to run extremely slowly. Fix long-term memory leak in autovacuum launcher (Alvaro Herrera) Avoid failure when trying to report an impending transaction wraparound condition from outside a transaction (Tom Lane) This oversight prevented recovery after transaction wraparound got too close, because database startup processing would fail. Add support for detecting register-stack overrun on IA64 (Tom Lane) The IA64 architecture has two hardware stacks. Full prevention of stack-overrun failures requires checking both. Add a check for stack overflow in copyObject() (Tom Lane) Certain code paths could crash due to stack overflow given a sufficiently complex query. Fix detection of page splits in temporary GiST indexes (Heikki Linnakangas) It is possible to have a concurrent page split in a temporary index, if for example there is an open cursor scanning the index when an insertion is done. GiST failed to detect this case and hence could deliver wrong results when execution of the cursor continued. Fix error checking during early connection processing (Tom Lane) The check for too many child processes was skipped in some cases, possibly leading to postmaster crash when attempting to add the new child process to fixed-size arrays. Improve efficiency of window functions (Tom Lane) Certain cases where a large number of tuples needed to be read in advance, but work_mem was large enough to allow them all to be held in memory, were unexpectedly slow. percent_rank(), cume_dist() and ntile() in particular were subject to this problem. Avoid memory leakage while ANALYZE'ing complex index expressions (Tom Lane) Ensure an index that uses a whole-row Var still depends on its table (Tom Lane) An index declared like create index i on t (foo(t.*)) would not automatically get dropped when its table was dropped. Add missing support in DROP OWNED BY for removing foreign data wrapper/server privileges belonging to a user (Heikki Linnakangas) Do not inline a SQL function with multiple OUT parameters (Tom Lane) This avoids a possible crash due to loss of information about the expected result rowtype. Fix crash when inline-ing a set-returning function whose argument list contains a reference to an inline-able user function (Tom Lane) Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is attached to the VALUES part of INSERT ... VALUES (Tom Lane) Make the OFF keyword unreserved (Heikki Linnakangas) This prevents problems with using off as a variable name in PL/pgSQL. That worked before 9.0, but was now broken because PL/pgSQL now treats all core reserved words as reserved. Fix constant-folding of COALESCE() expressions (Tom Lane) The planner would sometimes attempt to evaluate sub-expressions that in fact could never be reached, possibly leading to unexpected errors. Fix could not find pathkey item to sort planner failure with comparison of whole-row Vars (Tom Lane) Fix postmaster crash when connection acceptance (accept() or one of the calls made immediately after it) fails, and the postmaster was compiled with GSSAPI support (Alexander Chernikov) Retry after receiving an invalid response packet from a RADIUS authentication server (Magnus Hagander) This fixes a low-risk potential denial of service condition. Fix missed unlink of temporary files when log_temp_files is active (Tom Lane) If an error occurred while attempting to emit the log message, the unlink was not done, resulting in accumulation of temp files. Add print functionality for InhRelation nodes (Tom Lane) This avoids a failure when debug_print_parse is enabled and certain types of query are executed. Fix incorrect calculation of distance from a point to a horizontal line segment (Tom Lane) This bug affected several different geometric distance-measurement operators. Fix incorrect calculation of transaction status in ecpg (Itagaki Takahiro) Fix errors in psql's Unicode-escape support (Tom Lane) Speed up parallel pg_restore when the archive contains many large objects (blobs) (Tom Lane) Fix PL/pgSQL's handling of simple expressions to not fail in recursion or error-recovery cases (Tom Lane) Fix PL/pgSQL's error reporting for no-such-column cases (Tom Lane) As of 9.0, it would sometimes report missing FROM-clause entry for table foo when record foo has no field bar would be more appropriate. Fix PL/Python to honor typmod (i.e., length or precision restrictions) when assigning to tuple fields (Tom Lane) This fixes a regression from 8.4. Fix PL/Python's handling of set-returning functions (Jan Urbanski) Attempts to call SPI functions within the iterator generating a set result would fail. Fix bug in contrib/cube's GiST picksplit algorithm (Alexander Korotkov) This could result in considerable inefficiency, though not actually incorrect answers, in a GiST index on a cube column. If you have such an index, consider REINDEXing it after installing this update. Don't emit identifier will be truncated notices in contrib/dblink except when creating new connections (Itagaki Takahiro) Fix potential coredump on missing public key in contrib/pgcrypto (Marti Raudsepp) Fix buffer overrun in contrib/pg_upgrade (Hernan Gonzalez) Fix memory leak in contrib/xml2's XPath query functions (Tom Lane) Update time zone data files to tzdata release 2010o for DST law changes in Fiji and Samoa; also historical corrections for Hong Kong. 2010-10-04 This release contains a variety of fixes from 9.0.0. For information about new features in the 9.0 major release, see . A dump/restore is not required for those running 9.0.X. Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane) This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). Improve pg_get_expr() security fix so that the function can still be used on the output of a sub-select (Tom Lane) Fix incorrect placement of placeholder evaluation (Tom Lane) This bug could result in query outputs being non-null when they should be null, in cases where the inner side of an outer join is a sub-select with non-strict expressions in its output list. Fix join removal's handling of placeholder expressions (Tom Lane) Fix possible duplicate scans of UNION ALL member relations (Tom Lane) Prevent infinite loop in ProcessIncomingNotify() after unlistening (Jeff Davis) Prevent show_session_authorization() from crashing within autovacuum processes (Tom Lane) Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane) Input such as 'J100000'::date worked before 8.4, but was unintentionally broken by added error-checking. Make psql recognize DISCARD ALL as a command that should not be encased in a transaction block in autocommit-off mode (Itagaki Takahiro) Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git (Magnus Hagander and others) 2010-09-20 This release of PostgreSQL adds features that have been requested for years, such as easy-to-use replication, a mass permission-changing facility, and anonymous code blocks. While past major releases have been conservative in their scope, this release shows a bold new desire to provide facilities that new and existing users of PostgreSQL will embrace. This has all been done with few incompatibilities. Major enhancements include: Built-in replication based on log shipping. This advance consists of two features: Streaming Replication, allowing continuous archive (WAL) files to be streamed over a network connection to a standby server, and Hot Standby, allowing continuous archive standby servers to execute read-only queries. The net effect is to support a single master with multiple read-only slave servers. Easier database object permissions management. GRANT/REVOKE IN SCHEMA supports mass permissions changes on existing objects, while ALTER DEFAULT PRIVILEGES allows control of privileges for objects created in the future. Large objects (BLOBs) now support permissions management as well. Broadly enhanced stored procedure support. The DO statement supports ad-hoc or anonymous code blocks. Functions can now be called using named parameters. PL/pgSQL is now installed by default, and PL/Perl and PL/Python have been enhanced in several ways, including support for Python3. Full support for 64-bit Windows. More advanced reporting queries, including additional windowing options (PRECEDING and FOLLOWING) and the ability to control the order in which values are fed to aggregate functions. New trigger features, including SQL-standard-compliant per-column triggers and conditional trigger execution. Deferrable unique constraints. Mass updates to unique keys are now possible without trickery. Exclusion constraints. These provide a generalized version of unique constraints, allowing enforcement of complex conditions. New and enhanced security features, including RADIUS authentication, LDAP authentication improvements, and a new contrib module passwordcheck for testing password strength. New high-performance implementation of the LISTEN/NOTIFY feature. Pending events are now stored in a memory-based queue rather than a table. Also, a payload string can be sent with each event, rather than transmitting just an event name as before. New implementation of VACUUM FULL. This command now rewrites the entire table and indexes, rather than moving individual rows to compact space. It is substantially faster in most cases, and no longer results in index bloat. New contrib module pg_upgrade to support in-place upgrades from 8.3 or 8.4 to 9.0. Multiple performance enhancements for specific types of queries, including elimination of unnecessary joins. This helps optimize some automatically-generated queries, such as those produced by object-relational mappers (ORMs). EXPLAIN enhancements. The output is now available in JSON, XML, or YAML format, and includes buffer utilization and other data not previously available. hstore improvements, including new functions and greater data capacity. The above items are explained in more detail in the sections below. A dump/restore using pg_dump, or use of pg_upgrade, is required for those wishing to migrate data from any previous release. Version 9.0 contains a number of changes that selectively break backwards compatibility in order to support new features and code quality improvements. In particular, users who make extensive use of PL/pgSQL, Point-In-Time Recovery (PITR), or Warm Standby should test their applications because of slight user-visible changes in those areas. Observe the following incompatibilities: Remove server parameter add_missing_from, which was defaulted to off for many years (Tom Lane) Remove server parameter regex_flavor, which was defaulted to advanced for many years (Tom Lane) archive_mode now only affects archive_command; a new setting, wal_level, affects the contents of the write-ahead log (Heikki Linnakangas) log_temp_files now uses default file size units of kilobytes (Robert Haas) When querying a parent table, do not do any separate permission checks on child tables scanned as part of the query (Peter Eisentraut) The SQL standard specifies this behavior, and it is also much more convenient in practice than the former behavior of checking permissions on each child as well as the parent. bytea output now appears in hex format by default (Peter Eisentraut) The server parameter bytea_output can be used to select the traditional output format if needed for compatibility. Array input now considers only plain ASCII whitespace characters to be potentially ignorable; it will never ignore non-ASCII characters, even if they are whitespace according to some locales (Tom Lane) This avoids some corner cases where array values could be interpreted differently depending on the server's locale settings. Improve standards compliance of SIMILAR TO patterns and SQL-style substring() patterns (Tom Lane) This includes treating ? and {...} as pattern metacharacters, while they were simple literal characters before; that corresponds to new features added in SQL:2008. Also, ^ and $ are now treated as simple literal characters; formerly they were treated as metacharacters, as if the pattern were following POSIX rather than SQL rules. Also, in SQL-standard substring(), use of parentheses for nesting no longer interferes with capturing of a substring. Also, processing of bracket expressions (character classes) is now more standards-compliant. Reject negative length values in 3-parameter substring() for bit strings, per the SQL standard (Tom Lane) Make date_trunc truncate rather than round when reducing precision of fractional seconds (Tom Lane) The code always acted this way for integer-based dates/times. Now float-based dates/times behave similarly. Tighten enforcement of column name consistency during RENAME when a child table inherits the same column from multiple unrelated parents (KaiGai Kohei) No longer automatically rename indexes and index columns when the underlying table columns are renamed (Tom Lane) Administrators can still rename such indexes and columns manually. This change will require an update of the JDBC driver, and possibly other drivers, so that unique indexes are correctly recognized after a rename. CREATE OR REPLACE FUNCTION can no longer change the declared names of function parameters (Pavel Stehule) In order to avoid creating ambiguity in named-parameter calls, it is no longer allowed to change the aliases for input parameters in the declaration of an existing function (although names can still be assigned to previously unnamed parameters). You now have to DROP and recreate the function to do that. PL/pgSQL now throws an error if a variable name conflicts with a column name used in a query (Tom Lane) The former behavior was to bind ambiguous names to PL/pgSQL variables in preference to query columns, which often resulted in surprising misbehavior. Throwing an error allows easy detection of ambiguous situations. Although it's recommended that functions encountering this type of error be modified to remove the conflict, the old behavior can be restored if necessary via the configuration parameter plpgsql.variable_conflict, or via the per-function option #variable_conflict. PL/pgSQL no longer allows variable names that match certain SQL reserved words (Tom Lane) This is a consequence of aligning the PL/pgSQL parser to match the core SQL parser more closely. If necessary, variable names can be double-quoted to avoid this restriction. PL/pgSQL now requires columns of composite results to match the expected type modifier as well as base type (Pavel Stehule, Tom Lane) For example, if a column of the result type is declared as NUMERIC(30,2), it is no longer acceptable to return a NUMERIC of some other precision in that column. Previous versions neglected to check the type modifier and would thus allow result rows that didn't actually conform to the declared restrictions. PL/pgSQL now treats selection into composite fields more consistently (Tom Lane) Formerly, a statement like SELECT ... INTO rec.fld FROM ... was treated as a scalar assignment even if the record field fld was of composite type. Now it is treated as a record assignment, the same as when the INTO target is a regular variable of composite type. So the values to be assigned to the field's subfields should be written as separate columns of the SELECT list, not as a ROW(...) construct as in previous versions. If you need to do this in a way that will work in both 9.0 and previous releases, you can write something like rec.fld := ROW(...) FROM .... Remove PL/pgSQL's RENAME declaration (Tom Lane) Instead of RENAME, use ALIAS, which can now create an alias for any variable, not only dollar sign parameter names (such as $1) as before. Deprecate use of => as an operator name (Robert Haas) Future versions of PostgreSQL will probably reject this operator name entirely, in order to support the SQL-standard notation for named function parameters. For the moment, it is still allowed, but a warning is emitted when such an operator is defined. Remove support for platforms that don't have a working 64-bit integer data type (Tom Lane) It is believed all still-supported platforms have working 64-bit integer data types. Version 9.0 has an unprecedented number of new major features, and over 200 enhancements, improvements, new commands, new functions, and other changes. PostgreSQL's existing standby-server capability has been expanded both to support read-only queries on standby servers and to greatly reduce the lag between master and standby servers. For many users, this will be a useful and low-administration form of replication, either for high availability or for horizontal scalability. Allow a standby server to accept read-only queries (Simon Riggs, Heikki Linnakangas) This feature is called Hot Standby. There are new postgresql.conf and recovery.conf settings to control this feature, as well as extensive documentation. Allow write-ahead log (WAL) data to be streamed to a standby server (Fujii Masao, Heikki Linnakangas) This feature is called Streaming Replication. Previously WAL data could be sent to standby servers only in units of entire WAL files (normally 16 megabytes each). Streaming Replication eliminates this inefficiency and allows updates on the master to be propagated to standby servers with very little delay. There are new postgresql.conf and recovery.conf settings to control this feature, as well as extensive documentation. Add pg_last_xlog_receive_location() and pg_last_xlog_replay_location(), which can be used to monitor standby server WAL activity (Simon Riggs, Fujii Masao, Heikki Linnakangas) Allow per-tablespace values to be set for sequential and random page cost estimates (seq_page_cost/random_page_cost) via ALTER TABLESPACE ... SET/RESET (Robert Haas) Improve performance and reliability of EvalPlanQual rechecks in join queries (Tom Lane) UPDATE, DELETE, and SELECT FOR UPDATE/SHARE queries that involve joins will now behave much better when encountering freshly-updated rows. Improve performance of TRUNCATE when the table was created or truncated earlier in the same transaction (Tom Lane) Improve performance of finding inheritance child tables (Tom Lane) Remove unnecessary outer joins (Robert Haas) Outer joins where the inner side is unique and not referenced above the join are unnecessary and are therefore now removed. This will accelerate many automatically generated queries, such as those created by object-relational mappers (ORMs). Allow IS NOT NULL restrictions to use indexes (Tom Lane) This is particularly useful for finding MAX()/MIN() values in indexes that contain many null values. Improve the optimizer's choices about when to use materialize nodes, and when to use sorting versus hashing for DISTINCT (Tom Lane) Improve the optimizer's equivalence detection for expressions involving boolean <> operators (Tom Lane) Use the same random seed every time GEQO plans a query (Andres Freund) While the Genetic Query Optimizer (GEQO) still selects random plans, it now always selects the same random plans for identical queries, thus giving more consistent performance. You can modify geqo_seed to experiment with alternative plans. Improve GEQO plan selection (Tom Lane) This avoids the rare error failed to make a valid plan, and should also improve planning speed. Improve ANALYZE to support inheritance-tree statistics (Tom Lane) This is particularly useful for partitioned tables. However, autovacuum does not yet automatically re-analyze parent tables when child tables change. Improve autovacuum's detection of when re-analyze is necessary (Tom Lane) Improve optimizer's estimation for greater/less-than comparisons (Tom Lane) When looking up statistics for greater/less-than comparisons, if the comparison value is in the first or last histogram bucket, use an index (if available) to fetch the current actual column minimum or maximum. This greatly improves the accuracy of estimates for comparison values near the ends of the data range, particularly if the range is constantly changing due to addition of new data. Allow setting of number-of-distinct-values statistics using ALTER TABLE (Robert Haas) This allows users to override the estimated number or percentage of distinct values for a column. This statistic is normally computed by ANALYZE, but the estimate can be poor, especially on tables with very large numbers of rows. Add support for RADIUS (Remote Authentication Dial In User Service) authentication (Magnus Hagander) Allow LDAP (Lightweight Directory Access Protocol) authentication to operate in search/bind mode (Robert Fleming, Magnus Hagander) This allows the user to be looked up first, then the system uses the DN (Distinguished Name) returned for that user. Add samehost and samenet designations to pg_hba.conf (Stef Walter) These match the server's IP address and subnet address respectively. Pass trusted SSL root certificate names to the client so the client can return an appropriate client certificate (Craig Ringer) Add the ability for clients to set an application name, which is displayed in pg_stat_activity (Dave Page) This allows administrators to characterize database traffic and troubleshoot problems by source application. Add a SQLSTATE option (%e) to log_line_prefix (Guillaume Smet) This allows users to compile statistics on errors and messages by error code number. Write to the Windows event log in UTF16 encoding (Itagaki Takahiro) Now there is true multilingual support for PostgreSQL log messages on Windows. Add pg_stat_reset_shared('bgwriter') to reset the cluster-wide shared statistics for the background writer (Greg Smith) Add pg_stat_reset_single_table_counters() and pg_stat_reset_single_function_counters() to allow resetting the statistics counters for individual tables and functions (Magnus Hagander) Allow setting of configuration parameters based on database/role combinations (Alvaro Herrera) Previously only per-database and per-role settings were possible, not combinations. All role and database settings are now stored in the new pg_db_role_setting system catalog. A new psql command \drds shows these settings. The legacy system views pg_roles, pg_shadow, and pg_user do not show combination settings, and therefore no longer completely represent the configuration for a user or database. Add server parameter bonjour, which controls whether a Bonjour-enabled server advertises itself via Bonjour (Tom Lane) The default is off, meaning it does not advertise. This allows packagers to distribute Bonjour-enabled builds without worrying that individual users might not want the feature. Add server parameter enable_material, which controls the use of materialize nodes in the optimizer (Robert Haas) The default is on. When off, the optimizer will not add materialize nodes purely for performance reasons, though they will still be used when necessary for correctness. Change server parameter log_temp_files to use default file size units of kilobytes (Robert Haas) Previously this setting was interpreted in bytes if no units were specified. Log changes of parameter values when postgresql.conf is reloaded (Peter Eisentraut) This lets administrators and security staff audit changes of database settings, and is also very convenient for checking the effects of postgresql.conf edits. Properly enforce superuser permissions for custom server parameters (Tom Lane) Non-superusers can no longer issue ALTER ROLE/DATABASE SET for parameters that are not currently known to the server. This allows the server to correctly check that superuser-only parameters are only set by superusers. Previously, the SET would be allowed and then ignored at session start, making superuser-only custom parameters much less useful than they should be. Perform SELECT FOR UPDATE/SHARE processing after applying LIMIT, so the number of rows returned is always predictable (Tom Lane) Previously, changes made by concurrent transactions could cause a SELECT FOR UPDATE to unexpectedly return fewer rows than specified by its LIMIT. FOR UPDATE in combination with ORDER BY can still produce surprising results, but that can be corrected by placing FOR UPDATE in a subquery. Allow mixing of traditional and SQL-standard LIMIT/OFFSET syntax (Tom Lane) Extend the supported frame options in window functions (Hitoshi Harada) Frames can now start with CURRENT ROW, and the ROWS n PRECEDING/FOLLOWING options are now supported. Make SELECT INTO and CREATE TABLE AS return row counts to the client in their command tags (Boszormenyi Zoltan) This can save an entire round-trip to the client, allowing result counts and pagination to be calculated without an additional COUNT query. Support Unicode surrogate pairs (dual 16-bit representation) in U& strings and identifiers (Peter Eisentraut) Support Unicode escapes in E'...' strings (Marko Kreen) Speed up CREATE DATABASE by deferring flushes to disk (Andres Freund, Greg Stark) Allow comments on columns of tables, views, and composite types only, not other relation types such as indexes and TOAST tables (Tom Lane) Allow the creation of enumerated types containing no values (Bruce Momjian) Let values of columns having storage type MAIN remain on the main heap page unless the row cannot fit on a page (Kevin Grittner) Previously MAIN values were forced out to TOAST tables until the row size was less than one-quarter of the page size. Implement IF EXISTS for ALTER TABLE DROP COLUMN and ALTER TABLE DROP CONSTRAINT (Andres Freund) Allow ALTER TABLE commands that rewrite tables to skip WAL logging (Itagaki Takahiro) Such operations either produce a new copy of the table or are rolled back, so WAL archiving can be skipped, unless running in continuous archiving mode. This reduces I/O overhead and improves performance. Fix failure of ALTER TABLE table ADD COLUMN col serial when done by non-owner of table (Tom Lane) Add support for copying COMMENTS and STORAGE settings in CREATE TABLE ... LIKE commands (Itagaki Takahiro) Add a shortcut for copying all properties in CREATE TABLE ... LIKE commands (Itagaki Takahiro) Add the SQL-standard CREATE TABLE ... OF type command (Peter Eisentraut) This allows creation of a table that matches an existing composite type. Additional constraints and defaults can be specified in the command. Add deferrable unique constraints (Dean Rasheed) This allows mass updates, such as UPDATE tab SET col = col + 1, to work reliably on columns that have unique indexes or are marked as primary keys. If the constraint is specified as DEFERRABLE it will be checked at the end of the statement, rather than after each row is updated. The constraint check can also be deferred until the end of the current transaction, allowing such updates to be spread over multiple SQL commands. Add exclusion constraints (Jeff Davis) Exclusion constraints generalize uniqueness constraints by allowing arbitrary comparison operators, not just equality. They are created with the CREATE TABLE CONSTRAINT ... EXCLUDE clause. The most common use of exclusion constraints is to specify that column entries must not overlap, rather than simply not be equal. This is useful for time periods and other ranges, as well as arrays. This feature enhances checking of data integrity for many calendaring, time-management, and scientific applications. Improve uniqueness-constraint violation error messages to report the values causing the failure (Itagaki Takahiro) For example, a uniqueness constraint violation might now report Key (x)=(2) already exists. Add the ability to make mass permission changes across a whole schema using the new GRANT/REVOKE IN SCHEMA clause (Petr Jelinek) This simplifies management of object permissions and makes it easier to utilize database roles for application data security. Add ALTER DEFAULT PRIVILEGES command to control privileges of objects created later (Petr Jelinek) This greatly simplifies the assignment of object privileges in a complex database application. Default privileges can be set for tables, views, sequences, and functions. Defaults may be assigned on a per-schema basis, or database-wide. Add the ability to control large object (BLOB) permissions with GRANT/REVOKE (KaiGai Kohei) Formerly, any database user could read or modify any large object. Read and write permissions can now be granted and revoked per large object, and the ownership of large objects is tracked. Make LISTEN/NOTIFY store pending events in a memory queue, rather than in a system table (Joachim Wieland) This substantially improves performance, while retaining the existing features of transactional support and guaranteed delivery. Allow NOTIFY to pass an optional payload string to listeners (Joachim Wieland) This greatly improves the usefulness of LISTEN/NOTIFY as a general-purpose event queue system. Allow CLUSTER on all per-database system catalogs (Tom Lane) Shared catalogs still cannot be clustered. Accept COPY ... CSV FORCE QUOTE * (Itagaki Takahiro) Now * can be used as shorthand for all columns in the FORCE QUOTE clause. Add new COPY syntax that allows options to be specified inside parentheses (Robert Haas, Emmanuel Cecchet) This allows greater flexibility for future COPY options. The old syntax is still supported, but only for pre-existing options. Allow EXPLAIN to output in XML, JSON, or YAML format (Robert Haas, Greg Sabino Mullane) The new output formats are easily machine-readable, supporting the development of new tools for analysis of EXPLAIN output. Add new BUFFERS option to report query buffer usage during EXPLAIN ANALYZE (Itagaki Takahiro) This allows better query profiling for individual queries. Buffer usage is no longer reported in the output for log_statement_stats and related settings. Add hash usage information to EXPLAIN output (Robert Haas) Add new EXPLAIN syntax that allows options to be specified inside parentheses (Robert Haas) This allows greater flexibility for future EXPLAIN options. The old syntax is still supported, but only for pre-existing options. Change VACUUM FULL to rewrite the entire table and rebuild its indexes, rather than moving individual rows around to compact space (Itagaki Takahiro, Tom Lane) The previous method was usually slower and caused index bloat. Note that the new method will use more disk space transiently during VACUUM FULL; potentially as much as twice the space normally occupied by the table and its indexes. Add new VACUUM syntax that allows options to be specified inside parentheses (Itagaki Takahiro) This allows greater flexibility for future VACUUM options. The old syntax is still supported, but only for pre-existing options. Allow an index to be named automatically by omitting the index name in CREATE INDEX (Tom Lane) By default, multicolumn indexes are now named after all their columns; and index expression columns are now named based on their expressions (Tom Lane) Reindexing shared system catalogs is now fully transactional and crash-safe (Tom Lane) Formerly, reindexing a shared index was only allowed in standalone mode, and a crash during the operation could leave the index in worse condition than it was before. Add point_ops operator class for GiST (Teodor Sigaev) This feature permits GiST indexing of point columns. The index can be used for several types of queries such as point <@ polygon (point is in polygon). This should make many PostGIS queries faster. Use red-black binary trees for GIN index creation (Teodor Sigaev) Red-black trees are self-balancing. This avoids slowdowns in cases where the input is in nonrandom order. Allow bytea values to be written in hex notation (Peter Eisentraut) The server parameter bytea_output controls whether hex or traditional format is used for bytea output. Libpq's PQescapeByteaConn() function automatically uses the hex format when connected to PostgreSQL 9.0 or newer servers. However, pre-9.0 libpq versions will not correctly process hex format from newer servers. The new hex format will be directly compatible with more applications that use binary data, allowing them to store and retrieve it without extra conversion. It is also significantly faster to read and write than the traditional format. Allow server parameter extra_float_digits to be increased to 3 (Tom Lane) The previous maximum extra_float_digits setting was 2. There are cases where 3 digits are needed to dump and restore float4 values exactly. pg_dump will now use the setting of 3 when dumping from a server that allows it. Tighten input checking for int2vector values (Caleb Welton) Add prefix support in synonym dictionaries (Teodor Sigaev) Add filtering dictionaries (Teodor Sigaev) Filtering dictionaries allow tokens to be modified then passed to subsequent dictionaries. Allow underscores in email-address tokens (Teodor Sigaev) Use more standards-compliant rules for parsing URL tokens (Tom Lane) Allow function calls to supply parameter names and match them to named parameters in the function definition (Pavel Stehule) For example, if a function is defined to take parameters a and b, it can be called with func(a := 7, b := 12) or func(b := 12, a := 7). Support locale-specific regular expression processing with UTF-8 server encoding (Tom Lane) Locale-specific regular expression functionality includes case-insensitive matching and locale-specific character classes. Previously, these features worked correctly for non-ASCII characters only if the database used a single-byte server encoding (such as LATIN1). They will still misbehave in multi-byte encodings other than UTF-8. Add support for scientific notation in to_char() (EEEE specification) (Pavel Stehule, Brendan Jurd) Make to_char() honor FM (fill mode) in Y, YY, and YYY specifications (Bruce Momjian, Tom Lane) It was already honored by YYYY. Fix to_char() to output localized numeric and monetary strings in the correct encoding on Windows (Hiroshi Inoue, Itagaki Takahiro, Bruce Momjian) Correct calculations of overlaps and contains operations for polygons (Teodor Sigaev) The polygon && (overlaps) operator formerly just checked to see if the two polygons' bounding boxes overlapped. It now does a more correct check. The polygon @> and <@ (contains/contained by) operators formerly checked to see if one polygon's vertexes were all contained in the other; this can wrongly report true for some non-convex polygons. Now they check that all line segments of one polygon are contained in the other. Allow aggregate functions to use ORDER BY (Andrew Gierth) For example, this is now supported: array_agg(a ORDER BY b). This is useful with aggregates for which the order of input values is significant, and eliminates the need to use a nonstandard subquery to determine the ordering. Multi-argument aggregate functions can now use DISTINCT (Andrew Gierth) Add the string_agg() aggregate function to combine values into a single string (Pavel Stehule) Aggregate functions that are called with DISTINCT are now passed NULL values if the aggregate transition function is not marked as STRICT (Andrew Gierth) For example, agg(DISTINCT x) might pass a NULL x value to agg(). This is more consistent with the behavior in non-DISTINCT cases. Add get_bit() and set_bit() functions for bit strings, mirroring those for bytea (Leonardo F) Implement OVERLAY() (replace) for bit strings and bytea (Leonardo F) Add pg_table_size() and pg_indexes_size() to provide a more user-friendly interface to the pg_relation_size() function (Bernd Helmle) Add has_sequence_privilege() for sequence permission checking (Abhijit Menon-Sen) Update the information_schema views to conform to SQL:2008 (Peter Eisentraut) Make the information_schema views correctly display maximum octet lengths for char and varchar columns (Peter Eisentraut) Speed up information_schema privilege views (Joachim Wieland) Support execution of anonymous code blocks using the DO statement (Petr Jelinek, Joshua Tolley, Hannu Valtonen) This allows execution of server-side code without the need to create and delete a temporary function definition. Code can be executed in any language for which the user has permissions to define a function. Implement SQL-standard-compliant per-column triggers (Itagaki Takahiro) Such triggers are fired only when the specified column(s) are affected by the query, e.g. appear in an UPDATE's SET list. Add the WHEN clause to CREATE TRIGGER to allow control over whether a trigger is fired (Itagaki Takahiro) While the same type of check can always be performed inside the trigger, doing it in an external WHEN clause can have performance benefits. Add the OR REPLACE clause to CREATE LANGUAGE (Tom Lane) This is helpful to optionally install a language if it does not already exist, and is particularly helpful now that PL/pgSQL is installed by default. Install PL/pgSQL by default (Bruce Momjian) The language can still be removed from a particular database if the administrator has security or performance concerns about making it available. Improve handling of cases where PL/pgSQL variable names conflict with identifiers used in queries within a function (Tom Lane) The default behavior is now to throw an error when there is a conflict, so as to avoid surprising behaviors. This can be modified, via the configuration parameter plpgsql.variable_conflict or the per-function option #variable_conflict, to allow either the variable or the query-supplied column to be used. In any case PL/pgSQL will no longer attempt to substitute variables in places where they would not be syntactically valid. Make PL/pgSQL use the main lexer, rather than its own version (Tom Lane) This ensures accurate tracking of the main system's behavior for details such as string escaping. Some user-visible details, such as the set of keywords considered reserved in PL/pgSQL, have changed in consequence. Avoid throwing an unnecessary error for an invalid record reference (Tom Lane) An error is now thrown only if the reference is actually fetched, rather than whenever the enclosing expression is reached. For example, many people have tried to do this in triggers: if TG_OP = 'INSERT' and NEW.col1 = ... then This will now actually work as expected. Improve PL/pgSQL's ability to handle row types with dropped columns (Pavel Stehule) Allow input parameters to be assigned values within PL/pgSQL functions (Steve Prentice) Formerly, input parameters were treated as being declared CONST, so the function's code could not change their values. This restriction has been removed to simplify porting of functions from other DBMSes that do not impose the equivalent restriction. An input parameter now acts like a local variable initialized to the passed-in value. Improve error location reporting in PL/pgSQL (Tom Lane) Add count and ALL options to MOVE FORWARD/BACKWARD in PL/pgSQL (Pavel Stehule) Allow PL/pgSQL's WHERE CURRENT OF to use a cursor variable (Tom Lane) Allow PL/pgSQL's OPEN cursor FOR EXECUTE to use parameters (Pavel Stehule, Itagaki Takahiro) This is accomplished with a new USING clause. Add new PL/Perl functions: quote_literal(), quote_nullable(), quote_ident(), encode_bytea(), decode_bytea(), looks_like_number(), encode_array_literal(), encode_array_constructor() (Tim Bunce) Add server parameter plperl.on_init to specify a PL/Perl initialization function (Tim Bunce) plperl.on_plperl_init and plperl.on_plperlu_init are also available for initialization that is specific to the trusted or untrusted language respectively. Support END blocks in PL/Perl (Tim Bunce) END blocks do not currently allow database access. Allow use strict in PL/Perl (Tim Bunce) Perl strict checks can also be globally enabled with the new server parameter plperl.use_strict. Allow require in PL/Perl (Tim Bunce) This basically tests to see if the module is loaded, and if not, generates an error. It will not allow loading of modules that the administrator has not preloaded via the initialization parameters. Allow use feature in PL/Perl if Perl version 5.10 or later is used (Tim Bunce) Verify that PL/Perl return values are valid in the server encoding (Andrew Dunstan) Add Unicode support in PL/Python (Peter Eisentraut) Strings are automatically converted from/to the server encoding as necessary. Improve bytea support in PL/Python (Caleb Welton) Bytea values passed into PL/Python are now represented as binary, rather than the PostgreSQL bytea text format. Bytea values containing null bytes are now also output properly from PL/Python. Passing of boolean, integer, and float values was also improved. Support arrays as parameters and return values in PL/Python (Peter Eisentraut) Improve mapping of SQL domains to Python types (Peter Eisentraut) Add Python 3 support to PL/Python (Peter Eisentraut) The new server-side language is called plpython3u. This cannot be used in the same session with the Python 2 server-side language. Improve error location and exception reporting in PL/Python (Peter Eisentraut) Add an --analyze-only option to vacuumdb, to analyze without vacuuming (Bruce Momjian) Add support for quoting/escaping the values of psql variables as SQL strings or identifiers (Pavel Stehule, Robert Haas) For example, :'var' will produce the value of var quoted and properly escaped as a literal string, while :"var" will produce its value quoted and escaped as an identifier. Ignore a leading UTF-8-encoded Unicode byte-order marker in script files read by psql (Itagaki Takahiro) This is enabled when the client encoding is UTF-8. It improves compatibility with certain editors, mostly on Windows, that insist on inserting such markers. Fix psql --file - to properly honor --single-transaction (Bruce Momjian) Avoid overwriting of psql's command-line history when two psql sessions are run concurrently (Tom Lane) Improve psql's tab completion support (Itagaki Takahiro) Show \timing output when it is enabled, regardless of quiet mode (Peter Eisentraut) Improve display of wrapped columns in psql (Roger Leigh) This behavior is now the default. The previous formatting is available by using \pset linestyle old-ascii. Allow psql to use fancy Unicode line-drawing characters via \pset linestyle unicode (Roger Leigh) Make \d show child tables that inherit from the specified parent (Damien Clochard) \d shows only the number of child tables, while \d+ shows the names of all child tables. Show definitions of index columns in \d index_name (Khee Chin) The definition is useful for expression indexes. Show a view's defining query only in \d+, not in \d (Peter Eisentraut) Always including the query was deemed overly verbose. Make pg_dump/pg_restore --clean also remove large objects (Itagaki Takahiro) Fix pg_dump to properly dump large objects when standard_conforming_strings is enabled (Tom Lane) The previous coding could fail when dumping to an archive file and then generating script output from pg_restore. pg_restore now emits large-object data in hex format when generating script output (Tom Lane) This could cause compatibility problems if the script is then loaded into a pre-9.0 server. To work around that, restore directly to the server, instead. Allow pg_dump to dump comments attached to columns of composite types (Taro Minowa (Higepon)) Make pg_dump --verbose output the pg_dump and server versions in text output mode (Jim Cox, Tom Lane) These were already provided in custom output mode. pg_restore now complains if any command-line arguments remain after the switches and optional file name (Tom Lane) Previously, it silently ignored any such arguments. Allow pg_ctl to be used safely to start the postmaster during a system reboot (Tom Lane) Previously, pg_ctl's parent process could have been mistakenly identified as a running postmaster based on a stale postmaster lock file, resulting in a transient failure to start the database. Give pg_ctl the ability to initialize the database (by invoking initdb) (Zdenek Kotala) Add new libpq functions PQconnectdbParams() and PQconnectStartParams() (Guillaume Lelarge) These functions are similar to PQconnectdb() and PQconnectStart() except that they accept a null-terminated array of connection options, rather than requiring all options to be provided in a single string. Add libpq functions PQescapeLiteral() and PQescapeIdentifier() (Robert Haas) These functions return appropriately quoted and escaped SQL string literals and identifiers. The caller is not required to pre-allocate the string result, as is required by PQescapeStringConn(). Add support for a per-user service file (.pg_service.conf), which is checked before the site-wide service file (Peter Eisentraut) Properly report an error if the specified libpq service cannot be found (Peter Eisentraut) Add TCP keepalive settings in libpq (Tollef Fog Heen, Fujii Masao, Robert Haas) Keepalive settings were already supported on the server end of TCP connections. Avoid extra system calls to block and unblock SIGPIPE in libpq, on platforms that offer alternative methods (Jeremy Kerr) When a .pgpass-supplied password fails, mention where the password came from in the error message (Bruce Momjian) Load all SSL certificates given in the client certificate file (Tom Lane) This improves support for indirectly-signed SSL certificates. Add SQLDA (SQL Descriptor Area) support to ecpg (Boszormenyi Zoltan) Add the DESCRIBE [ OUTPUT ] statement to ecpg (Boszormenyi Zoltan) Add an ECPGtransactionStatus function to return the current transaction status (Bernd Helmle) Add the string data type in ecpg Informix-compatibility mode (Boszormenyi Zoltan) Allow ecpg to use new and old variable names without restriction (Michael Meskes) Allow ecpg to use variable names in free() (Michael Meskes) Make ecpg_dynamic_type() return zero for non-SQL3 data types (Michael Meskes) Previously it returned the negative of the data type OID. This could be confused with valid type OIDs, however. Support long long types on platforms that already have 64-bit long (Michael Meskes) Add out-of-scope cursor support in ecpg's native mode (Boszormenyi Zoltan) This allows DECLARE to use variables that are not in scope when OPEN is called. This facility already existed in ecpg's Informix-compatibility mode. Allow dynamic cursor names in ecpg (Boszormenyi Zoltan) Allow ecpg to use noise words FROM and IN in FETCH and MOVE (Boszormenyi Zoltan) Enable client thread safety by default (Bruce Momjian) The thread-safety option can be disabled with configure --disable-thread-safety. Add support for controlling the Linux out-of-memory killer (Alex Hunsaker, Tom Lane) Now that /proc/self/oom_adj allows disabling of the Linux out-of-memory (OOM) killer, it's recommendable to disable OOM kills for the postmaster. It may then be desirable to re-enable OOM kills for the postmaster's child processes. The new compile-time option LINUX_OOM_ADJ allows the killer to be reactivated for child processes. New Makefile targets world, install-world, and installcheck-world (Andrew Dunstan) These are similar to the existing all, install, and installcheck targets, but they also build the HTML documentation, build and test contrib, and test server-side languages and ecpg. Add data and documentation installation location control to PGXS Makefiles (Mark Cave-Ayland) Add Makefile rules to build the PostgreSQL documentation as a single HTML file or as a single plain-text file (Peter Eisentraut, Bruce Momjian) Support compiling on 64-bit Windows and running in 64-bit mode (Tsutomu Yamada, Magnus Hagander) This allows for large shared memory sizes on Windows. Support server builds using Visual Studio 2008 (Magnus Hagander) Distribute prebuilt documentation in a subdirectory tree, rather than as tar archive files inside the distribution tarball (Peter Eisentraut) For example, the prebuilt HTML documentation is now in doc/src/sgml/html/; the manual pages are packaged similarly. Make the server's lexer reentrant (Tom Lane) This was needed for use of the lexer by PL/pgSQL. Improve speed of memory allocation (Tom Lane, Greg Stark) User-defined constraint triggers now have entries in pg_constraint as well as pg_trigger (Tom Lane) Because of this change, pg_constraint.pgconstrname is now redundant and has been removed. Add system catalog columns pg_constraint.conindid and pg_trigger.tgconstrindid to better document the use of indexes for constraint enforcement (Tom Lane) Allow multiple conditions to be communicated to backends using a single operating system signal (Fujii Masao) This allows new features to be added without a platform-specific constraint on the number of signal conditions. Improve source code test coverage, including contrib, PL/Python, and PL/Perl (Peter Eisentraut, Andrew Dunstan) Remove the use of flat files for system table bootstrapping (Tom Lane, Alvaro Herrera) This improves performance when using many roles or databases, and eliminates some possible failure conditions. Automatically generate the initial contents of pg_attribute for bootstrapped catalogs (John Naylor) This greatly simplifies changes to these catalogs. Split the processing of INSERT/UPDATE/DELETE operations out of execMain.c (Marko Tiikkaja) Updates are now executed in a separate ModifyTable node. This change is necessary infrastructure for future improvements. Simplify translation of psql's SQL help text (Peter Eisentraut) Reduce the lengths of some file names so that all file paths in the distribution tarball are less than 100 characters (Tom Lane) Some decompression programs have problems with longer file paths. Add a new ERRCODE_INVALID_PASSWORD SQLSTATE error code (Bruce Momjian) With authors' permissions, remove the few remaining personal source code copyright notices (Bruce Momjian) The personal copyright notices were insignificant but the community occasionally had to answer questions about them. Add new documentation section about running PostgreSQL in non-durable mode to improve performance (Bruce Momjian) Restructure the HTML documentation Makefile rules to make their dependency checks work correctly, avoiding unnecessary rebuilds (Peter Eisentraut) Use DocBook XSL stylesheets for man page building, rather than Docbook2X (Peter Eisentraut) This changes the set of tools needed to build the man pages. Improve PL/Perl code structure (Tim Bunce) Improve error context reports in PL/Perl (Alexey Klyukin) Note that these requirements do not apply when building from a distribution tarball, since tarballs include the files that these programs are used to build. Require Autoconf 2.63 to build configure (Peter Eisentraut) Require Flex 2.5.31 or later to build from a CVS checkout (Tom Lane) Require Perl version 5.8 or later to build from a CVS checkout (John Naylor, Andrew Dunstan) Use a more modern API for Bonjour (Tom Lane) Bonjour support now requires OS X 10.3 or later. The older API has been deprecated by Apple. Add spinlock support for the SuperH architecture (Nobuhiro Iwamatsu) Allow non-GCC compilers to use inline functions if they support them (Kurt Harriman) Remove support for platforms that don't have a working 64-bit integer data type (Tom Lane) Restructure use of LDFLAGS to be more consistent across platforms (Tom Lane) LDFLAGS is now used for linking both executables and shared libraries, and we add on LDFLAGS_EX when linking executables, or LDFLAGS_SL when linking shared libraries. Make backend header files safe to include in C++ (Kurt Harriman, Peter Eisentraut) These changes remove keyword conflicts that previously made C++ usage difficult in backend code. However, there are still other complexities when using C++ for backend functions. extern "C" { } is still necessary in appropriate places, and memory management and error handling are still problematic. Add AggCheckCallContext() for use in detecting if a C function is being called as an aggregate (Hitoshi Harada) Change calling convention for SearchSysCache() and related functions to avoid hard-wiring the maximum number of cache keys (Robert Haas) Existing calls will still work for the moment, but can be expected to break in 9.1 or later if not converted to the new style. Require calls of fastgetattr() and heap_getattr() backend macros to provide a non-NULL fourth argument (Robert Haas) Custom typanalyze functions should no longer rely on VacAttrStats.attr to determine the type of data they will be passed (Tom Lane) This was changed to allow collection of statistics on index columns for which the storage type is different from the underlying column data type. There are new fields that tell the actual datatype being analyzed. Add parser hooks for processing ColumnRef and ParamRef nodes (Tom Lane) Add a ProcessUtility hook so loadable modules can control utility commands (Itagaki Takahiro) Add contrib/pg_upgrade to support in-place upgrades (Bruce Momjian) This avoids the requirement of dumping/reloading the database when upgrading to a new major release of PostgreSQL, thus reducing downtime by orders of magnitude. It supports upgrades to 9.0 from PostgreSQL 8.3 and 8.4. Add support for preserving relation relfilenode values during binary upgrades (Bruce Momjian) Add support for preserving pg_type and pg_enum OIDs during binary upgrades (Bruce Momjian) Move data files within tablespaces into PostgreSQL-version-specific subdirectories (Bruce Momjian) This simplifies binary upgrades. Add multithreading option (-j) to contrib/pgbench (Itagaki Takahiro) This allows multiple CPUs to be used by pgbench, reducing the risk of pgbench itself becoming the test bottleneck. Add \shell and \setshell meta commands to contrib/pgbench (Michael Paquier) New features for contrib/dict_xsyn (Sergey Karpov) The new options are matchorig, matchsynonyms, and keepsynonyms. Add full text dictionary contrib/unaccent (Teodor Sigaev) This filtering dictionary removes accents from letters, which makes full-text searches over multiple languages much easier. Add dblink_get_notify() to contrib/dblink (Marcus Kempe) This allows asynchronous notifications in dblink. Improve contrib/dblink's handling of dropped columns (Tom Lane) This affects dblink_build_sql_insert() and related functions. These functions now number columns according to logical not physical column numbers. Greatly increase contrib/hstore's data length limit, and add B-tree and hash support so GROUP BY and DISTINCT operations are possible on hstore columns (Andrew Gierth) New functions and operators were also added. These improvements make hstore a full-function key-value store embedded in PostgreSQL. Add contrib/passwordcheck to support site-specific password strength policies (Laurenz Albe) The source code of this module should be modified to implement site-specific password policies. Add contrib/pg_archivecleanup tool (Simon Riggs) This is designed to be used in the archive_cleanup_command server parameter, to remove no-longer-needed archive files. Add query text to contrib/auto_explain output (Andrew Dunstan) Add buffer access counters to contrib/pg_stat_statements (Itagaki Takahiro) Update contrib/start-scripts/linux to use /proc/self/oom_adj to disable the Linux out-of-memory (OOM) killer (Alex Hunsaker, Tom Lane)