Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tree: 5d4b60f2f2
Fetching contributors…

Cannot retrieve contributors at this time

5445 lines (4577 sloc) 158.033 kB
<!-- doc/src/sgml/release-8.1.sgml -->
<!-- See header comment in release.sgml about typical markup -->
<sect1 id="release-8-1-23">
<title>Release 8.1.23</title>
<note>
<title>Release Date</title>
<simpara>2010-12-16</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.22.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<para>
This is expected to be the last <productname>PostgreSQL</> release
in the 8.1.X series. Users are encouraged to update to a newer
release branch soon.
</para>
<sect2>
<title>Migration to Version 8.1.23</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.18,
see the release notes for 8.1.18.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Force the default
<link linkend="guc-wal-sync-method"><varname>wal_sync_method</></link>
to be <literal>fdatasync</> on Linux (Tom Lane, Marti Raudsepp)
</para>
<para>
The default on Linux has actually been <literal>fdatasync</> for many
years, but recent kernel changes caused <productname>PostgreSQL</> to
choose <literal>open_datasync</> instead. This choice did not result
in any performance improvement, and caused outright failures on
certain filesystems, notably <literal>ext4</> with the
<literal>data=journal</> mount option.
</para>
</listitem>
<listitem>
<para>
Fix recovery from base backup when the starting checkpoint WAL record
is not in the same WAL segment as its redo point (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Add support for detecting register-stack overrun on <literal>IA64</>
(Tom Lane)
</para>
<para>
The <literal>IA64</> architecture has two hardware stacks. Full
prevention of stack-overrun failures requires checking both.
</para>
</listitem>
<listitem>
<para>
Add a check for stack overflow in <function>copyObject()</> (Tom Lane)
</para>
<para>
Certain code paths could crash due to stack overflow given a
sufficiently complex query.
</para>
</listitem>
<listitem>
<para>
Fix detection of page splits in temporary GiST indexes (Heikki
Linnakangas)
</para>
<para>
It is possible to have a <quote>concurrent</> page split in a
temporary index, if for example there is an open cursor scanning the
index when an insertion is done. GiST failed to detect this case and
hence could deliver wrong results when execution of the cursor
continued.
</para>
</listitem>
<listitem>
<para>
Avoid memory leakage while <command>ANALYZE</>'ing complex index
expressions (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure an index that uses a whole-row Var still depends on its table
(Tom Lane)
</para>
<para>
An index declared like <literal>create index i on t (foo(t.*))</>
would not automatically get dropped when its table was dropped.
</para>
</listitem>
<listitem>
<para>
Do not <quote>inline</> a SQL function with multiple <literal>OUT</>
parameters (Tom Lane)
</para>
<para>
This avoids a possible crash due to loss of information about the
expected result rowtype.
</para>
</listitem>
<listitem>
<para>
Fix constant-folding of <literal>COALESCE()</> expressions (Tom Lane)
</para>
<para>
The planner would sometimes attempt to evaluate sub-expressions that
in fact could never be reached, possibly leading to unexpected errors.
</para>
</listitem>
<listitem>
<para>
Add print functionality for <structname>InhRelation</> nodes (Tom Lane)
</para>
<para>
This avoids a failure when <varname>debug_print_parse</> is enabled
and certain types of query are executed.
</para>
</listitem>
<listitem>
<para>
Fix incorrect calculation of distance from a point to a horizontal
line segment (Tom Lane)
</para>
<para>
This bug affected several different geometric distance-measurement
operators.
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/pgSQL</>'s handling of <quote>simple</>
expressions to not fail in recursion or error-recovery cases (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix bug in <filename>contrib/cube</>'s GiST picksplit algorithm
(Alexander Korotkov)
</para>
<para>
This could result in considerable inefficiency, though not actually
incorrect answers, in a GiST index on a <type>cube</> column.
If you have such an index, consider <command>REINDEX</>ing it after
installing this update.
</para>
</listitem>
<listitem>
<para>
Don't emit <quote>identifier will be truncated</> notices in
<filename>contrib/dblink</> except when creating new connections
(Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Fix potential coredump on missing public key in
<filename>contrib/pgcrypto</> (Marti Raudsepp)
</para>
</listitem>
<listitem>
<para>
Fix memory leak in <filename>contrib/xml2</>'s XPath query functions
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2010o
for DST law changes in Fiji and Samoa;
also historical corrections for Hong Kong.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-22">
<title>Release 8.1.22</title>
<note>
<title>Release Date</title>
<simpara>2010-10-04</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.21.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<para>
The <productname>PostgreSQL</> community will stop releasing updates
for the 8.1.X release series in November 2010.
Users are encouraged to update to a newer release branch soon.
</para>
<sect2>
<title>Migration to Version 8.1.22</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.18,
see the release notes for 8.1.18.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Use a separate interpreter for each calling SQL userid in PL/Perl and
PL/Tcl (Tom Lane)
</para>
<para>
This change prevents security problems that can be caused by subverting
Perl or Tcl code that will be executed later in the same session under
another SQL user identity (for example, within a <literal>SECURITY
DEFINER</> function). Most scripting languages offer numerous ways that
that might be done, such as redefining standard functions or operators
called by the target function. Without this change, any SQL user with
Perl or Tcl language usage rights can do essentially anything with the
SQL privileges of the target function's owner.
</para>
<para>
The cost of this change is that intentional communication among Perl
and Tcl functions becomes more difficult. To provide an escape hatch,
PL/PerlU and PL/TclU functions continue to use only one interpreter
per session. This is not considered a security issue since all such
functions execute at the trust level of a database superuser already.
</para>
<para>
It is likely that third-party procedural languages that claim to offer
trusted execution have similar security issues. We advise contacting
the authors of any PL you are depending on for security-critical
purposes.
</para>
<para>
Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
</para>
</listitem>
<listitem>
<para>
Prevent possible crashes in <function>pg_get_expr()</> by disallowing
it from being called with an argument that is not one of the system
catalog columns it's intended to be used with
(Heikki Linnakangas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>cannot handle unplanned sub-select</quote> error (Tom Lane)
</para>
<para>
This occurred when a sub-select contains a join alias reference that
expands into an expression containing another sub-select.
</para>
</listitem>
<listitem>
<para>
Prevent show_session_authorization() from crashing within autovacuum
processes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Defend against functions returning setof record where not all the
returned rows are actually of the same rowtype (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible failure when hashing a pass-by-reference function result
(Tao Ma, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Take care to fsync the contents of lockfiles (both
<filename>postmaster.pid</> and the socket lockfile) while writing them
(Tom Lane)
</para>
<para>
This omission could result in corrupted lockfile contents if the
machine crashes shortly after postmaster start. That could in turn
prevent subsequent attempts to start the postmaster from succeeding,
until the lockfile is manually removed.
</para>
</listitem>
<listitem>
<para>
Avoid recursion while assigning XIDs to heavily-nested
subtransactions (Andres Freund, Robert Haas)
</para>
<para>
The original coding could result in a crash if there was limited
stack space.
</para>
</listitem>
<listitem>
<para>
Fix <varname>log_line_prefix</>'s <literal>%i</> escape,
which could produce junk early in backend startup (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible data corruption in <command>ALTER TABLE ... SET
TABLESPACE</> when archiving is enabled (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Allow <command>CREATE DATABASE</> and <command>ALTER DATABASE ... SET
TABLESPACE</> to be interrupted by query-cancel (Guillaume Lelarge)
</para>
</listitem>
<listitem>
<para>
In PL/Python, defend against null pointer results from
<function>PyCObject_AsVoidPtr</> and <function>PyCObject_FromVoidPtr</>
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Improve <filename>contrib/dblink</>'s handling of tables containing
dropped columns (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix connection leak after <quote>duplicate connection name</quote>
errors in <filename>contrib/dblink</> (Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/dblink</> to handle connection names longer than
62 bytes correctly (Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Update build infrastructure and documentation to reflect the source code
repository's move from CVS to Git (Magnus Hagander and others)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2010l
for DST law changes in Egypt and Palestine; also historical corrections
for Finland.
</para>
<para>
This change also adds new names for two Micronesian timezones:
Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred
abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over
Pacific/Ponape.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-21">
<title>Release 8.1.21</title>
<note>
<title>Release Date</title>
<simpara>2010-05-17</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.20.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.21</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.18,
see the release notes for 8.1.18.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Enforce restrictions in <literal>plperl</> using an opmask applied to
the whole interpreter, instead of using <filename>Safe.pm</>
(Tim Bunce, Andrew Dunstan)
</para>
<para>
Recent developments have convinced us that <filename>Safe.pm</> is too
insecure to rely on for making <literal>plperl</> trustable. This
change removes use of <filename>Safe.pm</> altogether, in favor of using
a separate interpreter with an opcode mask that is always applied.
Pleasant side effects of the change include that it is now possible to
use Perl's <literal>strict</> pragma in a natural way in
<literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</>
variables work as expected in sort routines, and that function
compilation is significantly faster. (CVE-2010-1169)
</para>
</listitem>
<listitem>
<para>
Prevent PL/Tcl from executing untrustworthy code from
<structname>pltcl_modules</> (Tom)
</para>
<para>
PL/Tcl's feature for autoloading Tcl code from a database table
could be exploited for trojan-horse attacks, because there was no
restriction on who could create or insert into that table. This change
disables the feature unless <structname>pltcl_modules</> is owned by a
superuser. (However, the permissions on the table are not checked, so
installations that really need a less-than-secure modules table can
still grant suitable privileges to trusted non-superusers.) Also,
prevent loading code into the unrestricted <quote>normal</> Tcl
interpreter unless we are really going to execute a <literal>pltclu</>
function. (CVE-2010-1170)
</para>
</listitem>
<listitem>
<para>
Do not allow an unprivileged user to reset superuser-only parameter
settings (Alvaro)
</para>
<para>
Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
ALL</> for himself, or <literal>ALTER DATABASE ... RESET ALL</> for
a database he owns, this would remove all special parameter settings
for the user or database, even ones that are only supposed to be
changeable by a superuser. Now, the <command>ALTER</> will only
remove the parameters that the user has permission to change.
</para>
</listitem>
<listitem>
<para>
Avoid possible crash during backend shutdown if shutdown occurs
when a <literal>CONTEXT</> addition would be made to log entries (Tom)
</para>
<para>
In some cases the context-printing function would fail because the
current transaction had already been rolled back when it came time
to print a log message.
</para>
</listitem>
<listitem>
<para>
Update pl/perl's <filename>ppport.h</> for modern Perl versions
(Andrew)
</para>
</listitem>
<listitem>
<para>
Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
</para>
</listitem>
<listitem>
<para>
Prevent infinite recursion in <application>psql</> when expanding
a variable that refers to itself (Tom)
</para>
</listitem>
<listitem>
<para>
Ensure that <filename>contrib/pgstattuple</> functions respond to cancel
interrupts promptly (Tatsuhito Kasahara)
</para>
</listitem>
<listitem>
<para>
Make server startup deal properly with the case that
<function>shmget()</> returns <literal>EINVAL</> for an existing
shared memory segment (Tom)
</para>
<para>
This behavior has been observed on BSD-derived kernels including OS X.
It resulted in an entirely-misleading startup failure complaining that
the shared memory request size was too large.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2010j
for DST law changes in Argentina, Australian Antarctic, Bangladesh,
Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
also historical corrections for Taiwan.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-20">
<title>Release 8.1.20</title>
<note>
<title>Release Date</title>
<simpara>2010-03-15</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.19.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.20</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.18,
see the release notes for 8.1.18.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Add new configuration parameter <varname>ssl_renegotiation_limit</> to
control how often we do session key renegotiation for an SSL connection
(Magnus)
</para>
<para>
This can be set to zero to disable renegotiation completely, which may
be required if a broken SSL library is used. In particular, some
vendors are shipping stopgap patches for CVE-2009-3555 that cause
renegotiation attempts to fail.
</para>
</listitem>
<listitem>
<para>
Fix possible crashes when trying to recover from a failure in
subtransaction start (Tom)
</para>
</listitem>
<listitem>
<para>
Fix server memory leak associated with use of savepoints and a client
encoding different from server's encoding (Tom)
</para>
</listitem>
<listitem>
<para>
Make <function>substring()</> for <type>bit</> types treat any negative
length as meaning <quote>all the rest of the string</> (Tom)
</para>
<para>
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
</para>
</listitem>
<listitem>
<para>
Fix integer-to-bit-string conversions to handle the first fractional
byte correctly when the output bit width is wider than the given
integer by something other than a multiple of 8 bits (Tom)
</para>
</listitem>
<listitem>
<para>
Fix some cases of pathologically slow regular expression matching (Tom)
</para>
</listitem>
<listitem>
<para>
Fix the <literal>STOP WAL LOCATION</> entry in backup history files to
report the next WAL segment's name when the end location is exactly at a
segment boundary (Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Fix some more cases of temporary-file leakage (Heikki)
</para>
<para>
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
</para>
</listitem>
<listitem>
<para>
When reading <filename>pg_hba.conf</> and related files, do not treat
<literal>@something</> as a file inclusion request if the <literal>@</>
appears inside quote marks; also, never treat <literal>@</> by itself
as a file inclusion request (Tom)
</para>
<para>
This prevents erratic behavior if a role or database name starts with
<literal>@</>. If you need to include a file whose path name
contains spaces, you can still do so, but you must write
<literal>@"/path to/file"</> rather than putting the quotes around
the whole construct.
</para>
</listitem>
<listitem>
<para>
Prevent infinite loop on some platforms if a directory is named as
an inclusion target in <filename>pg_hba.conf</> and related files
(Tom)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s <literal>numericlocale</> option to not
format strings it shouldn't in latex and troff output formats (Heikki)
</para>
</listitem>
<listitem>
<para>
Fix plpgsql failure in one case where a composite column is set to NULL
(Tom)
</para>
</listitem>
<listitem>
<para>
Add <literal>volatile</> markings in PL/Python to avoid possible
compiler-specific misbehavior (Zdenek Kotala)
</para>
</listitem>
<listitem>
<para>
Ensure PL/Tcl initializes the Tcl interpreter fully (Tom)
</para>
<para>
The only known symptom of this oversight is that the Tcl
<literal>clock</> command misbehaves if using Tcl 8.5 or later.
</para>
</listitem>
<listitem>
<para>
Prevent crash in <filename>contrib/dblink</> when too many key
columns are specified to a <function>dblink_build_sql_*</> function
(Rushabh Lathia, Joe Conway)
</para>
</listitem>
<listitem>
<para>
Fix assorted crashes in <filename>contrib/xml2</> caused by sloppy
memory management (Tom)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2010e
for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-19">
<title>Release 8.1.19</title>
<note>
<title>Release Date</title>
<simpara>2009-12-14</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.18.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.19</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.18,
see the release notes for 8.1.18.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Protect against indirect security threats caused by index functions
changing session-local state (Gurjeet Singh, Tom)
</para>
<para>
This change prevents allegedly-immutable index functions from possibly
subverting a superuser's session (CVE-2009-4136).
</para>
</listitem>
<listitem>
<para>
Reject SSL certificates containing an embedded null byte in the common
name (CN) field (Magnus)
</para>
<para>
This prevents unintended matching of a certificate to a server or client
name during SSL validation (CVE-2009-4034).
</para>
</listitem>
<listitem>
<para>
Fix possible crash during backend-startup-time cache initialization (Tom)
</para>
</listitem>
<listitem>
<para>
Prevent signals from interrupting <literal>VACUUM</> at unsafe times
(Alvaro)
</para>
<para>
This fix prevents a PANIC if a <literal>VACUUM FULL</> is canceled
after it's already committed its tuple movements, as well as transient
errors if a plain <literal>VACUUM</> is interrupted after having
truncated the table.
</para>
</listitem>
<listitem>
<para>
Fix possible crash due to integer overflow in hash table size
calculation (Tom)
</para>
<para>
This could occur with extremely large planner estimates for the size of
a hashjoin's result.
</para>
</listitem>
<listitem>
<para>
Fix very rare crash in <type>inet</>/<type>cidr</> comparisons (Chris
Mikkelson)
</para>
</listitem>
<listitem>
<para>
Ensure that shared tuple-level locks held by prepared transactions are
not ignored (Heikki)
</para>
</listitem>
<listitem>
<para>
Fix premature drop of temporary files used for a cursor that is accessed
within a subtransaction (Heikki)
</para>
</listitem>
<listitem>
<para>
Fix PAM password processing to be more robust (Tom)
</para>
<para>
The previous code is known to fail with the combination of the Linux
<literal>pam_krb5</> PAM module with Microsoft Active Directory as the
domain controller. It might have problems elsewhere too, since it was
making unjustified assumptions about what arguments the PAM stack would
pass to it.
</para>
</listitem>
<listitem>
<para>
Fix processing of ownership dependencies during <literal>CREATE OR
REPLACE FUNCTION</> (Tom)
</para>
</listitem>
<listitem>
<para>
Ensure that Perl arrays are properly converted to
<productname>PostgreSQL</> arrays when returned by a set-returning
PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen)
</para>
<para>
This worked correctly already for non-set-returning functions.
</para>
</listitem>
<listitem>
<para>
Fix rare crash in exception processing in PL/Python (Peter)
</para>
</listitem>
<listitem>
<para>
Ensure <application>psql</>'s flex module is compiled with the correct
system header definitions (Tom)
</para>
<para>
This fixes build failures on platforms where
<literal>--enable-largefile</> causes incompatible changes in the
generated code.
</para>
</listitem>
<listitem>
<para>
Make the postmaster ignore any <literal>application_name</> parameter in
connection request packets, to improve compatibility with future libpq
versions (Tom)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2009s
for DST law changes in Antarctica, Argentina, Bangladesh, Fiji,
Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical
corrections for Hong Kong.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-18">
<title>Release 8.1.18</title>
<note>
<title>Release Date</title>
<simpara>2009-09-09</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.17.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.18</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you have any hash indexes on <type>interval</> columns,
you must <command>REINDEX</> them after updating to 8.1.18.
Also, if you are upgrading from a version earlier than 8.1.15,
see the release notes for 8.1.15.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Disallow <command>RESET ROLE</> and <command>RESET SESSION
AUTHORIZATION</> inside security-definer functions (Tom, Heikki)
</para>
<para>
This covers a case that was missed in the previous patch that
disallowed <command>SET ROLE</> and <command>SET SESSION
AUTHORIZATION</> inside security-definer functions.
(See CVE-2007-6600)
</para>
</listitem>
<listitem>
<para>
Fix handling of sub-SELECTs appearing in the arguments of
an outer-level aggregate function (Tom)
</para>
</listitem>
<listitem>
<para>
Fix hash calculation for data type <type>interval</> (Tom)
</para>
<para>
This corrects wrong results for hash joins on interval values.
It also changes the contents of hash indexes on interval columns.
If you have any such indexes, you must <command>REINDEX</> them
after updating.
</para>
</listitem>
<listitem>
<para>
Treat <function>to_char(..., 'TH')</> as an uppercase ordinal
suffix with <literal>'HH'</>/<literal>'HH12'</> (Heikki)
</para>
<para>
It was previously handled as <literal>'th'</> (lowercase).
</para>
</listitem>
<listitem>
<para>
Fix overflow for <literal>INTERVAL '<replaceable>x</> ms'</literal>
when <replaceable>x</> is more than 2 million and integer
datetimes are in use (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Fix calculation of distance between a point and a line segment (Tom)
</para>
<para>
This led to incorrect results from a number of geometric operators.
</para>
</listitem>
<listitem>
<para>
Fix <type>money</> data type to work in locales where currency
amounts have no fractional digits, e.g. Japan (Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Properly round datetime input like
<literal>00:12:57.9999999999999999999999999999</> (Tom)
</para>
</listitem>
<listitem>
<para>
Fix poor choice of page split point in GiST R-tree operator classes
(Teodor)
</para>
</listitem>
<listitem>
<para>
Fix portability issues in plperl initialization (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_ctl</> to not go into an infinite loop if
<filename>postgresql.conf</> is empty (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/xml2</>'s <function>xslt_process()</> to
properly handle the maximum number of parameters (twenty) (Tom)
</para>
</listitem>
<listitem>
<para>
Improve robustness of <application>libpq</>'s code to recover
from errors during <command>COPY FROM STDIN</> (Tom)
</para>
</listitem>
<listitem>
<para>
Avoid including conflicting readline and editline header files
when both libraries are installed (Zdenek Kotala)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2009l
for DST law changes in Bangladesh, Egypt, Jordan, Pakistan,
Argentina/San_Luis, Cuba, Jordan (historical correction only),
Mauritius, Morocco, Palestine, Syria, Tunisia.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-17">
<title>Release 8.1.17</title>
<note>
<title>Release Date</title>
<simpara>2009-03-16</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.16.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.17</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.15,
see the release notes for 8.1.15.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent error recursion crashes when encoding conversion fails (Tom)
</para>
<para>
This change extends fixes made in the last two minor releases for
related failure scenarios. The previous fixes were narrowly tailored
for the original problem reports, but we have now recognized that
<emphasis>any</> error thrown by an encoding conversion function could
potentially lead to infinite recursion while trying to report the
error. The solution therefore is to disable translation and encoding
conversion and report the plain-ASCII form of any error message,
if we find we have gotten into a recursive error reporting situation.
(CVE-2009-0922)
</para>
</listitem>
<listitem>
<para>
Disallow <command>CREATE CONVERSION</> with the wrong encodings
for the specified conversion function (Heikki)
</para>
<para>
This prevents one possible scenario for encoding conversion failure.
The previous change is a backstop to guard against other kinds of
failures in the same area.
</para>
</listitem>
<listitem>
<para>
Fix core dump when <function>to_char()</> is given format codes that
are inappropriate for the type of the data argument (Tom)
</para>
</listitem>
<listitem>
<para>
Fix decompilation of <literal>CASE WHEN</> with an implicit coercion
(Tom)
</para>
<para>
This mistake could lead to Assert failures in an Assert-enabled build,
or an <quote>unexpected CASE WHEN clause</> error message in other
cases, when trying to examine or dump a view.
</para>
</listitem>
<listitem>
<para>
Fix possible misassignment of the owner of a TOAST table's rowtype (Tom)
</para>
<para>
If <command>CLUSTER</> or a rewriting variant of <command>ALTER TABLE</>
were executed by someone other than the table owner, the
<structname>pg_type</> entry for the table's TOAST table would end up
marked as owned by that someone. This caused no immediate problems,
since the permissions on the TOAST rowtype aren't examined by any
ordinary database operation. However, it could lead to unexpected
failures if one later tried to drop the role that issued the command
(in 8.1 or 8.2), or <quote>owner of data type appears to be invalid</>
warnings from <application>pg_dump</> after having done so (in 8.3).
</para>
</listitem>
<listitem>
<para>
Clean up PL/pgSQL error status variables fully at block exit
(Ashesh Vashi and Dave Page)
</para>
<para>
This is not a problem for PL/pgSQL itself, but the omission could cause
the PL/pgSQL Debugger to crash while examining the state of a function.
</para>
</listitem>
<listitem>
<para>
Add <literal>MUST</> (Mauritius Island Summer Time) to the default list
of known timezone abbreviations (Xavier Bugaud)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-16">
<title>Release 8.1.16</title>
<note>
<title>Release Date</title>
<simpara>2009-02-02</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.15.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.16</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.15,
see the release notes for 8.1.15.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix crash in autovacuum (Alvaro)
</para>
<para>
The crash occurs only after vacuuming a whole database for
anti-transaction-wraparound purposes, which means that it occurs
infrequently and is hard to track down.
</para>
</listitem>
<listitem>
<para>
Improve handling of URLs in <function>headline()</> function (Teodor)
</para>
</listitem>
<listitem>
<para>
Improve handling of overlength headlines in <function>headline()</>
function (Teodor)
</para>
</listitem>
<listitem>
<para>
Prevent possible Assert failure or misconversion if an encoding
conversion is created with the wrong conversion function for the
specified pair of encodings (Tom, Heikki)
</para>
</listitem>
<listitem>
<para>
Avoid unnecessary locking of small tables in <command>VACUUM</>
(Heikki)
</para>
</listitem>
<listitem>
<para>
Ensure that the contents of a holdable cursor don't depend on the
contents of TOAST tables (Tom)
</para>
<para>
Previously, large field values in a cursor result might be represented
as TOAST pointers, which would fail if the referenced table got dropped
before the cursor is read, or if the large value is deleted and then
vacuumed away. This cannot happen with an ordinary cursor,
but it could with a cursor that is held past its creating transaction.
</para>
</listitem>
<listitem>
<para>
Fix uninitialized variables in <filename>contrib/tsearch2</>'s
<function>get_covers()</> function (Teodor)
</para>
</listitem>
<listitem>
<para>
Fix <application>configure</> script to properly report failure when
unable to obtain linkage information for PL/Perl (Andrew)
</para>
</listitem>
<listitem>
<para>
Make all documentation reference <literal>pgsql-bugs</> and/or
<literal>pgsql-hackers</> as appropriate, instead of the
now-decommissioned <literal>pgsql-ports</> and <literal>pgsql-patches</>
mailing lists (Tom)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2009a (for
Kathmandu and historical DST corrections in Switzerland, Cuba)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-15">
<title>Release 8.1.15</title>
<note>
<title>Release Date</title>
<simpara>2008-11-03</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.14.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.15</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2. Also, if you were running a previous
8.1.X release, it is recommended to <command>REINDEX</> all GiST
indexes after the upgrade.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix GiST index corruption due to marking the wrong index entry
<quote>dead</> after a deletion (Teodor)
</para>
<para>
This would result in index searches failing to find rows they
should have found. Corrupted indexes can be fixed with
<command>REINDEX</>.
</para>
</listitem>
<listitem>
<para>
Fix backend crash when the client encoding cannot represent a localized
error message (Tom)
</para>
<para>
We have addressed similar issues before, but it would still fail if
the <quote>character has no equivalent</> message itself couldn't
be converted. The fix is to disable localization and send the plain
ASCII error message when we detect such a situation.
</para>
</listitem>
<listitem>
<para>
Fix possible crash when deeply nested functions are invoked from
a trigger (Tom)
</para>
</listitem>
<listitem>
<para>
Fix mis-expansion of rule queries when a sub-<literal>SELECT</> appears
in a function call in <literal>FROM</>, a multi-row <literal>VALUES</>
list, or a <literal>RETURNING</> list (Tom)
</para>
<para>
The usual symptom of this problem is an <quote>unrecognized node type</>
error.
</para>
</listitem>
<listitem>
<para>
Ensure an error is reported when a newly-defined PL/pgSQL trigger
function is invoked as a normal function (Tom)
</para>
</listitem>
<listitem>
<para>
Prevent possible collision of <structfield>relfilenode</> numbers
when moving a table to another tablespace with <command>ALTER SET
TABLESPACE</> (Heikki)
</para>
<para>
The command tried to re-use the existing filename, instead of
picking one that is known unused in the destination directory.
</para>
</listitem>
<listitem>
<para>
Fix incorrect tsearch2 headline generation when single query
item matches first word of text (Sushant Sinha)
</para>
</listitem>
<listitem>
<para>
Fix improper display of fractional seconds in interval values when
using a non-ISO datestyle in an <option>--enable-integer-datetimes</>
build (Ron Mayer)
</para>
</listitem>
<listitem>
<para>
Ensure <function>SPI_getvalue</> and <function>SPI_getbinval</>
behave correctly when the passed tuple and tuple descriptor have
different numbers of columns (Tom)
</para>
<para>
This situation is normal when a table has had columns added or removed,
but these two functions didn't handle it properly.
The only likely consequence is an incorrect error indication.
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s parsing of <command>CREATE ROLE</> (Michael)
</para>
</listitem>
<listitem>
<para>
Fix recent breakage of <literal>pg_ctl restart</> (Tom)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2008i (for
DST law changes in Argentina, Brazil, Mauritius, Syria)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-14">
<title>Release 8.1.14</title>
<note>
<title>Release Date</title>
<simpara>2008-09-22</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.13.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.14</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Widen local lock counters from 32 to 64 bits (Tom)
</para>
<para>
This responds to reports that the counters could overflow in
sufficiently long transactions, leading to unexpected <quote>lock is
already held</> errors.
</para>
</listitem>
<listitem>
<para>
Fix possible duplicate output of tuples during a GiST index scan (Teodor)
</para>
</listitem>
<listitem>
<para>
Add checks in executor startup to ensure that the tuples produced by an
<command>INSERT</> or <command>UPDATE</> will match the target table's
current rowtype (Tom)
</para>
<para>
<command>ALTER COLUMN TYPE</>, followed by re-use of a previously
cached plan, could produce this type of situation. The check protects
against data corruption and/or crashes that could ensue.
</para>
</listitem>
<listitem>
<para>
Fix <literal>AT TIME ZONE</> to first try to interpret its timezone
argument as a timezone abbreviation, and only try it as a full timezone
name if that fails, rather than the other way around as formerly (Tom)
</para>
<para>
The timestamp input functions have always resolved ambiguous zone names
in this order. Making <literal>AT TIME ZONE</> do so as well improves
consistency, and fixes a compatibility bug introduced in 8.1:
in ambiguous cases we now behave the same as 8.0 and before did,
since in the older versions <literal>AT TIME ZONE</> accepted
<emphasis>only</> abbreviations.
</para>
</listitem>
<listitem>
<para>
Fix datetime input functions to correctly detect integer overflow when
running on a 64-bit platform (Tom)
</para>
</listitem>
<listitem>
<para>
Improve performance of writing very long log messages to syslog (Tom)
</para>
</listitem>
<listitem>
<para>
Fix bug in backwards scanning of a cursor on a <literal>SELECT DISTINCT
ON</> query (Tom)
</para>
</listitem>
<listitem>
<para>
Fix planner bug with nested sub-select expressions (Tom)
</para>
<para>
If the outer sub-select has no direct dependency on the parent query,
but the inner one does, the outer value might not get recalculated
for new parent query rows.
</para>
</listitem>
<listitem>
<para>
Fix planner to estimate that <literal>GROUP BY</> expressions yielding
boolean results always result in two groups, regardless of the
expressions' contents (Tom)
</para>
<para>
This is very substantially more accurate than the regular <literal>GROUP
BY</> estimate for certain boolean tests like <replaceable>col</>
<literal>IS NULL</>.
</para>
</listitem>
<listitem>
<para>
Fix PL/pgSQL to not fail when a <literal>FOR</> loop's target variable
is a record containing composite-type fields (Tom)
</para>
</listitem>
<listitem>
<para>
Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful
about the encoding of data sent to or from Tcl (Tom)
</para>
</listitem>
<listitem>
<para>
Fix PL/Python to work with Python 2.5
</para>
<para>
This is a back-port of fixes made during the 8.2 development cycle.
</para>
</listitem>
<listitem>
<para>
Improve <application>pg_dump</> and <application>pg_restore</>'s
error reporting after failure to send a SQL command (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_ctl</> to properly preserve postmaster
command-line arguments across a <literal>restart</> (Bruce)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2008f (for
DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco,
Pakistan, Palestine, and Paraguay)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-13">
<title>Release 8.1.13</title>
<note>
<title>Release Date</title>
<simpara>2008-06-12</simpara>
</note>
<para>
This release contains one serious and one minor bug fix over 8.1.12.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.13</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Make <function>pg_get_ruledef()</> parenthesize negative constants (Tom)
</para>
<para>
Before this fix, a negative constant in a view or rule might be dumped
as, say, <literal>-42::integer</>, which is subtly incorrect: it should
be <literal>(-42)::integer</> due to operator precedence rules.
Usually this would make little difference, but it could interact with
another recent patch to cause
<productname>PostgreSQL</> to reject what had been a valid
<command>SELECT DISTINCT</> view query. Since this could result in
<application>pg_dump</> output failing to reload, it is being treated
as a high-priority fix. The only released versions in which dump
output is actually incorrect are 8.3.1 and 8.2.7.
</para>
</listitem>
<listitem>
<para>
Make <command>ALTER AGGREGATE ... OWNER TO</> update
<structname>pg_shdepend</> (Tom)
</para>
<para>
This oversight could lead to problems if the aggregate was later
involved in a <command>DROP OWNED</> or <command>REASSIGN OWNED</>
operation.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-12">
<title>Release 8.1.12</title>
<note>
<title>Release Date</title>
<simpara>never released</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.11.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.12</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <command>ALTER TABLE ADD COLUMN ... PRIMARY KEY</> so that the new
column is correctly checked to see if it's been initialized to all
non-nulls (Brendan Jurd)
</para>
<para>
Previous versions neglected to check this requirement at all.
</para>
</listitem>
<listitem>
<para>
Fix possible <command>CREATE TABLE</> failure when inheriting the
<quote>same</> constraint from multiple parent relations that
inherited that constraint from a common ancestor (Tom)
</para>
</listitem>
<listitem>
<para>
Fix conversions between ISO-8859-5 and other encodings to handle
Cyrillic <quote>Yo</> characters (<literal>e</> and <literal>E</> with
two dots) (Sergey Burladyan)
</para>
</listitem>
<listitem>
<para>
Fix a few datatype input functions
that were allowing unused bytes in their results to contain
uninitialized, unpredictable values (Tom)
</para>
<para>
This could lead to failures in which two apparently identical literal
values were not seen as equal, resulting in the parser complaining
about unmatched <literal>ORDER BY</> and <literal>DISTINCT</>
expressions.
</para>
</listitem>
<listitem>
<para>
Fix a corner case in regular-expression substring matching
(<literal>substring(<replaceable>string</> from
<replaceable>pattern</>)</literal>) (Tom)
</para>
<para>
The problem occurs when there is a match to the pattern overall but
the user has specified a parenthesized subexpression and that
subexpression hasn't got a match. An example is
<literal>substring('foo' from 'foo(bar)?')</>.
This should return NULL, since <literal>(bar)</> isn't matched, but
it was mistakenly returning the whole-pattern match instead (ie,
<literal>foo</>).
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2008c (for
DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba,
Argentina/San_Luis, and Chile)
</para>
</listitem>
<listitem>
<para>
Fix incorrect result from <application>ecpg</>'s
<function>PGTYPEStimestamp_sub()</> function (Michael)
</para>
</listitem>
<listitem>
<para>
Fix core dump in <filename>contrib/xml2</>'s
<function>xpath_table()</> function when the input query returns a
NULL value (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/xml2</>'s makefile to not override
<literal>CFLAGS</> (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <literal>DatumGetBool</> macro to not fail with <application>gcc</>
4.3 (Tom)
</para>
<para>
This problem affects <quote>old style</> (V0) C functions that
return boolean. The fix is already in 8.3, but the need to
back-patch it was not realized at the time.
</para>
</listitem>
<listitem>
<para>
Fix longstanding <command>LISTEN</>/<command>NOTIFY</>
race condition (Tom)
</para>
<para>
In rare cases a session that had just executed a
<command>LISTEN</> might not get a notification, even though
one would be expected because the concurrent transaction executing
<command>NOTIFY</> was observed to commit later.
</para>
<para>
A side effect of the fix is that a transaction that has executed
a not-yet-committed <command>LISTEN</> command will not see any
row in <structname>pg_listener</> for the <command>LISTEN</>,
should it choose to look; formerly it would have. This behavior
was never documented one way or the other, but it is possible that
some applications depend on the old behavior.
</para>
</listitem>
<listitem>
<para>
Disallow <command>LISTEN</> and <command>UNLISTEN</> within a
prepared transaction (Tom)
</para>
<para>
This was formerly allowed but trying to do it had various unpleasant
consequences, notably that the originating backend could not exit
as long as an <command>UNLISTEN</> remained uncommitted.
</para>
</listitem>
<listitem>
<para>
Fix rare crash when an error occurs during a query using a hash index
(Heikki)
</para>
</listitem>
<listitem>
<para>
Fix input of datetime values for February 29 in years BC (Tom)
</para>
<para>
The former coding was mistaken about which years were leap years.
</para>
</listitem>
<listitem>
<para>
Fix <quote>unrecognized node type</> error in some variants of
<command>ALTER OWNER</> (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_ctl</> to correctly extract the postmaster's port
number from command-line options (Itagaki Takahiro, Tom)
</para>
<para>
Previously, <literal>pg_ctl start -w</> could try to contact the
postmaster on the wrong port, leading to bogus reports of startup
failure.
</para>
</listitem>
<listitem>
<para>
Use <option>-fwrapv</> to defend against possible misoptimization
in recent <application>gcc</> versions (Tom)
</para>
<para>
This is known to be necessary when building <productname>PostgreSQL</>
with <application>gcc</> 4.3 or later.
</para>
</listitem>
<listitem>
<para>
Fix display of constant expressions in <literal>ORDER BY</>
and <literal>GROUP BY</> (Tom)
</para>
<para>
An explicitly casted constant would be shown incorrectly. This could
for example lead to corruption of a view definition during
dump and reload.
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</> to handle NOTICE messages correctly
during COPY OUT (Tom)
</para>
<para>
This failure has only been observed to occur when a user-defined
datatype's output routine issues a NOTICE, but there is no
guarantee it couldn't happen due to other causes.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-11">
<title>Release 8.1.11</title>
<note>
<title>Release Date</title>
<simpara>2008-01-07</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.10,
including fixes for significant security issues.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<para>
This is the last 8.1.X release for which the <productname>PostgreSQL</>
community will produce binary packages for <productname>Windows</>.
Windows users are encouraged to move to 8.2.X or later,
since there are Windows-specific fixes in 8.2.X that
are impractical to back-port. 8.1.X will continue to
be supported on other platforms.
</para>
<sect2>
<title>Migration to Version 8.1.11</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent functions in indexes from executing with the privileges of
the user running <command>VACUUM</>, <command>ANALYZE</>, etc (Tom)
</para>
<para>
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is made. It has
long been understood that this poses a risk of trojan-horse code
execution if one modifies a table owned by an untrustworthy user.
(Note that triggers, defaults, check constraints, etc. pose the
same type of risk.) But functions in indexes pose extra danger
because they will be executed by routine maintenance operations
such as <command>VACUUM FULL</>, which are commonly performed
automatically under a superuser account. For example, a nefarious user
can execute code with superuser privileges by setting up a
trojan-horse index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including <command>VACUUM</>, <command>ANALYZE</>, <command>REINDEX</>,
and <command>CLUSTER</>) to execute as the table owner rather than
the calling user, using the same privilege-switching mechanism already
used for <literal>SECURITY DEFINER</> functions. To prevent bypassing
this security measure, execution of <command>SET SESSION
AUTHORIZATION</> and <command>SET ROLE</> is now forbidden within a
<literal>SECURITY DEFINER</> context. (CVE-2007-6600)
</para>
</listitem>
<listitem>
<para>
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
</para>
<para>
Suitably crafted regular-expression patterns could cause crashes,
infinite or near-infinite looping, and/or massive memory consumption,
all of which pose denial-of-service hazards for applications that
accept regex search patterns from untrustworthy sources.
(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
</para>
</listitem>
<listitem>
<para>
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
<para>
The fix that appeared for this in 8.1.10 was incomplete, as it plugged
the hole for only some <filename>dblink</> functions. (CVE-2007-6601,
CVE-2007-3278)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2007k
(in particular, recent Argentina changes) (Tom)
</para>
</listitem>
<listitem>
<para>
Improve planner's handling of LIKE/regex estimation in non-C locales
(Tom)
</para>
</listitem>
<listitem>
<para>
Fix planner failure in some cases of <literal>WHERE false AND var IN
(SELECT ...)</> (Tom)
</para>
</listitem>
<listitem>
<para>
Preserve the tablespace of indexes that are
rebuilt by <command>ALTER TABLE ... ALTER COLUMN TYPE</> (Tom)
</para>
</listitem>
<listitem>
<para>
Make archive recovery always start a new WAL timeline, rather than only
when a recovery stop time was used (Simon)
</para>
<para>
This avoids a corner-case risk of trying to overwrite an existing
archived copy of the last WAL segment, and seems simpler and cleaner
than the original definition.
</para>
</listitem>
<listitem>
<para>
Make <command>VACUUM</> not use all of <varname>maintenance_work_mem</>
when the table is too small for it to be useful (Alvaro)
</para>
</listitem>
<listitem>
<para>
Fix potential crash in <function>translate()</> when using a multibyte
database encoding (Tom)
</para>
</listitem>
<listitem>
<para>
Fix overflow in <literal>extract(epoch from interval)</> for intervals
exceeding 68 years (Tom)
</para>
</listitem>
<listitem>
<para>
Fix PL/Perl to not fail when a UTF-8 regular expression is used
in a trusted function (Andrew)
</para>
</listitem>
<listitem>
<para>
Fix PL/Perl to cope when platform's Perl defines type <literal>bool</>
as <literal>int</> rather than <literal>char</> (Tom)
</para>
<para>
While this could theoretically happen anywhere, no standard build of
Perl did things this way ... until <productname>Mac OS X</> 10.5.
</para>
</listitem>
<listitem>
<para>
Fix PL/Python to not crash on long exception messages (Alvaro)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to correctly handle inheritance child tables
that have default expressions different from their parent's (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</> crash when <varname>PGPASSFILE</> refers
to a file that is not a plain file (Martin Pitt)
</para>
</listitem>
<listitem>
<para>
<application>ecpg</> parser fixes (Michael)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/pgcrypto</> defend against
<application>OpenSSL</> libraries that fail on keys longer than 128
bits; which is the case at least on some Solaris versions (Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/tablefunc</>'s <function>crosstab()</> handle
NULL rowid as a category in its own right, rather than crashing (Joe)
</para>
</listitem>
<listitem>
<para>
Fix <type>tsvector</> and <type>tsquery</> output routines to
escape backslashes correctly (Teodor, Bruce)
</para>
</listitem>
<listitem>
<para>
Fix crash of <function>to_tsvector()</> on huge input strings (Teodor)
</para>
</listitem>
<listitem>
<para>
Require a specific version of <productname>Autoconf</> to be used
when re-generating the <command>configure</> script (Peter)
</para>
<para>
This affects developers and packagers only. The change was made
to prevent accidental use of untested combinations of
<productname>Autoconf</> and <productname>PostgreSQL</> versions.
You can remove the version check if you really want to use a
different <productname>Autoconf</> version, but it's
your responsibility whether the result works or not.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-10">
<title>Release 8.1.10</title>
<note>
<title>Release Date</title>
<simpara>2007-09-17</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.9.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.10</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent index corruption when a transaction inserts rows and
then aborts close to the end of a concurrent <command>VACUUM</>
on the same table (Tom)
</para>
</listitem>
<listitem>
<para>
Make <command>CREATE DOMAIN ... DEFAULT NULL</> work properly (Tom)
</para>
</listitem>
<listitem>
<para>
Allow the <type>interval</> data type to accept input consisting only of
milliseconds or microseconds (Neil)
</para>
</listitem>
<listitem>
<para>
Speed up rtree index insertion (Teodor)
</para>
</listitem>
<listitem>
<para>
Fix excessive logging of <acronym>SSL</> error messages (Tom)
</para>
</listitem>
<listitem>
<para>
Fix logging so that log messages are never interleaved when using
the syslogger process (Andrew)
</para>
</listitem>
<listitem>
<para>
Fix crash when <varname>log_min_error_statement</> logging runs out
of memory (Tom)
</para>
</listitem>
<listitem>
<para>
Fix incorrect handling of some foreign-key corner cases (Tom)
</para>
</listitem>
<listitem>
<para>
Prevent <command>REINDEX</> and <command>CLUSTER</> from failing
due to attempting to process temporary tables of other sessions (Alvaro)
</para>
</listitem>
<listitem>
<para>
Update the time zone database rules, particularly New Zealand's upcoming changes (Tom)
</para>
</listitem>
<listitem>
<para>
Windows socket improvements (Magnus)
</para>
</listitem>
<listitem>
<para>
Suppress timezone name (<literal>%Z</>) in log timestamps on Windows
because of possible encoding mismatches (Tom)
</para>
</listitem>
<listitem>
<para>
Require non-superusers who use <filename>/contrib/dblink</> to use only
password authentication, as a security measure (Joe)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-9">
<title>Release 8.1.9</title>
<note>
<title>Release Date</title>
<simpara>2007-04-23</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.8,
including a security fix.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.9</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Support explicit placement of the temporary-table schema within
<varname>search_path</>, and disable searching it for functions
and operators (Tom)
</para>
<para>
This is needed to allow a security-definer function to set a
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
<listitem>
<para>
<filename>/contrib/tsearch2</> crash fixes (Teodor)
</para>
</listitem>
<listitem>
<para>
Require <command>COMMIT PREPARED</> to be executed in the same
database as the transaction was prepared in (Heikki)
</para>
</listitem>
<listitem>
<para>
Fix potential-data-corruption bug in how <command>VACUUM FULL</> handles
<command>UPDATE</> chains (Tom, Pavan Deolasee)
</para>
</listitem>
<listitem>
<para>
Planner fixes, including improving outer join and bitmap scan
selection logic (Tom)
</para>
</listitem>
<listitem>
<para>
Fix PANIC during enlargement of a hash index (bug introduced in 8.1.6)
(Tom)
</para>
</listitem>
<listitem>
<para>
Fix POSIX-style timezone specs to follow new USA DST rules (Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-8">
<title>Release 8.1.8</title>
<note>
<title>Release Date</title>
<simpara>2007-02-07</simpara>
</note>
<para>
This release contains one fix from 8.1.7.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.8</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Remove overly-restrictive check for type length in constraints and
functional indexes(Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-7">
<title>Release 8.1.7</title>
<note>
<title>Release Date</title>
<simpara>2007-02-05</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.6, including
a security fix.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.7</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Remove security vulnerabilities that allowed connected users
to read backend memory (Tom)
</para>
<para>
The vulnerabilities involve suppressing the normal check that a SQL
function returns the data type it's declared to, and changing the
data type of a table column (CVE-2007-0555, CVE-2007-0556). These
errors can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
</para>
</listitem>
<listitem>
<para>
Fix rare bug wherein btree index page splits could fail
due to choosing an infeasible split point (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Improve <command>VACUUM</> performance for databases with many tables (Tom)
</para>
</listitem>
<listitem>
<para>
Fix autovacuum to avoid leaving non-permanent transaction IDs in
non-connectable databases (Alvaro)
</para>
<para>
This bug affects the 8.1 branch only.
</para>
</listitem>
<listitem>
<para>
Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
</para>
</listitem>
<listitem>
<para>
Tighten security of multi-byte character processing for UTF8 sequences
over three bytes long (Tom)
</para>
</listitem>
<listitem>
<para>
Fix bogus <quote>permission denied</> failures occurring on Windows
due to attempts to fsync already-deleted files (Magnus, Tom)
</para>
</listitem>
<listitem>
<para>
Fix possible crashes when an already-in-use PL/pgSQL function is
updated (Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-6">
<title>Release 8.1.6</title>
<note>
<title>Release Date</title>
<simpara>2007-01-08</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.5.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.6</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Improve handling of <function>getaddrinfo()</> on AIX (Tom)
</para>
<para>
This fixes a problem with starting the statistics collector,
among other things.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</> to handle a tar-format backup
that contains large objects (blobs) with comments (Tom)
</para>
</listitem>
<listitem>
<para>
Fix <quote>failed to re-find parent key</> errors in
<command>VACUUM</> (Tom)
</para>
</listitem>
<listitem>
<para>
Clean out <filename>pg_internal.init</> cache files during server
restart (Simon)
</para>
<para>
This avoids a hazard that the cache files might contain stale
data after PITR recovery.
</para>
</listitem>
<listitem>
<para>
Fix race condition for truncation of a large relation across a
gigabyte boundary by <command>VACUUM</> (Tom)
</para>
</listitem>
<listitem>
<para>
Fix bug causing needless deadlock errors on row-level locks (Tom)
</para>
</listitem>
<listitem>
<para>
Fix bugs affecting multi-gigabyte hash indexes (Tom)
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock in Windows signal handling (Teodor)
</para>
</listitem>
<listitem>
<para>
Fix error when constructing an <literal>ARRAY[]</> made up of multiple
empty elements (Tom)
</para>
</listitem>
<listitem>
<para>
Fix ecpg memory leak during connection (Michael)
</para>
</listitem>
<listitem>
<para>
Fix for Darwin (OS X) compilation (Tom)
</para>
</listitem>
<listitem>
<para>
<function>to_number()</> and <function>to_char(numeric)</>
are now <literal>STABLE</>, not <literal>IMMUTABLE</>, for
new <application>initdb</> installs (Tom)
</para>
<para>
This is because <varname>lc_numeric</> can potentially
change the output of these functions.
</para>
</listitem>
<listitem>
<para>
Improve index usage of regular expressions that use parentheses (Tom)
</para>
<para>
This improves <application>psql</> <literal>\d</> performance also.
</para>
</listitem>
<listitem>
<para>
Update timezone database
</para>
<para>
This affects Australian and Canadian daylight-savings rules in
particular.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-5">
<title>Release 8.1.5</title>
<note>
<title>Release Date</title>
<simpara>2006-10-16</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.4.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.5</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem><para>Disallow aggregate functions in <command>UPDATE</>
commands, except within sub-SELECTs (Tom)</para>
<para>The behavior of such an aggregate was unpredictable, and in 8.1.X
could cause a crash, so it has been disabled. The SQL standard does not allow
this either.</para></listitem>
<listitem><para>Fix core dump when an untyped literal is taken as
ANYARRAY</para></listitem>
<listitem><para>Fix core dump in duration logging for extended query protocol
when a <command>COMMIT</> or <command>ROLLBACK</> is
executed</para></listitem>
<listitem><para>Fix mishandling of AFTER triggers when query contains a SQL
function returning multiple rows (Tom)</para></listitem>
<listitem><para>Fix <command>ALTER TABLE ... TYPE</> to recheck
<literal>NOT NULL</> for <literal>USING</> clause (Tom)</para></listitem>
<listitem><para>Fix <function>string_to_array()</> to handle overlapping
matches for the separator string</para>
<para>For example, <literal>string_to_array('123xx456xxx789', 'xx')</>.
</para></listitem>
<listitem><para>Fix <function>to_timestamp()</> for
<literal>AM</>/<literal>PM</> formats (Bruce)</para></listitem>
<listitem><para>Fix autovacuum's calculation that decides whether
<command>ANALYZE</> is needed (Alvaro)</para></listitem>
<listitem><para>Fix corner cases in pattern matching for
<application>psql</>'s <literal>\d</> commands</para></listitem>
<listitem><para>Fix index-corrupting bugs in /contrib/ltree
(Teodor)</para></listitem>
<listitem><para>Numerous robustness fixes in <application>ecpg</> (Joachim
Wieland)</para></listitem>
<listitem><para>Fix backslash escaping in /contrib/dbmirror</para></listitem>
<listitem><para>Minor fixes in /contrib/dblink and /contrib/tsearch2</para>
</listitem>
<listitem><para>Efficiency improvements in hash tables and bitmap index scans
(Tom)</para></listitem>
<listitem><para>Fix instability of statistics collection on Windows (Tom, Andrew)</para></listitem>
<listitem><para>Fix <varname>statement_timeout</> to use the proper
units on Win32 (Bruce)</para>
<para>In previous Win32 8.1.X versions, the delay was off by a factor of
100.</para></listitem>
<listitem><para>Fixes for <acronym>MSVC</> and <productname>Borland C++</>
compilers (Hiroshi Saito)</para></listitem>
<listitem><para>Fixes for <systemitem class="osname">AIX</> and
<productname>Intel</> compilers (Tom)</para></listitem>
<listitem><para>Fix rare bug in continuous archiving (Tom)</para></listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-4">
<title>Release 8.1.4</title>
<note>
<title>Release Date</title>
<simpara>2006-05-23</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.3,
including patches for extremely serious security issues.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.4</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
<para>
Full security against the SQL-injection attacks described in
CVE-2006-2313 and CVE-2006-2314 might require changes in application
code. If you have applications that embed untrustworthy strings
into SQL commands, you should examine them as soon as possible to
ensure that they are using recommended escaping techniques. In
most cases, applications should be using subroutines provided by
libraries or drivers (such as <application>libpq</>'s
<function>PQescapeStringConn()</>) to perform string escaping,
rather than relying on <foreignphrase>ad hoc</> code to do it.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem><para>Change the server to reject invalidly-encoded multibyte
characters in all cases (Tatsuo, Tom)</para>
<para>While <productname>PostgreSQL</> has been moving in this direction for
some time, the checks are now applied uniformly to all encodings and all
textual input, and are now always errors not merely warnings. This change
defends against SQL-injection attacks of the type described in CVE-2006-2313.
</para></listitem>
<listitem><para>Reject unsafe uses of <literal>\'</> in string literals</para>
<para>As a server-side defense against SQL-injection attacks of the type
described in CVE-2006-2314, the server now only accepts <literal>''</> and not
<literal>\'</> as a representation of ASCII single quote in SQL string
literals. By default, <literal>\'</> is rejected only when
<varname>client_encoding</> is set to a client-only encoding (SJIS, BIG5, GBK,
GB18030, or UHC), which is the scenario in which SQL injection is possible.
A new configuration parameter <varname>backslash_quote</> is available to
adjust this behavior when needed. Note that full security against
CVE-2006-2314 might require client-side changes; the purpose of
<varname>backslash_quote</> is in part to make it obvious that insecure
clients are insecure.
</para></listitem>
<listitem><para>Modify <application>libpq</>'s string-escaping routines to be
aware of encoding considerations and
<varname>standard_conforming_strings</></para>
<para>This fixes <application>libpq</>-using applications for the security
issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs
them against the planned changeover to SQL-standard string literal syntax.
Applications that use multiple <productname>PostgreSQL</> connections
concurrently should migrate to <function>PQescapeStringConn()</> and
<function>PQescapeByteaConn()</> to ensure that escaping is done correctly
for the settings in use in each database connection. Applications that
do string escaping <quote>by hand</> should be modified to rely on library
routines instead.
</para></listitem>
<listitem><para>Fix weak key selection in pgcrypto (Marko Kreen)</para>
<para>Errors in fortuna PRNG reseeding logic could cause a predictable
session key to be selected by <function>pgp_sym_encrypt()</> in some cases.
This only affects non-OpenSSL-using builds.
</para></listitem>
<listitem><para>Fix some incorrect encoding conversion functions</para>
<para><function>win1251_to_iso</>, <function>win866_to_iso</>,
<function>euc_tw_to_big5</>, <function>euc_tw_to_mic</>,
<function>mic_to_euc_tw</> were all broken to varying
extents.
</para></listitem>
<listitem><para>Clean up stray remaining uses of <literal>\'</> in strings
(Bruce, Jan)</para></listitem>
<listitem><para>Make autovacuum visible in <structname>pg_stat_activity</>
(Alvaro)</para></listitem>
<listitem><para>Disable <literal>full_page_writes</> (Tom)</para>
<para>In certain cases, having <literal>full_page_writes</> off would cause
crash recovery to fail. A proper fix will appear in 8.2; for now it's just
disabled.
</para></listitem>
<listitem><para>Various planner fixes, particularly for bitmap index scans and
MIN/MAX optimization (Tom)</para></listitem>
<listitem><para>Fix incorrect optimization in merge join (Tom)</para>
<para>Outer joins could sometimes emit multiple copies of unmatched rows.
</para></listitem>
<listitem><para>Fix crash from using and modifying a plpgsql function in the
same transaction</para></listitem>
<listitem><para>Fix WAL replay for case where a B-Tree index has been
truncated</para></listitem>
<listitem><para>Fix <literal>SIMILAR TO</> for patterns involving
<literal>|</> (Tom)</para></listitem>
<listitem><para>Fix <command>SELECT INTO</> and <command>CREATE TABLE AS</> to
create tables in the default tablespace, not the base directory (Kris
Jurka)</para></listitem>
<listitem><para>Fix server to use custom DH SSL parameters correctly (Michael
Fuhr)</para></listitem>
<listitem><para>Improve qsort performance (Dann Corbit)</para>
<para>Currently this code is only used on Solaris.
</para></listitem>
<listitem><para>Fix for OS/X Bonjour on x86 systems (Ashley Clark)</para></listitem>
<listitem><para>Fix various minor memory leaks</para></listitem>
<listitem><para>Fix problem with password prompting on some Win32 systems
(Robert Kinberg)</para></listitem>
<listitem><para>Improve <application>pg_dump</>'s handling of default values
for domains</para></listitem>
<listitem><para>Fix <application>pg_dumpall</> to handle identically-named
users and groups reasonably (only possible when dumping from a pre-8.1 server)
(Tom)</para>
<para>The user and group will be merged into a single role with
<literal>LOGIN</> permission. Formerly the merged role wouldn't have
<literal>LOGIN</> permission, making it unusable as a user.
</para></listitem>
<listitem><para>Fix <application>pg_restore</> <literal>-n</> to work as
documented (Tom)</para></listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-3">
<title>Release 8.1.3</title>
<note>
<title>Release Date</title>
<simpara>2006-02-14</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.2,
including one very serious security issue.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.3</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem><para>Fix bug that allowed any logged-in user to <command>SET
ROLE</> to any other database user id (CVE-2006-0553)</para>
<para>Due to inadequate validity checking, a user could exploit the special
case that <command>SET ROLE</> normally uses to restore the previous role
setting after an error. This allowed ordinary users to acquire superuser
status, for example.
The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, in all releases back to 7.3 there is a related bug in <command>SET
SESSION AUTHORIZATION</> that allows unprivileged users to crash the server,
if it has been compiled with Asserts enabled (which is not the default).
Thanks to Akio Ishida for reporting this problem.
</para></listitem>
<listitem><para>Fix bug with row visibility logic in self-inserted
rows (Tom)</para>
<para>Under rare circumstances a row inserted by the current command
could be seen as already valid, when it should not be. Repairs bug
created in 8.0.4, 7.4.9, and 7.3.11 releases.
</para></listitem>
<listitem><para>Fix race condition that could lead to <quote>file already
exists</> errors during pg_clog and pg_subtrans file creation
(Tom)</para></listitem>
<listitem><para>Fix cases that could lead to crashes if a cache-invalidation
message arrives at just the wrong time (Tom)</para></listitem>
<listitem><para>Properly check <literal>DOMAIN</> constraints for
<literal>UNKNOWN</> parameters in prepared statements
(Neil)</para></listitem>
<listitem><para>Ensure <command>ALTER COLUMN TYPE</> will process
<literal>FOREIGN KEY</>, <literal>UNIQUE</>, and <literal>PRIMARY KEY</>
constraints in the proper order (Nakano Yoshihisa)</para></listitem>
<listitem><para>Fixes to allow restoring dumps that have cross-schema
references to custom operators or operator classes (Tom)</para></listitem>
<listitem><para>Allow <application>pg_restore</> to continue properly after a
<command>COPY</> failure; formerly it tried to treat the remaining
<command>COPY</> data as SQL commands (Stephen Frost)</para></listitem>
<listitem><para>Fix <application>pg_ctl</> <literal>unregister</> crash
when the data directory is not specified (Magnus)</para></listitem>
<listitem><para>Fix <application>libpq</> <function>PQprint</> HTML tags
(Christoph Zwerschke)</para></listitem>
<listitem><para>Fix <application>ecpg</> crash on AMD64 and PPC
(Neil)</para></listitem>
<listitem><para>Allow <literal>SETOF</> and <literal>%TYPE</> to be used
together in function result type declarations</para></listitem>
<listitem><para>Recover properly if error occurs during argument passing
in <application>PL/python</> (Neil)</para></listitem>
<listitem><para>Fix memory leak in <function>plperl_return_next</>
(Neil)</para></listitem>
<listitem><para>Fix <application>PL/perl</>'s handling of locales on
Win32 to match the backend (Andrew)</para></listitem>
<listitem><para>Various optimizer fixes (Tom)</para></listitem>
<listitem><para>Fix crash when <literal>log_min_messages</> is set to
<literal>DEBUG3</> or above in <filename>postgresql.conf</> on Win32
(Bruce)</para></listitem>
<listitem><para>Fix <application>pgxs</> <literal>-L</> library path
specification for Win32, Cygwin, OS X, AIX (Bruce)</para></listitem>
<listitem><para>Check that SID is enabled while checking for Win32 admin
privileges (Magnus)</para></listitem>
<listitem><para>Properly reject out-of-range date inputs (Kris
Jurka)</para></listitem>
<listitem><para>Portability fix for testing presence of <function>finite</>
and <function>isinf</> during configure (Tom)</para></listitem>
<listitem><para>Improve speed of <command>COPY IN</> via libpq, by
avoiding a kernel call per data line (Alon Goldshuv)</para></listitem>
<listitem><para>Improve speed of <filename>/contrib/tsearch2</> index
creation (Tom)</para></listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-2">
<title>Release 8.1.2</title>
<note>
<title>Release Date</title>
<simpara>2006-01-09</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.1.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.2</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, you might need to <command>REINDEX</> indexes on textual
columns after updating, if you are affected by the locale or
<application>plperl</> issues described below.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem><para>Fix Windows code so that postmaster will continue rather
than exit if there is no more room in ShmemBackendArray (Magnus)</para>
<para>The previous behavior could lead to a denial-of-service situation if too
many connection requests arrive close together. This applies
<emphasis>only</> to the Windows port.</para></listitem>
<listitem><para>Fix bug introduced in 8.0 that could allow ReadBuffer
to return an already-used page as new, potentially causing loss of
recently-committed data (Tom)</para></listitem>
<listitem><para>Fix for protocol-level Describe messages issued
outside a transaction or in a failed transaction (Tom)</para></listitem>
<listitem><para>Fix character string comparison for locales that consider
different character combinations as equal, such as Hungarian (Tom)</para>
<para>This might require <command>REINDEX</> to fix existing indexes on
textual columns.</para></listitem>
<listitem><para>Set locale environment variables during postmaster startup
to ensure that <application>plperl</> won't change the locale later</para>
<para>This fixes a problem that occurred if the <application>postmaster</> was
started with environment variables specifying a different locale than what
<application>initdb</> had been told. Under these conditions, any use of
<application>plperl</> was likely to lead to corrupt indexes. You might need
<command>REINDEX</> to fix existing indexes on
textual columns if this has happened to you.</para></listitem>
<listitem><para>Allow more flexible relocation of installation
directories (Tom)</para>
<para>Previous releases supported relocation only if all installation
directory paths were the same except for the last component.</para></listitem>
<listitem><para>Prevent crashes caused by the use of
<literal>ISO-8859-5</> and <literal>ISO-8859-9</> encodings
(Tatsuo)</para></listitem>
<listitem><para>Fix longstanding bug in strpos() and regular expression
handling in certain rarely used Asian multi-byte character sets (Tatsuo)
</para></listitem>
<listitem><para>Fix bug where COPY CSV mode considered any
<literal>\.</> to terminate the copy data</para> <para>The new code
requires <literal>\.</> to appear alone on a line, as per
documentation.</para></listitem>
<listitem><para>Make COPY CSV mode quote a literal data value of
<literal>\.</> to ensure it cannot be interpreted as the
end-of-data marker (Bruce)</para></listitem>
<listitem><para>Various fixes for functions returning <literal>RECORD</>s
(Tom) </para></listitem>
<listitem><para>Fix processing of <filename>postgresql.conf</> so a
final line with no newline is processed properly (Tom)
</para></listitem>
<listitem><para>Fix bug in <filename>/contrib/pgcrypto</> gen_salt,
which caused it not to use all available salt space for MD5 and
XDES algorithms (Marko Kreen, Solar Designer)</para>
<para>Salts for Blowfish and standard DES are unaffected.</para></listitem>
<listitem><para>Fix autovacuum crash when processing expression indexes
</para></listitem>
<listitem><para>Fix <filename>/contrib/dblink</> to throw an error,
rather than crashing, when the number of columns specified is different from
what's actually returned by the query (Joe)</para></listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-1">
<title>Release 8.1.1</title>
<note>
<title>Release Date</title>
<simpara>2005-12-12</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.0.
For information about new features in the 8.1 major release, see
<xref linkend="release-8-1">.
</para>
<sect2>
<title>Migration to Version 8.1.1</title>
<para>
A dump/restore is not required for those running 8.1.X.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem><para>Fix incorrect optimizations of outer-join conditions
(Tom)</para></listitem>
<listitem><para>Fix problems with wrong reported column names in cases
involving sub-selects flattened by the optimizer (Tom)</para></listitem>
<listitem><para>Fix update failures in scenarios involving CHECK constraints,
toasted columns, <emphasis>and</> indexes (Tom)</para></listitem>
<listitem><para>Fix bgwriter problems after recovering from errors
(Tom)</para>
<para>
The background writer was found to leak buffer pins after write errors.
While not fatal in itself, this might lead to mysterious blockages of
later VACUUM commands.
</para>
</listitem>
<listitem><para>Prevent failure if client sends Bind protocol message
when current transaction is already aborted</para></listitem>
<listitem><para><filename>/contrib/tsearch2</> and <filename>/contrib/ltree</>
fixes (Teodor)</para></listitem>
<listitem><para>Fix problems with translated error messages in
languages that require word reordering, such as Turkish; also problems with
unexpected truncation of output strings and wrong display of the smallest
possible bigint value (Andrew, Tom)</para>
<para>
These problems only appeared on platforms that were using our
<filename>port/snprintf.c</> code, which includes BSD variants if
<literal>--enable-nls</> was given, and perhaps others. In addition,
a different form of the translated-error-message problem could appear
on Windows depending on which version of <filename>libintl</> was used.
</para></listitem>
<listitem><para>Re-allow <literal>AM</>/<literal>PM</>, <literal>HH</>,
<literal>HH12</>, and <literal>D</> format specifiers for
<function>to_char(time)</> and <function>to_char(interval)</>.
(<function>to_char(interval)</> should probably use
<literal>HH24</>.) (Bruce)</para></listitem>
<listitem><para>AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi
Saito)</para></listitem>
<listitem><para>Optimizer improvements (Tom)</para></listitem>
<listitem><para>Retry file reads and writes after Windows
NO_SYSTEM_RESOURCES error (Qingqing Zhou)</para></listitem>
<listitem><para>Prevent <application>autovacuum</> from crashing during
ANALYZE of expression index (Alvaro)</para></listitem>
<listitem><para>Fix problems with ON COMMIT DELETE ROWS temp
tables</para></listitem>
<listitem><para>Fix problems when a trigger alters the output of a SELECT
DISTINCT query</para></listitem>
<listitem><para>Add 8.1.0 release note item on how to migrate invalid
<literal>UTF-8</> byte sequences (Paul Lindner)</para></listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1">
<title>Release 8.1</title>
<note>
<title>Release Date</title>
<simpara>2005-11-08</simpara>
</note>
<sect2>
<title>Overview</title>
<para>
Major changes in this release:
</para>
<variablelist>
<varlistentry>
<term>
Improve concurrent access to the shared buffer cache (Tom)
</term>
<listitem>
<para>
Access to the shared buffer cache was identified as a
significant scalability problem, particularly on multi-CPU
systems. In this release, the way that locking is done in the
buffer manager has been overhauled to reduce lock contention
and improve scalability. The buffer manager has also been
changed to use a <quote>clock sweep</quote> replacement
policy.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Allow index scans to use an intermediate in-memory bitmap (Tom)
</term>
<listitem>
<para>
In previous releases, only a single index could be used to do
lookups on a table. With this feature, if a query has
<command>WHERE tab.col1 = 4 and tab.col2 = 9</>, and there is
no multicolumn index on <literal>col1</> and <literal>col2</>,
but there is an index on <literal>col1</> and another on
<literal>col2</>, it is possible to search both indexes and
combine the results in memory, then do heap fetches for only
the rows matching both the <literal>col1</> and
<literal>col2</> restrictions. This is very useful in
environments that have a lot of unstructured queries where it
is impossible to create indexes that match all possible access
conditions. Bitmap scans are useful even with a single index,
as they reduce the amount of random access needed; a bitmap
index scan is efficient for retrieving fairly large fractions
of the complete table, whereas plain index scans are not.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Add two-phase commit (Heikki Linnakangas, Alvaro, Tom)
</term>
<listitem>
<para>
Two-phase commit allows transactions to be "prepared" on several
computers, and once all computers have successfully prepared
their transactions (none failed), all transactions can be
committed. Even if a machine crashes after a prepare, the
prepared transaction can be committed after the machine is
restarted. New syntax includes <command>PREPARE TRANSACTION</> and
<command>COMMIT/ROLLBACK PREPARED</>. A new system view
<literal>pg_prepared_xacts</> has also been added.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Create a new role system that replaces users and groups
(Stephen Frost)
</term>
<listitem>
<para>
Roles are a combination of users and groups. Like users, they
can have login capability, and like groups, a role can have
other roles as members. Roles basically remove the distinction
between users and groups. For example, a role can:
</para>
<itemizedlist>
<listitem>
<para>
Have login capability (optionally)
</para>
</listitem>
<listitem>
<para>
Own objects
</para>
</listitem>
<listitem>
<para>
Hold access permissions for database objects
</para>
</listitem>
<listitem>
<para>
Inherit permissions from other roles it is a member of
</para>
</listitem>
</itemizedlist>
<para>
Once a user logs into a role, she obtains capabilities of
the login role plus any inherited roles, and can use
<command>SET ROLE</> to switch to other roles she is a member of.
This feature is a generalization of the SQL standard's concept of
roles.
This change also replaces <structname>pg_shadow</> and
<structname>pg_group</> by new role-capable catalogs
<structname>pg_authid</> and <structname>pg_auth_members</>. The old
tables are redefined as read-only views on the new role tables.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Automatically use indexes for <function>MIN()</> and
<function>MAX()</> (Tom)
</term>
<listitem>
<para>
In previous releases, the only way to use an index for
<function>MIN()</> or <function>MAX()</> was to rewrite the
query as <command>SELECT col FROM tab ORDER BY col LIMIT 1</>.
Index usage now happens automatically.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Move <filename>/contrib/pg_autovacuum</> into the main server
(Alvaro)
</term>
<listitem>
<para>
Integrating autovacuum into the server allows it to be
automatically started and stopped in sync with the database
server, and allows autovacuum to be configured from
<filename>postgresql.conf</>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Add shared row level locks using <command>SELECT ... FOR SHARE</>
(Alvaro)
</term>
<listitem>
<para>
While <productname>PostgreSQL</productname>'s MVCC locking
allows <command>SELECT</> to never be blocked by writers and
therefore does not need shared row locks for typical operations,
shared locks are useful for applications that require shared row
locking. In particular this reduces the locking requirements
imposed by referential integrity checks.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Add dependencies on shared objects, specifically roles
(Alvaro)
</term>
<listitem>
<para>
This extension of the dependency mechanism prevents roles from
being dropped while there are still database objects they own.
Formerly it was possible to accidentally <quote>orphan</> objects by
deleting their owner. While this could be recovered from, it
was messy and unpleasant.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
Improve performance for partitioned tables (Simon)
</term>
<listitem>
<para>
The new <varname>constraint_exclusion</varname> configuration
parameter avoids lookups on child tables where constraints indicate
that no matching rows exist in the child table.
</para>
<para>
This allows for a basic type of table partitioning. If child tables
store separate key ranges and this is enforced using appropriate
<command>CHECK</> constraints, the optimizer will skip child
table accesses when the constraint guarantees no matching rows
exist in the child table.
</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
<sect2>
<title>Migration to Version 8.1</title>
<para>
A dump/restore using <application>pg_dump</application> is required
for those wishing to migrate data from any previous release.
</para>
<para>
The 8.0 release announced that the <function>to_char()</> function
for intervals would be removed in 8.1. However, since no better API
has been suggested, <function>to_char(interval)</> has been enhanced in
8.1 and will remain in the server.
</para>
<para>
Observe the following incompatibilities:
</para>
<itemizedlist>
<listitem>
<para>
<varname>add_missing_from</> is now false by default (Neil)
</para>
<para>
By default, we now generate an error if a table is used in a query
without a <literal>FROM</> reference. The old behavior is still
available, but the parameter must be set to 'true' to obtain it.
</para>
<para>
It might be necessary to set <varname>add_missing_from</> to true
in order to load an existing dump file, if the dump contains any
views or rules created using the implicit-<literal>FROM</> syntax.
This should be a one-time annoyance, because
<productname>PostgreSQL</productname> 8.1 will convert
such views and rules to standard explicit-<literal>FROM</> syntax.
Subsequent dumps will therefore not have the problem.
</para>
</listitem>
<listitem>
<para>
Cause input of a zero-length string (<literal>''</literal>) for
<type>float4</type>/<type>float8</type>/<type>oid</type>
to throw an error, rather than treating it as a zero (Neil)
</para>
<para>
This change is consistent with the current handling of
zero-length strings for integers. The schedule for this change
was announced in 8.0.
</para>
</listitem>
<listitem>
<para>
<varname>default_with_oids</> is now false by default (Neil)
</para>
<para>
With this option set to false, user-created tables no longer
have an OID column unless <command>WITH OIDS</> is specified in
<command>CREATE TABLE</>. Though OIDs have existed in all
releases of <productname>PostgreSQL</>, their use is limited
because they are only four bytes long and the counter is shared
across all installed databases. The preferred way of uniquely
identifying rows is via sequences and the <type>SERIAL</> type,
which have been supported since <productname>PostgreSQL</> 6.4.
</para>
</listitem>
<listitem>
<para>
Add <literal>E''</> syntax so eventually ordinary strings can
treat backslashes literally (Bruce)
</para>
<para>
Currently <productname>PostgreSQL</productname> processes a
backslash in a string literal as introducing a special escape sequence,
e.g. <literal>\n</> or <literal>\010</>.
While this allows easy entry of special values, it is
nonstandard and makes porting of applications from other
databases more difficult. For this reason, the
<productname>PostgreSQL</productname> project is planning to
remove the special meaning of backslashes in strings. For
backward compatibility and for users who want special backslash
processing, a new string syntax has been created. This new string
syntax is formed by writing an <literal>E</> immediately preceding the
single quote that starts the string, e.g. <literal>E'hi\n'</>. While
this release does not change the handling of backslashes in strings, it
does add new configuration parameters to help users migrate applications
for future releases:
</para>
<itemizedlist>
<listitem>
<para>
<varname>standard_conforming_strings</> &mdash; does this release
treat backslashes literally in ordinary strings?
</para>
</listitem>
<listitem>
<para>
<varname>escape_string_warning</> &mdash; warn about backslashes in
ordinary (non-E) strings
</para>
</listitem>
</itemizedlist>
<para>
The <varname>standard_conforming_strings</> value is read-only.
Applications can retrieve the value to know how backslashes are
processed. (Presence of the parameter can also be taken as an
indication that <literal>E''</> string syntax is supported.)
In a future release, <varname>standard_conforming_strings</>
will be true, meaning backslashes will be treated literally in
non-E strings. To prepare for this change, use <literal>E''</>
strings in places that need special backslash processing, and
turn on <varname>escape_string_warning</> to find additional
strings that need to be converted to use <literal>E''</>.
Also, use two single-quotes (<literal>''</>) to embed a literal
single-quote in a string, rather than the
<productname>PostgreSQL</productname>-supported syntax of
backslash single-quote (<literal>\'</>). The former is
standards-conforming and does not require the use of the
<literal>E''</> string syntax. You can also use the
<literal>$$</> string syntax, which does not treat backslashes
specially.
</para>
</listitem>
<listitem>
<para>
Make <command>REINDEX DATABASE</> reindex all indexes in the
database (Tom)
</para>
<para>
Formerly, <command>REINDEX DATABASE</> reindexed only
system tables. This new behavior seems more intuitive. A new
command <command>REINDEX SYSTEM</> provides the old functionality
of reindexing just the system tables.
</para>
</listitem>
<listitem>
<para>
Read-only large object descriptors now obey MVCC snapshot semantics
</para>
<para>
When a large object is opened with <literal>INV_READ</> (and not
<literal>INV_WRITE</>), the data read from the descriptor will now
reflect a <quote>snapshot</> of the large object's state at the
time of the transaction snapshot in use by the query that called
<function>lo_open()</>. To obtain the old behavior of always
returning the latest committed data, include <literal>INV_WRITE</>
in the mode flags for <function>lo_open()</>.
</para>
</listitem>
<listitem>
<para>
Add proper dependencies for arguments of sequence functions (Tom)
</para>
<para>
In previous releases, sequence names passed to <function>nextval()</>,
<function>currval()</>, and <function>setval()</> were stored as
simple text strings, meaning that renaming or dropping a
sequence used in a <literal>DEFAULT</> clause made the clause
invalid. This release stores all newly-created sequence function
arguments as internal OIDs, allowing them to track sequence
renaming, and adding dependency information that prevents
improper sequence removal. It also makes such <literal>DEFAULT</>
clauses immune to schema renaming and search path changes.
</para>
<para>
Some applications might rely on the old behavior of
run-time lookup for sequence names. This can still be done by
explicitly casting the argument to <type>text</>, for example
<literal>nextval('myseq'::text)</>.
</para>
<para>
Pre-8.1 database dumps loaded into 8.1 will use the old text-based
representation and therefore will not have the features of
OID-stored arguments. However, it is possible to update a
database containing text-based <literal>DEFAULT</> clauses.
First, save this query into a file, such as <filename>fixseq.sql</>:
<programlisting>
SELECT 'ALTER TABLE ' ||
pg_catalog.quote_ident(n.nspname) || '.' ||
pg_catalog.quote_ident(c.relname) ||
' ALTER COLUMN ' || pg_catalog.quote_ident(a.attname) ||
' SET DEFAULT ' ||
regexp_replace(d.adsrc,
$$val\(\(('[^']*')::text\)::regclass$$,
$$val(\1$$,
'g') ||
';'
FROM pg_namespace n, pg_class c, pg_attribute a, pg_attrdef d
WHERE n.oid = c.relnamespace AND
c.oid = a.attrelid AND
a.attrelid = d.adrelid AND
a.attnum = d.adnum AND
d.adsrc ~ $$val\(\('[^']*'::text\)::regclass$$;
</programlisting>
Next, run the query against a database to find what
adjustments are required, like this for database <literal>db1</>:
<programlisting>
psql -t -f fixseq.sql db1
</programlisting>
This will show the <command>ALTER TABLE</> commands needed to
convert the database to the newer OID-based representation.
If the commands look reasonable, run this to update the database:
<programlisting>
psql -t -f fixseq.sql db1 | psql -e db1
</programlisting>
This process must be repeated in each database to be updated.
</para>
</listitem>
<listitem>
<para>
In <application>psql</application>, treat unquoted
<literal>\{digit}+</> sequences as octal (Bruce)
</para>
<para>
In previous releases, <literal>\{digit}+</> sequences were
treated as decimal, and only <literal>\0{digit}+</> were treated
as octal. This change was made for consistency.
</para>
</listitem>
<listitem>
<para>
Remove grammar productions for prefix and postfix <literal>%</>
and <literal>^</> operators
(Tom)
</para>
<para>
These have never been documented and complicated the use of the
modulus operator (<literal>%</>) with negative numbers.
</para>
</listitem>
<listitem>
<para>
Make <literal>&amp;&lt;</> and <literal>&amp;&gt;</> for polygons
consistent with the box "over" operators (Tom)
</para>
</listitem>
<listitem>
<para>
<command>CREATE LANGUAGE</> can ignore the provided arguments
in favor of information from <structname>pg_pltemplate</>
(Tom)
</para>
<para>
A new system catalog <structname>pg_pltemplate</> has been defined
to carry information about the preferred definitions of procedural
languages (such as whether they have validator functions). When
an entry exists in this catalog for the language being created,
<command>CREATE LANGUAGE</> will ignore all its parameters except the
language name and instead use the catalog information. This measure
was taken because of increasing problems with obsolete language
definitions being loaded by old dump files. As of 8.1,
<application>pg_dump</> will dump procedural language definitions as
just <command>CREATE LANGUAGE <replaceable>name</></command>, relying
on a template entry to exist at load time. We expect this will be a
more future-proof representation.
</para>
</listitem>
<listitem>
<para>
Make <function>pg_cancel_backend(int)</function> return a
<type>boolean</type> rather than an <type>integer</type> (Neil)
</para>
</listitem>
<listitem>
<para>
Some users are having problems loading UTF-8 data into 8.1.X.
This is because previous versions allowed invalid UTF-8 byte
sequences to be entered into the database, and this release
properly accepts only valid UTF-8 sequences. One way to correct a
dumpfile is to run the command <command>iconv -c -f UTF-8 -t
UTF-8 -o cleanfile.sql dumpfile.sql</>. The <literal>-c</> option
removes invalid character sequences. A diff of the two files will
show the sequences that are invalid. <command>iconv</> reads the
entire input file into memory so it might be necessary to use
<application>split</> to break up the dump into multiple smaller
files for processing.
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2>
<title>Additional Changes</title>
<para>
Below you will find a detailed account of the additional changes
between <productname>PostgreSQL</productname> 8.1 and the
previous major release.
</para>
<sect3>
<title>Performance Improvements</title>
<itemizedlist>
<listitem>
<para>
Improve GiST and R-tree index performance (Neil)
</para>
</listitem>
<listitem>
<para>
Improve the optimizer, including auto-resizing of hash joins
(Tom)
</para>
</listitem>
<listitem>
<para>
Overhaul internal API in several areas
</para>
</listitem>
<listitem>
<para>
Change WAL record CRCs from 64-bit to 32-bit (Tom)
</para>
<para>
We determined that the extra cost of computing 64-bit CRCs was
significant, and the gain in reliability too marginal to justify it.
</para>
</listitem>
<listitem>
<para>
Prevent writing large empty gaps in WAL pages (Tom)
</para>
</listitem>
<listitem>
<para>
Improve spinlock behavior on SMP machines, particularly Opterons (Tom)
</para>
</listitem>
<listitem>
<para>
Allow nonconsecutive index columns to be used in a multicolumn
index (Tom)
</para>
<para>
For example, this allows an index on columns a,b,c to be used in
a query with <command>WHERE a = 4 and c = 10</>.
</para>
</listitem>
<listitem>
<para>
Skip WAL logging for <command>CREATE TABLE AS</> /
<command>SELECT INTO</> (Simon)
</para>
<para>
Since a crash during <command>CREATE TABLE AS</> would cause the
table to be dropped during recovery, there is no reason to WAL
log as the table is loaded. (Logging still happens if WAL
archiving is enabled, however.)
</para>
</listitem>
<listitem>
<para>
Allow concurrent GiST index access (Teodor, Oleg)
</para>
</listitem>
<listitem>
<para>
Add configuration parameter <varname>full_page_writes</> to
control writing full pages to WAL (Bruce)
</para>
<para>
To prevent partial disk writes from corrupting the database,
<productname>PostgreSQL</productname> writes a complete copy of
each database disk page to WAL the first time it is modified
after a checkpoint. This option turns off that functionality for more
speed. This is safe to use with battery-backed disk caches where
partial page writes cannot happen.
</para>
</listitem>
<listitem>
<para>
Use <literal>O_DIRECT</> if available when using
<literal>O_SYNC</> for <varname>wal_sync_method</varname>
(Itagaki Takahiro)
</para>
<para>
<literal>O_DIRECT</> causes disk writes to bypass the kernel
cache, and for WAL writes, this improves performance.
</para>
</listitem>
<listitem>
<para>
Improve <command>COPY FROM</> performance (Alon Goldshuv)
</para>
<para>
This was accomplished by reading <command>COPY</> input in
larger chunks, rather than character by character.
</para>
</listitem>
<listitem>
<para>
Improve the performance of <function>COUNT()</function>,
<function>SUM</function>, <function>AVG()</function>,
<function>STDDEV()</function>, and
<function>VARIANCE()</function> (Neil, Tom)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Server Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent problems due to transaction ID (XID) wraparound (Tom)
</para>
<para>
The server will now warn when the transaction counter approaches
the wraparound point. If the counter becomes too close to wraparound,
the server will stop accepting queries. This ensures that data is
not lost before needed vacuuming is performed.
</para>
</listitem>
<listitem>
<para>
Fix problems with object IDs (OIDs) conflicting with existing system
objects after the OID counter has wrapped around (Tom)
</para>
</listitem>
<listitem>
<para>
Add warning about the need to increase
<varname>max_fsm_relations</> and <varname>max_fsm_pages</>
during <command>VACUUM</> (Ron Mayer)
</para>
</listitem>
<listitem>
<para>
Add <varname>temp_buffers</> configuration parameter to allow
users to determine the size of the local buffer area for
temporary table access (Tom)
</para>
</listitem>
<listitem>
<para>
Add session start time and client IP address to
<literal>pg_stat_activity</> (Magnus)
</para>
</listitem>
<listitem>
<para>
Adjust <literal>pg_stat</> views for bitmap scans (Tom)
</para>
<para>
The meanings of some of the fields have changed slightly.
</para>
</listitem>
<listitem>
<para>
Enhance <literal>pg_locks</> view (Tom)
</para>
</listitem>
<listitem>
<para>
Log queries for client-side <command>PREPARE</> and
<command>EXECUTE</> (Simon)
</para>
</listitem>
<listitem>
<para>
Allow Kerberos name and user name case sensitivity to be
specified in <filename>postgresql.conf</> (Magnus)
</para>
</listitem>
<listitem>
<para>
Add configuration parameter <varname>krb_server_hostname</> so
that the server host name can be specified as part of service
principal (Todd Kover)
</para>
<para>
If not set, any service principal matching an entry in the
keytab can be used. This is new Kerberos matching behavior in
this release.
</para>
</listitem>
<listitem>
<para>
Add <varname>log_line_prefix</> options for millisecond
timestamps (<literal>%m</>) and remote host (<literal>%h</>) (Ed
L.)
</para>
</listitem>
<listitem>
<para>
Add WAL logging for GiST indexes (Teodor, Oleg)
</para>
<para>
GiST indexes are now safe for crash and point-in-time recovery.
</para>
</listitem>
<listitem>
<para>
Remove old <filename>*.backup</> files when we do
<function>pg_stop_backup()</> (Bruce)
</para>
<para>
This prevents a large number of <filename>*.backup</> files from
existing in <filename>pg_xlog/</>.
</para>
</listitem>
<listitem>
<para>
Add configuration parameters to control TCP/IP keep-alive
times for idle, interval, and count (Oliver Jowett)
</para>
<para>
These values can be changed to allow more rapid detection of
lost client connections.
</para>
</listitem>
<listitem>
<para>
Add per-user and per-database connection limits (Petr Jelinek)
</para>
<para>
Using <command>ALTER USER</> and <command>ALTER DATABASE</>,
limits can now be enforced on the maximum number of sessions that
can concurrently connect as a specific user or to a specific database.
Setting the limit to zero disables user or database connections.
</para>
</listitem>
<listitem>
<para>
Allow more than two gigabytes of shared memory and per-backend
work memory on 64-bit machines (Koichi Suzuki)
</para>
</listitem>
<listitem>
<para>
New system catalog <structname>pg_pltemplate</> allows overriding
obsolete procedural-language definitions in dump files (Tom)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Query Changes</title>
<itemizedlist>
<listitem>
<para>
Add temporary views (Koju Iijima, Neil)
</para>
</listitem>
<listitem>
<para>
Fix <command>HAVING</> without any aggregate functions or
<command>GROUP BY</> so that the query returns a single group (Tom)
</para>
<para>
Previously, such a case would treat the <command>HAVING</>
clause the same as a <command>WHERE</> clause. This was not per spec.
</para>
</listitem>
<listitem>
<para>
Add <command>USING</> clause to allow additional tables to be
specified to <command>DELETE</> (Euler Taveira de Oliveira, Neil)
</para>
<para>
In prior releases, there was no clear method for specifying
additional tables to be used for joins in a <command>DELETE</>
statement. <command>UPDATE</> already has a <literal>FROM</>
clause for this purpose.
</para>
</listitem>
<listitem>
<para>
Add support for <literal>\x</> hex escapes in backend and ecpg
strings (Bruce)
</para>
<para>
This is just like the standard C <literal>\x</> escape syntax.
Octal escapes were already supported.
</para>
</listitem>
<listitem>
<para>
Add <command>BETWEEN SYMMETRIC</> query syntax (Pavel Stehule)
</para>
<para>
This feature allows <command>BETWEEN</> comparisons without
requiring the first value to be less than the second. For
example, <command>2 BETWEEN [ASYMMETRIC] 3 AND 1</> returns
false, while <command>2 BETWEEN SYMMETRIC 3 AND 1</> returns
true. <command>BETWEEN ASYMMETRIC</> was already supported.
</para>
</listitem>
<listitem>
<para>
Add <command>NOWAIT</> option to <command>SELECT ... FOR
UPDATE/SHARE</> (Hans-Juergen Schoenig)
</para>
<para>
While the <varname>statement_timeout</> configuration
parameter allows a query taking more than a certain amount of
time to be canceled, the <command>NOWAIT</> option allows a
query to be canceled as soon as a <command>SELECT ... FOR
UPDATE/SHARE</> command cannot immediately acquire a row lock.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Object Manipulation Changes</title>
<itemizedlist>
<listitem>
<para>
Track dependencies of shared objects (Alvaro)
</para>
<para>
<productname>PostgreSQL</productname> allows global tables
(users, databases, tablespaces) to reference information in
multiple databases. This addition adds dependency information
for global tables, so, for example, user ownership can be
tracked across databases, so a user who owns something in any
database can no longer be removed. Dependency tracking already
existed for database-local objects.
</para>
</listitem>
<listitem>
<para>
Allow limited <command>ALTER OWNER</> commands to be performed
by the object owner (Stephen Frost)
</para>
<para>
Prior releases allowed only superusers to change object owners.
Now, ownership can be transferred if the user executing the command
owns the object and would be able to create it as the new owner
(that is, the user is a member of the new owning role and that role
has the CREATE permission that would be needed to create the object
afresh).
</para>
</listitem>
<listitem>
<para>
Add <command>ALTER</> object <command>SET SCHEMA</> capability
for some object types (tables, functions, types) (Bernd Helmle)
</para>
<para>
This allows objects to be moved to different schemas.
</para>
</listitem>
<listitem>
<para>
Add <command>ALTER TABLE ENABLE/DISABLE TRIGGER</command> to
disable triggers (Satoshi Nagayasu)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Utility Command Changes</title>
<itemizedlist>
<listitem>
<para>
Allow <command>TRUNCATE</> to truncate multiple tables in a
single command (Alvaro)
</para>
<para>
Because of referential integrity checks, it is not allowed to
truncate a table that is part of a referential integrity
constraint. Using this new functionality, <command>TRUNCATE</>
can be used to truncate such tables, if both tables involved in
a referential integrity constraint are truncated in a single
<command>TRUNCATE</> command.
</para>
</listitem>
<listitem>
<para>
Properly process carriage returns and line feeds in
<command>COPY CSV</> mode (Andrew)
</para>
<para>
In release 8.0, carriage returns and line feeds in <command>CSV
COPY TO</> were processed in an inconsistent manner. (This was
documented on the TODO list.)
</para>
</listitem>
<listitem>
<para>
Add <command>COPY WITH CSV HEADER</> to allow a header line as
the first line in <command>COPY</> (Andrew)
</para>
<para>
This allows handling of the common <command>CSV</> usage of
placing the column names on the first line of the data file. For
<command>COPY TO</>, the first line contains the column names,
and for <command>COPY FROM</>, the first line is ignored.
</para>
</listitem>
<listitem>
<para>
On Windows, display better sub-second precision in
<command>EXPLAIN ANALYZE</> (Magnus)
</para>
</listitem>
<listitem>
<para>
Add trigger duration display to <command>EXPLAIN ANALYZE</>
(Tom)
</para>
<para>
Prior releases included trigger execution time as part of the
total execution time, but did not show it separately. It is now
possible to see how much time is spent in each trigger.
</para>
</listitem>
<listitem>
<para>
Add support for <literal>\x</> hex escapes in <command>COPY</>
(Sergey Ten)
</para>
<para>
Previous releases only supported octal escapes.
</para>
</listitem>
<listitem>
<para>
Make <command>SHOW ALL</> include variable descriptions
(Matthias Schmidt)
</para>
<para>
<command>SHOW</> varname still only displays the variable's
value and does not include the description.
</para>
</listitem>
<listitem>
<para>
Make <application>initdb</application> create a new standard
database called <literal>postgres</>, and convert utilities to
use <literal>postgres</> rather than <literal>template1</> for
standard lookups (Dave)
</para>
<para>
In prior releases, <literal>template1</> was used both as a
default connection for utilities like
<application>createuser</application>, and as a template for
new databases. This caused <command>CREATE DATABASE</> to
sometimes fail, because a new database cannot be created if
anyone else is in the template database. With this change, the
default connection database is now <literal>postgres</>,
meaning it is much less likely someone will be using
<literal>template1</> during <command>CREATE DATABASE</>.
</para>
</listitem>
<listitem>
<para>
Create new <application>reindexdb</application> command-line
utility by moving <filename>/contrib/reindexdb</> into the
server (Euler Taveira de Oliveira)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Data Type and Function Changes</title>
<itemizedlist>
<listitem>
<para>
Add <function>MAX()</> and <function>MIN()</> aggregates for