release-8.1.sgml

<!-- doc/src/sgml/release-8.1.sgml -->
<!-- See header comment in release.sgml about typical markup -->

 <sect1 id="release-8-1-23">
  <title>Release 8.1.23</title>

  <note>
  <title>Release date</title>
  <simpara>2010-12-16</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.22.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <para>
   This is expected to be the last <productname>PostgreSQL</> release
   in the 8.1.X series.  Users are encouraged to update to a newer
   release branch soon.
  </para>

  <sect2>
   <title>Migration to Version 8.1.23</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.18,
    see the release notes for 8.1.18.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Force the default
      <link linkend="guc-wal-sync-method"><varname>wal_sync_method</></link>
      to be <literal>fdatasync</> on Linux (Tom Lane, Marti Raudsepp)
     </para>

     <para>
      The default on Linux has actually been <literal>fdatasync</> for many
      years, but recent kernel changes caused <productname>PostgreSQL</> to
      choose <literal>open_datasync</> instead.  This choice did not result
      in any performance improvement, and caused outright failures on
      certain filesystems, notably <literal>ext4</> with the
      <literal>data=journal</> mount option.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix recovery from base backup when the starting checkpoint WAL record
      is not in the same WAL segment as its redo point (Jeff Davis)
     </para>
    </listitem>

    <listitem>
     <para>
      Add support for detecting register-stack overrun on <literal>IA64</>
      (Tom Lane)
     </para>

     <para>
      The <literal>IA64</> architecture has two hardware stacks.  Full
      prevention of stack-overrun failures requires checking both.
     </para>
    </listitem>

    <listitem>
     <para>
      Add a check for stack overflow in <function>copyObject()</> (Tom Lane)
     </para>

     <para>
      Certain code paths could crash due to stack overflow given a
      sufficiently complex query.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix detection of page splits in temporary GiST indexes (Heikki
      Linnakangas)
     </para>

     <para>
      It is possible to have a <quote>concurrent</> page split in a
      temporary index, if for example there is an open cursor scanning the
      index when an insertion is done.  GiST failed to detect this case and
      hence could deliver wrong results when execution of the cursor
      continued.
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid memory leakage while <command>ANALYZE</>'ing complex index
      expressions (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure an index that uses a whole-row Var still depends on its table
      (Tom Lane)
     </para>

     <para>
      An index declared like <literal>create index i on t (foo(t.*))</>
      would not automatically get dropped when its table was dropped.
     </para>
    </listitem>

    <listitem>
     <para>
      Do not <quote>inline</> a SQL function with multiple <literal>OUT</>
      parameters (Tom Lane)
     </para>

     <para>
      This avoids a possible crash due to loss of information about the
      expected result rowtype.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix constant-folding of <literal>COALESCE()</> expressions (Tom Lane)
     </para>

     <para>
      The planner would sometimes attempt to evaluate sub-expressions that
      in fact could never be reached, possibly leading to unexpected errors.
     </para>
    </listitem>

    <listitem>
     <para>
      Add print functionality for <structname>InhRelation</> nodes (Tom Lane)
     </para>

     <para>
      This avoids a failure when <varname>debug_print_parse</> is enabled
      and certain types of query are executed.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix incorrect calculation of distance from a point to a horizontal
      line segment (Tom Lane)
     </para>

     <para>
      This bug affected several different geometric distance-measurement
      operators.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>PL/pgSQL</>'s handling of <quote>simple</>
      expressions to not fail in recursion or error-recovery cases (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix bug in <filename>contrib/cube</>'s GiST picksplit algorithm
      (Alexander Korotkov)
     </para>

     <para>
      This could result in considerable inefficiency, though not actually
      incorrect answers, in a GiST index on a <type>cube</> column.
      If you have such an index, consider <command>REINDEX</>ing it after
      installing this update.
     </para>
    </listitem>

    <listitem>
     <para>
      Don't emit <quote>identifier will be truncated</> notices in
      <filename>contrib/dblink</> except when creating new connections
      (Itagaki Takahiro)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix potential coredump on missing public key in
      <filename>contrib/pgcrypto</> (Marti Raudsepp)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix memory leak in <filename>contrib/xml2</>'s XPath query functions
      (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2010o
      for DST law changes in Fiji and Samoa;
      also historical corrections for Hong Kong.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-22">
  <title>Release 8.1.22</title>

  <note>
  <title>Release date</title>
  <simpara>2010-10-04</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.21.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <para>
   The <productname>PostgreSQL</> community will stop releasing updates
   for the 8.1.X release series in November 2010.
   Users are encouraged to update to a newer release branch soon.
  </para>

  <sect2>
   <title>Migration to Version 8.1.22</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.18,
    see the release notes for 8.1.18.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Use a separate interpreter for each calling SQL userid in PL/Perl and
      PL/Tcl (Tom Lane)
     </para>

     <para>
      This change prevents security problems that can be caused by subverting
      Perl or Tcl code that will be executed later in the same session under
      another SQL user identity (for example, within a <literal>SECURITY
      DEFINER</> function).  Most scripting languages offer numerous ways that
      that might be done, such as redefining standard functions or operators
      called by the target function.  Without this change, any SQL user with
      Perl or Tcl language usage rights can do essentially anything with the
      SQL privileges of the target function's owner.
     </para>

     <para>
      The cost of this change is that intentional communication among Perl
      and Tcl functions becomes more difficult.  To provide an escape hatch,
      PL/PerlU and PL/TclU functions continue to use only one interpreter
      per session.  This is not considered a security issue since all such
      functions execute at the trust level of a database superuser already.
     </para>

     <para>
      It is likely that third-party procedural languages that claim to offer
      trusted execution have similar security issues.  We advise contacting
      the authors of any PL you are depending on for security-critical
      purposes.
     </para>

     <para>
      Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent possible crashes in <function>pg_get_expr()</> by disallowing
      it from being called with an argument that is not one of the system
      catalog columns it's intended to be used with
      (Heikki Linnakangas, Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <quote>cannot handle unplanned sub-select</quote> error (Tom Lane)
     </para>

     <para>
      This occurred when a sub-select contains a join alias reference that
      expands into an expression containing another sub-select.
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent show_session_authorization() from crashing within autovacuum
      processes (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Defend against functions returning setof record where not all the
      returned rows are actually of the same rowtype (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible failure when hashing a pass-by-reference function result
      (Tao Ma, Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Take care to fsync the contents of lockfiles (both
      <filename>postmaster.pid</> and the socket lockfile) while writing them
      (Tom Lane)
     </para>

     <para>
      This omission could result in corrupted lockfile contents if the
      machine crashes shortly after postmaster start.  That could in turn
      prevent subsequent attempts to start the postmaster from succeeding,
      until the lockfile is manually removed.
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid recursion while assigning XIDs to heavily-nested
      subtransactions (Andres Freund, Robert Haas)
     </para>

     <para>
      The original coding could result in a crash if there was limited
      stack space.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <varname>log_line_prefix</>'s <literal>%i</> escape,
      which could produce junk early in backend startup (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible data corruption in <command>ALTER TABLE ... SET
      TABLESPACE</> when archiving is enabled (Jeff Davis)
     </para>
    </listitem>

    <listitem>
     <para>
      Allow <command>CREATE DATABASE</> and <command>ALTER DATABASE ... SET
      TABLESPACE</> to be interrupted by query-cancel (Guillaume Lelarge)
     </para>
    </listitem>

    <listitem>
     <para>
      In PL/Python, defend against null pointer results from
      <function>PyCObject_AsVoidPtr</> and <function>PyCObject_FromVoidPtr</>
      (Peter Eisentraut)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve <filename>contrib/dblink</>'s handling of tables containing
      dropped columns (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix connection leak after <quote>duplicate connection name</quote>
      errors in <filename>contrib/dblink</> (Itagaki Takahiro)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <filename>contrib/dblink</> to handle connection names longer than
      62 bytes correctly (Itagaki Takahiro)
     </para>
    </listitem>

    <listitem>
     <para>
      Update build infrastructure and documentation to reflect the source code
      repository's move from CVS to Git (Magnus Hagander and others)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2010l
      for DST law changes in Egypt and Palestine; also historical corrections
      for Finland.
     </para>

     <para>
      This change also adds new names for two Micronesian timezones:
      Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred
      abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over
      Pacific/Ponape.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-21">
  <title>Release 8.1.21</title>

  <note>
  <title>Release date</title>
  <simpara>2010-05-17</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.20.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.21</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.18,
    see the release notes for 8.1.18.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Enforce restrictions in <literal>plperl</> using an opmask applied to
      the whole interpreter, instead of using <filename>Safe.pm</>
      (Tim Bunce, Andrew Dunstan)
     </para>

     <para>
      Recent developments have convinced us that <filename>Safe.pm</> is too
      insecure to rely on for making <literal>plperl</> trustable.  This
      change removes use of <filename>Safe.pm</> altogether, in favor of using
      a separate interpreter with an opcode mask that is always applied.
      Pleasant side effects of the change include that it is now possible to
      use Perl's <literal>strict</> pragma in a natural way in
      <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</>
      variables work as expected in sort routines, and that function
      compilation is significantly faster.  (CVE-2010-1169)
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent PL/Tcl from executing untrustworthy code from
      <structname>pltcl_modules</> (Tom)
     </para>

     <para>
      PL/Tcl's feature for autoloading Tcl code from a database table
      could be exploited for trojan-horse attacks, because there was no
      restriction on who could create or insert into that table.  This change
      disables the feature unless <structname>pltcl_modules</> is owned by a
      superuser.  (However, the permissions on the table are not checked, so
      installations that really need a less-than-secure modules table can
      still grant suitable privileges to trusted non-superusers.)  Also,
      prevent loading code into the unrestricted <quote>normal</> Tcl
      interpreter unless we are really going to execute a <literal>pltclu</>
      function.  (CVE-2010-1170)
     </para>
    </listitem>

    <listitem>
     <para>
      Do not allow an unprivileged user to reset superuser-only parameter
      settings (Alvaro)
     </para>

     <para>
      Previously, if an unprivileged user ran <literal>ALTER USER ... RESET
      ALL</> for himself, or <literal>ALTER DATABASE ... RESET ALL</> for
      a database he owns, this would remove all special parameter settings
      for the user or database, even ones that are only supposed to be
      changeable by a superuser.  Now, the <command>ALTER</> will only
      remove the parameters that the user has permission to change.
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid possible crash during backend shutdown if shutdown occurs
      when a <literal>CONTEXT</> addition would be made to log entries (Tom)
     </para>

     <para>
      In some cases the context-printing function would fail because the
      current transaction had already been rolled back when it came time
      to print a log message.
     </para>
    </listitem>

    <listitem>
     <para>
      Update pl/perl's <filename>ppport.h</> for modern Perl versions
      (Andrew)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix assorted memory leaks in pl/python (Andreas Freund, Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent infinite recursion in <application>psql</> when expanding
      a variable that refers to itself (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure that <filename>contrib/pgstattuple</> functions respond to cancel
      interrupts promptly (Tatsuhito Kasahara)
     </para>
    </listitem>

    <listitem>
     <para>
      Make server startup deal properly with the case that
      <function>shmget()</> returns <literal>EINVAL</> for an existing
      shared memory segment (Tom)
     </para>

     <para>
      This behavior has been observed on BSD-derived kernels including OS X.
      It resulted in an entirely-misleading startup failure complaining that
      the shared memory request size was too large.
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2010j
      for DST law changes in Argentina, Australian Antarctic, Bangladesh,
      Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia;
      also historical corrections for Taiwan.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-20">
  <title>Release 8.1.20</title>

  <note>
  <title>Release date</title>
  <simpara>2010-03-15</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.19.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.20</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.18,
    see the release notes for 8.1.18.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Add new configuration parameter <varname>ssl_renegotiation_limit</> to
      control how often we do session key renegotiation for an SSL connection
      (Magnus)
     </para>

     <para>
      This can be set to zero to disable renegotiation completely, which may
      be required if a broken SSL library is used.  In particular, some
      vendors are shipping stopgap patches for CVE-2009-3555 that cause
      renegotiation attempts to fail.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible crashes when trying to recover from a failure in
      subtransaction start (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix server memory leak associated with use of savepoints and a client
      encoding different from server's encoding (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Make <function>substring()</> for <type>bit</> types treat any negative
      length as meaning <quote>all the rest of the string</> (Tom)
     </para>

     <para>
      The previous coding treated only -1 that way, and would produce an
      invalid result value for other negative values, possibly leading to
      a crash (CVE-2010-0442).
     </para>
    </listitem>

    <listitem>
     <para>
      Fix integer-to-bit-string conversions to handle the first fractional
      byte correctly when the output bit width is wider than the given
      integer by something other than a multiple of 8 bits (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix some cases of pathologically slow regular expression matching (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix the <literal>STOP WAL LOCATION</> entry in backup history files to
      report the next WAL segment's name when the end location is exactly at a
      segment boundary (Itagaki Takahiro)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix some more cases of temporary-file leakage (Heikki)
     </para>

     <para>
      This corrects a problem introduced in the previous minor release.
      One case that failed is when a plpgsql function returning set is
      called within another function's exception handler.
     </para>
    </listitem>

    <listitem>
     <para>
      When reading <filename>pg_hba.conf</> and related files, do not treat
      <literal>@something</> as a file inclusion request if the <literal>@</>
      appears inside quote marks; also, never treat <literal>@</> by itself
      as a file inclusion request (Tom)
     </para>

     <para>
      This prevents erratic behavior if a role or database name starts with
      <literal>@</>.  If you need to include a file whose path name
      contains spaces, you can still do so, but you must write
      <literal>@"/path to/file"</> rather than putting the quotes around
      the whole construct.
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent infinite loop on some platforms if a directory is named as
      an inclusion target in <filename>pg_hba.conf</> and related files
      (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>psql</>'s <literal>numericlocale</> option to not
      format strings it shouldn't in latex and troff output formats (Heikki)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix plpgsql failure in one case where a composite column is set to NULL
      (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Add <literal>volatile</> markings in PL/Python to avoid possible
      compiler-specific misbehavior (Zdenek Kotala)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure PL/Tcl initializes the Tcl interpreter fully (Tom)
     </para>

     <para>
      The only known symptom of this oversight is that the Tcl
      <literal>clock</> command misbehaves if using Tcl 8.5 or later.
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent crash in <filename>contrib/dblink</> when too many key
      columns are specified to a <function>dblink_build_sql_*</> function
      (Rushabh Lathia, Joe Conway)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix assorted crashes in <filename>contrib/xml2</> caused by sloppy
      memory management (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2010e
      for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-19">
  <title>Release 8.1.19</title>

  <note>
  <title>Release date</title>
  <simpara>2009-12-14</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.18.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.19</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.18,
    see the release notes for 8.1.18.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Protect against indirect security threats caused by index functions
      changing session-local state (Gurjeet Singh, Tom)
     </para>

     <para>
      This change prevents allegedly-immutable index functions from possibly
      subverting a superuser's session (CVE-2009-4136).
     </para>
    </listitem>

    <listitem>
     <para>
      Reject SSL certificates containing an embedded null byte in the common
      name (CN) field (Magnus)
     </para>

     <para>
      This prevents unintended matching of a certificate to a server or client
      name during SSL validation (CVE-2009-4034).
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible crash during backend-startup-time cache initialization (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent signals from interrupting <literal>VACUUM</> at unsafe times
      (Alvaro)
     </para>

     <para>
      This fix prevents a PANIC if a <literal>VACUUM FULL</> is cancelled
      after it's already committed its tuple movements, as well as transient
      errors if a plain <literal>VACUUM</> is interrupted after having
      truncated the table.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible crash due to integer overflow in hash table size
      calculation (Tom)
     </para>

     <para>
      This could occur with extremely large planner estimates for the size of
      a hashjoin's result.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix very rare crash in <type>inet</>/<type>cidr</> comparisons (Chris
      Mikkelson)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure that shared tuple-level locks held by prepared transactions are
      not ignored (Heikki)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix premature drop of temporary files used for a cursor that is accessed
      within a subtransaction (Heikki)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix PAM password processing to be more robust (Tom)
     </para>

     <para>
      The previous code is known to fail with the combination of the Linux
      <literal>pam_krb5</> PAM module with Microsoft Active Directory as the
      domain controller.  It might have problems elsewhere too, since it was
      making unjustified assumptions about what arguments the PAM stack would
      pass to it.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix processing of ownership dependencies during <literal>CREATE OR
      REPLACE FUNCTION</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure that Perl arrays are properly converted to
      <productname>PostgreSQL</> arrays when returned by a set-returning
      PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen)
     </para>

     <para>
      This worked correctly already for non-set-returning functions.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix rare crash in exception processing in PL/Python (Peter)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure <application>psql</>'s flex module is compiled with the correct
      system header definitions (Tom)
     </para>

     <para>
      This fixes build failures on platforms where
      <literal>--enable-largefile</> causes incompatible changes in the
      generated code.
     </para>
    </listitem>

    <listitem>
     <para>
      Make the postmaster ignore any <literal>application_name</> parameter in
      connection request packets, to improve compatibility with future libpq
      versions (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2009s
      for DST law changes in Antarctica, Argentina, Bangladesh, Fiji,
      Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical
      corrections for Hong Kong.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-18">
  <title>Release 8.1.18</title>

  <note>
  <title>Release date</title>
  <simpara>2009-09-09</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.17.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.18</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you have any hash indexes on <type>interval</> columns,
    you must <command>REINDEX</> them after updating to 8.1.18.
    Also, if you are upgrading from a version earlier than 8.1.15,
    see the release notes for 8.1.15.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Disallow <command>RESET ROLE</> and <command>RESET SESSION
      AUTHORIZATION</> inside security-definer functions (Tom, Heikki)
     </para>

     <para>
      This covers a case that was missed in the previous patch that
      disallowed <command>SET ROLE</> and <command>SET SESSION
      AUTHORIZATION</> inside security-definer functions.
      (See CVE-2007-6600)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix handling of sub-SELECTs appearing in the arguments of
      an outer-level aggregate function (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix hash calculation for data type <type>interval</> (Tom)
     </para>

     <para>
      This corrects wrong results for hash joins on interval values.
      It also changes the contents of hash indexes on interval columns.
      If you have any such indexes, you must <command>REINDEX</> them
      after updating.
     </para>
    </listitem>

    <listitem>
     <para>
      Treat <function>to_char(..., 'TH')</> as an uppercase ordinal
      suffix with <literal>'HH'</>/<literal>'HH12'</> (Heikki)
     </para>

     <para>
      It was previously handled as <literal>'th'</> (lowercase).
     </para>
    </listitem>

    <listitem>
     <para>
      Fix overflow for <literal>INTERVAL '<replaceable>x</> ms'</literal>
      when <replaceable>x</> is more than 2 million and integer
      datetimes are in use (Alex Hunsaker)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix calculation of distance between a point and a line segment (Tom)
     </para>

     <para>
      This led to incorrect results from a number of geometric operators.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <type>money</> data type to work in locales where currency
      amounts have no fractional digits, e.g. Japan (Itagaki Takahiro)
     </para>
    </listitem>

    <listitem>
     <para>
      Properly round datetime input like
      <literal>00:12:57.9999999999999999999999999999</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix poor choice of page split point in GiST R-tree operator classes
      (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix portability issues in plperl initialization (Andrew Dunstan)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_ctl</> to not go into an infinite loop if
      <filename>postgresql.conf</> is empty (Jeff Davis)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <filename>contrib/xml2</>'s <function>xslt_process()</> to
      properly handle the maximum number of parameters (twenty) (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve robustness of <application>libpq</>'s code to recover
      from errors during <command>COPY FROM STDIN</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid including conflicting readline and editline header files
      when both libraries are installed (Zdenek Kotala)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2009l
      for DST law changes in Bangladesh, Egypt, Jordan, Pakistan,
      Argentina/San_Luis, Cuba, Jordan (historical correction only),
      Mauritius, Morocco, Palestine, Syria, Tunisia.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-17">
  <title>Release 8.1.17</title>

  <note>
  <title>Release date</title>
  <simpara>2009-03-16</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.16.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.17</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.15,
    see the release notes for 8.1.15.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Prevent error recursion crashes when encoding conversion fails (Tom)
     </para>

     <para>
      This change extends fixes made in the last two minor releases for
      related failure scenarios.  The previous fixes were narrowly tailored
      for the original problem reports, but we have now recognized that
      <emphasis>any</> error thrown by an encoding conversion function could
      potentially lead to infinite recursion while trying to report the
      error.  The solution therefore is to disable translation and encoding
      conversion and report the plain-ASCII form of any error message,
      if we find we have gotten into a recursive error reporting situation.
      (CVE-2009-0922)
     </para>
    </listitem>

    <listitem>
     <para>
      Disallow <command>CREATE CONVERSION</> with the wrong encodings
      for the specified conversion function (Heikki)
     </para>

     <para>
      This prevents one possible scenario for encoding conversion failure.
      The previous change is a backstop to guard against other kinds of
      failures in the same area.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix core dump when <function>to_char()</> is given format codes that
      are inappropriate for the type of the data argument (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix decompilation of <literal>CASE WHEN</> with an implicit coercion
      (Tom)
     </para>

     <para>
      This mistake could lead to Assert failures in an Assert-enabled build,
      or an <quote>unexpected CASE WHEN clause</> error message in other
      cases, when trying to examine or dump a view.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible misassignment of the owner of a TOAST table's rowtype (Tom)
     </para>

     <para>
      If <command>CLUSTER</> or a rewriting variant of <command>ALTER TABLE</>
      were executed by someone other than the table owner, the
      <structname>pg_type</> entry for the table's TOAST table would end up
      marked as owned by that someone.  This caused no immediate problems,
      since the permissions on the TOAST rowtype aren't examined by any
      ordinary database operation.  However, it could lead to unexpected
      failures if one later tried to drop the role that issued the command
      (in 8.1 or 8.2), or <quote>owner of data type appears to be invalid</>
      warnings from <application>pg_dump</> after having done so (in 8.3).
     </para>
    </listitem>

    <listitem>
     <para>
      Clean up PL/pgSQL error status variables fully at block exit
      (Ashesh Vashi and Dave Page)
     </para>

     <para>
      This is not a problem for PL/pgSQL itself, but the omission could cause
      the PL/pgSQL Debugger to crash while examining the state of a function.
     </para>
    </listitem>

    <listitem>
     <para>
      Add <literal>MUST</> (Mauritius Island Summer Time) to the default list
      of known timezone abbreviations (Xavier Bugaud)
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-16">
  <title>Release 8.1.16</title>

  <note>
  <title>Release date</title>
  <simpara>2009-02-02</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.15.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.16</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.15,
    see the release notes for 8.1.15.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Fix crash in autovacuum (Alvaro)
     </para>

     <para>
      The crash occurs only after vacuuming a whole database for
      anti-transaction-wraparound purposes, which means that it occurs
      infrequently and is hard to track down.
     </para>
    </listitem>

    <listitem>
     <para>
      Improve handling of URLs in <function>headline()</> function (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve handling of overlength headlines in <function>headline()</>
      function (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent possible Assert failure or misconversion if an encoding
      conversion is created with the wrong conversion function for the
      specified pair of encodings (Tom, Heikki)
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid unnecessary locking of small tables in <command>VACUUM</>
      (Heikki)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure that the contents of a holdable cursor don't depend on the
      contents of TOAST tables (Tom)
     </para>

     <para>
      Previously, large field values in a cursor result might be represented
      as TOAST pointers, which would fail if the referenced table got dropped
      before the cursor is read, or if the large value is deleted and then
      vacuumed away.  This cannot happen with an ordinary cursor,
      but it could with a cursor that is held past its creating transaction.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix uninitialized variables in <filename>contrib/tsearch2</>'s
      <function>get_covers()</> function (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>configure</> script to properly report failure when
      unable to obtain linkage information for PL/Perl (Andrew)
     </para>
    </listitem>

    <listitem>
     <para>
      Make all documentation reference <literal>pgsql-bugs</> and/or
      <literal>pgsql-hackers</> as appropriate, instead of the
      now-decommissioned <literal>pgsql-ports</> and <literal>pgsql-patches</>
      mailing lists (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2009a (for
      Kathmandu and historical DST corrections in Switzerland, Cuba)
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-15">
  <title>Release 8.1.15</title>

  <note>
  <title>Release date</title>
  <simpara>2008-11-03</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.14.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.15</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.  Also, if you were running a previous
    8.1.X release, it is recommended to <command>REINDEX</> all GiST
    indexes after the upgrade.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Fix GiST index corruption due to marking the wrong index entry
      <quote>dead</> after a deletion (Teodor)
     </para>

     <para>
      This would result in index searches failing to find rows they
      should have found.  Corrupted indexes can be fixed with
      <command>REINDEX</>.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix backend crash when the client encoding cannot represent a localized
      error message (Tom)
     </para>

     <para>
      We have addressed similar issues before, but it would still fail if
      the <quote>character has no equivalent</> message itself couldn't
      be converted.  The fix is to disable localization and send the plain
      ASCII error message when we detect such a situation.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible crash when deeply nested functions are invoked from
      a trigger (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix mis-expansion of rule queries when a sub-<literal>SELECT</> appears
      in a function call in <literal>FROM</>,  a multi-row <literal>VALUES</>
      list, or a <literal>RETURNING</> list (Tom)
     </para>

     <para>
      The usual symptom of this problem is an <quote>unrecognized node type</>
      error.
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure an error is reported when a newly-defined PL/pgSQL trigger
      function is invoked as a normal function (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent possible collision of <structfield>relfilenode</> numbers
      when moving a table to another tablespace with <command>ALTER SET
      TABLESPACE</> (Heikki)
     </para>

     <para>
      The command tried to re-use the existing filename, instead of
      picking one that is known unused in the destination directory.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix incorrect tsearch2 headline generation when single query
      item matches first word of text (Sushant Sinha)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix improper display of fractional seconds in interval values when
      using a non-ISO datestyle in an <option>--enable-integer-datetimes</>
      build (Ron Mayer)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure <function>SPI_getvalue</> and <function>SPI_getbinval</>
      behave correctly when the passed tuple and tuple descriptor have
      different numbers of columns (Tom)
     </para>

     <para>
      This situation is normal when a table has had columns added or removed,
      but these two functions didn't handle it properly.
      The only likely consequence is an incorrect error indication.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>ecpg</>'s parsing of <command>CREATE ROLE</> (Michael)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix recent breakage of <literal>pg_ctl restart</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2008i (for
      DST law changes in Argentina, Brazil, Mauritius, Syria)
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-14">
  <title>Release 8.1.14</title>

  <note>
  <title>Release date</title>
  <simpara>2008-09-22</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.13.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.14</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Widen local lock counters from 32 to 64 bits (Tom)
     </para>

     <para>
      This responds to reports that the counters could overflow in
      sufficiently long transactions, leading to unexpected <quote>lock is
      already held</> errors.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible duplicate output of tuples during a GiST index scan (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Add checks in executor startup to ensure that the tuples produced by an
      <command>INSERT</> or <command>UPDATE</> will match the target table's
      current rowtype (Tom)
     </para>

     <para>
      <command>ALTER COLUMN TYPE</>, followed by re-use of a previously
      cached plan, could produce this type of situation.  The check protects
      against data corruption and/or crashes that could ensue.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <literal>AT TIME ZONE</> to first try to interpret its timezone
      argument as a timezone abbreviation, and only try it as a full timezone
      name if that fails, rather than the other way around as formerly (Tom)
     </para>

     <para>
      The timestamp input functions have always resolved ambiguous zone names
      in this order.  Making <literal>AT TIME ZONE</> do so as well improves
      consistency, and fixes a compatibility bug introduced in 8.1:
      in ambiguous cases we now behave the same as 8.0 and before did,
      since in the older versions <literal>AT TIME ZONE</> accepted
      <emphasis>only</> abbreviations.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix datetime input functions to correctly detect integer overflow when
      running on a 64-bit platform (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve performance of writing very long log messages to syslog (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix bug in backwards scanning of a cursor on a <literal>SELECT DISTINCT
      ON</> query (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix planner bug with nested sub-select expressions (Tom)
     </para>

     <para>
      If the outer sub-select has no direct dependency on the parent query,
      but the inner one does, the outer value might not get recalculated
      for new parent query rows.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix planner to estimate that <literal>GROUP BY</> expressions yielding
      boolean results always result in two groups, regardless of the
      expressions' contents (Tom)
     </para>

     <para>
      This is very substantially more accurate than the regular <literal>GROUP
      BY</> estimate for certain boolean tests like <replaceable>col</>
      <literal>IS NULL</>.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix PL/pgSQL to not fail when a <literal>FOR</> loop's target variable
      is a record containing composite-type fields (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful
      about the encoding of data sent to or from Tcl (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix PL/Python to work with Python 2.5
     </para>

     <para>
      This is a back-port of fixes made during the 8.2 development cycle.
     </para>
    </listitem>

    <listitem>
     <para>
      Improve <application>pg_dump</> and <application>pg_restore</>'s
      error reporting after failure to send a SQL command (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_ctl</> to properly preserve postmaster
      command-line arguments across a <literal>restart</> (Bruce)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2008f (for
      DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco,
      Pakistan, Palestine, and Paraguay)
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-13">
  <title>Release 8.1.13</title>

  <note>
  <title>Release date</title>
  <simpara>2008-06-12</simpara>
  </note>

  <para>
   This release contains one serious and one minor bug fix over 8.1.12.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.13</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Make <function>pg_get_ruledef()</> parenthesize negative constants (Tom)
     </para>

     <para>
      Before this fix, a negative constant in a view or rule might be dumped
      as, say, <literal>-42::integer</>, which is subtly incorrect: it should
      be <literal>(-42)::integer</> due to operator precedence rules.
      Usually this would make little difference, but it could interact with
      another recent patch to cause
      <productname>PostgreSQL</> to reject what had been a valid
      <command>SELECT DISTINCT</> view query.  Since this could result in
      <application>pg_dump</> output failing to reload, it is being treated
      as a high-priority fix.  The only released versions in which dump
      output is actually incorrect are 8.3.1 and 8.2.7.
     </para>
    </listitem>

    <listitem>
     <para>
      Make <command>ALTER AGGREGATE ... OWNER TO</> update
      <structname>pg_shdepend</> (Tom)
     </para>

     <para>
      This oversight could lead to problems if the aggregate was later
      involved in a <command>DROP OWNED</> or <command>REASSIGN OWNED</>
      operation.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-12">
  <title>Release 8.1.12</title>

  <note>
  <title>Release date</title>
  <simpara>never released</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.11.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.12</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Fix <command>ALTER TABLE ADD COLUMN ... PRIMARY KEY</> so that the new
      column is correctly checked to see if it's been initialized to all
      non-nulls (Brendan Jurd)
     </para>

     <para>
      Previous versions neglected to check this requirement at all.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible <command>CREATE TABLE</> failure when inheriting the
      <quote>same</> constraint from multiple parent relations that
      inherited that constraint from a common ancestor (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix conversions between ISO-8859-5 and other encodings to handle
      Cyrillic <quote>Yo</> characters (<literal>e</> and <literal>E</> with
      two dots) (Sergey Burladyan)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix a few datatype input functions
      that were allowing unused bytes in their results to contain
      uninitialized, unpredictable values (Tom)
     </para>

     <para>
      This could lead to failures in which two apparently identical literal
      values were not seen as equal, resulting in the parser complaining
      about unmatched <literal>ORDER BY</> and <literal>DISTINCT</>
      expressions.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix a corner case in regular-expression substring matching
      (<literal>substring(<replaceable>string</> from
      <replaceable>pattern</>)</literal>) (Tom)
     </para>

     <para>
      The problem occurs when there is a match to the pattern overall but
      the user has specified a parenthesized subexpression and that
      subexpression hasn't got a match.  An example is
      <literal>substring('foo' from 'foo(bar)?')</>.
      This should return NULL, since <literal>(bar)</> isn't matched, but
      it was mistakenly returning the whole-pattern match instead (ie,
      <literal>foo</>).
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2008c (for
      DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba,
      Argentina/San_Luis, and Chile)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix incorrect result from <application>ecpg</>'s
      <function>PGTYPEStimestamp_sub()</> function (Michael)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix core dump in <filename>contrib/xml2</>'s
      <function>xpath_table()</> function when the input query returns a
      NULL value (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <filename>contrib/xml2</>'s makefile to not override
      <literal>CFLAGS</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <literal>DatumGetBool</> macro to not fail with <application>gcc</>
      4.3 (Tom)
     </para>

     <para>
      This problem affects <quote>old style</> (V0) C functions that
      return boolean.  The fix is already in 8.3, but the need to
      back-patch it was not realized at the time.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix longstanding <command>LISTEN</>/<command>NOTIFY</>
      race condition (Tom)
     </para>

     <para>
      In rare cases a session that had just executed a
      <command>LISTEN</> might not get a notification, even though
      one would be expected because the concurrent transaction executing
      <command>NOTIFY</> was observed to commit later.
     </para>

     <para>
      A side effect of the fix is that a transaction that has executed
      a not-yet-committed <command>LISTEN</> command will not see any
      row in <structname>pg_listener</> for the <command>LISTEN</>,
      should it choose to look; formerly it would have.  This behavior
      was never documented one way or the other, but it is possible that
      some applications depend on the old behavior.
     </para>
    </listitem>

    <listitem>
     <para>
      Disallow <command>LISTEN</> and <command>UNLISTEN</> within a
      prepared transaction (Tom)
     </para>

     <para>
      This was formerly allowed but trying to do it had various unpleasant
      consequences, notably that the originating backend could not exit
      as long as an <command>UNLISTEN</> remained uncommitted.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix rare crash when an error occurs during a query using a hash index
      (Heikki)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix input of datetime values for February 29 in years BC (Tom)
     </para>

     <para>
      The former coding was mistaken about which years were leap years.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <quote>unrecognized node type</> error in some variants of
      <command>ALTER OWNER</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_ctl</> to correctly extract the postmaster's port
      number from command-line options (Itagaki Takahiro, Tom)
     </para>

     <para>
      Previously, <literal>pg_ctl start -w</> could try to contact the
      postmaster on the wrong port, leading to bogus reports of startup
      failure.
     </para>
    </listitem>

    <listitem>
     <para>
      Use <option>-fwrapv</> to defend against possible misoptimization
      in recent <application>gcc</> versions (Tom)
     </para>

     <para>
      This is known to be necessary when building <productname>PostgreSQL</>
      with <application>gcc</> 4.3 or later.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix display of constant expressions in <literal>ORDER BY</>
      and <literal>GROUP BY</> (Tom)
     </para>

     <para>
      An explictly casted constant would be shown incorrectly.  This could
      for example lead to corruption of a view definition during
      dump and reload.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>libpq</> to handle NOTICE messages correctly
      during COPY OUT (Tom)
     </para>

     <para>
      This failure has only been observed to occur when a user-defined
      datatype's output routine issues a NOTICE, but there is no
      guarantee it couldn't happen due to other causes.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-11">
  <title>Release 8.1.11</title>

  <note>
  <title>Release date</title>
  <simpara>2008-01-07</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.10,
   including fixes for significant security issues.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <para>
   This is the last 8.1.X release for which the <productname>PostgreSQL</>
   community will produce binary packages for <productname>Windows</>.
   Windows users are encouraged to move to 8.2.X or later,
   since there are Windows-specific fixes in 8.2.X that
   are impractical to back-port.  8.1.X will continue to
   be supported on other platforms.
  </para>

  <sect2>
   <title>Migration to Version 8.1.11</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Prevent functions in indexes from executing with the privileges of
      the user running <command>VACUUM</>, <command>ANALYZE</>, etc (Tom)
     </para>

     <para>
      Functions used in index expressions and partial-index
      predicates are evaluated whenever a new table entry is made.  It has
      long been understood that this poses a risk of trojan-horse code
      execution if one modifies a table owned by an untrustworthy user.
      (Note that triggers, defaults, check constraints, etc. pose the
      same type of risk.)  But functions in indexes pose extra danger
      because they will be executed by routine maintenance operations
      such as <command>VACUUM FULL</>, which are commonly performed
      automatically under a superuser account.  For example, a nefarious user
      can execute code with superuser privileges by setting up a
      trojan-horse index definition and waiting for the next routine vacuum.
      The fix arranges for standard maintenance operations
      (including <command>VACUUM</>, <command>ANALYZE</>, <command>REINDEX</>,
      and <command>CLUSTER</>) to execute as the table owner rather than
      the calling user, using the same privilege-switching mechanism already
      used for <literal>SECURITY DEFINER</> functions.  To prevent bypassing
      this security measure, execution of <command>SET SESSION
      AUTHORIZATION</> and <command>SET ROLE</> is now forbidden within a
      <literal>SECURITY DEFINER</> context.  (CVE-2007-6600)
     </para>
    </listitem>

    <listitem>
     <para>
      Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
     </para>

     <para>
      Suitably crafted regular-expression patterns could cause crashes,
      infinite or near-infinite looping, and/or massive memory consumption,
      all of which pose denial-of-service hazards for applications that
      accept regex search patterns from untrustworthy sources.
      (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
     </para>
    </listitem>

    <listitem>
     <para>
      Require non-superusers who use <filename>/contrib/dblink</> to use only
      password authentication, as a security measure (Joe)
     </para>

     <para>
      The fix that appeared for this in 8.1.10 was incomplete, as it plugged
      the hole for only some <filename>dblink</> functions.  (CVE-2007-6601,
      CVE-2007-3278)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2007k
      (in particular, recent Argentina changes) (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve planner's handling of LIKE/regex estimation in non-C locales
      (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix planner failure in some cases of <literal>WHERE false AND var IN
      (SELECT ...)</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Preserve the tablespace of indexes that are
      rebuilt by <command>ALTER TABLE ... ALTER COLUMN TYPE</> (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Make archive recovery always start a new WAL timeline, rather than only
      when a recovery stop time was used (Simon)
     </para>

     <para>
      This avoids a corner-case risk of trying to overwrite an existing
      archived copy of the last WAL segment, and seems simpler and cleaner
      than the original definition.
     </para>
    </listitem>

    <listitem>
     <para>
      Make <command>VACUUM</> not use all of <varname>maintenance_work_mem</>
      when the table is too small for it to be useful (Alvaro)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix potential crash in <function>translate()</> when using a multibyte
      database encoding (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix overflow in <literal>extract(epoch from interval)</> for intervals
      exceeding 68 years (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix PL/Perl to not fail when a UTF-8 regular expression is used
      in a trusted function (Andrew)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix PL/Perl to cope when platform's Perl defines type <literal>bool</>
      as <literal>int</> rather than <literal>char</> (Tom)
     </para>

     <para>
      While this could theoretically happen anywhere, no standard build of
      Perl did things this way ... until <productname>Mac OS X</> 10.5.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix PL/Python to not crash on long exception messages (Alvaro)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_dump</> to correctly handle inheritance child tables
      that have default expressions different from their parent's (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>libpq</> crash when <varname>PGPASSFILE</> refers
      to a file that is not a plain file (Martin Pitt)
     </para>
    </listitem>

    <listitem>
     <para>
      <application>ecpg</> parser fixes (Michael)
     </para>
    </listitem>

    <listitem>
     <para>
      Make <filename>contrib/pgcrypto</> defend against
      <application>OpenSSL</> libraries that fail on keys longer than 128
      bits; which is the case at least on some Solaris versions (Marko Kreen)
     </para>
    </listitem>

    <listitem>
     <para>
      Make <filename>contrib/tablefunc</>'s <function>crosstab()</> handle
      NULL rowid as a category in its own right, rather than crashing (Joe)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <type>tsvector</> and <type>tsquery</> output routines to
      escape backslashes correctly (Teodor, Bruce)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix crash of <function>to_tsvector()</> on huge input strings (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Require a specific version of <productname>Autoconf</> to be used
      when re-generating the <command>configure</> script (Peter)
     </para>

     <para>
      This affects developers and packagers only.  The change was made
      to prevent accidental use of untested combinations of
      <productname>Autoconf</> and <productname>PostgreSQL</> versions.
      You can remove the version check if you really want to use a
      different <productname>Autoconf</> version, but it's
      your responsibility whether the result works or not.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-10">
  <title>Release 8.1.10</title>

  <note>
  <title>Release date</title>
  <simpara>2007-09-17</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.9.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.10</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Prevent index corruption when a transaction inserts rows and
      then aborts close to the end of a concurrent <command>VACUUM</>
      on the same table (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Make <command>CREATE DOMAIN ... DEFAULT NULL</> work properly (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Allow the <type>interval</> data type to accept input consisting only of
      milliseconds or microseconds (Neil)
     </para>
    </listitem>

    <listitem>
     <para>
      Speed up rtree index insertion (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix excessive logging of <acronym>SSL</> error messages (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix logging so that log messages are never interleaved when using
      the syslogger process (Andrew)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix crash when <varname>log_min_error_statement</> logging runs out
      of memory (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix incorrect handling of some foreign-key corner cases (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent <command>REINDEX</> and <command>CLUSTER</> from failing
      due to attempting to process temporary tables of other sessions (Alvaro)
     </para>
    </listitem>

    <listitem>
     <para>
      Update the time zone database rules, particularly New Zealand's upcoming changes (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Windows socket improvements (Magnus)
     </para>
    </listitem>

    <listitem>
     <para>
      Suppress timezone name (<literal>%Z</>) in log timestamps on Windows
      because of possible encoding mismatches (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Require non-superusers who use <filename>/contrib/dblink</> to use only
      password authentication, as a security measure (Joe)
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-9">
  <title>Release 8.1.9</title>

  <note>
  <title>Release date</title>
  <simpara>2007-04-23</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.8,
   including a security fix.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.9</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
    <para>
     Support explicit placement of the temporary-table schema within
     <varname>search_path</>, and disable searching it for functions
     and operators (Tom)
    </para>
    <para>
     This is needed to allow a security-definer function to set a
     truly secure value of <varname>search_path</>.  Without it,
     an unprivileged SQL user can use temporary objects to execute code
     with the privileges of the security-definer function (CVE-2007-2138).
     See <command>CREATE FUNCTION</> for more information.
    </para>
    </listitem>

    <listitem>
    <para>
     <filename>/contrib/tsearch2</> crash fixes (Teodor)
    </para>
    </listitem>

    <listitem>
    <para>
     Require <command>COMMIT PREPARED</> to be executed in the same
     database as the transaction was prepared in (Heikki)
    </para>
    </listitem>

    <listitem>
    <para>
     Fix potential-data-corruption bug in how <command>VACUUM FULL</> handles
     <command>UPDATE</> chains (Tom, Pavan Deolasee)
    </para>
    </listitem>

    <listitem>
    <para>
     Planner fixes, including improving outer join and bitmap scan
     selection logic (Tom)
    </para>
    </listitem>

    <listitem>
    <para>
     Fix PANIC during enlargement of a hash index (bug introduced in 8.1.6)
     (Tom)
    </para>
    </listitem>

    <listitem>
    <para>
     Fix POSIX-style timezone specs to follow new USA DST rules (Tom)
    </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-8">
  <title>Release 8.1.8</title>

  <note>
  <title>Release date</title>
  <simpara>2007-02-07</simpara>
  </note>

  <para>
   This release contains one fix from 8.1.7.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.8</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
    <para>
     Remove overly-restrictive check for type length in constraints and
     functional indexes(Tom)
    </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-7">
  <title>Release 8.1.7</title>

  <note>
  <title>Release date</title>
  <simpara>2007-02-05</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.6, including
   a security fix.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.7</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
    <para>
     Remove security vulnerabilities that allowed connected users
     to read backend memory (Tom)
    </para>
    <para>
     The vulnerabilities involve suppressing the normal check that a SQL
     function returns the data type it's declared to, and changing the
     data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
     errors can easily be exploited to cause a backend crash, and in
     principle might be used to read database content that the user
     should not be able to access.
    </para>
    </listitem>

    <listitem>
    <para>
     Fix rare bug wherein btree index page splits could fail
     due to choosing an infeasible split point (Heikki Linnakangas)
    </para>
    </listitem>

    <listitem>
    <para>
     Improve <command>VACUUM</> performance for databases with many tables (Tom)
    </para>
    </listitem>

    <listitem>
    <para>
     Fix autovacuum to avoid leaving non-permanent transaction IDs in
     non-connectable databases (Alvaro)
    </para>

    <para>
     This bug affects the 8.1 branch only.
    </para>
    </listitem>

    <listitem>
    <para>
     Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
    </para>
    </listitem>

    <listitem>
    <para>
     Tighten security of multi-byte character processing for UTF8 sequences
     over three bytes long (Tom)
    </para>
    </listitem>

    <listitem>
    <para>
     Fix bogus <quote>permission denied</> failures occurring on Windows
     due to attempts to fsync already-deleted files (Magnus, Tom)
    </para>
    </listitem>

    <listitem>
    <para>
     Fix possible crashes when an already-in-use PL/pgSQL function is
     updated (Tom)
    </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-6">
  <title>Release 8.1.6</title>

  <note>
  <title>Release date</title>
  <simpara>2007-01-08</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.5.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.6</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Improve handling of <function>getaddrinfo()</> on AIX (Tom)
     </para>

     <para>
      This fixes a problem with starting the statistics collector,
      among other things.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_restore</> to handle a tar-format backup
      that contains large objects (blobs) with comments (Tom)
     </para>
    </listitem>

     <listitem>
      <para>
       Fix <quote>failed to re-find parent key</> errors in
       <command>VACUUM</> (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Clean out <filename>pg_internal.init</> cache files during server
       restart (Simon)
      </para>

      <para>
       This avoids a hazard that the cache files might contain stale
       data after PITR recovery.
      </para>
     </listitem>

     <listitem>
      <para>
       Fix race condition for truncation of a large relation across a
       gigabyte boundary by <command>VACUUM</> (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Fix bug causing needless deadlock errors on row-level locks (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Fix bugs affecting multi-gigabyte hash indexes (Tom)
      </para>
     </listitem>

    <listitem>
     <para>
      Fix possible deadlock in Windows signal handling (Teodor)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix error when constructing an <literal>ARRAY[]</> made up of multiple
      empty elements (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix ecpg memory leak during connection (Michael)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix for Darwin (OS X) compilation (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      <function>to_number()</> and <function>to_char(numeric)</>
      are now <literal>STABLE</>, not <literal>IMMUTABLE</>, for
      new <application>initdb</> installs (Tom)
     </para>

     <para>
      This is because <varname>lc_numeric</> can potentially
      change the output of these functions.
     </para>
    </listitem>

    <listitem>
     <para>
      Improve index usage of regular expressions that use parentheses (Tom)
     </para>

     <para>
      This improves <application>psql</> <literal>\d</> performance also.
     </para>
    </listitem>

    <listitem>
     <para>
      Update timezone database
     </para>

     <para>
      This affects Australian and Canadian daylight-savings rules in
      particular.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-5">
  <title>Release 8.1.5</title>

  <note>
  <title>Release date</title>
  <simpara>2006-10-16</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.4.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.5</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

<itemizedlist>
<listitem><para>Disallow aggregate functions in <command>UPDATE</>
commands, except within sub-SELECTs (Tom)</para>
<para>The behavior of such an aggregate was unpredictable, and in 8.1.X
could cause a crash, so it has been disabled.  The SQL standard does not allow
this either.</para></listitem>
<listitem><para>Fix core dump when an untyped literal is taken as
ANYARRAY</para></listitem>
<listitem><para>Fix core dump in duration logging for extended query protocol
when a <command>COMMIT</> or <command>ROLLBACK</> is
executed</para></listitem>
<listitem><para>Fix mishandling of AFTER triggers when query contains a SQL
function returning multiple rows (Tom)</para></listitem>
<listitem><para>Fix <command>ALTER TABLE ... TYPE</> to recheck
<literal>NOT NULL</> for <literal>USING</> clause (Tom)</para></listitem>
<listitem><para>Fix <function>string_to_array()</> to handle overlapping
 matches for the separator string</para>
<para>For example, <literal>string_to_array('123xx456xxx789', 'xx')</>.
</para></listitem>
<listitem><para>Fix <function>to_timestamp()</> for
<literal>AM</>/<literal>PM</> formats (Bruce)</para></listitem>
<listitem><para>Fix autovacuum's calculation that decides whether
 <command>ANALYZE</> is needed (Alvaro)</para></listitem>
<listitem><para>Fix corner cases in pattern matching for
 <application>psql</>'s <literal>\d</> commands</para></listitem>
<listitem><para>Fix index-corrupting bugs in /contrib/ltree
 (Teodor)</para></listitem>
<listitem><para>Numerous robustness fixes in <application>ecpg</> (Joachim
Wieland)</para></listitem>
<listitem><para>Fix backslash escaping in /contrib/dbmirror</para></listitem>
<listitem><para>Minor fixes in /contrib/dblink and /contrib/tsearch2</para>
</listitem>
<listitem><para>Efficiency improvements in hash tables and bitmap index scans
(Tom)</para></listitem>
<listitem><para>Fix instability of statistics collection on Windows (Tom, Andrew)</para></listitem>
<listitem><para>Fix <varname>statement_timeout</> to use the proper
units on Win32 (Bruce)</para>
<para>In previous Win32 8.1.X versions, the delay was off by a factor of
100.</para></listitem>
<listitem><para>Fixes for <acronym>MSVC</> and <productname>Borland C++</>
compilers (Hiroshi Saito)</para></listitem>
<listitem><para>Fixes for <systemitem class="osname">AIX</> and
<productname>Intel</> compilers (Tom)</para></listitem>
<listitem><para>Fix rare bug in continuous archiving (Tom)</para></listitem>
</itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-4">
  <title>Release 8.1.4</title>

  <note>
  <title>Release date</title>
  <simpara>2006-05-23</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.3,
   including patches for extremely serious security issues.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.4</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>

   <para>
    Full security against the SQL-injection attacks described in
    CVE-2006-2313 and CVE-2006-2314 might require changes in application
    code.  If you have applications that embed untrustworthy strings
    into SQL commands, you should examine them as soon as possible to
    ensure that they are using recommended escaping techniques.  In
    most cases, applications should be using subroutines provided by
    libraries or drivers (such as <application>libpq</>'s
    <function>PQescapeStringConn()</>) to perform string escaping,
    rather than relying on <foreignphrase>ad hoc</> code to do it.
   </para>
  </sect2>

  <sect2>
   <title>Changes</title>

<itemizedlist>
<listitem><para>Change the server to reject invalidly-encoded multibyte
characters in all cases (Tatsuo, Tom)</para>
<para>While <productname>PostgreSQL</> has been moving in this direction for
some time, the checks are now applied uniformly to all encodings and all
textual input, and are now always errors not merely warnings.  This change
defends against SQL-injection attacks of the type described in CVE-2006-2313.
</para></listitem>

<listitem><para>Reject unsafe uses of <literal>\'</> in string literals</para>
<para>As a server-side defense against SQL-injection attacks of the type
described in CVE-2006-2314, the server now only accepts <literal>''</> and not
<literal>\'</> as a representation of ASCII single quote in SQL string
literals.  By default, <literal>\'</> is rejected only when
<varname>client_encoding</> is set to a client-only encoding (SJIS, BIG5, GBK,
GB18030, or UHC), which is the scenario in which SQL injection is possible.
A new configuration parameter <varname>backslash_quote</> is available to
adjust this behavior when needed.  Note that full security against
CVE-2006-2314 might require client-side changes; the purpose of
<varname>backslash_quote</> is in part to make it obvious that insecure
clients are insecure.
</para></listitem>

<listitem><para>Modify <application>libpq</>'s string-escaping routines to be
aware of encoding considerations and
<varname>standard_conforming_strings</></para>
<para>This fixes <application>libpq</>-using applications for the security
issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs
them against the planned changeover to SQL-standard string literal syntax.
Applications that use multiple <productname>PostgreSQL</> connections
concurrently should migrate to <function>PQescapeStringConn()</> and
<function>PQescapeByteaConn()</> to ensure that escaping is done correctly
for the settings in use in each database connection.  Applications that
do string escaping <quote>by hand</> should be modified to rely on library
routines instead.
</para></listitem>

<listitem><para>Fix weak key selection in pgcrypto (Marko Kreen)</para>
<para>Errors in fortuna PRNG reseeding logic could cause a predictable
session key to be selected by <function>pgp_sym_encrypt()</> in some cases.
This only affects non-OpenSSL-using builds.
</para></listitem>

<listitem><para>Fix some incorrect encoding conversion functions</para>
<para><function>win1251_to_iso</>, <function>win866_to_iso</>,
<function>euc_tw_to_big5</>, <function>euc_tw_to_mic</>,
<function>mic_to_euc_tw</> were all broken to varying
extents.
</para></listitem>

<listitem><para>Clean up stray remaining uses of <literal>\'</> in strings
(Bruce, Jan)</para></listitem>

<listitem><para>Make autovacuum visible in <structname>pg_stat_activity</>
(Alvaro)</para></listitem>

<listitem><para>Disable <literal>full_page_writes</> (Tom)</para>
<para>In certain cases, having <literal>full_page_writes</> off would cause
crash recovery to fail.  A proper fix will appear in 8.2; for now it's just
disabled.
</para></listitem>

<listitem><para>Various planner fixes, particularly for bitmap index scans and
MIN/MAX optimization (Tom)</para></listitem>

<listitem><para>Fix incorrect optimization in merge join (Tom)</para>
<para>Outer joins could sometimes emit multiple copies of unmatched rows.
</para></listitem>

<listitem><para>Fix crash from using and modifying a plpgsql function in the
same transaction</para></listitem>

<listitem><para>Fix WAL replay for case where a B-Tree index has been
truncated</para></listitem>

<listitem><para>Fix <literal>SIMILAR TO</> for patterns involving
<literal>|</> (Tom)</para></listitem>

<listitem><para>Fix <command>SELECT INTO</> and <command>CREATE TABLE AS</> to
create tables in the default tablespace, not the base directory (Kris
Jurka)</para></listitem>

<listitem><para>Fix server to use custom DH SSL parameters correctly (Michael
Fuhr)</para></listitem>

<listitem><para>Improve qsort performance (Dann Corbit)</para>
<para>Currently this code is only used on Solaris.
</para></listitem>

<listitem><para>Fix for OS/X Bonjour on x86 systems (Ashley Clark)</para></listitem>

<listitem><para>Fix various minor memory leaks</para></listitem>

<listitem><para>Fix problem with password prompting on some Win32 systems
(Robert Kinberg)</para></listitem>

<listitem><para>Improve <application>pg_dump</>'s handling of default values
for domains</para></listitem>

<listitem><para>Fix <application>pg_dumpall</> to handle identically-named
users and groups reasonably (only possible when dumping from a pre-8.1 server)
(Tom)</para>
<para>The user and group will be merged into a single role with
<literal>LOGIN</> permission.  Formerly the merged role wouldn't have
<literal>LOGIN</> permission, making it unusable as a user.
</para></listitem>

<listitem><para>Fix <application>pg_restore</> <literal>-n</> to work as
documented (Tom)</para></listitem>
</itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-3">
  <title>Release 8.1.3</title>

  <note>
  <title>Release date</title>
  <simpara>2006-02-14</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.2,
   including one very serious security issue.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.3</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, if you are upgrading from a version earlier than 8.1.2,
    see the release notes for 8.1.2.
   </para>
  </sect2>

  <sect2>
   <title>Changes</title>

<itemizedlist>

<listitem><para>Fix bug that allowed any logged-in user to <command>SET
ROLE</> to any other database user id (CVE-2006-0553)</para>
<para>Due to inadequate validity checking, a user could exploit the special
case that <command>SET ROLE</> normally uses to restore the previous role
setting after an error.  This allowed ordinary users to acquire superuser
status, for example.
The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, in all releases back to 7.3 there is a related bug in <command>SET
SESSION AUTHORIZATION</> that allows unprivileged users to crash the server,
if it has been compiled with Asserts enabled (which is not the default).
Thanks to Akio Ishida for reporting this problem.
</para></listitem>

<listitem><para>Fix bug with row visibility logic in self-inserted
rows (Tom)</para>
<para>Under rare circumstances a row inserted by the current command
could be seen as already valid, when it should not be.  Repairs bug
created in 8.0.4, 7.4.9, and 7.3.11 releases.
</para></listitem>

<listitem><para>Fix race condition that could lead to <quote>file already
exists</> errors during pg_clog and pg_subtrans file creation
(Tom)</para></listitem>

<listitem><para>Fix cases that could lead to crashes if a cache-invalidation
message arrives at just the wrong time (Tom)</para></listitem>

<listitem><para>Properly check <literal>DOMAIN</> constraints for
<literal>UNKNOWN</> parameters in prepared statements
(Neil)</para></listitem>

<listitem><para>Ensure <command>ALTER COLUMN TYPE</> will process
<literal>FOREIGN KEY</>, <literal>UNIQUE</>, and <literal>PRIMARY KEY</>
constraints in the proper order (Nakano Yoshihisa)</para></listitem>

<listitem><para>Fixes to allow restoring dumps that have cross-schema
references to custom operators or operator classes (Tom)</para></listitem>

<listitem><para>Allow <application>pg_restore</> to continue properly after a
<command>COPY</> failure; formerly it tried to treat the remaining
<command>COPY</> data as SQL commands (Stephen Frost)</para></listitem>

<listitem><para>Fix <application>pg_ctl</> <literal>unregister</> crash
when the  data directory is not specified (Magnus)</para></listitem>

<listitem><para>Fix <application>libpq</> <function>PQprint</> HTML tags
(Christoph Zwerschke)</para></listitem>

<listitem><para>Fix <application>ecpg</> crash on AMD64 and PPC
(Neil)</para></listitem>

<listitem><para>Allow <literal>SETOF</> and <literal>%TYPE</> to be used
together in function result type declarations</para></listitem>

<listitem><para>Recover properly if error occurs during argument passing
in <application>PL/python</> (Neil)</para></listitem>

<listitem><para>Fix memory leak in <function>plperl_return_next</>
(Neil)</para></listitem>

<listitem><para>Fix <application>PL/perl</>'s handling of locales on
Win32 to match the backend (Andrew)</para></listitem>

<listitem><para>Various optimizer fixes (Tom)</para></listitem>

<listitem><para>Fix crash when <literal>log_min_messages</> is set to
<literal>DEBUG3</> or above in <filename>postgresql.conf</> on Win32
(Bruce)</para></listitem>

<listitem><para>Fix <application>pgxs</> <literal>-L</> library path
specification for Win32, Cygwin, OS X, AIX (Bruce)</para></listitem>

<listitem><para>Check that SID is enabled while checking for Win32 admin
privileges (Magnus)</para></listitem>

<listitem><para>Properly reject out-of-range date inputs (Kris
Jurka)</para></listitem>

<listitem><para>Portability fix for testing presence of <function>finite</>
and <function>isinf</> during configure (Tom)</para></listitem>

<listitem><para>Improve speed of <command>COPY IN</> via libpq, by
avoiding a kernel call per data line (Alon Goldshuv)</para></listitem>

<listitem><para>Improve speed of <filename>/contrib/tsearch2</> index
creation (Tom)</para></listitem>

</itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-2">
  <title>Release 8.1.2</title>

  <note>
  <title>Release date</title>
  <simpara>2006-01-09</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.1.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.2</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
    However, you might need to <command>REINDEX</> indexes on textual
    columns after updating, if you are affected by the locale or
    <application>plperl</> issues described below.
   </para>
  </sect2>

  <sect2>
   <title>Changes</title>

<itemizedlist>

<listitem><para>Fix Windows code so that postmaster will continue rather
than exit if there is no more room in ShmemBackendArray (Magnus)</para>
<para>The previous behavior could lead to a denial-of-service situation if too
many connection requests arrive close together.  This applies
<emphasis>only</> to the Windows port.</para></listitem>

<listitem><para>Fix bug introduced in 8.0 that could allow ReadBuffer
to return an already-used page as new, potentially causing loss of
recently-committed data (Tom)</para></listitem>

<listitem><para>Fix for protocol-level Describe messages issued
outside a transaction or in a failed transaction (Tom)</para></listitem>

<listitem><para>Fix character string comparison for locales that consider
different character combinations as equal, such as Hungarian (Tom)</para>
<para>This might require <command>REINDEX</> to fix existing indexes on
textual columns.</para></listitem>

<listitem><para>Set locale environment variables during postmaster startup
to ensure that <application>plperl</> won't change the locale later</para>
<para>This fixes a problem that occurred if the <application>postmaster</> was
started with environment variables specifying a different locale than what
<application>initdb</> had been told.  Under these conditions, any use of
<application>plperl</> was likely to lead to corrupt indexes.  You might need
<command>REINDEX</> to fix existing indexes on
textual columns if this has happened to you.</para></listitem>

<listitem><para>Allow more flexible relocation of installation
directories (Tom)</para>
<para>Previous releases supported relocation only if all installation
directory paths were the same except for the last component.</para></listitem>

<listitem><para>Prevent crashes caused by the use of
<literal>ISO-8859-5</> and <literal>ISO-8859-9</> encodings
(Tatsuo)</para></listitem>

<listitem><para>Fix longstanding bug in strpos() and regular expression
handling in certain rarely used Asian multi-byte character sets (Tatsuo)
</para></listitem>

<listitem><para>Fix bug where COPY CSV mode considered any
<literal>\.</> to terminate the copy data</para> <para>The new code
requires <literal>\.</> to appear alone on a line, as per
documentation.</para></listitem>

<listitem><para>Make COPY CSV mode quote a literal data value of
<literal>\.</> to ensure it cannot be interpreted as the
end-of-data marker (Bruce)</para></listitem>

<listitem><para>Various fixes for functions returning <literal>RECORD</>s
(Tom) </para></listitem>

<listitem><para>Fix processing of <filename>postgresql.conf</> so a
final line with no newline is processed properly (Tom)
</para></listitem>

<listitem><para>Fix bug in <filename>/contrib/pgcrypto</> gen_salt,
which caused it not to use all available salt space for MD5 and
XDES algorithms (Marko Kreen, Solar Designer)</para>
<para>Salts for Blowfish and standard DES are unaffected.</para></listitem>

<listitem><para>Fix autovacuum crash when processing expression indexes
</para></listitem>

<listitem><para>Fix <filename>/contrib/dblink</> to throw an error,
rather than crashing, when the number of columns specified is different from
what's actually returned by the query (Joe)</para></listitem>

</itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1-1">
  <title>Release 8.1.1</title>

  <note>
  <title>Release date</title>
  <simpara>2005-12-12</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 8.1.0.
   For information about new features in the 8.1 major release, see
   <xref linkend="release-8-1">.
  </para>

  <sect2>
   <title>Migration to Version 8.1.1</title>

   <para>
    A dump/restore is not required for those running 8.1.X.
   </para>
  </sect2>

  <sect2>
   <title>Changes</title>

<itemizedlist>
<listitem><para>Fix incorrect optimizations of outer-join conditions
(Tom)</para></listitem>

<listitem><para>Fix problems with wrong reported column names in cases
involving sub-selects flattened by the optimizer (Tom)</para></listitem>

<listitem><para>Fix update failures in scenarios involving CHECK constraints,
toasted columns, <emphasis>and</> indexes (Tom)</para></listitem>

<listitem><para>Fix bgwriter problems after recovering from errors
(Tom)</para>
<para>
The background writer was found to leak buffer pins after write errors.
While not fatal in itself, this might lead to mysterious blockages of
later VACUUM commands.
</para>
</listitem>

<listitem><para>Prevent failure if client sends Bind protocol message
when current transaction is already aborted</para></listitem>

<listitem><para><filename>/contrib/tsearch2</> and <filename>/contrib/ltree</>
fixes (Teodor)</para></listitem>

<listitem><para>Fix problems with translated error messages in
languages that require word reordering, such as Turkish; also problems with
unexpected truncation of output strings and wrong display of the smallest
possible bigint value (Andrew, Tom)</para>
<para>
These problems only appeared on platforms that were using our
<filename>port/snprintf.c</> code, which includes BSD variants if
<literal>--enable-nls</> was given, and perhaps others.  In addition,
a different form of the translated-error-message problem could appear
on Windows depending on which version of <filename>libintl</> was used.
</para></listitem>

<listitem><para>Re-allow <literal>AM</>/<literal>PM</>, <literal>HH</>,
<literal>HH12</>, and <literal>D</> format specifiers for
<function>to_char(time)</> and <function>to_char(interval)</>.
(<function>to_char(interval)</> should probably use
<literal>HH24</>.) (Bruce)</para></listitem>

<listitem><para>AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi
Saito)</para></listitem>

<listitem><para>Optimizer improvements (Tom)</para></listitem>

<listitem><para>Retry file reads and writes after Windows
NO_SYSTEM_RESOURCES error (Qingqing Zhou)</para></listitem>

<listitem><para>Prevent <application>autovacuum</> from crashing during
ANALYZE of expression index (Alvaro)</para></listitem>

<listitem><para>Fix problems with ON COMMIT DELETE ROWS temp
tables</para></listitem>

<listitem><para>Fix problems when a trigger alters the output of a SELECT
DISTINCT query</para></listitem>

<listitem><para>Add 8.1.0 release note item on how to migrate invalid
<literal>UTF-8</> byte sequences (Paul Lindner)</para></listitem>
</itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-8-1">
  <title>Release 8.1</title>

  <note>
   <title>Release date</title>
   <simpara>2005-11-08</simpara>
  </note>

  <sect2>
   <title>Overview</title>

   <para>
    Major changes in this release:
   </para>

   <variablelist>

    <varlistentry>
     <term>
      Improve concurrent access to the shared buffer cache (Tom)
     </term>

     <listitem>
      <para>
       Access to the shared buffer cache was identified as a
       significant scalability problem, particularly on multi-CPU
       systems. In this release, the way that locking is done in the
       buffer manager has been overhauled to reduce lock contention
       and improve scalability. The buffer manager has also been
       changed to use a <quote>clock sweep</quote> replacement
       policy.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Allow index scans to use an intermediate in-memory bitmap (Tom)
     </term>

     <listitem>
      <para>
       In previous releases, only a single index could be used to do
       lookups on a table. With this feature, if a query has
       <command>WHERE tab.col1 = 4 and tab.col2 = 9</>, and there is
       no multicolumn index on <literal>col1</> and <literal>col2</>,
       but there is an index on <literal>col1</> and another on
       <literal>col2</>, it is possible to search both indexes and
       combine the results in memory, then do heap fetches for only
       the rows matching both the <literal>col1</> and
       <literal>col2</> restrictions. This is very useful in
       environments that have a lot of unstructured queries where it
       is impossible to create indexes that match all possible access
       conditions.  Bitmap scans are useful even with a single index,
       as they reduce the amount of random access needed; a bitmap
       index scan is efficient for retrieving fairly large fractions
       of the complete table, whereas plain index scans are not.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Add two-phase commit (Heikki Linnakangas, Alvaro, Tom)
     </term>

     <listitem>
      <para>
       Two-phase commit allows transactions to be "prepared" on several
       computers, and once all computers have successfully prepared
       their transactions (none failed), all transactions can be
       committed. Even if a machine crashes after a prepare, the
       prepared transaction can be committed after the machine is
       restarted. New syntax includes <command>PREPARE TRANSACTION</> and
       <command>COMMIT/ROLLBACK PREPARED</>. A new system view
       <literal>pg_prepared_xacts</> has also been added.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Create a new role system that replaces users and groups
      (Stephen Frost)
     </term>

     <listitem>
      <para>
       Roles are a combination of users and groups. Like users, they
       can have login capability, and like groups, a role can have
       other roles as members. Roles basically remove the distinction
       between users and groups. For example, a role can:
      </para>

      <itemizedlist>

       <listitem>
        <para>
          Have login capability (optionally)
        </para>
       </listitem>

       <listitem>
        <para>
         Own objects
        </para>
       </listitem>

       <listitem>
        <para>
         Hold access permissions for database objects
        </para>
       </listitem>

       <listitem>
        <para>
         Inherit permissions from other roles it is a member of
        </para>
       </listitem>

      </itemizedlist>
      <para>
       Once a user logs into a role, she obtains capabilities of
       the login role plus any inherited roles, and can use
       <command>SET ROLE</> to switch to other roles she is a member of.
       This feature is a generalization of the SQL standard's concept of
       roles.
       This change also replaces <structname>pg_shadow</> and
       <structname>pg_group</> by new role-capable catalogs
       <structname>pg_authid</> and <structname>pg_auth_members</>. The old
       tables are redefined as read-only views on the new role tables.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Automatically use indexes for <function>MIN()</> and
      <function>MAX()</> (Tom)
     </term>

     <listitem>
      <para>
       In previous releases, the only way to use an index for
       <function>MIN()</> or <function>MAX()</> was to rewrite the
       query as <command>SELECT col FROM tab ORDER BY col LIMIT 1</>.
       Index usage now happens automatically.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Move <filename>/contrib/pg_autovacuum</> into the main server
      (Alvaro)
     </term>

     <listitem>
      <para>
       Integrating autovacuum into the server allows it to be
       automatically started and stopped in sync with the database
       server, and allows autovacuum to be configured from
       <filename>postgresql.conf</>.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Add shared row level locks using <command>SELECT ... FOR SHARE</>
      (Alvaro)
     </term>

     <listitem>
      <para>
       While <productname>PostgreSQL</productname>'s MVCC locking
       allows <command>SELECT</> to never be blocked by writers and
       therefore does not need shared row locks for typical operations,
       shared locks are useful for applications that require shared row
       locking.  In particular this reduces the locking requirements
       imposed by referential integrity checks.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Add dependencies on shared objects, specifically roles
      (Alvaro)
     </term>

     <listitem>
      <para>
       This extension of the dependency mechanism prevents roles from
       being dropped while there are still database objects they own.
       Formerly it was possible to accidentally <quote>orphan</> objects by
       deleting their owner.  While this could be recovered from, it
       was messy and unpleasant.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term>
      Improve performance for partitioned tables (Simon)
     </term>

     <listitem>
      <para>
       The new <varname>constraint_exclusion</varname> configuration
       parameter avoids lookups on child tables where constraints indicate
       that no matching rows exist in the child table.
      </para>
      <para>
       This allows for a basic type of table partitioning. If child tables
       store separate key ranges and this is enforced using appropriate
       <command>CHECK</> constraints, the optimizer will skip child
       table accesses when the constraint guarantees no matching rows
       exist in the child table.
      </para>
     </listitem>
    </varlistentry>

   </variablelist>
  </sect2>

  <sect2>
   <title>Migration to Version 8.1</title>

   <para>
    A dump/restore using <application>pg_dump</application> is required
    for those wishing to migrate data from any previous release.
   </para>

   <para>
    The 8.0 release announced that the <function>to_char()</> function
    for intervals would be removed in 8.1. However, since no better API
    has been suggested, <function>to_char(interval)</> has been enhanced in
    8.1 and will remain in the server.
   </para>

   <para>
    Observe the following incompatibilities:
   </para>

   <itemizedlist>

    <listitem>
     <para>
      <varname>add_missing_from</> is now false by default (Neil)
     </para>
     <para>
      By default, we now generate an error if a table is used in a query
      without a <literal>FROM</> reference.  The old behavior is still
      available, but the parameter must be set to 'true' to obtain it.
     </para>

     <para>
      It might be necessary to set <varname>add_missing_from</> to true
      in order to load an existing dump file, if the dump contains any
      views or rules created using the implicit-<literal>FROM</> syntax.
      This should be a one-time annoyance, because
      <productname>PostgreSQL</productname> 8.1 will convert
      such views and rules to standard explicit-<literal>FROM</> syntax.
      Subsequent dumps will therefore not have the problem.
     </para>
    </listitem>

    <listitem>
     <para>
      Cause input of a zero-length string (<literal>''</literal>) for
      <type>float4</type>/<type>float8</type>/<type>oid</type>
      to throw an error, rather than treating it as a zero (Neil)
     </para>
     <para>
      This change is consistent with the current handling of
      zero-length strings for integers. The schedule for this change
      was announced in 8.0.
     </para>
    </listitem>

    <listitem>
     <para>
      <varname>default_with_oids</> is now false by default (Neil)
     </para>
     <para>
      With this option set to false, user-created tables no longer
      have an OID column unless <command>WITH OIDS</> is specified in
      <command>CREATE TABLE</>. Though OIDs have existed in all
      releases of <productname>PostgreSQL</>, their use is limited
      because they are only four bytes long and the counter is shared
      across all installed databases. The preferred way of uniquely
      identifying rows is via sequences and the <type>SERIAL</> type,
      which have been supported since <productname>PostgreSQL</> 6.4.
     </para>
    </listitem>

    <listitem>
     <para>
      Add <literal>E''</> syntax so eventually ordinary strings can
      treat backslashes literally (Bruce)
     </para>
     <para>
      Currently <productname>PostgreSQL</productname> processes a
      backslash in a string literal as introducing a special escape sequence,
      e.g. <literal>\n</> or <literal>\010</>.
      While this allows easy entry of special values, it is
      nonstandard and makes porting of applications from other
      databases more difficult. For this reason, the
      <productname>PostgreSQL</productname> project is planning to
      remove the special meaning of backslashes in strings. For
      backward compatibility and for users who want special backslash
      processing, a new string syntax has been created. This new string
      syntax is formed by writing an <literal>E</> immediately preceding the
      single quote that starts the string, e.g. <literal>E'hi\n'</>. While
      this release does not change the handling of backslashes in strings, it
      does add new configuration parameters to help users migrate applications
      for future releases:
     </para>
     <itemizedlist>

      <listitem>
       <para>
        <varname>standard_conforming_strings</> &mdash; does this release
        treat backslashes literally in ordinary strings?
       </para>
      </listitem>

      <listitem>
      <para>
       <varname>escape_string_warning</> &mdash; warn about backslashes in
       ordinary (non-E) strings
      </para>
     </listitem>

     </itemizedlist>

     <para>
      The <varname>standard_conforming_strings</> value is read-only.
      Applications can retrieve the value to know how backslashes are
      processed.  (Presence of the parameter can also be taken as an
      indication that <literal>E''</> string syntax is supported.)
      In a future release, <varname>standard_conforming_strings</>
      will be true, meaning backslashes will be treated literally in
      non-E strings. To prepare for this change, use <literal>E''</>
      strings in places that need special backslash processing, and
      turn on <varname>escape_string_warning</> to find additional
      strings that need to be converted to use <literal>E''</>.
      Also, use two single-quotes (<literal>''</>) to embed a literal
      single-quote in a string, rather than the
      <productname>PostgreSQL</productname>-supported syntax of
      backslash single-quote (<literal>\'</>).  The former is
      standards-conforming and does not require the use of the
      <literal>E''</> string syntax.  You can also use the
      <literal>$$</> string syntax, which does not treat backslashes
      specially.
     </para>
    </listitem>

    <listitem>
     <para>
      Make <command>REINDEX DATABASE</> reindex all indexes in the
      database (Tom)
     </para>
     <para>
      Formerly, <command>REINDEX DATABASE</> reindexed only
      system tables. This new behavior seems more intuitive. A new
      command <command>REINDEX SYSTEM</> provides the old functionality
      of reindexing just the system tables.
     </para>
    </listitem>

    <listitem>
     <para>
      Read-only large object descriptors now obey MVCC snapshot semantics
     </para>
     <para>
      When a large object is opened with <literal>INV_READ</> (and not
      <literal>INV_WRITE</>), the data read from the descriptor will now
      reflect a <quote>snapshot</> of the large object's state at the
      time of the transaction snapshot in use by the query that called
      <function>lo_open()</>.  To obtain the old behavior of always
      returning the latest committed data, include <literal>INV_WRITE</>
      in the mode flags for <function>lo_open()</>.
     </para>
    </listitem>

    <listitem>
     <para>
      Add proper dependencies for arguments of sequence functions (Tom)
     </para>
     <para>
      In previous releases, sequence names passed to <function>nextval()</>,
      <function>currval()</>, and <function>setval()</> were stored as
      simple text strings, meaning that renaming or dropping a
      sequence used in a <literal>DEFAULT</> clause made the clause
      invalid. This release stores all newly-created sequence function
      arguments as internal OIDs, allowing them to track sequence
      renaming, and adding dependency information that prevents
      improper sequence removal. It also makes such <literal>DEFAULT</>
      clauses immune to schema renaming and search path changes.
     </para>
     <para>
      Some applications might rely on the old behavior of
      run-time lookup for sequence names. This can still be done by
      explicitly casting the argument to <type>text</>, for example
      <literal>nextval('myseq'::text)</>.
     </para>
     <para>
      Pre-8.1 database dumps loaded into 8.1 will use the old text-based
      representation and therefore will not have the features of
      OID-stored arguments. However, it is possible to update a
      database containing text-based <literal>DEFAULT</> clauses.
      First, save this query into a file, such as <filename>fixseq.sql</>:
<programlisting>
SELECT  'ALTER TABLE ' ||
   pg_catalog.quote_ident(n.nspname) || '.' ||
   pg_catalog.quote_ident(c.relname) ||
   ' ALTER COLUMN ' || pg_catalog.quote_ident(a.attname) ||
   ' SET DEFAULT ' ||
   regexp_replace(d.adsrc,
                  $$val\(\(('[^']*')::text\)::regclass$$,
                  $$val(\1$$,
                  'g') ||
   ';'
FROM    pg_namespace n, pg_class c, pg_attribute a, pg_attrdef d
WHERE   n.oid = c.relnamespace AND
   c.oid = a.attrelid AND
   a.attrelid = d.adrelid AND
   a.attnum = d.adnum AND
   d.adsrc ~ $$val\(\('[^']*'::text\)::regclass$$;
</programlisting>
      Next, run the query against a database to find what
      adjustments are required, like this for database <literal>db1</>:
<programlisting>
psql -t -f fixseq.sql db1
</programlisting>
      This will show the <command>ALTER TABLE</> commands needed to
      convert the database to the newer OID-based representation.
      If the commands look reasonable, run this to update the database:
<programlisting>
psql -t -f fixseq.sql db1 | psql -e db1
</programlisting>
      This process must be repeated in each database to be updated.
     </para>
    </listitem>

    <listitem>
     <para>
      In <application>psql</application>, treat unquoted
      <literal>\{digit}+</> sequences as octal (Bruce)
     </para>
     <para>
      In previous releases, <literal>\{digit}+</> sequences were
      treated as decimal, and only <literal>\0{digit}+</> were treated
      as octal. This change was made for consistency.
     </para>
    </listitem>

    <listitem>
     <para>
      Remove grammar productions for prefix and postfix <literal>%</>
      and <literal>^</> operators
      (Tom)
     </para>
     <para>
      These have never been documented and complicated the use of the
      modulus operator (<literal>%</>) with negative numbers.
     </para>
    </listitem>

    <listitem>
     <para>
      Make <literal>&amp;&lt;</> and <literal>&amp;&gt;</> for polygons
      consistent with the box "over" operators (Tom)
     </para>
    </listitem>

    <listitem>
     <para>
      <command>CREATE LANGUAGE</> can ignore the provided arguments
      in favor of information from <structname>pg_pltemplate</>
      (Tom)
     </para>
     <para>
      A new system catalog <structname>pg_pltemplate</> has been defined
      to carry information about the preferred definitions of procedural
      languages (such as whether they have validator functions).  When
      an entry exists in this catalog for the language being created,
      <command>CREATE LANGUAGE</> will ignore all its parameters except the
      language name and instead use the catalog information.  This measure
      was taken because of increasing problems with obsolete language
      definitions being loaded by old dump files.  As of 8.1,
      <application>pg_dump</> will dump procedural language definitions as
      just <command>CREATE LANGUAGE <replaceable>name</></command>, relying
      on a template entry to exist at load time.  We expect this will be a
      more future-proof representation.
     </para>
    </listitem>

    <listitem>
     <para>
      Make <function>pg_cancel_backend(int)</function> return a
      <type>boolean</type> rather than an <type>integer</type> (Neil)
     </para>
    </listitem>

    <listitem>
     <para>
      Some users are having problems loading UTF-8 data into 8.1.X.
      This is because previous versions allowed invalid UTF-8 byte
      sequences to be entered into the database, and this release
      properly accepts only valid UTF-8 sequences. One way to correct a
      dumpfile is to run the command <command>iconv -c -f UTF-8 -t
      UTF-8 -o cleanfile.sql dumpfile.sql</>. The <literal>-c</> option
      removes invalid character sequences. A diff of the two files will
      show the sequences that are invalid. <command>iconv</> reads the
      entire input file into memory so it might be necessary to use
      <application>split</> to break up the dump into multiple smaller
      files for processing.
     </para>
    </listitem>

   </itemizedlist>
  </sect2>

  <sect2>
   <title>Additional Changes</title>

   <para>
    Below you will find a detailed account of the additional changes
    between <productname>PostgreSQL</productname> 8.1 and the
    previous major release.
   </para>

   <sect3>
    <title>Performance Improvements</title>
    <itemizedlist>

     <listitem>
      <para>
       Improve GiST and R-tree index performance (Neil)
      </para>
     </listitem>

     <listitem>
      <para>
       Improve the optimizer, including auto-resizing of hash joins
       (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Overhaul internal API in several areas
      </para>
     </listitem>

     <listitem>
      <para>
       Change WAL record CRCs from 64-bit to 32-bit (Tom)
      </para>
      <para>
       We determined that the extra cost of computing 64-bit CRCs was
       significant, and the gain in reliability too marginal to justify it.
      </para>
     </listitem>

     <listitem>
      <para>
       Prevent writing large empty gaps in WAL pages (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Improve spinlock behavior on SMP machines, particularly Opterons (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow nonconsecutive index columns to be used in a multicolumn
       index (Tom)
      </para>
      <para>
       For example, this allows an index on columns a,b,c to be used in
       a query with <command>WHERE a = 4 and c = 10</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Skip WAL logging for <command>CREATE TABLE AS</> /
       <command>SELECT INTO</> (Simon)
      </para>
      <para>
       Since a crash during <command>CREATE TABLE AS</> would cause the
       table to be dropped during recovery, there is no reason to WAL
       log as the table is loaded.  (Logging still happens if WAL
       archiving is enabled, however.)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow concurrent GiST index access (Teodor, Oleg)
      </para>
     </listitem>

     <listitem>
      <para>
       Add configuration parameter <varname>full_page_writes</> to
       control writing full pages to WAL (Bruce)
      </para>
      <para>
       To prevent partial disk writes from corrupting the database,
       <productname>PostgreSQL</productname> writes a complete copy of
       each database disk page to WAL the first time it is modified
       after a checkpoint. This option turns off that functionality for more
       speed.  This is safe to use with battery-backed disk caches where
       partial page writes cannot happen.
      </para>
     </listitem>

     <listitem>
      <para>
       Use <literal>O_DIRECT</> if available when using
       <literal>O_SYNC</> for <varname>wal_sync_method</varname>
       (Itagaki Takahiro)
      </para>
      <para>
       <literal>O_DIRECT</> causes disk writes to bypass the kernel
       cache, and for WAL writes, this improves performance.
      </para>
     </listitem>

     <listitem>
      <para>
       Improve <command>COPY FROM</> performance (Alon Goldshuv)
      </para>
      <para>
       This was accomplished by reading <command>COPY</> input in
       larger chunks, rather than character by character.
      </para>
     </listitem>

     <listitem>
      <para>
       Improve the performance of <function>COUNT()</function>,
       <function>SUM</function>, <function>AVG()</function>,
       <function>STDDEV()</function>, and
       <function>VARIANCE()</function> (Neil, Tom)
      </para>
     </listitem>
    </itemizedlist>
   </sect3>

   <sect3>
    <title>Server Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Prevent problems due to transaction ID (XID) wraparound (Tom)
      </para>
      <para>
       The server will now warn when the transaction counter approaches
       the wraparound point.  If the counter becomes too close to wraparound,
       the server will stop accepting queries.  This ensures that data is
       not lost before needed vacuuming is performed.
      </para>
     </listitem>

     <listitem>
      <para>
       Fix problems with object IDs (OIDs) conflicting with existing system
       objects after the OID counter has wrapped around (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Add warning about the need to increase
       <varname>max_fsm_relations</> and <varname>max_fsm_pages</>
       during <command>VACUUM</> (Ron Mayer)
      </para>
     </listitem>

     <listitem>
      <para>
       Add <varname>temp_buffers</> configuration parameter to allow
       users to determine the size of the local buffer area for
       temporary table access (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Add session start time and client IP address to
       <literal>pg_stat_activity</> (Magnus)
      </para>
     </listitem>

     <listitem>
      <para>
       Adjust <literal>pg_stat</> views for bitmap scans (Tom)
      </para>
      <para>
       The meanings of some of the fields have changed slightly.
      </para>
     </listitem>

     <listitem>
      <para>
       Enhance <literal>pg_locks</> view (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Log queries for client-side <command>PREPARE</> and
       <command>EXECUTE</> (Simon)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow Kerberos name and user name case sensitivity to be
       specified in <filename>postgresql.conf</> (Magnus)
      </para>
     </listitem>

     <listitem>
      <para>
       Add configuration parameter <varname>krb_server_hostname</> so
       that the server host name can be specified as part of service
       principal (Todd Kover)
      </para>
      <para>
       If not set, any service principal matching an entry in the
       keytab can be used. This is new Kerberos matching behavior in
       this release.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <varname>log_line_prefix</> options for millisecond
       timestamps (<literal>%m</>) and remote host (<literal>%h</>) (Ed
       L.)
      </para>
     </listitem>

     <listitem>
      <para>
       Add WAL logging for GiST indexes (Teodor, Oleg)
      </para>
      <para>
       GiST indexes are now safe for crash and point-in-time recovery.
      </para>
     </listitem>

     <listitem>
      <para>
       Remove old <filename>*.backup</> files when we do
       <function>pg_stop_backup()</> (Bruce)
      </para>
      <para>
       This prevents a large number of <filename>*.backup</> files from
       existing in <filename>pg_xlog/</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Add configuration parameters to control TCP/IP keep-alive
       times for idle, interval, and count (Oliver Jowett)
      </para>

      <para>
       These values can be changed to allow more rapid detection of
       lost client connections.
      </para>
     </listitem>

     <listitem>
      <para>
       Add per-user and per-database connection limits (Petr Jelinek)
      </para>
      <para>
       Using <command>ALTER USER</> and <command>ALTER DATABASE</>,
       limits can now be enforced on the maximum number of sessions that
       can concurrently connect as a specific user or to a specific database.
       Setting the limit to zero disables user or database connections.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow more than two gigabytes of shared memory and per-backend
       work memory on 64-bit machines (Koichi Suzuki)
      </para>
     </listitem>

     <listitem>
      <para>
       New system catalog <structname>pg_pltemplate</> allows overriding
       obsolete procedural-language definitions in dump files (Tom)
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title>Query Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Add temporary views (Koju Iijima, Neil)
      </para>
     </listitem>

     <listitem>
      <para>
       Fix <command>HAVING</> without any aggregate functions or
       <command>GROUP BY</> so that the query returns a single group (Tom)
      </para>
      <para>
       Previously, such a case would treat the <command>HAVING</>
       clause the same as a <command>WHERE</> clause.  This was not per spec.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <command>USING</> clause to allow additional tables to be
       specified to <command>DELETE</> (Euler Taveira de Oliveira, Neil)
      </para>
      <para>
       In prior releases, there was no clear method for specifying
       additional tables to be used for joins in a <command>DELETE</>
       statement. <command>UPDATE</> already has a <literal>FROM</>
       clause for this purpose.
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for <literal>\x</> hex escapes in backend and ecpg
       strings (Bruce)
      </para>
      <para>
       This is just like the standard C <literal>\x</> escape syntax.
       Octal escapes were already supported.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <command>BETWEEN SYMMETRIC</> query syntax (Pavel Stehule)
      </para>
      <para>
       This feature allows <command>BETWEEN</> comparisons without
       requiring the first value to be less than the second. For
       example, <command>2 BETWEEN [ASYMMETRIC] 3 AND 1</> returns
       false, while <command>2 BETWEEN SYMMETRIC 3 AND 1</> returns
       true. <command>BETWEEN ASYMMETRIC</> was already supported.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <command>NOWAIT</> option to <command>SELECT ... FOR
       UPDATE/SHARE</> (Hans-Juergen Schoenig)
      </para>
      <para>
       While the <varname>statement_timeout</> configuration
       parameter allows a query taking more than a certain amount of
       time to be cancelled, the <command>NOWAIT</> option allows a
       query to be canceled as soon as a <command>SELECT ... FOR
       UPDATE/SHARE</> command cannot immediately acquire a row lock.
      </para>
     </listitem>
    </itemizedlist>
   </sect3>


   <sect3>
    <title>Object Manipulation Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Track dependencies of shared objects (Alvaro)
      </para>
      <para>
       <productname>PostgreSQL</productname> allows global tables
       (users, databases, tablespaces) to reference information in
       multiple databases. This addition adds dependency information
       for global tables, so, for example, user ownership can be
       tracked across databases, so a user who owns something in any
       database can no longer be removed. Dependency tracking already
       existed for database-local objects.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow limited <command>ALTER OWNER</> commands to be performed
       by the object owner (Stephen Frost)
      </para>
      <para>
       Prior releases allowed only superusers to change object owners.
       Now, ownership can be transferred if the user executing the command
       owns the object and would be able to create it as the new owner
       (that is, the user is a member of the new owning role and that role
       has the CREATE permission that would be needed to create the object
       afresh).
      </para>
     </listitem>

     <listitem>
      <para>
       Add <command>ALTER</> object <command>SET SCHEMA</> capability
       for some object types (tables, functions, types) (Bernd Helmle)
      </para>
      <para>
       This allows objects to be moved to different schemas.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <command>ALTER TABLE ENABLE/DISABLE TRIGGER</command> to
       disable triggers (Satoshi Nagayasu)
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title>Utility Command Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Allow <command>TRUNCATE</> to truncate multiple tables in a
       single command (Alvaro)
      </para>
      <para>
       Because of referential integrity checks, it is not allowed to
       truncate a table that is part of a referential integrity
       constraint. Using this new functionality, <command>TRUNCATE</>
       can be used to truncate such tables, if both tables involved in
       a referential integrity constraint are truncated in a single
       <command>TRUNCATE</> command.
      </para>
     </listitem>

     <listitem>
      <para>
       Properly process carriage returns and line feeds in
       <command>COPY CSV</> mode (Andrew)
      </para>
      <para>
       In release 8.0, carriage returns and line feeds in <command>CSV
       COPY TO</> were processed in an inconsistent manner. (This was
       documented on the TODO list.)
      </para>
     </listitem>

     <listitem>
      <para>
       Add <command>COPY WITH CSV HEADER</> to allow a header line as
       the first line in <command>COPY</> (Andrew)
      </para>
      <para>
       This allows handling of the common <command>CSV</> usage of
       placing the column names on the first line of the data file. For
       <command>COPY TO</>, the first line contains the column names,
       and for <command>COPY FROM</>, the first line is ignored.
      </para>
     </listitem>

     <listitem>
      <para>
       On Windows, display better sub-second precision in
       <command>EXPLAIN ANALYZE</> (Magnus)
      </para>
     </listitem>

     <listitem>
      <para>
       Add trigger duration display to <command>EXPLAIN ANALYZE</>
       (Tom)
      </para>
      <para>
       Prior releases included trigger execution time as part of the
       total execution time, but did not show it separately.  It is now
       possible to see how much time is spent in each trigger.
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for <literal>\x</> hex escapes in <command>COPY</>
       (Sergey Ten)
      </para>
      <para>
       Previous releases only supported octal escapes.
      </para>
     </listitem>

     <listitem>
      <para>
       Make <command>SHOW ALL</> include variable descriptions
       (Matthias Schmidt)
      </para>
      <para>
       <command>SHOW</> varname still only displays the variable's
       value and does not include the description.
      </para>
     </listitem>

     <listitem>
      <para>
       Make <application>initdb</application> create a new standard
       database called <literal>postgres</>, and convert utilities to
       use <literal>postgres</> rather than <literal>template1</> for
       standard lookups (Dave)
      </para>
      <para>
       In prior releases, <literal>template1</> was used both as a
       default connection for utilities like
       <application>createuser</application>, and as a template for
       new databases. This caused <command>CREATE DATABASE</> to
       sometimes fail, because a new database cannot be created if
       anyone else is in the template database. With this change, the
       default connection database is now <literal>postgres</>,
       meaning it is much less likely someone will be using
       <literal>template1</> during <command>CREATE DATABASE</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Create new <application>reindexdb</application> command-line
       utility by moving <filename>/contrib/reindexdb</> into the
       server (Euler Taveira de Oliveira)
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title>Data Type and Function Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Add <function>MAX()</> and <function>MIN()</> aggregates for
       array types (Koju Iijima)
      </para>
     </listitem>

     <listitem>
      <para>
       Fix <function>to_date()</> and <function>to_timestamp()</> to
       behave reasonably when <literal>CC</> and <literal>YY</> fields
       are both used (Karel Zak)
      </para>
      <para>
       If the format specification contains <literal>CC</> and a year
       specification is <literal>YYY</> or longer, ignore the
       <literal>CC</>. If the year specification is <literal>YY</> or
       shorter, interpret <literal>CC</> as the previous century.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>md5(bytea)</> (Abhijit Menon-Sen)
      </para>
      <para>
       <function>md5(text)</> already existed.
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for <command>numeric ^ numeric</> based on
       <function>power(numeric, numeric)</>
      </para>
      <para>
       The function already existed, but there was no operator assigned
       to it.
      </para>
     </listitem>

     <listitem>
      <para>
       Fix <type>NUMERIC</> modulus by properly truncating the quotient
       during computation (Bruce)
      </para>
      <para>
       In previous releases, modulus for large values sometimes
       returned negative results due to rounding of the quotient.
      </para>
     </listitem>

     <listitem>
      <para>
       Add a function <function>lastval()</> (Dennis Bj&ouml;rklund)
      </para>
      <para>
       <function>lastval()</> is a simplified version of
       <function>currval()</>. It automatically determines the proper
       sequence name based on the most recent <function>nextval()</> or
       <function>setval()</> call performed by the current session.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>to_timestamp(DOUBLE PRECISION) (Michael Glaesemann)</>
      </para>
      <para>
       Converts Unix seconds since 1970 to a <type>TIMESTAMP WITH
       TIMEZONE</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>pg_postmaster_start_time()</> function (Euler
       Taveira de Oliveira, Matthias Schmidt)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow the full use of time zone names in <command>AT TIME
       ZONE</>, not just the short list previously available (Magnus)
      </para>
      <para>
       Previously, only a predefined list of time zone names were
       supported by <command>AT TIME ZONE</>. Now any supported time
       zone name can be used, e.g.:
<programlisting>
SELECT CURRENT_TIMESTAMP AT TIME ZONE 'Europe/London';
</programlisting>
       In the above query, the time zone used is adjusted based on the
       daylight saving time rules that were in effect on the supplied
       date.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>GREATEST()</> and <function>LEAST()</> variadic
       functions (Pavel Stehule)
      </para>
      <para>
       These functions take a variable number of arguments and return
       the greatest or least value among the arguments.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>pg_column_size()</> (Mark Kirkwood)
      </para>
      <para>
       This returns storage size of a column, which might be compressed.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>regexp_replace()</> (Atsushi Ogawa)
      </para>
      <para>
       This allows regular expression replacement, like sed. An optional
       flag argument allows selection of global (replace all) and
       case-insensitive modes.
      </para>
     </listitem>

     <listitem>
      <para>
       Fix interval division and multiplication (Bruce)
      </para>
      <para>
       Previous versions sometimes returned unjustified results, like
       <command>'4 months'::interval / 5</> returning <command>'1 mon
       -6 days'</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Fix roundoff behavior in timestamp, time, and interval output (Tom)
      </para>
      <para>
       This fixes some cases in which the seconds field would be shown as
       <literal>60</> instead of incrementing the higher-order fields.
      </para>
     </listitem>

     <listitem>
      <para>
       Add a separate day field to type <type>interval</> so a one day
       interval can be distinguished from a 24 hour interval (Michael
       Glaesemann)
      </para>
      <para>
       Days that contain a daylight saving time adjustment are not 24
       hours long, but typically 23 or 25 hours.  This change creates a
       conceptual distinction between intervals of <quote>so many days</>
       and intervals of <quote>so many hours</>.  Adding
       <literal>1 day</> to a timestamp now gives the same local time on
       the next day even if a daylight saving time adjustment occurs
       between, whereas adding <literal>24 hours</> will give a different
       local time when this happens.  For example, under US DST rules:
<programlisting>
'2005-04-03 00:00:00-05' + '1 day' = '2005-04-04 00:00:00-04'
'2005-04-03 00:00:00-05' + '24 hours' = '2005-04-04 01:00:00-04'
</programlisting>
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>justify_days()</> and <function>justify_hours()</>
       (Michael Glaesemann)
      </para>
      <para>
       These functions, respectively, adjust days to an appropriate
       number of full months and days, and adjust hours to an
       appropriate number of full days and hours.
      </para>
     </listitem>

     <listitem>
      <para>
       Move <filename>/contrib/dbsize</> into the backend, and rename
       some of the functions (Dave Page, Andreas Pflug)
      </para>
      <para>
       <itemizedlist>

        <listitem>
         <para>
           <function>pg_tablespace_size()</>
         </para>
        </listitem>

        <listitem>
         <para>
          <function>pg_database_size()</>
         </para>
        </listitem>

        <listitem>
         <para>
          <function>pg_relation_size()</>
         </para>
        </listitem>

        <listitem>
         <para>
          <function>pg_total_relation_size()</>
         </para>
        </listitem>

        <listitem>
         <para>
          <function>pg_size_pretty()</>
         </para>
        </listitem>

       </itemizedlist>
      </para>
      <para>
       <function>pg_total_relation_size()</> includes indexes and TOAST
       tables.
      </para>
     </listitem>

     <listitem>
      <para>
       Add functions for read-only file access to the cluster directory
       (Dave Page, Andreas Pflug)
      </para>
      <para>
       <itemizedlist>

        <listitem>
         <para>
          <function>pg_stat_file()</>
         </para>
        </listitem>

        <listitem>
         <para>
          <function>pg_read_file()</>
         </para>
        </listitem>

        <listitem>
         <para>
          <function>pg_ls_dir()</>
         </para>
        </listitem>

       </itemizedlist>
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>pg_reload_conf()</> to force reloading of the
       configuration files (Dave Page, Andreas Pflug)
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>pg_rotate_logfile()</> to force rotation of the
       server log file (Dave Page, Andreas Pflug)
      </para>
     </listitem>

     <listitem>
      <para>
       Change <literal>pg_stat_*</> views to include TOAST tables (Tom)
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title>Encoding and Locale Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Rename some encodings to be more consistent and to follow
       international standards (Bruce)
      </para>
      <para>
       <itemizedlist>

        <listitem>
         <para>
          <literal>UNICODE</> is now <literal>UTF8</>
         </para>
        </listitem>

        <listitem>
         <para>
          <literal>ALT</> is now <literal>WIN866</>
         </para>
        </listitem>

        <listitem>
         <para>
          <literal>WIN</> is now <literal>WIN1251</>
         </para>
        </listitem>

        <listitem>
         <para>
         <literal>TCVN</> is now <literal>WIN1258</>
         </para>
        </listitem>

       </itemizedlist>
      </para>

      <para>
       The original names still work.
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for <literal>WIN1252</> encoding (Roland Volkmann)
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for four-byte <literal>UTF8</> characters (John
       Hansen)
      </para>
      <para>
       Previously only one, two, and three-byte <literal>UTF8</> characters
       were supported. This is particularly important for support for
       some Chinese character sets.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow direct conversion between <literal>EUC_JP</> and
       <literal>SJIS</> to improve performance (Atsushi Ogawa)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow the UTF8 encoding to work on Windows (Magnus)
      </para>
      <para>
       This is done by mapping UTF8 to the Windows-native UTF16
       implementation.
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title>General Server-Side Language Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Fix <command>ALTER LANGUAGE RENAME</> (Sergey Yatskevich)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow function characteristics, like strictness and volatility,
       to be modified via <command>ALTER FUNCTION</> (Neil)
      </para>
     </listitem>

     <listitem>
      <para>
       Increase the maximum number of function arguments to 100 (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow SQL and PL/pgSQL functions to use <command>OUT</> and
       <command>INOUT</> parameters (Tom)
      </para>
      <para>
       <command>OUT</> is an alternate way for a function to return
       values. Instead of using <command>RETURN</>, values can be
       returned by assigning to parameters declared as <command>OUT</> or
       <command>INOUT</>.  This is notationally simpler in some cases,
       particularly so when multiple values need to be returned.
       While returning multiple values from a function
       was possible in previous releases, this greatly simplifies the
       process.  (The feature will be extended to other server-side
       languages in future releases.)
      </para>
     </listitem>

     <listitem>
      <para>
       Move language handler functions into the <literal>pg_catalog</> schema
      </para>
      <para>
       This makes it easier to drop the public schema if desired.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>SPI_getnspname()</function> to SPI (Neil)
      </para>
     </listitem>

    </itemizedlist>
   </sect3>

   <sect3>
    <title>PL/pgSQL Server-Side Language Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Overhaul the memory management of PL/pgSQL functions (Neil)
      </para>
      <para>
       The parsetree of each function is now stored in a separate
       memory context. This allows this memory to be easily reclaimed
       when it is no longer needed.
      </para>
     </listitem>

     <listitem>
      <para>
       Check function syntax at <command>CREATE FUNCTION</> time,
       rather than at runtime (Neil)
      </para>
      <para>
       Previously, most syntax errors were reported only when the
       function was executed.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow <command>OPEN</> to open non-<command>SELECT</> queries
       like <command>EXPLAIN</> and <command>SHOW</> (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       No longer require functions to issue a <command>RETURN</>
       statement (Tom)
      </para>
      <para>
       This is a byproduct of the newly added <command>OUT</> and
       <command>INOUT</> functionality.  <command>RETURN</> can
       be omitted when it is not needed to provide the function's
       return value.
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for an optional <command>INTO</> clause to
       PL/pgSQL's <command>EXECUTE</> statement (Pavel Stehule, Neil)
      </para>
     </listitem>

     <listitem>
      <para>
       Make <command>CREATE TABLE AS</> set <command>ROW_COUNT</> (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Define <literal>SQLSTATE</> and <literal>SQLERRM</> to return
       the <literal>SQLSTATE</> and error message of the current
       exception (Pavel Stehule, Neil)
      </para>
      <para>
       These variables are only defined inside exception blocks.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow the parameters to the <command>RAISE</> statement to be
       expressions (Pavel Stehule, Neil)
      </para>
     </listitem>

     <listitem>
      <para>
       Add a loop <command>CONTINUE</> statement (Pavel Stehule, Neil)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow block and loop labels (Pavel Stehule)
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title>PL/Perl Server-Side Language Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Allow large result sets to be returned efficiently (Abhijit
       Menon-Sen)
      </para>
      <para>
       This allows functions to use <function>return_next()</> to avoid
       building the entire result set in memory.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow one-row-at-a-time retrieval of query results (Abhijit Menon-Sen)
      </para>
      <para>
       This allows functions to use <function>spi_query()</> and
       <function>spi_fetchrow()</> to avoid accumulating the entire
       result set in memory.
      </para>
     </listitem>

     <listitem>
      <para>
       Force PL/Perl to handle strings as <literal>UTF8</> if the
       server encoding is <literal>UTF8</> (David Kamholz)
      </para>
     </listitem>

     <listitem>
      <para>
       Add a validator function for PL/Perl (Andrew)
      </para>
      <para>
       This allows syntax errors to be reported at definition time,
       rather than execution time.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow PL/Perl to return a Perl array when the function returns
       an array type (Andrew)
      </para>
      <para>
       This basically maps <productname>PostgreSQL</productname> arrays
       to Perl arrays.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow Perl nonfatal warnings to generate <command>NOTICE</>
       messages (Andrew)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow Perl's <literal>strict</> mode to be enabled (Andrew)
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title><application>psql</> Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Add <command>\set ON_ERROR_ROLLBACK</> to allow statements in
       a transaction to error without affecting the rest of the
       transaction (Greg Sabino Mullane)
      </para>
      <para>
       This is basically implemented by wrapping every statement in a
       sub-transaction.
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for <literal>\x</> hex strings in
       <application>psql</> variables (Bruce)
      </para>
      <para>
       Octal escapes were already supported.
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for <command>troff -ms</> output format (Roger
       Leigh)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow the history file location to be controlled by
       <envar>HISTFILE</> (Andreas Seltenreich)
      </para>
      <para>
       This allows configuration of per-database history storage.
      </para>
     </listitem>

     <listitem>
      <para>
       Prevent <command>\x</> (expanded mode) from affecting
       the output of <command>\d tablename</> (Neil)
      </para>
     </listitem>

     <listitem>
      <para>
       Add <option>-L</> option to <application>psql</application> to
       log sessions (Lorne Sunley)
      </para>
      <para>
       This option was added because some operating systems do not have
       simple command-line activity logging functionality.
      </para>
     </listitem>

     <listitem>
      <para>
       Make <command>\d</> show the tablespaces of indexes (Qingqing
       Zhou)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow <application>psql</application> help (<command>\h</>) to
       make a best guess on the proper help information (Greg Sabino
       Mullane)
      </para>
      <para>
       This allows the user to just add <command>\h</> to the front of
       the syntax error query and get help on the supported syntax.
       Previously any additional query text beyond the command name
       had to be removed to use <command>\h</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Add <command>\pset numericlocale</> to allow numbers to be
       output in a locale-aware format (Eugen Nedelcu)
      </para>
      <para>
       For example, using <literal>C</> locale <literal>100000</> would
       be output as <literal>100,000.0</> while a European locale might
       output this value as <literal>100.000,0</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Make startup banner show both server version number and
       <application>psql</>'s version number, when they are different (Bruce)
      </para>
      <para>
       Also, a warning will be shown if the server and <application>psql</>
       are from different major releases.
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title><application>pg_dump</> Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Add <option>-n</> / <option>--schema</> switch to
       <application>pg_restore</> (Richard van den Berg)
      </para>
      <para>
       This allows just the objects in a specified schema to be restored.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow <application>pg_dump</> to dump large objects even in
       text mode (Tom)
      </para>
      <para>
       With this change, large objects are now always dumped; the former
       <option>-b</> switch is a no-op.
      </para>
     </listitem>

     <listitem>
      <para>
       Allow <application>pg_dump</> to dump a consistent snapshot of
       large objects (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Dump comments for large objects (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Add <option>--encoding</> to <application>pg_dump</>
       (Magnus Hagander)
      </para>
      <para>
       This allows a database to be dumped in an encoding that is
       different from the server's encoding. This is valuable when
       transferring the dump to a machine with a different encoding.
      </para>
     </listitem>

     <listitem>
      <para>
       Rely on <structname>pg_pltemplate</> for procedural languages (Tom)
      </para>
      <para>
       If the call handler for a procedural language is in the
       <literal>pg_catalog</> schema, <application>pg_dump</> does not
       dump the handler.  Instead, it dumps the language using just
       <command>CREATE LANGUAGE <replaceable>name</></command>,
       relying on the <structname>pg_pltemplate</> catalog to provide
       the language's creation parameters at load time.
      </para>
     </listitem>

    </itemizedlist>
   </sect3>


   <sect3>
    <title><application>libpq</application> Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Add a <envar>PGPASSFILE</> environment variable to specify the
       password file's filename (Andrew)
      </para>
     </listitem>

     <listitem>
      <para>
       Add <function>lo_create()</>, that is similar to
       <function>lo_creat()</> but allows the OID of the large object
       to be specified (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Make <application>libpq</application> consistently return an error
       to the client application on <function>malloc()</function>
       failure (Neil)
      </para>
     </listitem>
    </itemizedlist>
   </sect3>


   <sect3>
    <title>Source Code Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Fix <application>pgxs</> to support building against a relocated
       installation
      </para>
     </listitem>

     <listitem>
      <para>
       Add spinlock support for the Itanium processor using Intel
       compiler (Vikram Kalsi)
      </para>
     </listitem>

     <listitem>
      <para>
       Add Kerberos 5 support for Windows (Magnus)
      </para>
     </listitem>

     <listitem>
      <para>
       Add Chinese FAQ (laser@pgsqldb.com)
      </para>
     </listitem>

     <listitem>
      <para>
       Rename Rendezvous to Bonjour to match OS/X feature renaming
       (Bruce)
      </para>
     </listitem>

     <listitem>
      <para>
       Add support for <literal>fsync_writethrough</literal> on
       Darwin (Chris Campbell)
      </para>
     </listitem>

     <listitem>
      <para>
       Streamline the passing of information within the server, the
       optimizer, and the lock system (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow <application>pg_config</> to be compiled using MSVC (Andrew)
      </para>
      <para>
       This is required to build DBD::Pg using <application>MSVC</>.
      </para>
     </listitem>

     <listitem>
      <para>
       Remove support for Kerberos V4 (Magnus)
      </para>
      <para>
       Kerberos 4 had security vulnerabilities and is no longer
       maintained.
      </para>
     </listitem>

     <listitem>
      <para>
       Code cleanups (Coverity static analysis performed by
       EnterpriseDB)
      </para>
     </listitem>

     <listitem>
      <para>
       Modify <filename>postgresql.conf</> to use documentation defaults
       <literal>on</>/<literal>off</> rather than
       <literal>true</>/<literal>false</> (Bruce)
      </para>
     </listitem>

     <listitem>
      <para>
       Enhance <application>pg_config</> to be able to report more
       build-time values (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow <application>libpq</application> to be built thread-safe
       on Windows (Dave Page)
      </para>
     </listitem>

     <listitem>
      <para>
       Allow IPv6 connections to be used on Windows (Andrew)
      </para>
     </listitem>

     <listitem>
      <para>
       Add Server Administration documentation about I/O subsystem
       reliability (Bruce)
      </para>
     </listitem>

     <listitem>
      <para>
       Move private declarations from <filename>gist.h</filename> to
       <filename>gist_private.h</filename> (Neil)
      </para>

      <para>
       In previous releases, <filename>gist.h</> contained both the
       public GiST API (intended for use by authors of GiST index
       implementations) as well as some private declarations used by
       the implementation of GiST itself. The latter have been moved
       to a separate file, <filename>gist_private.h</>. Most GiST
       index implementations should be unaffected.
      </para>
     </listitem>

     <listitem>
      <para>
       Overhaul GiST memory management (Neil)
      </para>

      <para>
       GiST methods are now always invoked in a short-lived memory
       context. Therefore, memory allocated via <function>palloc()</>
       will be reclaimed automatically, so GiST index implementations
       do not need to manually release allocated memory via
       <function>pfree()</>.
      </para>
     </listitem>
    </itemizedlist>
   </sect3>


   <sect3>
    <title>Contrib Changes</title>
    <itemizedlist>

     <listitem>
      <para>
       Add <filename>/contrib/pg_buffercache</> contrib module (Mark
       Kirkwood)
      </para>
      <para>
       This displays the contents of the buffer cache, for debugging and
       performance tuning purposes.
      </para>
     </listitem>

     <listitem>
      <para>
       Remove <filename>/contrib/array</> because it is obsolete (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Clean up the <filename>/contrib/lo</> module (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Move <filename>/contrib/findoidjoins</> to
       <filename>/src/tools</> (Tom)
      </para>
     </listitem>

     <listitem>
      <para>
       Remove the <literal>&lt;&lt;</>, <literal>&gt;&gt;</>,
       <literal>&amp;&lt;</>, and <literal>&amp;&gt;</> operators from
       <filename>/contrib/cube</>
      </para>
      <para>
       These operators were not useful.
      </para>
     </listitem>

     <listitem>
      <para>
       Improve <filename>/contrib/btree_gist</> (Janko Richter)
      </para>
     </listitem>

     <listitem>
      <para>
       Improve <filename>/contrib/pgbench</> (Tomoaki Sato, Tatsuo)
      </para>
      <para>
       There is now a facility for testing with SQL command scripts given
       by the user, instead of only a hard-wired command sequence.
      </para>
     </listitem>

     <listitem>
      <para>
       Improve <filename>/contrib/pgcrypto</> (Marko Kreen)
      </para>

      <itemizedlist>

       <listitem>
        <para>
         Implementation of OpenPGP symmetric-key and public-key encryption
        </para>
        <para>
         Both RSA and Elgamal public-key algorithms are supported.
        </para>
       </listitem>

       <listitem>
        <para>
         Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG
        </para>
       </listitem>

       <listitem>
        <para>
         OpenSSL build: support 3DES, use internal AES with OpenSSL &lt; 0.9.7
        </para>
       </listitem>

       <listitem>
        <para>
         Take build parameters (OpenSSL, zlib) from <filename>configure</> result
        </para>
        <para>
         There is no need to edit the <filename>Makefile</> anymore.
        </para>
       </listitem>

       <listitem>
        <para>
         Remove support for <filename>libmhash</> and <filename>libmcrypt</>
        </para>
       </listitem>

      </itemizedlist>
     </listitem>

    </itemizedlist>
   </sect3>

  </sect2>
 </sect1>