Jump to:
Fix bug that allowed any logged-in user to
SET ROLE to any other
database user id (CVE-2006-0553)
Due to inadequate validity checking, a user could
exploit the special case that SET
ROLE normally uses to restore the previous role
setting after an error. This allowed ordinary users to
acquire superuser status, for example. The
escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, in all releases back to 7.3 there is a related
bug in SET SESSION
AUTHORIZATION that allows unprivileged users to
crash the server, if it has been compiled with Asserts
enabled (which is not the default). Thanks to Akio Ishida
for reporting this problem.
Change the server to reject invalidly-encoded multibyte characters in all cases (Tatsuo, Tom)
While PostgreSQL has been moving in this direction for some time, the checks are now applied uniformly to all encodings and all textual input, and are now always errors not merely warnings. This change defends against SQL-injection attacks of the type described in CVE-2006-2313.
Reject unsafe uses of \'
in string literals
As a server-side defense against SQL-injection attacks
of the type described in CVE-2006-2314, the server now
only accepts '' and not
\' as a representation of
ASCII single quote in SQL string literals. By default,
\' is rejected only when
client_encoding is set to a
client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC),
which is the scenario in which SQL injection is possible.
A new configuration parameter backslash_quote is available to adjust
this behavior when needed. Note that full security
against CVE-2006-2314 might require client-side changes;
the purpose of backslash_quote is in part to make it
obvious that insecure clients are insecure.
Modify libpq's
string-escaping routines to be aware of encoding
considerations and standard_conforming_strings
This fixes libpq-using applications for the
security issues described in CVE-2006-2313 and
CVE-2006-2314, and also future-proofs them against the
planned changeover to SQL-standard string literal syntax.
Applications that use multiple PostgreSQL connections concurrently
should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that
escaping is done correctly for the settings in use in
each database connection. Applications that do string
escaping “by
hand” should be modified to rely on library
routines instead.
Remove security vulnerabilities that allowed connected users to read backend memory (Tom)
The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.
Support explicit placement of the temporary-table
schema within search_path,
and disable searching it for functions and operators
(Tom)
This is needed to allow a security-definer function to
set a truly secure value of search_path. Without it, an unprivileged
SQL user can use temporary objects to execute code with
the privileges of the security-definer function
(CVE-2007-2138). See CREATE
FUNCTION for more information.
Prevent functions in indexes from executing with the
privileges of the user running VACUUM, ANALYZE, etc (Tom)
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is
made. It has long been understood that this poses a risk
of trojan-horse code execution if one modifies a table
owned by an untrustworthy user. (Note that triggers,
defaults, check constraints, etc. pose the same type of
risk.) But functions in indexes pose extra danger because
they will be executed by routine maintenance operations
such as VACUUM FULL, which
are commonly performed automatically under a superuser
account. For example, a nefarious user can execute code
with superuser privileges by setting up a trojan-horse
index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including VACUUM,
ANALYZE, REINDEX, and CLUSTER) to execute as the table owner
rather than the calling user, using the same
privilege-switching mechanism already used for
SECURITY DEFINER functions.
To prevent bypassing this security measure, execution of
SET SESSION AUTHORIZATION
and SET ROLE is now
forbidden within a SECURITY
DEFINER context. (CVE-2007-6600)
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
Require non-superusers who use /contrib/dblink to use only password
authentication, as a security measure (Joe)
The fix that appeared for this in 8.2.5 was
incomplete, as it plugged the hole for only some
dblink functions.
(CVE-2007-6601, CVE-2007-3278)
Prevent error recursion crashes when encoding conversion fails (Tom)
This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that any error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (CVE-2009-0922)
Disallow RESET ROLE and
RESET SESSION AUTHORIZATION
inside security-definer functions (Tom, Heikki)
This covers a case that was missed in the previous
patch that disallowed SET
ROLE and SET SESSION
AUTHORIZATION inside security-definer functions.
(See CVE-2007-6600)
Protect against indirect security threats caused by index functions changing session-local state (Gurjeet Singh, Tom)
This change prevents allegedly-immutable index functions from possibly subverting a superuser's session (CVE-2009-4136).
Reject SSL certificates containing an embedded null byte in the common name (CN) field (Magnus)
This prevents unintended matching of a certificate to a server or client name during SSL validation (CVE-2009-4034).
Add new configuration parameter ssl_renegotiation_limit to control how
often we do session key renegotiation for an SSL
connection (Magnus)
This can be set to zero to disable renegotiation completely, which may be required if a broken SSL library is used. In particular, some vendors are shipping stopgap patches for CVE-2009-3555 that cause renegotiation attempts to fail.
Make substring() for
bit types treat any negative
length as meaning “all the rest of the string”
(Tom)
The previous coding treated only -1 that way, and would produce an invalid result value for other negative values, possibly leading to a crash (CVE-2010-0442).
Enforce restrictions in plperl using an opmask applied to the
whole interpreter, instead of using Safe.pm (Tim Bunce, Andrew Dunstan)
Recent developments have convinced us that
Safe.pm is too insecure to
rely on for making plperl
trustable. This change removes use of Safe.pm altogether, in favor of using a
separate interpreter with an opcode mask that is always
applied. Pleasant side effects of the change include that
it is now possible to use Perl's strict pragma in a natural way in
plperl, and that Perl's
$a and $b variables work as expected in sort
routines, and that function compilation is significantly
faster. (CVE-2010-1169)
Prevent PL/Tcl from executing untrustworthy code from
pltcl_modules (Tom)
PL/Tcl's feature for autoloading Tcl code from a
database table could be exploited for trojan-horse
attacks, because there was no restriction on who could
create or insert into that table. This change disables
the feature unless pltcl_modules is owned by a
superuser. (However, the permissions on the table are not
checked, so installations that really need a
less-than-secure modules table can still grant suitable
privileges to trusted non-superusers.) Also, prevent
loading code into the unrestricted “normal” Tcl
interpreter unless we are really going to execute a
pltclu function.
(CVE-2010-1170)
Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane)
This change prevents security problems that can be
caused by subverting Perl or Tcl code that will be
executed later in the same session under another SQL user
identity (for example, within a SECURITY DEFINER function). Most
scripting languages offer numerous ways that that might
be done, such as redefining standard functions or
operators called by the target function. Without this
change, any SQL user with Perl or Tcl language usage
rights can do essentially anything with the SQL
privileges of the target function's owner.
The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already.
It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes.
Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
Fix buffer overrun in contrib/intarray's input function for
the query_int type (Apple)
This bug is a security risk since the function's return address could be overwritten. Thanks to Apple Inc's security team for reporting this issue and supplying the fix. (CVE-2010-4015)
Require execute permission on the trigger function for
CREATE TRIGGER (Robert
Haas)
This missing check could allow another user to execute
a trigger function with forged input data, by installing
it on a table he owns. This is only of significance for
trigger functions marked SECURITY
DEFINER, since otherwise trigger functions run as
the table owner anyway. (CVE-2012-0866)
Remove arbitrary limitation on length of common name in SSL certificates (Heikki Linnakangas)
Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867)
Convert newlines to spaces in names written in pg_dump comments (Robert Haas)
pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868)
Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer)
If a password string contained the byte value
0x80, the remainder of the
password was ignored, causing the password to be much
weaker than it appeared. With this fix, the rest of the
string is properly included in the DES hash. Any stored
password values that are affected by this bug will thus
no longer match, so the stored values may need to be
updated. (CVE-2012-2143)
Ignore SECURITY DEFINER
and SET attributes for a
procedural language's call handler (Tom Lane)
Applying such attributes to a call handler could crash the server. (CVE-2012-2655)
Prevent access to external files/URLs via XML entity references (Noah Misch, Tom Lane)
xml_parse() would
attempt to fetch external files or URLs as needed to
resolve DTD and entity references in an XML value, thus
allowing unprivileged database users to attempt to fetch
data with the privileges of the database server. While
the external data wouldn't get returned directly to the
user, portions of it could be exposed in error messages
if the data didn't parse as valid XML; and in any case
the mere ability to check existence of a file might be
useful to an attacker. (CVE-2012-3489)
Prevent access to external files/URLs via contrib/xml2's xslt_process() (Peter Eisentraut)
libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. Disable that through proper use of libxslt's security options. (CVE-2012-3488)
Also, remove xslt_process()'s ability to fetch
documents and stylesheets from external files/URLs. While
this was a documented “feature”, it was long regarded as a
bad idea. The fix for CVE-2012-3489 broke that
capability, and rather than expend effort on trying to
fix it, we're just going to summarily remove it.
Prevent execution of enum_recv from SQL (Tom Lane)
The function was misdeclared, allowing a simple SQL command to crash the server. In principle an attacker might be able to use it to examine the contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue. (CVE-2013-0255)
Fix insecure parsing of server command-line switches (Mitsumasa Kondo, Kyotaro Horiguchi)
A connection request containing a database name that
begins with “-”
could be crafted to damage or destroy files within the
server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
Reset OpenSSL randomness state in each postmaster child process (Marko Kreen)
This avoids a scenario wherein random numbers
generated by contrib/pgcrypto functions might be
relatively easy for another database user to guess. The
risk is only significant when the postmaster is
configured with ssl =
on but most connections
don't use SSL encryption. (CVE-2013-1900)
Make REPLICATION privilege checks test current user not authenticated user (Noah Misch)
An unprivileged database user could exploit this
mistake to call pg_start_backup() or pg_stop_backup(), thus possibly
interfering with creation of routine backups.
(CVE-2013-1901)
Shore up GRANT ... WITH ADMIN
OPTION restrictions (Noah Misch)
Granting a role without ADMIN
OPTION is supposed to prevent the grantee from
adding or removing members from the granted role, but
this restriction was easily bypassed by doing
SET ROLE first. The security
impact is mostly that a role member can revoke the access
of others, contrary to the wishes of his grantor.
Unapproved role member additions are a lesser concern,
since an uncooperative role member could provide most of
his rights to others anyway by creating views or
SECURITY DEFINER functions.
(CVE-2014-0060)
Prevent privilege escalation via manual calls to PL validator functions (Andres Freund)
The primary role of PL validator functions is to be
called implicitly during CREATE
FUNCTION, but they are also normal SQL functions
that a user can call explicitly. Calling a validator on a
function actually written in some other language was not
checked for and could be exploited for
privilege-escalation purposes. The fix involves adding a
call to a privilege-checking function in each validator
function. Non-core procedural languages will also need to
make this change to their own validator functions, if
any. (CVE-2014-0061)
Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund)
If the name lookups come to different conclusions due
to concurrent activity, we might perform some parts of
the DDL on a different table than other parts. At least
in the case of CREATE INDEX,
this can be used to cause the permissions checks to be
performed against a different table than the index
creation, allowing for a privilege escalation attack.
(CVE-2014-0062)
Prevent buffer overrun with long datetime strings (Noah Misch)
The MAXDATELEN constant
was too small for the longest possible value of type
interval, allowing a buffer
overrun in interval_out().
Although the datetime input functions were more careful
about avoiding buffer overrun, the limit was short enough
to cause them to reject some valid inputs, such as input
containing a very long timezone name. The ecpg library contained these
vulnerabilities along with some of its own.
(CVE-2014-0063)
Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas)
Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064)
Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)
Use strlcpy() and
related functions to provide a clear guarantee that
fixed-size buffers are not overrun. Unlike the preceding
items, it is unclear whether these cases really represent
live issues, since in most cases there appear to be
previous constraints on the size of the input string.
Nonetheless it seems prudent to silence all Coverity
warnings of this type. (CVE-2014-0065)
Avoid crashing if crypt() returns NULL (Honza Horak,
Bruce Momjian)
There are relatively few scenarios in which
crypt() could return NULL,
but contrib/chkpass would
crash if it did. One practical case in which this could
be an issue is if libc
is configured to refuse to execute unapproved hashing
algorithms (e.g., “FIPS mode”). (CVE-2014-0066)
Document risks of make
check in the regression testing instructions (Noah
Misch, Tom Lane)
Since the temporary server started by make check uses “trust”
authentication, another user on the same machine could
connect to it as database superuser, and then potentially
exploit the privileges of the operating-system user who
started the tests. A future release will probably
incorporate changes in the testing procedure to prevent
this risk, but some public discussion is needed first. So
for the moment, just warn people against using
make check when there are
untrusted users on the same machine. (CVE-2014-0067)
Secure Unix-domain sockets of temporary postmasters
started during make check
(Noah Misch)
Any local user able to access the socket file could
connect as the server's bootstrap superuser, then proceed
to execute arbitrary code as the operating-system user
running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by
placing the server's socket in a temporary, mode 0700
subdirectory of /tmp. The
hazard remains however on platforms where Unix sockets
are not supported, notably Windows, because then the
temporary postmaster must accept local TCP
connections.
A useful side effect of this change is to simplify
make check testing in builds
that override DEFAULT_PGSOCKET_DIR. Popular
non-default values like /var/run/postgresql are often not
writable by the build user, requiring workarounds that
will no longer be necessary.
Fix buffer overruns in to_char() (Bruce Momjian)
When to_char() processes a numeric formatting template calling for a large number of digits, PostgreSQL would read past the end of a buffer. When processing a crafted timestamp formatting template, PostgreSQL would write past the end of a buffer. Either case could crash the server. We have not ruled out the possibility of attacks that lead to privilege escalation, though they seem unlikely. (CVE-2015-0241)
Fix buffer overrun in replacement *printf() functions (Tom Lane)
PostgreSQL includes a replacement implementation of printf and related functions. This code will overrun a stack buffer when formatting a floating point number (conversion specifiers e, E, f, F, g or G) with requested precision greater than about 500. This will crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. A database user can trigger such a buffer overrun through the to_char() SQL function. While that is the only affected core PostgreSQL functionality, extension modules that use printf-family functions may be at risk as well.
This issue primarily affects PostgreSQL on Windows. PostgreSQL uses the system implementation of these functions where adequate, which it is on other modern platforms. (CVE-2015-0242)
Fix buffer overruns in contrib/pgcrypto (Marko Tiikkaja, Noah Misch)
Errors in memory size tracking within the pgcrypto module permitted stack buffer overruns and improper dependence on the contents of uninitialized memory. The buffer overrun cases can crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. (CVE-2015-0243)
Fix possible loss of frontend/backend protocol synchronization after an error (Heikki Linnakangas)
If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit. Our thanks to Emil Lenngren for reporting this issue. (CVE-2015-0244)
Fix information leak via constraint-violation error messages (Stephen Frost)
Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the code so that values are displayed only when they came from the SQL command or could be selected by the user. (CVE-2014-8161)
Lock down regression testing's temporary installations on Windows (Noah Misch)
Use SSPI authentication to allow connections only from the OS user who launched the test suite. This closes on Windows the same vulnerability previously closed on other platforms, namely that other users might be able to connect to the test postmaster. (CVE-2014-0067)
Avoid possible crash when client disconnects just before the authentication timeout expires (Benkocs Norbert Attila)
If the timeout interrupt fired partway through the session shutdown sequence, SSL-related state would be freed twice, typically causing a crash and hence denial of service to other sessions. Experimentation shows that an unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue. (CVE-2015-3165)
Improve detection of system-call failures (Noah Misch)
Our replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure, due to our code assuming that a buffer had been overwritten when it hadn't been. Also, there were a few places in which security-relevant calls of other system library functions did not check for failure.
It remains possible that some calls of the *printf() family of functions are vulnerable to information disclosure if an out-of-memory error occurs at just the wrong time. We judge the risk to not be large, but will continue analysis in this area. (CVE-2015-3166)
In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data" (Noah Misch)
Previously, some cases of decryption with an incorrect key could report other error message texts. It has been shown that such variance in error reports can aid attackers in recovering keys from other systems. While it's unknown whether pgcrypto's specific behaviors are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message. (CVE-2015-3167)
Guard against stack overflows in json parsing (Oskari Saarenmaa)
If an application constructs PostgreSQL json or jsonb values from arbitrary user input, the application's users can reliably crash the PostgreSQL server, causing momentary denial of service. (CVE-2015-5289)
Fix contrib/pgcrypto to detect and report too-short crypt() salts (Josh Kupershmidt)
Certain invalid salt arguments crashed the server or disclosed a few bytes of server memory. We have not ruled out the viability of attacks that arrange for presence of confidential information in the disclosed bytes, but they seem unlikely. (CVE-2015-5288)
Fix infinite loops and buffer-overrun problems in regular expressions (Tom Lane)
Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773)
Prevent certain PL/Java parameters from being set by non-superusers (Noah Misch)
This change mitigates a PL/Java security bug (CVE-2016-0766), which was fixed in PL/Java by marking these parameters as superuser-only. To fix the security hazard for sites that update PostgreSQL more frequently than PL/Java, make the core code aware of them also.
Maintain row-security status properly in cached plans (Stephen Frost)
In a session that performs queries as more than one role, the plan cache might incorrectly re-use a plan that was generated for another role ID, thus possibly applying the wrong set of policies when row-level security (RLS) is in use. (CVE-2016-2193)
Add must-be-superuser checks to some new contrib/pageinspect functions (Andreas Seltenreich)
Most functions in the pageinspect extension that inspect bytea values disallow calls by non-superusers, but brin_page_type() and brin_metapage_info() failed to do so. Passing contrived bytea values to them might crash the server or disclose a few bytes of server memory. Add the missing permissions checks to prevent misuse. (CVE-2016-3065)
Fix possible mis-evaluation of nested CASE-WHEN expressions (Heikki Linnakangas, Michael Paquier, Tom Lane)
A CASE expression appearing within the test value subexpression of another CASE could become confused about whether its own test value was null or not. Also, inlining of a SQL function implementing the equality operator used by a CASE expression could result in passing the wrong test value to functions called within a CASE expression in the SQL function's body. If the test values were of different data types, a crash might result; moreover such situations could be abused to allow disclosure of portions of server memory. (CVE-2016-5423)
Fix client programs' handling of special characters in database and role names (Noah Misch, Nathan Bossart, Michael Paquier)
Numerous places in vacuumdb and other client programs could become confused by database and role names containing double quotes or backslashes. Tighten up quoting rules to make that safe. Also, ensure that when a conninfo string is used as a database name parameter to these programs, it is correctly treated as such throughout.
Fix handling of paired double quotes in psql's \connect and \password commands to match the documentation.
Introduce a new -reuse-previous option in psql's \connect command to allow explicit control of whether to re-use connection parameters from a previous connection. (Without this, the choice is based on whether the database name looks like a conninfo string, as before.) This allows secure handling of database names containing special characters in pg_dumpall scripts.
pg_dumpall now refuses to deal with database and role names containing carriage returns or newlines, as it seems impractical to quote those characters safely on Windows. In future we may reject such names on the server side, but that step has not been taken yet.
These are considered security fixes because crafted object names containing special characters could have been used to execute commands with superuser privileges the next time a superuser executes pg_dumpall or other routine maintenance operations. (CVE-2016-5424)
Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options (Michael Paquier, Feike Steenbergen)
The previous coding allowed the owner of a foreign server object, or anyone he has granted server USAGE permission to, to see the options for all user mappings associated with that server. This might well include passwords for other users. Adjust the view definition to match the behavior of information_schema.user_mapping_options, namely that these options are visible to the user being mapped, or if the mapping is for PUBLIC and the current user is the server owner, or if the current user is a superuser. (CVE-2017-7486)
By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, follow the corrected procedure shown in the changelog entry for CVE-2017-7547, in Section E.13.
Prevent exposure of statistical information via leaky operators (Peter Eisentraut)
Some selectivity estimation functions in the planner will apply user-defined operators to values obtained from pg_statistic, such as most common values and histogram entries. This occurs before table permissions are checked, so a nefarious user could exploit the behavior to obtain these values for table columns he does not have permission to read. To fix, fall back to a default estimate if the operator's implementation function is not certified leak-proof and the calling user does not have permission to read the table column whose statistics are needed. At least one of these criteria is satisfied in most cases in practice. (CVE-2017-7484)
Restore libpq's recognition of the PGREQUIRESSL environment variable (Daniel Gustafsson)
Processing of this environment variable was unintentionally dropped in PostgreSQL 9.3, but its documentation remained. This creates a security hazard, since users might be relying on the environment variable to force SSL-encrypted connections, but that would no longer be guaranteed. Restore handling of the variable, but give it lower priority than PGSSLMODE, to avoid breaking configurations that work correctly with post-9.3 code. (CVE-2017-7485)
Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options (Noah Misch)
The fix for CVE-2017-7486 was incorrect: it allowed a user to see the options in her own user mapping, even if she did not have USAGE permission on the associated foreign server. Such options might include a password that had been provided by the server owner rather than the user herself. Since information_schema.user_mapping_options does not show the options in such cases, pg_user_mappings should not either. (CVE-2017-7547)
By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, you will need to do the following:
Restart the postmaster after adding allow_system_table_mods = true to postgresql.conf. (In versions supporting ALTER SYSTEM, you can use that to make the configuration change, but you'll still need a restart.)
In each database of the cluster, run the following commands as superuser:
SET search_path = pg_catalog;
CREATE OR REPLACE VIEW pg_user_mappings AS
SELECT
U.oid AS umid,
S.oid AS srvid,
S.srvname AS srvname,
U.umuser AS umuser,
CASE WHEN U.umuser = 0 THEN
'public'
ELSE
A.rolname
END AS usename,
CASE WHEN (U.umuser <> 0 AND A.rolname = current_user
AND (pg_has_role(S.srvowner, 'USAGE')
OR has_server_privilege(S.oid, 'USAGE')))
OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
THEN U.umoptions
ELSE NULL END AS umoptions
FROM pg_user_mapping U
LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN
pg_foreign_server S ON (U.umserver = S.oid);Do not forget to include the template0 and template1 databases, or the vulnerability will still exist in databases you create later. To fix template0, you'll need to temporarily make it accept connections. In PostgreSQL 9.5 and later, you can use
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
and then after fixing template0, undo that with
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
In prior versions, instead use
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
Finally, remove the allow_system_table_mods configuration setting, and again restart the postmaster.
Disallow empty passwords in all password-based authentication methods (Heikki Linnakangas)
libpq ignores empty password specifications, and does not transmit them to the server. So, if a user's password has been set to the empty string, it's impossible to log in with that password via psql or other libpq-based clients. An administrator might therefore believe that setting the password to empty is equivalent to disabling password login. However, with a modified or non-libpq-based client, logging in could be possible, depending on which authentication method is configured. In particular the most common method, md5, accepted empty passwords. Change the server to reject empty passwords in all cases. (CVE-2017-7546)
Make lo_put() check for UPDATE privilege on the target large object (Tom Lane, Michael Paquier)
lo_put() should surely require the same permissions as lowrite(), but the check was missing, allowing any user to change the data in a large object. (CVE-2017-7548)
Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (Dean Rasheed)
The update path of INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies (regardless of how the arbiter index was specified). (CVE-2017-15099)
Fix crash due to rowtype mismatch in json{b}_populate_recordset() (Michael Paquier, Tom Lane)
These functions used the result rowtype specified in the FROM ... AS clause without checking that it matched the actual rowtype of the supplied tuple value. If it didn't, that would usually result in a crash, though disclosure of server memory contents seems possible as well. (CVE-2017-15098)
Fix sample server-start scripts to become $PGUSER before opening $PGLOG (Noah Misch)
Previously, the postmaster log file was opened while still running as root. The database owner could therefore mount an attack against another system user by making $PGLOG be a symbolic link to some other file, which would then become corrupted by appending log messages.
By default, these scripts are not installed anywhere. Users who have made use of them will need to manually recopy them, or apply the same changes to their modified versions. If the existing $PGLOG file is root-owned, it will need to be removed or renamed out of the way before restarting the server with the corrected script. (CVE-2017-12172)
Fix processing of partition keys containing multiple expressions (Álvaro Herrera, David Rowley)
This error led to crashes or, with carefully crafted input, disclosure of arbitrary backend memory. (CVE-2018-1052)
Ensure that all temporary files made by pg_upgrade are non-world-readable (Tom Lane, Noah Misch)
pg_upgrade normally restricts its temporary files to be readable and writable only by the calling user. But the temporary file containing pg_dumpall -g output would be group- or world-readable, or even writable, if the user's umask setting allows. In typical usage on multi-user machines, the umask and/or the working directory's permissions would be tight enough to prevent problems; but there may be people using pg_upgrade in scenarios where this oversight would permit disclosure of database passwords to unfriendly eyes. (CVE-2018-1053)
Document how to configure installations and applications to guard against search-path-dependent trojan-horse attacks from other users (Noah Misch)
Using a search_path setting that includes any schemas writable by a hostile user enables that user to capture control of queries and then run arbitrary SQL code with the permissions of the attacked user. While it is possible to write queries that are proof against such hijacking, it is notationally tedious, and it's very easy to overlook holes. Therefore, we now recommend configurations in which no untrusted schemas appear in one's search path. Relevant documentation appears in Section 5.8.6 (for database administrators and users), Section 33.1 (for application authors), Section 37.15.1 (for extension authors), and CREATE FUNCTION (for authors of SECURITY DEFINER functions). (CVE-2018-1058)
Avoid use of insecure search_path settings in pg_dump and other client programs (Noah Misch, Tom Lane)
pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications were themselves vulnerable to the type of hijacking described in the previous changelog entry; since these applications are commonly run by superusers, they present particularly attractive targets. To make them secure whether or not the installation as a whole has been secured, modify them to include only the pg_catalog schema in their search_path settings. Autovacuum worker processes now do the same, as well.
In cases where user-provided functions are indirectly executed by these programs — for example, user-provided functions in index expressions — the tighter search_path may result in errors, which will need to be corrected by adjusting those user-provided functions to not assume anything about what search path they are invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058)
Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function (Stephen Frost)
pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue.
After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed. (CVE-2018-1115)
Fix failure to reset libpq's state fully between connection attempts (Tom Lane)
An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915)
Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT * FROM ... (Dean Rasheed, Amit Langote)
Erroneous expansion of an updatable view could lead to crashes or “attribute ... has the wrong type” errors, if the view's SELECT list doesn't match one-to-one with the underlying table's columns. Furthermore, this bug could be leveraged to allow updates of columns that an attacking user lacks UPDATE privilege for, if that user has INSERT and UPDATE privileges for some other column(s) of the table. Any user could also use it for disclosure of server memory. (CVE-2018-10925)
Ensure proper quoting of transition table names when pg_dump emits CREATE TRIGGER ... REFERENCING commands (Tom Lane)
This oversight could be exploited by an unprivileged user to gain superuser privileges during the next dump/reload or pg_upgrade run. (CVE-2018-16850)
Prevent row-level security policies from being bypassed via selectivity estimators (Dean Rasheed)
Some of the planner's selectivity estimators apply user-defined operators to values found in pg_statistic (e.g., most-common values). A leaky operator therefore can disclose some of the entries in a data column, even if the calling user lacks permission to read that column. In CVE-2017-7484 we added restrictions to forestall that, but we failed to consider the effects of row-level security. A user who has SQL permission to read a column, but who is forbidden to see certain rows due to RLS policy, might still learn something about those rows' contents via a leaky operator. This patch further tightens the rules, allowing leaky operators to be applied to statistics data only when there is no relevant RLS policy. (CVE-2019-10130)
Avoid access to already-freed memory during partition routing error reports (Michael Paquier)
This mistake could lead to a crash, and in principle it might be possible to use it to disclose server memory contents. (CVE-2019-10129)
Fix buffer-overflow hazards in SCRAM verifier parsing (Jonathan Katz, Heikki Linnakangas, Michael Paquier)
Any authenticated user could cause a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could suffice for executing arbitrary code as the PostgreSQL operating system account.
A similar overflow hazard existed in libpq, which could allow a rogue server to crash a client or perhaps execute arbitrary code as the client's operating system account.
The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2019-10164)
Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch)
We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.. Require this as well for casting to temporary types using functional notation, for example func_name(args)pg_temp.. Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)type_name(arg)
Fix execution of hashed subplans that require cross-type comparison (Tom Lane, Andreas Seltenreich)
Hashed subplans used the outer query's original comparison operator to compare entries of the hash table. This is the wrong thing if that operator is cross-type, since all the hash table entries will be of the subquery's output type. For the set of hashable cross-type operators in core PostgreSQL, this mistake seems nearly harmless on 64-bit machines, but it can result in crashes or perhaps unauthorized disclosure of server memory on 32-bit machines. Extensions might provide hashable cross-type operators that create larger risks. (CVE-2019-10209)
| Config parameter: | Default value: |
|---|---|
| Current client encoding | 'SQL_ASCII' |
| Current server encoding | 'SQL_ASCII' |
| Seed for random number generator | unavailable |
| TRANSACTION ISOLATION LEVEL | READ COMMITTED |
| Time zone | unset |
| australian_timezones | off |
| checkpoint_segments | 3 |
| debug_level | 0 |
| debug_print_query | off |
| fixbtree | on |
| geqo_random_seed | -1 |
| hostname_lookup | off |
| ksqo | off |
| log_pid | off |
| log_timestamp | off |
| max_expr_depth | 10000 |
| max_fsm_pages | 10000 |
| max_fsm_relations | 100 |
| show_executor_stats | off |
| show_parser_stats | off |
| show_planner_stats | off |
| show_query_stats | off |
| show_source_port | off |
| silent_mode | off |
| sort_mem | 512 |
| sql_inheritance | on |
| stats_block_level | off |
| stats_command_string | off |
| stats_reset_on_server_start | on |
| stats_row_level | off |
| stats_start_collector | on |
| tcpip_socket | off |
| unix_socket_directory | unset |
| vacuum_mem | 8192 |
| virtual_host | unset |
| wal_debug | 0 |
| wal_files | 0 |
| Config parameter: | Default value in Pg 7.2.8: | Default value in Pg 12.1: |
|---|---|---|
| DateStyle | ISO with US (NonEuropean) conventions | ISO, MDY |
| cpu_index_tuple_cost | 0.001 | 0.005 |
| debug_pretty_print | off | on |
| effective_cache_size | 1000 | 524288 |
| geqo_effort | 1 | 5 |
| geqo_threshold | 11 | 12 |
| krb_server_keyfile | unset | |
| max_connections | 32 | 100 |
| password_encryption | off | md5 |
| shared_buffers | 64 | 16384 |
| unix_socket_group | unset | |
| unix_socket_permissions | 511 | 0777 |
| wal_buffers | 8 | 512 |
| wal_sync_method | open_datasync | fdatasync |
⇑ Upgrade to 7.3 released on 2002-11-27 - docs
Add pg_locks view to show locks (Neil)
Security fixes for password negotiation memory allocation (Neil)
Remove support for version 0 FE/BE protocol (PostgreSQL 6.2 and earlier) (Tom)
Reserve the last few backend slots for superusers, add parameter superuser_reserved_connections to control this (Nigel J. Andrews)
Improve startup by calling localtime() only once (Tom)
Cache system catalog information in flat files for faster startup (Tom)
Improve caching of index information (Tom)
Optimizer improvements (Tom, Fernando Nasser)
Catalog caches now store failed lookups (Tom)
Hash function improvements (Neil)
Improve performance of query tokenization and network handling (Peter)
Speed improvement for large object restore (Mario Weilguni)
Mark expired index entries on first lookup, saving later heap fetches (Tom)
Avoid excessive NULL bitmap padding (Manfred Koizar)
Add BSD-licensed qsort() for Solaris, for performance (Bruce)
Reduce per-row overhead by four bytes (Manfred Koizar)
Fix GEQO optimizer bug (Neil Conway)
Make WITHOUT OID actually save four bytes per row (Manfred Koizar)
Add default_statistics_target variable to specify ANALYZE buckets (Neil)
Use local buffer cache for temporary tables so no WAL overhead (Tom)
Improve free space map performance on large tables (Stephen Marshall, Tom)
Improved WAL write concurrency (Tom)
Add privileges on functions and procedural languages (Peter)
Add OWNER to CREATE DATABASE so superusers can create databases on behalf of unprivileged users (Gavin Sherry, Tom)
Add new object privilege bits EXECUTE and USAGE (Tom)
Add SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION (Tom)
Allow functions to be executed with the privilege of the function owner (Peter)
Server log messages now tagged with LOG, not DEBUG (Bruce)
Add user column to pg_hba.conf (Bruce)
Have log_connections output two lines in log file (Tom)
Remove debug_level from postgresql.conf, now server_min_messages (Bruce)
New ALTER DATABASE/USER ... SET command for per-user/database initialization (Peter)
New parameters server_min_messages and client_min_messages to control which messages are sent to the server logs or client applications (Bruce)
Allow pg_hba.conf to specify lists of users/databases separated by commas, group names prepended with +, and file names prepended with @ (Bruce)
Remove secondary password file capability and pg_password utility (Bruce)
Add variable db_user_namespace for database-local user names (Bruce)
SSL improvements (Bear Giles)
Make encryption of stored passwords the default (Bruce)
Allow statistics collector to be reset by calling pg_stat_reset() (Christopher)
Add log_duration parameter (Bruce)
Rename debug_print_query to log_statement (Bruce)
Rename show_query_stats to show_statement_stats (Bruce)
Add param log_min_error_statement to print commands to logs on error (Gavin)
Make cursors insensitive, meaning their contents do not change (Tom)
Disable LIMIT #,# syntax; now only LIMIT # OFFSET # supported (Bruce)
Increase identifier length to 63 (Neil, Bruce)
UNION fixes for merging >= 3 columns of different lengths (Tom)
Add DEFAULT key word to INSERT, e.g., INSERT ... (..., DEFAULT, ...) (Rod)
Allow views to have default values using ALTER COLUMN ... SET DEFAULT (Neil)
Fail on INSERTs with column lists that don't supply all column values, e.g., INSERT INTO tab (col1, col2) VALUES ('val1'); (Rod)
Fix for join aliases (Tom)
Fix for FULL OUTER JOINs (Tom)
Improve reporting of invalid identifier and location (Tom, Gavin)
Fix OPEN cursor(args) (Tom)
Allow 'ctid' to be used in a view and currtid(viewname) (Hiroshi)
Fix for CREATE TABLE AS with UNION (Tom)
SQL99 syntax improvements (Thomas)
Add statement_timeout variable to cancel queries (Bruce)
Allow prepared queries with PREPARE/EXECUTE (Neil)
Allow FOR UPDATE to appear after LIMIT/OFFSET (Bruce)
Add variable autocommit (Tom, David Van Wie)
Make equals signs optional in CREATE DATABASE (Gavin Sherry)
Make ALTER TABLE OWNER change index ownership too (Neil)
New ALTER TABLE tabname ALTER COLUMN colname SET STORAGE controls TOAST storage, compression (John Gray)
Add schema support, CREATE/DROP SCHEMA (Tom)
Create schema for temporary tables (Tom)
Add variable search_path for schema search (Tom)
Add ALTER TABLE SET/DROP NOT NULL (Christopher)
New CREATE FUNCTION volatility levels (Tom)
Make rule names unique only per table (Tom)
Add 'ON tablename' clause to DROP RULE and COMMENT ON RULE (Tom)
Add ALTER TRIGGER RENAME (Joe)
New current_schema() and current_schemas() inquiry functions (Tom)
Allow functions to return multiple rows (table functions) (Joe)
Make WITH optional in CREATE DATABASE, for consistency (Bruce)
Add object dependency tracking (Rod, Tom)
Add RESTRICT/CASCADE to DROP commands (Rod)
Add ALTER TABLE DROP for non-CHECK CONSTRAINT (Rod)
Autodestroy sequence on DROP of table with SERIAL (Rod)
Prevent column dropping if column is used by foreign key (Rod)
Automatically drop constraints/functions when object is dropped (Rod)
Add CREATE/DROP OPERATOR CLASS (Bill Studenmund, Tom)
Add ALTER TABLE DROP COLUMN (Christopher, Tom, Hiroshi)
Prevent inherited columns from being removed or renamed (Alvaro Herrera)
Fix foreign key constraints to not error on intermediate database states (Stephan)
Propagate column or table renaming to foreign key constraints
Add CREATE OR REPLACE VIEW (Gavin, Neil, Tom)
Add CREATE OR REPLACE RULE (Gavin, Neil, Tom)
Have rules execute alphabetically, returning more predictable values (Tom)
Triggers are now fired in alphabetical order (Tom)
Add /contrib/adddepend to handle pre-7.3 object dependencies (Rod)
Allow better casting when inserting/updating values (Tom)
Have COPY TO output embedded carriage returns and newlines as \r and \n (Tom)
Allow DELIMITER in COPY FROM to be 8-bit clean (Tatsuo)
Make pg_dump use ALTER TABLE ADD PRIMARY KEY, for performance (Neil)
Disable brackets in multistatement rules (Bruce)
Disable VACUUM from being called inside a function (Bruce)
Allow dropdb and other scripts to use identifiers with spaces (Bruce)
Restrict database comment changes to the current database
Allow comments on operators, independent of the underlying function (Rod)
Rollback SET commands in aborted transactions (Tom)
EXPLAIN now outputs as a query (Tom)
Display condition expressions and sort keys in EXPLAIN (Tom)
Add 'SET LOCAL var = value' to set configuration variables for a single transaction (Tom)
Allow ANALYZE to run in a transaction (Bruce)
Improve COPY syntax using new WITH clauses, keep backward compatibility (Bruce)
Fix pg_dump to consistently output tags in non-ASCII dumps (Bruce)
Make foreign key constraints clearer in dump file (Rod)
Add COMMENT ON CONSTRAINT (Rod)
Allow COPY TO/FROM to specify column names (Brent Verner)
Dump UNIQUE and PRIMARY KEY constraints as ALTER TABLE (Rod)
Have SHOW output a query result (Joe)
Generate failure on short COPY lines rather than pad NULLs (Neil)
Fix CLUSTER to preserve all table attributes (Alvaro Herrera)
New pg_settings table to view/modify GUC settings (Joe)
Add smart quoting, portability improvements to pg_dump output (Peter)
Dump serial columns out as SERIAL (Tom)
Enable large file support, >2G for pg_dump (Peter, Philip Warner, Bruce)
Disallow TRUNCATE on tables that are involved in referential constraints (Rod)
Have TRUNCATE also auto-truncate the toast table of the relation (Tom)
Add clusterdb utility that will auto-cluster an entire database based on previous CLUSTER operations (Alvaro Herrera)
Overhaul pg_dumpall (Peter)
Allow REINDEX of TOAST tables (Tom)
Implemented START TRANSACTION, per SQL99 (Neil)
Fix rare index corruption when a page split affects bulk delete (Tom)
Fix ALTER TABLE ... ADD COLUMN for inheritance (Alvaro Herrera)
Fix factorial(0) to return 1 (Bruce)
Date/time/timezone improvements (Thomas)
Fix for array slice extraction (Tom)
Fix extract/date_part to report proper microseconds for timestamp (Tatsuo)
Allow text_substr() and bytea_substr() to read TOAST values more efficiently (John Gray)
Add domain support (Rod)
Make WITHOUT TIME ZONE the default for TIMESTAMP and TIME data types (Thomas)
Allow alternate storage scheme of 64-bit integers for date/time types using --enable-integer-datetimes in configure (Thomas)
Make timezone(timestamptz) return timestamp rather than a string (Thomas)
Allow fractional seconds in date/time types for dates prior to 1BC (Thomas)
Limit timestamp data types to 6 decimal places of precision (Thomas)
Change timezone conversion functions from timetz() to timezone() (Thomas)
Add configuration variables datestyle and timezone (Tom)
Add OVERLAY(), which allows substitution of a substring in a string (Thomas)
Add SIMILAR TO (Thomas, Tom)
Add regular expression SUBSTRING(string FROM pat FOR escape) (Thomas)
Add LOCALTIME and LOCALTIMESTAMP functions (Thomas)
Add named composite types using CREATE TYPE typename AS (column) (Joe)
Allow composite type definition in the table alias clause (Joe)
Add new API to simplify creation of C language table functions (Joe)
Remove ODBC-compatible empty parentheses from calls to SQL99 functions for which these parentheses do not match the standard (Thomas)
Allow macaddr data type to accept 12 hex digits with no separators (Mike Wyer)
Add CREATE/DROP CAST (Peter)
Add IS DISTINCT FROM operator (Thomas)
Add SQL99 TREAT() function, synonym for CAST() (Thomas)
Add pg_backend_pid() to output backend pid (Bruce)
Add IS OF / IS NOT OF type predicate (Thomas)
Allow bit string constants without fully-specified length (Thomas)
Allow conversion between 8-byte integers and bit strings (Thomas)
Implement hex literal conversion to bit string literal (Thomas)
Allow table functions to appear in the FROM clause (Joe)
Increase maximum number of function parameters to 32 (Bruce)
No longer automatically create index for SERIAL column (Tom)
Add current_database() (Rod)
Fix cash_words() to not overflow buffer (Tom)
Add functions replace(), split_part(), to_hex() (Joe)
Fix LIKE for bytea as a right-hand argument (Joe)
Prevent crashes caused by SELECT cash_out(2) (Tom)
Fix to_char(1,'FM999.99') to return a period (Karel)
Fix trigger/type/language functions returning OPAQUE to return proper type (Tom)
Add additional encodings: Korean (JOHAB), Thai (WIN874), Vietnamese (TCVN), Arabic (WIN1256), Simplified Chinese (GBK), Korean (UHC) (Eiji Tokuya)
Enable locale support by default (Peter)
Add locale variables (Peter)
Escape byes >= 0x7f for multibyte in PQescapeBytea/PQunescapeBytea (Tatsuo)
Add locale awareness to regular expression character classes
Enable multibyte support by default (Tatsuo)
Add GB18030 multibyte support (Bill Huang)
Add CREATE/DROP CONVERSION, allowing loadable encodings (Tatsuo, Kaori)
Add pg_conversion table (Tatsuo)
Add SQL99 CONVERT() function (Tatsuo)
pg_dumpall, pg_controldata, and pg_resetxlog now national-language aware (Peter)
New and updated translations
Allow recursive SQL function (Peter)
Change PL/Tcl build to use configured compiler and Makefile.shlib (Peter)
Overhaul the PL/pgSQL FOUND variable to be more Oracle-compatible (Neil, Tom)
Allow PL/pgSQL to handle quoted identifiers (Tom)
Allow set-returning PL/pgSQL functions (Neil)
Make PL/pgSQL schema-aware (Joe)
Remove some memory leaks (Nigel J. Andrews, Tom)
Don't lowercase psql \connect database name for 7.2.0 compatibility (Tom)
Add psql \timing to time user queries (Greg Sabino Mullane)
Have psql \d show index information (Greg Sabino Mullane)
New psql \dD shows domains (Jonathan Eisler)
Allow psql to show rules on views (Paul ?)
Fix for psql variable substitution (Tom)
Allow psql \d to show temporary table structure (Tom)
Allow psql \d to show foreign keys (Rod)
Fix \? to honor \pset pager (Bruce)
Have psql reports its version number on startup (Tom)
Allow \copy to specify column names (Tom)
Add ~/.pgpass to store host/user password combinations (Alvaro Herrera)
Add PQunescapeBytea() function to libpq (Patrick Welche)
Fix for sending large queries over non-blocking connections (Bernhard Herzog)
Fix for libpq using timers on Win9X (David Ford)
Allow libpq notify to handle servers with different-length identifiers (Tom)
Add libpq PQescapeString() and PQescapeBytea() to Windows (Bruce)
Fix for SSL with non-blocking connections (Jack Bates)
Add libpq connection timeout parameter (Denis A Ustimenko)
Allow JDBC to compile with JDK 1.4 (Dave)
Add JDBC 3 support (Barry)
Allows JDBC to set loglevel by adding ?loglevel=X to the connection URL (Barry)
Add Driver.info() message that prints out the version number (Barry)
Add updateable result sets (Raghu Nidagal, Dave)
Add support for callable statements (Paul Bethe)
Add query cancel capability
Add refresh row (Dave)
Fix MD5 encryption handling for multibyte servers (Jun Kawai)
Add support for prepared statements (Barry)
Fixed ECPG bug concerning octal numbers in single quotes (Michael)
Move src/interfaces/libpgeasy to http://gborg.postgresql.org (Marc, Bruce)
Improve Python interface (Elliot Lee, Andrew Johnson, Greg Copeland)
Add libpgtcl connection close event (Gerhard Hintermayer)
Move src/interfaces/libpq++ to http://gborg.postgresql.org (Marc, Bruce)
Move src/interfaces/odbc to http://gborg.postgresql.org (Marc)
Move src/interfaces/perl5 to http://gborg.postgresql.org (Marc, Bruce)
Remove src/bin/pgaccess from main tree, now at http://www.pgaccess.org (Bruce)
Add pg_on_connection_loss command to libpgtcl (Gerhard Hintermayer, Tom)
Fix for parallel make (Peter)
AIX fixes for linking Tcl (Andreas Zeugswetter)
Allow PL/Perl to build under Cygwin (Jason Tishler)
Improve MIPS compiles (Peter, Oliver Elphick)
Require Autoconf version 2.53 (Peter)
Require readline and zlib by default in configure (Peter)
Allow Solaris to use Intimate Shared Memory (ISM), for performance (Scott Brunza, P.J. Josh Rovero)
Always enable syslog in compile, remove --enable-syslog option (Tatsuo)
Always enable multibyte in compile, remove --enable-multibyte option (Tatsuo)
Always enable locale in compile, remove --enable-locale option (Peter)
Fix for Win9x DLL creation (Magnus Naeslund)
Fix for link() usage by WAL code on Windows, BeOS (Jason Tishler)
Add sys/types.h to c.h, remove from main files (Peter, Bruce)
Fix AIX hang on SMP machines (Tomoyuki Niijima)
AIX SMP hang fix (Tomoyuki Niijima)
Fix pre-1970 date handling on newer glibc libraries (Tom)
Fix PowerPC SMP locking (Tom)
Prevent gcc -ffast-math from being used (Peter, Tom)
Bison >= 1.50 now required for developer builds
Kerberos 5 support now builds with Heimdal (Peter)
Add appendix in the User's Guide which lists SQL features (Thomas)
Improve loadable module linking to use RTLD_NOW (Tom)
New error levels WARNING, INFO, LOG, DEBUG[1-5] (Bruce)
New src/port directory holds replaced libc functions (Peter, Bruce)
New pg_namespace system catalog for schemas (Tom)
Add pg_class.relnamespace for schemas (Tom)
Add pg_type.typnamespace for schemas (Tom)
Add pg_proc.pronamespace for schemas (Tom)
Restructure aggregates to have pg_proc entries (Tom)
System relations now have their own namespace, pg_* test not required (Fernando Nasser)
Rename TOAST index names to be *_index rather than *_idx (Neil)
Add namespaces for operators, opclasses (Tom)
Add additional checks to server control file (Thomas)
New Polish FAQ (Marcin Mazurek)
Add Posix semaphore support (Tom)
Document need for reindex (Bruce)
Rename some internal identifiers to simplify Windows compile (Jan, Katherine Ward)
Add documentation on computing disk space (Bruce)
Remove KSQO from GUC (Bruce)
Fix memory leak in rtree (Kenneth Been)
Modify a few error messages for consistency (Bruce)
Remove unused system table columns (Peter)
Make system columns NOT NULL where appropriate (Tom)
Clean up use of sprintf in favor of snprintf() (Neil, Jukka Holappa)
Remove OPAQUE and create specific subtypes (Tom)
Cleanups in array internal handling (Joe, Tom)
Disallow pg_atoi('') (Bruce)
Remove parameter wal_files because WAL files are now recycled (Bruce)
Add version numbers to heap pages (Tom)
Allow inet arrays in /contrib/array (Neil)
GiST fixes (Teodor Sigaev, Neil)
Upgrade /contrib/mysql
Add /contrib/dbsize which shows table sizes without vacuum (Peter)
Add /contrib/intagg, integer aggregator routines (mlw)
Improve /contrib/oid2name (Neil, Bruce)
Improve /contrib/tsearch (Oleg, Teodor Sigaev)
Cleanups of /contrib/rserver (Alexey V. Borzov)
Update /contrib/oracle conversion utility (Gilles Darold)
Update /contrib/dblink (Joe)
Improve options supported by /contrib/vacuumlo (Mario Weilguni)
Improvements to /contrib/intarray (Oleg, Teodor Sigaev, Andrey Oktyabrski)
Add /contrib/reindexdb utility (Shaun Thomas)
Add indexing to /contrib/isbn_issn (Dan Weston)
Add /contrib/dbmirror (Steven Singer)
Improve /contrib/pgbench (Neil)
Add /contrib/tablefunc table function examples (Joe)
Add /contrib/ltree data type for tree structures (Teodor Sigaev, Oleg Bartunov)
Move /contrib/pg_controldata, pg_resetxlog into main tree (Bruce)
Fixes to /contrib/cube (Bruno Wolff)
Improve /contrib/fulltextindex (Christopher)
⇑ Upgrade to 7.3.1 released on 2002-12-18 - docs
Fix a core dump of COPY TO when client/server encodings don't match (Tom)
Allow pg_dump to work with pre-7.2 servers (Philip)
contrib/adddepend fixes (Tom)
Fix problem with deletion of per-user/per-database config settings (Tom)
contrib/vacuumlo fix (Tom)
Allow 'password' encryption even when pg_shadow contains MD5 passwords (Bruce)
contrib/dbmirror fix (Steven Singer)
Optimizer fixes (Tom)
contrib/tsearch fixes (Teodor Sigaev, Magnus)
Allow locale names to be mixed case (Nicolai Tufar)
Increment libpq library's major version number (Bruce)
pg_hba.conf error reporting fixes (Bruce, Neil)
Add SCO Openserver 5.0.4 as a supported platform (Bruce)
Prevent EXPLAIN from crashing server (Tom)
SSL fixes (Nathan Mueller)
Prevent composite column creation via ALTER TABLE (Tom)
⇑ Upgrade to 7.3.2 released on 2003-02-04 - docs
Restore creation of OID column in CREATE TABLE AS / SELECT INTO
Fix pg_dump core dump when dumping views having comments
Dump DEFERRABLE/INITIALLY DEFERRED constraints properly
Fix UPDATE when child table's column numbering differs from parent
Increase default value of max_fsm_relations
Fix problem when fetching backwards in a cursor for a single-row query
Make backward fetch work properly with cursor on SELECT DISTINCT query
Fix problems with loading pg_dump files containing contrib/lo usage
Fix problem with all-numeric user names
Fix possible memory leak and core dump during disconnect in libpgtcl
Make plpython's spi_execute command handle nulls properly (Andrew Bosma)
Adjust plpython error reporting so that its regression test passes again
Work with bison 1.875
Handle mixed-case names properly in plpgsql's %type (Neil)
Fix core dump in pltcl when executing a query rewritten by a rule
Repair array subscript overruns (per report from Yichen Xie)
Reduce MAX_TIME_PRECISION from 13 to 10 in floating-point case
Correctly case-fold variable names in per-database and per-user settings
Fix coredump in plpgsql's RETURN NEXT when SELECT into record returns no rows
Fix outdated use of pg_type.typprtlen in python client interface
Correctly handle fractional seconds in timestamps in JDBC driver
Improve performance of getImportedKeys() in JDBC
Make shared-library symlinks work standardly on HPUX (Giles)
Repair inconsistent rounding behavior for timestamp, time, interval
SSL negotiation fixes (Nathan Mueller)
Make libpq's ~/.pgpass feature work when connecting with PQconnectDB
Update my2pg, ora2pg
Translation updates
Add casts between types lo and oid in contrib/lo
fastpath code now checks for privilege to call function
⇑ Upgrade to 7.3.3 released on 2003-05-22 - docs
Repair sometimes-incorrect computation of StartUpID after a crash
Avoid slowness with lots of deferred triggers in one transaction (Stephan)
Don't lock referenced row when UPDATE doesn't change foreign key's
value (Jan)
Use -fPIC not
-fpic on Sparc (Tom
Callaway)
Repair lack of schema-awareness in contrib/reindexdb
Fix contrib/intarray error for zero-element result array (Teodor)
Ensure createuser script will exit on control-C (Oliver)
Fix errors when the type of a dropped column has itself been dropped
CHECKPOINT does not cause
database panic on failure in noncritical steps
Accept 60 in seconds fields of timestamp, time, interval input values
Issue notice, not error, if TIMESTAMP, TIME,
or INTERVAL precision too
large
Fix abstime-to-time cast
function (fix is not applied unless you initdb)
Fix pg_proc entry for
timestampt_izone (fix is not
applied unless you initdb)
Make EXTRACT(EPOCH FROM
timestamp without time zone) treat input as local
time
'now'::timestamptz gave
wrong answer if timezone changed earlier in
transaction
HAVE_INT64_TIMESTAMP code
for time with timezone overwrote its input
Accept GLOBAL
TEMP/TEMPORARY as a synonym for TEMPORARY
Avoid improper schema-privilege-check failure in foreign-key triggers
Fix bugs in foreign-key triggers for SET DEFAULT action
Fix incorrect time-qual check in row fetch for
UPDATE and DELETE triggers
Foreign-key clauses were parsed but ignored in
ALTER TABLE ADD COLUMN
Fix createlang script breakage for case where handler function already exists
Fix misbehavior on zero-column tables in pg_dump, COPY, ANALYZE, other places
Fix misbehavior of func_error() on type names containing
'%'
Fix misbehavior of replace() on strings containing '%'
Regular-expression patterns containing certain multibyte characters failed
Account correctly for NULLs in more cases in join size
estimation
Fix failure to convert large code point values in EUC_TW conversions (Tatsuo)
Fix error recovery for SSL_read/SSL_write calls
Don't do early constant-folding of type coercion expressions
Validate page header fields immediately after reading in any page
Repair incorrect check for ungrouped variables in unnamed joins
contrib/ltree fixes (Teodor)
Avoid running out of buffers in many-way indexscan (bug introduced in 7.3)
Fix planner's selectivity estimation functions to handle domains properly
Fix dbmirror memory-allocation bug (Steven Singer)
Prevent infinite loop in ln(numeric) due to roundoff error
GROUP BY got confused if
there were multiple equal GROUP BY items
Fix bad plan when inherited UPDATE/DELETE references another inherited
table
Prevent clustering on incomplete (partial or non-NULL-storing) indexes
Service shutdown request at proper time if it arrives while still starting up
Fix left-links in temporary indexes (could make backwards scans miss entries)
Fix incorrect handling of client_encoding setting in postgresql.conf (Tatsuo)
Fix SPI for case where rule contains multiple statements of the same type
Fix problem with checking for wrong type of access privilege in rule query
Fix problem with EXCEPT
in CREATE RULE
Prevent problem with dropping temp tables having serial columns
Fix replace_vars_with_subplan_refs failure in complex views
Fix regexp slowness in single-byte encodings (Tatsuo)
Allow qualified type names in CREATE CAST and DROP CAST
Accept SETOF type[],
which formerly had to be written SETOF _type
Fix pg_dump core dump in some cases with procedural languages
Force ISO datestyle in pg_dump output, for portability (Oliver)
pg_dump failed to
handle error return from lo_read (Oleg Drokin)
pg_dumpall failed with groups having no members (Nick Eskelinen)
pg_dumpall failed to recognize --globals-only switch
pg_restore failed to restore blobs if -X disable-triggers is specified
Repair intrafunction memory leak in plpgsql
pltcl's elog command
dumped core if given wrong parameters (Ian Harding)
plpython used wrong value of atttypmod (Brad McLean)
Fix improper quoting of boolean values in Python interface (D'Arcy)
Added addDataType()
method to PGConnection interface for JDBC
Fixed various problems with updateable ResultSets for JDBC (Shawn Green)
Fixed various problems with DatabaseMetaData for JDBC (Kris Jurka, Peter Royal)
Fixed problem with parsing table ACLs in JDBC
Better error message for character set conversion problems in JDBC
⇑ Upgrade to 7.3.4 released on 2003-07-24 - docs
Repair breakage in timestamp-to-date conversion for dates before 2000
Prevent rare possibility of server startup failure (Tom)
Fix bugs in interval-to-time conversion (Tom)
Add constraint names in a few places in pg_dump (Rod)
Improve performance of functions with many parameters (Tom)
Fix to_ascii() buffer overruns (Tom)
Prevent restore of database comments from throwing an error (Tom)
Work around buggy strxfrm() present in some Solaris releases (Tom)
Properly escape jdbc setObject() strings to improve security (Barry)
⇑ Upgrade to 7.4 released on 2003-11-17 - docs
Allow IPv6 server connections (Nigel Kukard, Johan Jordaan, Bruce, Tom, Kurt Roeckx, Andrew Dunstan)
Fix SSL to handle errors cleanly (Nathan Mueller)
In prior releases, certain SSL API error reports were not handled correctly. This release fixes those problems.
SSL protocol security and performance improvements (Sean Chittenden)
SSL key renegotiation was happening too frequently, causing poor SSL performance. Also, initial key handling was improved.
Print lock information when a deadlock is detected (Tom)
This allows easier debugging of deadlock situations.
Update /tmp socket
modification times regularly to avoid their removal
(Tom)
This should help prevent /tmp directory cleaner administration
scripts from removing server socket files.
Enable PAM for macOS (Aaron Hillegass)
Make B-tree indexes fully WAL-safe (Tom)
In prior releases, under certain rare cases, a server crash could cause B-tree indexes to become corrupt. This release removes those last few rare cases.
Allow B-tree index compaction and empty page reuse (Tom)
Fix inconsistent index lookups during split of first root page (Tom)
In prior releases, when a single-page index split into two pages, there was a brief period when another database session could miss seeing an index entry. This release fixes that rare failure case.
Improve free space map allocation logic (Tom)
Preserve free space information between server restarts (Tom)
In prior releases, the free space map was not saved when the postmaster was stopped, so newly started servers had no free space information. This release saves the free space map, and reloads it when the server is restarted.
Add start time to pg_stat_activity (Neil)
New code to detect corrupt disk pages; erase with
zero_damaged_pages
(Tom)
New client/server protocol: faster, no username
length limit, allow clean exit from COPY (Tom)
Add transaction status, table ID, column ID to client/server protocol (Tom)
Add binary I/O to client/server protocol (Tom)
Remove autocommit server setting; move to client applications (Tom)
New error message wording, error codes, and three levels of error detail (Tom, Joe, Peter)
Add hashing for GROUP
BY aggregates (Tom)
Make nested-loop joins be smarter about multicolumn indexes (Tom)
Allow multikey hash joins (Tom)
Improve constant folding (Tom)
Add ability to inline simple SQL functions (Tom)
Reduce memory usage for queries using complex functions (Tom)
In prior releases, functions returning allocated memory would not free it until the query completed. This release allows the freeing of function-allocated memory when the function call completes, reducing the total memory used by functions.
Improve GEQO optimizer performance (Tom)
This release fixes several inefficiencies in the way the GEQO optimizer manages potential query paths.
Allow IN/NOT IN to be handled via hash tables
(Tom)
Improve NOT IN (
performance (Tom)subquery)
Allow most IN
subqueries to be processed as joins (Tom)
Pattern matching operations can use indexes regardless of locale (Peter)
There is no way for non-ASCII locales to use the
standard indexes for LIKE
comparisons. This release adds a way to create a
special index for LIKE.
Allow the postmaster to preload libraries using
preload_libraries
(Joe)
For shared libraries that require a long time to load, this option is available so the library can be preloaded in the postmaster and inherited by all database sessions.
Improve optimizer cost computations, particularly for subqueries (Tom)
Avoid sort when subquery ORDER
BY matches upper query (Tom)
Deduce that WHERE a.x = b.y
AND b.y = 42 also means a.x = 42 (Tom)
Allow hash/merge joins on complex joins (Tom)
Allow hash joins for more data types (Tom)
Allow join optimization of explicit inner joins,
disable with join_collapse_limit (Tom)
Add parameter from_collapse_limit to control
conversion of subqueries to joins (Tom)
Use faster and more powerful regular expression code from Tcl (Henry Spencer, Tom)
Use bit-mapped relation sets in the optimizer (Tom)
Improve connection startup time (Tom)
The new client/server protocol requires fewer network packets to start a database session.
Improve trigger/constraint performance (Stephan)
Improve speed of col IN
(const, const, const, ...) (Tom)
Fix hash indexes which were broken in rare cases (Tom)
Improve hash index concurrency and speed (Tom)
Prior releases suffered from poor hash index performance, particularly for high concurrency situations. This release fixes that, and the development group is interested in reports comparing B-tree and hash index performance.
Align shared buffers on 32-byte boundary for copy speed improvement (Manfred Spraul)
Certain CPU's perform faster data copies when addresses are 32-byte aligned.
Data type numeric
reimplemented for better performance (Tom)
numeric used to be stored
in base 100. The new code uses base 10000, for
significantly better performance.
Rename server parameter server_min_messages to log_min_messages (Bruce)
This was done so most parameters that control the
server logs begin with log_.
Rename show_*_stats to
log_*_stats (Bruce)
Rename show_source_port
to log_source_port
(Bruce)
Rename hostname_lookup
to log_hostname
(Bruce)
Add checkpoint_warning
to warn of excessive checkpointing (Bruce)
In prior releases, it was difficult to determine if checkpoint was happening too frequently. This feature adds a warning to the server logs when excessive checkpointing happens.
New read-only server parameters for localization (Tom)
Change debug server log messages to output as
DEBUG rather than
LOG (Bruce)
Prevent server log variables from being turned off by non-superusers (Bruce)
This is a security feature so non-superusers cannot disable logging that was enabled by the administrator.
log_min_messages/client_min_messages now controls
debug_* output (Bruce)
This centralizes client debug information so all debug output can be sent to either the client or server logs.
Add macOS Rendezvous server support (Chris Campbell)
This allows macOS hosts to query the network for available PostgreSQL servers.
Add ability to print only slow statements using
log_min_duration_statement
(Christopher)
This is an often requested debugging feature that allows administrators to see only slow queries in their server logs.
Allow pg_hba.conf to
accept netmasks in CIDR format (Andrew Dunstan)
This allows administrators to merge the host IP
address and netmask fields into a single CIDR field in
pg_hba.conf.
New read-only parameter is_superuser (Tom)
New parameter log_error_verbosity to control error
detail (Tom)
This works with the new error reporting feature to supply additional error information like hints, file names and line numbers.
postgres
--describe-config now dumps server config
variables (Aizaz Ahmed, Peter)
This option is useful for administration tools that need to know the configuration variable names and their minimums, maximums, defaults, and descriptions.
Add new columns in pg_settings: context, type, source, min_val, max_val (Joe)
Make default shared_buffers 1000 and max_connections 100, if possible
(Tom)
Prior versions defaulted to 64 shared buffers so
PostgreSQL would start
on even very old systems. This release tests the amount
of shared memory allowed by the platform and selects
more reasonable default values if possible. Of course,
users are still encouraged to evaluate their resource
load and size shared_buffers accordingly.
New pg_hba.conf record
type hostnossl to prevent
SSL connections (Jon Jensen)
In prior releases, there was no way to prevent SSL connections if both the client and server supported SSL. This option allows that capability.
Remove parameter geqo_random_seed (Tom)
Add server parameter regex_flavor to control regular
expression processing (Tom)
Make pg_ctl better
handle nonstandard ports (Greg)
New SQL-standard information schema (Peter)
Add read-only transactions (Peter)
Print key name and value in foreign-key violation messages (Dmitry Tkach)
Allow users to see their own queries in pg_stat_activity (Kevin Brown)
In prior releases, only the superuser could see
query strings using pg_stat_activity. Now ordinary users
can see their own query strings.
Fix aggregates in subqueries to match SQL standard (Tom)
The SQL standard says that an aggregate function appearing within a nested subquery belongs to the outer query if its argument contains only outer-query variables. Prior PostgreSQL releases did not handle this fine point correctly.
Add option to prevent auto-addition of tables referenced in query (Nigel J. Andrews)
By default, tables mentioned in the query are
automatically added to the FROM clause if they are not already
there. This is compatible with historic POSTGRES behavior but is contrary
to the SQL standard. This option allows selecting
standard-compatible behavior.
Allow UPDATE ... SET col =
DEFAULT (Rod)
This allows UPDATE to
set a column to its declared default value.
Allow expressions to be used in LIMIT/OFFSET (Tom)
In prior releases, LIMIT/OFFSET could only use constants, not
expressions.
Implement CREATE TABLE AS
EXECUTE (Neil, Peter)
Make CREATE SEQUENCE
grammar more conforming to SQL:2003 (Neil)
Add statement-level triggers (Neil)
While this allows a trigger to fire at the end of a statement, it does not allow the trigger to access all rows modified by the statement. This capability is planned for a future release.
Add check constraints for domains (Rod)
This greatly increases the usefulness of domains by allowing them to use check constraints.
Add ALTER DOMAIN
(Rod)
This allows manipulation of existing domains.
Fix several zero-column table bugs (Tom)
PostgreSQL supports zero-column tables. This fixes various bugs that occur when using such tables.
Have ALTER TABLE ... ADD
PRIMARY KEY add not-null constraint (Rod)
In prior releases, ALTER TABLE
... ADD PRIMARY would add a unique index, but
not a not-null constraint. That is fixed in this
release.
Add ALTER TABLE ... WITHOUT
OIDS (Rod)
This allows control over whether new and updated rows will have an OID column. This is most useful for saving storage space.
Add ALTER SEQUENCE to
modify minimum, maximum, increment, cache, cycle values
(Rod)
Add ALTER TABLE ... CLUSTER
ON (Alvaro Herrera)
This command is used by pg_dump to record the cluster column
for each table previously clustered. This information
is used by database-wide cluster to cluster all
previously clustered tables.
Improve automatic type casting for domains (Rod, Tom)
Allow dollar signs in identifiers, except as first character (Tom)
Disallow dollar signs in operator names, so
x=$1 works (Tom)
Allow copying table schema using LIKE , also
SQL:2003 feature subtableINCLUDING
DEFAULTS (Rod)
Add WITH GRANT OPTION
clause to GRANT
(Peter)
This enabled GRANT to
give other users the ability to grant privileges on an
object.
Add ON COMMIT clause to
CREATE TABLE for temporary
tables (Gavin)
This adds the ability for a table to be dropped or all rows deleted on transaction commit.
Allow cursors outside transactions using
WITH HOLD (Neil)
In previous releases, cursors were removed at the
end of the transaction that created them. Cursors can
now be created with the WITH
HOLD option, which allows them to continue to be
accessed after the creating transaction has
committed.
FETCH 0 and
MOVE 0 now do nothing
(Bruce)
In previous releases, FETCH
0 fetched all remaining rows, and MOVE 0 moved to the end of the
cursor.
Cause FETCH and
MOVE to return the number
of rows fetched/moved, or zero if at the beginning/end
of cursor, per SQL standard (Bruce)
In prior releases, the row count returned by
FETCH and MOVE did not accurately reflect the
number of rows processed.
Properly handle SCROLL
with cursors, or report an error (Neil)
Allowing random access (both forward and backward
scrolling) to some kinds of queries cannot be done
without some additional work. If SCROLL is specified when the cursor is
created, this additional work will be performed.
Furthermore, if the cursor has been created with
NO SCROLL, no random
access is allowed.
Implement SQL-compatible options FIRST, LAST, ABSOLUTE
,
nRELATIVE for
nFETCH and MOVE (Tom)
Allow EXPLAIN on
DECLARE CURSOR (Tom)
Allow CLUSTER to use
index marked as pre-clustered by default (Alvaro
Herrera)
Allow CLUSTER to
cluster all tables (Alvaro Herrera)
This allows all previously clustered tables in a database to be reclustered with a single command.
Prevent CLUSTER on
partial indexes (Tom)
Allow DOS and Mac line-endings in COPY files (Bruce)
Disallow literal carriage return as a data value,
backslash-carriage-return and \r are still allowed (Bruce)
COPY changes (binary,
\.) (Tom)
Recover from COPY
failure cleanly (Tom)
Prevent possible memory leaks in COPY (Tom)
Make TRUNCATE
transaction-safe (Rod)
TRUNCATE can now be
used inside a transaction. If the transaction aborts,
the changes made by the TRUNCATE are automatically rolled
back.
Allow prepare/bind of utility commands like
FETCH and EXPLAIN (Tom)
Add EXPLAIN EXECUTE
(Neil)
Improve VACUUM
performance on indexes by reducing WAL traffic
(Tom)
Functional indexes have been generalized into indexes on expressions (Tom)
In prior releases, functional indexes only supported a simple function applied to one or more column names. This release allows any type of scalar expression.
Have SHOW TRANSACTION
ISOLATION match input to SET TRANSACTION ISOLATION (Tom)
Have COMMENT ON
DATABASE on nonlocal database generate a
warning, rather than an error (Rod)
Database comments are stored in database-local tables so comments on a database have to be stored in each database.
Improve reliability of LISTEN/NOTIFY (Tom)
Allow REINDEX to
reliably reindex nonshared system catalog indexes
(Tom)
This allows system tables to be reindexed without
the requirement of a standalone session, which was
necessary in previous releases. The only tables that
now require a standalone session for reindexing are the
global system tables pg_database, pg_shadow, and pg_group.
New server parameter extra_float_digits to control
precision display of floating-point numbers (Pedro
Ferreira, Tom)
This controls output precision which was causing regression testing problems.
Allow +1300 as a
numeric time-zone specifier, for FJST (Tom)
Remove rarely used functions oidrand, oidsrand, and userfntest functions (Neil)
Add md5() function to
main server, already in contrib/pgcrypto (Joe)
An MD5 function was frequently requested. For more
complex encryption capabilities, use contrib/pgcrypto.
Increase date range of timestamp (John Cochran)
Change EXTRACT(EPOCH FROM
timestamp) so timestamp
without time zone is assumed to be in local
time, not GMT (Tom)
Trap division by zero in case the operating system doesn't prevent it (Tom)
Change the numeric data
type internally to base 10000 (Tom)
New hostmask()
function (Greg Wickham)
Fixes for to_char()
and to_timestamp()
(Karel)
Allow functions that can take any argument data type
and return any data type, using anyelement and anyarray (Joe)
This allows the creation of functions that can work with any data type.
Arrays can now be specified as ARRAY[1,2,3], ARRAY[['a','b'],['c','d']], or
ARRAY[ARRAY[ARRAY[2]]]
(Joe)
Allow proper comparisons for arrays, including
ORDER BY and DISTINCT support (Joe)
Allow indexes on array columns (Joe)
Allow array concatenation with || (Joe)
Allow WHERE
qualification expr op ANY/SOME/ALL
(array_expr)
This allows arrays to behave like a list of values,
for purposes like SELECT * FROM
tab WHERE col IN (array_val).
New array functions array_append, array_cat, array_lower, array_prepend, array_to_string, array_upper, string_to_array (Joe)
Allow user defined aggregates to use polymorphic functions (Joe)
Allow assignments to empty arrays (Joe)
Allow 60 in seconds fields of time, timestamp, and interval input values (Tom)
Sixty-second values are needed for leap seconds.
Allow cidr data type to be
cast to text (Tom)
Disallow invalid time zone names in SET TIMEZONE
Trim trailing spaces when char is cast to varchar or text
(Tom)
Make float( measure the
precision p)p
in binary digits, not decimal digits (Tom)
Add IPv6 support to the inet and cidr
data types (Michael Graff)
Add family() function
to report whether address is IPv4 or IPv6 (Michael
Graff)
Have SHOW datestyle
generate output similar to that used by SET datestyle (Tom)
Make EXTRACT(TIMEZONE)
and SET/SHOW TIME ZONE
follow the SQL convention for the sign of time zone
offsets, i.e., positive is east from UTC (Tom)
Fix date_trunc('quarter',
...) (Böjthe Zoltán)
Prior releases returned an incorrect value for this function call.
Make initcap() more
compatible with Oracle (Mike Nolan)
initcap() now
uppercases a letter appearing after any
non-alphanumeric character, rather than only after
whitespace.
Allow only datestyle
field order for date values not in ISO-8601 format
(Greg)
Add new datestyle
values MDY, DMY, and YMD to set input field order; honor
US and European for backward compatibility
(Tom)
String literals like 'now' or 'today' will no longer work as a
column default. Use functions such as now(), current_timestamp instead. (change
required for prepared statements) (Tom)
Treat NaN as larger than any other value in
min()/max() (Tom)
NaN was already sorted after ordinary numeric values
for most purposes, but min() and max() didn't get this right.
Prevent interval from suppressing :00 seconds display
New functions pg_get_triggerdef(prettyprint) and
pg_conversion_is_visible()
(Christopher)
Allow time to be specified as 040506 or 0405 (Tom)
Input date order must now be YYYY-MM-DD (with 4-digit year) or
match datestyle
Make pg_get_constraintdef support unique,
primary-key, and check constraints (Christopher)
Prevent PL/pgSQL crash when RETURN NEXT is used on a zero-row
record variable (Tom)
Make PL/Python's spi_execute interface handle null
values properly (Andrew Bosma)
Allow PL/pgSQL to declare variables of composite
types without %ROWTYPE
(Tom)
Fix PL/Python's _quote() function to handle big
integers
Make PL/Python an untrusted language, now called
plpythonu (Kevin Jacobs,
Tom)
The Python language no longer supports a restricted execution environment, so the trusted version of PL/Python was removed. If this situation changes, a version of PL/Python that can be used by non-superusers will be readded.
Allow polymorphic PL/pgSQL functions (Joe, Tom)
Allow polymorphic SQL functions (Joe)
Improved compiled function caching mechanism in PL/pgSQL with full support for polymorphism (Joe)
Add new parameter $0 in
PL/pgSQL representing the function's actual return type
(Joe)
Allow PL/Tcl and PL/Python to use the same trigger on multiple tables (Tom)
Fixed PL/Tcl's spi_prepare to accept fully qualified
type names in the parameter type list (Jan)
Add \pset pager always
to always use pager (Greg)
This forces the pager to be used even if the number of rows is less than the screen height. This is valuable for rows that wrap across several screen rows.
Improve tab completion (Rod, Ross Reedstrom, Ian Barwick)
Reorder \? help into
groupings (Harald Armin Massa, Bruce)
Add backslash commands for listing schemas, casts, and conversions (Christopher)
\encoding now changes
based on the server parameter client_encoding (Tom)
In previous versions, \encoding was not aware of encoding
changes made using SET
client_encoding.
Save editor buffer into readline history (Ross)
When \e is used to edit
a query, the result is saved in the readline history
for retrieval using the up arrow.
Improve \d display
(Christopher)
Enhance HTML mode to be more standards-conforming (Greg)
New \set AUTOCOMMIT off
capability (Tom)
This takes the place of the removed server parameter
autocommit.
New \set VERBOSITY to
control error detail (Tom)
This controls the new error reporting details.
New prompt escape sequence %x to show transaction status
(Tom)
Long options for psql are now available on all platforms
Multiple pg_dump fixes, including tar format and large objects
Allow pg_dump to dump specific schemas (Neil)
Make pg_dump preserve column storage characteristics (Christopher)
This preserves ALTER TABLE ...
SET STORAGE information.
Make pg_dump preserve CLUSTER characteristics
(Christopher)
Have pg_dumpall use GRANT/REVOKE to dump database-level
privileges (Tom)
Allow pg_dumpall to support the options -a, -s,
-x of pg_dump (Tom)
Prevent pg_dump from lowercasing identifiers specified on the command line (Tom)
pg_dump options --use-set-session-authorization and
--no-reconnect now do
nothing, all dumps use SET
SESSION AUTHORIZATION
pg_dump no longer reconnects to switch users, but
instead always uses SET SESSION
AUTHORIZATION. This will reduce password
prompting during restores.
Long options for pg_dump are now available on all platforms
PostgreSQL now includes its own long-option processing routines.
Add function PQfreemem
for freeing memory on Windows, suggested for
NOTIFY (Bruce)
Windows requires that memory allocated in a library
be freed by a function in the same library, hence
free() doesn't work for
freeing memory allocated by libpq. PQfreemem is the proper way to free
libpq memory, especially on Windows, and is recommended
for other platforms as well.
Document service capability, and add sample file (Bruce)
This allows clients to look up connection information in a central file on the client machine.
Make PQsetdbLogin have
the same defaults as PQconnectdb (Tom)
Allow libpq to cleanly fail when result sets are too large (Tom)
Improve performance of function PQunescapeBytea (Ben Lamb)
Allow thread-safe libpq with configure option --enable-thread-safety (Lee Kindness,
Philip Yarra)
Allow function pqInternalNotice to accept a format
string and arguments instead of just a preformatted
message (Tom, Sean Chittenden)
Control SSL negotiation with sslmode values disable, allow, prefer, and require (Jon Jensen)
Allow new error codes and levels of text (Tom)
Allow access to the underlying table and column of a query result (Tom)
This is helpful for query-builder applications that want to know the underlying table and column names associated with a specific result set.
Allow access to the current transaction status (Tom)
Add ability to pass binary data directly to the server (Tom)
Add function PQexecPrepared and PQsendQueryPrepared functions which
perform bind/execute of previously prepared statements
(Tom)
Allow setNull on
updateable result sets
Allow executeBatch on
a prepared statement (Barry)
Support SSL connections (Barry)
Handle schema names in result sets (Paul Sorenson)
Add refcursor support (Nic Ferrier)
Prevent possible memory leak or core dump during libpgtcl shutdown (Tom)
Add Informix compatibility to ECPG (Michael)
This allows ECPG to process embedded C programs that were written using certain Informix extensions.
Add type decimal to ECPG
that is fixed length, for Informix (Michael)
Allow thread-safe embedded SQL programs with
configure option
--enable-thread-safety (Lee
Kindness, Bruce)
This allows multiple threads to access the database at the same time.
Moved Python client PyGreSQL to http://www.pygresql.org (Marc)
Prevent need for separate platform geometry regression result files (Tom)
Improved PPC locking primitive (Reinhard Max)
New function palloc0
to allocate and clear memory (Bruce)
Fix locking code for s390x CPU (64-bit) (Tom)
Allow OpenBSD to use local ident credentials (William Ahern)
Make query plan trees read-only to executor (Tom)
Add macOS startup scripts (David Wheeler)
Allow libpq to compile with Borland C++ compiler (Lester Godwin, Karl Waclawek)
Use our own version of getopt_long() if needed (Peter)
Convert administration scripts to C (Peter)
Bison >= 1.85 is now required to build the PostgreSQL grammar, if building from CVS
Merge documentation into one book (Peter)
Add Windows compatibility functions (Bruce)
Allow client interfaces to compile under MinGW (Bruce)
New ereport() function
for error reporting (Tom)
Support Intel compiler on Linux (Peter)
Improve Linux startup scripts (Slawomir Sudnik, Darko Prenosil)
Add support for AMD Opteron and Itanium (Jeffrey W. Baker, Bruce)
Remove --enable-recode
option from configure
This was no longer needed now that we have
CREATE CONVERSION.
Generate a compile error if spinlock code is not found (Bruce)
Platforms without spinlock code will now fail to
compile, rather than silently using semaphores. This
failure can be disabled with a new configure option.
Change dbmirror license to BSD
Improve earthdistance (Bruno Wolff III)
Portability improvements to pgcrypto (Marko Kreen)
Prevent crash in xml (John Gray, Michael Richards)
Update oracle
Update mysql
Update cube (Bruno Wolff III)
Update earthdistance to use cube (Bruno Wolff III)
Update btree_gist (Oleg)
New tsearch2 full-text search module (Oleg, Teodor)
Add hash-based crosstab function to tablefuncs (Joe)
Add serial column to order connectby() siblings in tablefuncs
(Nabil Sayegh,Joe)
Add named persistent connections to dblink (Shridhar Daithanka)
New pg_autovacuum allows automatic VACUUM (Matthew T. O'Connor)
Make pgbench honor environment variables
PGHOST, PGPORT, PGUSER (Tatsuo)
Improve intarray (Teodor Sigaev)
Improve pgstattuple (Rod)
Fix bug in metaphone()
in fuzzystrmatch
Improve adddepend (Rod)
Update spi/timetravel (Böjthe Zoltán)
Fix dbase -s option and
improve non-ASCII handling (Thomas Behr, Márcio
Smiderle)
Remove array module because features now included by default (Joe)
⇑ Upgrade to 7.4.1 released on 2003-12-22 - docs
Fixed bug in CREATE
SCHEMA parsing in ECPG (Michael)
Fix compile error when --enable-thread-safety and --with-perl are used together (Peter)
Fix for subqueries that used hash joins (Tom)
Certain subqueries that used hash joins would crash because of improperly shared structures.
Fix free space map compaction bug (Tom)
This fixes a bug where compaction of the free space map could lead to a database server shutdown.
Fix for Borland compiler build of libpq (Bruce)
Fix netmask() and
hostmask() to return the
maximum-length masklen (Tom)
Fix these functions to return values consistent with pre-7.4 releases.
Several contrib/pg_autovacuum fixes
Fixes include improper variable initialization,
missing vacuum after TRUNCATE, and duration computation
overflow for long vacuums.
Allow compile of contrib/cube under Cygwin (Jason
Tishler)
Fix Solaris use of password file when no passwords are defined (Tom)
Fix crash on Solaris caused by use of any type of password authentication when no passwords were defined.
JDBC fix for thread problems, other fixes
Fix for bytea index lookups
(Joe)
Fix information schema for bit data types (Peter)
Force zero_damaged_pages to be on during recovery from WAL
Prevent some obscure cases of “variable not in subplan target lists”
Make PQescapeBytea and
byteaout consistent with
each other (Joe)
Escape bytea output for
bytes > 0x7e(Joe)
If different client encodings are used for
bytea output and input, it is
possible for bytea values to be
corrupted by the differing encodings. This fix escapes
all bytes that might be affected.
Added missing SPI_finish() calls to dblink's
get_tuple_of_interest()
(Joe)
New Czech FAQ
Fix information schema view constraint_column_usage for foreign keys
(Peter)
ECPG fixes (Michael)
Fix bug with multiple IN
subqueries and joins in the subqueries (Tom)
Allow COUNT('x') to work
(Tom)
Install ECPG include files for Informix compatibility into separate directory (Peter)
Some names of ECPG include files for Informix compatibility conflicted with operating system include files. By installing them in their own directory, name conflicts have been reduced.
Fix SSL memory leak (Neil)
This release fixes a bug in 7.4 where SSL didn't free all memory it allocated.
Prevent pg_service.conf
from using service name as default dbname (Bruce)
Fix local ident authentication on FreeBSD (Tom)
⇑ Upgrade to 7.4.2 released on 2004-03-08 - docs
Fix pg_statistic
alignment bug that could crash optimizer
See above for details about this problem.
Allow non-super users to update pg_settings
Fix several optimizer bugs, most of which led to “variable not found in subplan target lists” errors
Avoid out-of-memory failure during startup of large multiple index scan
Fix multibyte problem that could lead to “out of memory”
error during COPY IN
Fix problems with SELECT
INTO / CREATE TABLE
AS from tables without OIDs
Fix problems with alter_table regression test during
parallel testing
Fix problems with hitting open file limit, especially on macOS (Tom)
Partial fix for Turkish-locale issues
initdb will succeed now in Turkish locale, but there
are still some inconveniences associated with the
i/I problem.
Make pg_dump set client encoding on restore
Other minor pg_dump fixes
Allow ecpg to again use C keywords as column names (Michael)
Added ecpg WHENEVER
NOT_FOUND to SELECT/INSERT/UPDATE/DELETE
(Michael)
Fix ecpg crash for queries calling set-returning functions (Michael)
Various other ecpg fixes (Michael)
Fixes for Borland compiler
Thread build improvements (Bruce)
Various other build fixes
Various JDBC fixes
⇑ Upgrade to 7.4.3 released on 2004-06-14 - docs
Fix temporary memory leak when using non-hashed aggregates (Tom)
ECPG fixes, including some for Informix compatibility (Michael)
Fixes for compiling with thread-safety, particularly Solaris (Bruce)
Fix error in COPY IN termination when using the old network protocol (ljb)
Several important fixes in pg_autovacuum, including fixes for large tables, unsigned oids, stability, temp tables, and debug mode (Matthew T. O'Connor)
Fix problem with reading tar-format dumps on NetBSD and BSD/OS (Bruce)
Several JDBC fixes
Fix ALTER SEQUENCE RESTART where last_value equals the restart value (Tom)
Repair failure to recalculate nested sub-selects (Tom)
Fix problems with non-constant expressions in LIMIT/OFFSET
Support FULL JOIN with no join clause, such as X FULL JOIN Y ON TRUE (Tom)
Fix another zero-column table bug (Tom)
Improve handling of non-qualified identifiers in GROUP BY clauses in sub-selects (Tom)
Select-list aliases within the sub-select will now take precedence over names from outer query levels.
Do not generate “NATURAL CROSS JOIN” when decompiling rules (Tom)
Add checks for invalid field length in binary COPY (Tom)
This fixes a difficult-to-exploit security hole.
Avoid locking conflict between ANALYZE and LISTEN/NOTIFY
Numerous translation updates (various contributors)
⇑ Upgrade to 7.4.4 released on 2004-08-16 - docs
Check HAVING restriction before evaluating result list of an aggregate plan
Avoid crash when session's current user ID is deleted
Fix hashed crosstab for zero-rows case (Joe)
Force cache update after renaming a column in a foreign key
Pretty-print UNION queries correctly
Make psql handle \r\n
newlines properly in COPY IN
pg_dump handled ACLs with grant options incorrectly
Fix thread support for macOS and Solaris
Updated JDBC driver (build 215) with various fixes
ECPG fixes
Translation updates (various contributors)
⇑ Upgrade to 7.4.5 released on 2004-08-18 - docs
Repair possible crash during concurrent B-tree index insertions
This patch fixes a rare case in which concurrent insertions into a B-tree index could result in a server panic. No permanent damage would result, but it's still worth a re-release. The bug does not exist in pre-7.4 releases.
⇑ Upgrade to 7.4.6 released on 2004-10-22 - docs
Prevent forced backend shutdown from re-emitting prior command result
In rare cases, a client might think that its last command had succeeded when it really had been aborted by forced database shutdown.
Repair bug in pg_stat_get_backend_idset
This could lead to misbehavior in some of the system-statistics views.
Fix small memory leak in postmaster
Fix “expected both swapped tables to have TOAST tables” bug
This could arise in cases such as CLUSTER after ALTER TABLE DROP COLUMN.
Prevent pg_ctl restart
from adding -D multiple
times
Fix problem with NULL values in GiST indexes
:: is no longer
interpreted as a variable in an ECPG prepare
statement
⇑ Upgrade to 8.0 released on 2005-01-19 - docs
Support cross-data-type index usage (Tom)
Before this change, many queries would not use an index if the data types did not match exactly. This improvement makes index usage more intuitive and consistent.
New buffer replacement strategy that improves caching (Jan)
Prior releases used a least-recently-used (LRU) cache to keep recently referenced pages in memory. The LRU algorithm did not consider the number of times a specific cache entry was accessed, so large table scans could force out useful cache pages. The new cache algorithm uses four separate lists to track most recently used and most frequently used cache pages and dynamically optimize their replacement based on the work load. This should lead to much more efficient use of the shared buffer cache. Administrators who have tested shared buffer sizes in the past should retest with this new cache replacement policy.
Add subprocess to write dirty buffers periodically to reduce checkpoint writes (Jan)
In previous releases, the checkpoint process, which
runs every few minutes, would write all dirty buffers
to the operating system's buffer cache then flush all
dirty operating system buffers to disk. This resulted
in a periodic spike in disk usage that often hurt
performance. The new code uses a background writer to
trickle disk writes at a steady pace so checkpoints
have far fewer dirty pages to write to disk. Also, the
new code does not issue a global sync() call, but instead fsync()s just the files written since
the last checkpoint. This should improve performance
and minimize degradation during checkpoints.
Add ability to prolong vacuum to reduce performance impact (Jan)
On busy systems, VACUUM
performs many I/O requests which can hurt performance
for other users. This release allows you to slow down
VACUUM to reduce its
impact on other users, though this increases the total
duration of VACUUM.
Improve B-tree index performance for duplicate keys (Dmitry Tkach, Tom)
This improves the way indexes are scanned when many duplicate values exist in the index.
Use dynamically-generated table size estimates while planning (Tom)
Formerly the planner estimated table sizes using the
values seen by the last VACUUM or ANALYZE, both as to physical table
size (number of pages) and number of rows. Now, the
current physical table size is obtained from the
kernel, and the number of rows is estimated by
multiplying the table size by the row density (rows per
page) seen by the last VACUUM or ANALYZE. This should produce more
reliable estimates in cases where the table size has
changed significantly since the last housekeeping
command.
Improved index usage with OR clauses (Tom)
This allows the optimizer to use indexes in
statements with many OR clauses that would not have
been indexed in the past. It can also use multi-column
indexes where the first column is specified and the
second column is part of an OR clause.
Improve matching of partial index clauses (Tom)
The server is now smarter about using partial
indexes in queries involving complex WHERE clauses.
Improve performance of the GEQO optimizer (Tom)
The GEQO optimizer is used to plan queries involving many tables (by default, twelve or more). This release speeds up the way queries are analyzed to decrease time spent in optimization.
Miscellaneous optimizer improvements
There is not room here to list all the minor improvements made, but numerous special cases work better than in prior releases.
Improve lookup speed for C functions (Tom)
This release uses a hash table to lookup information for dynamically loaded C functions. This improves their speed so they perform nearly as quickly as functions that are built into the server executable.
Add type-specific ANALYZE statistics capability (Mark
Cave-Ayland)
This feature allows more flexibility in generating statistics for nonstandard data types.
ANALYZE now collects
statistics for expression indexes (Tom)
Expression indexes (also called functional indexes) allow users to index not just columns but the results of expressions and function calls. With this release, the optimizer can gather and use statistics about the contents of expression indexes. This will greatly improve the quality of planning for queries in which an expression index is relevant.
New two-stage sampling method for ANALYZE (Manfred Koizar)
This gives better statistics when the density of valid rows is very different in different regions of a table.
Speed up TRUNCATE
(Tom)
This buys back some of the performance loss observed
in 7.4, while still keeping TRUNCATE transaction-safe.
Add WAL file archiving and point-in-time recovery (Simon Riggs)
Add tablespaces so admins can control disk layout (Gavin)
Add a built-in log rotation program (Andreas Pflug)
It is now possible to log server messages conveniently without relying on either syslog or an external log rotation program.
Add new read-only server configuration parameters to
show server compile-time settings: block_size, integer_datetimes, max_function_args, max_identifier_length, max_index_keys (Joe)
Make quoting of sameuser, samegroup, and all remove special meaning of these
terms in pg_hba.conf
(Andrew)
Use clearer IPv6 name ::1/128 for localhost in default pg_hba.conf (Andrew)
Use CIDR format in pg_hba.conf examples (Andrew)
Rename server configuration parameters SortMem and VacuumMem to work_mem and maintenance_work_mem (Old names still
supported) (Tom)
This change was made to clarify that bulk operations
such as index and foreign key creation use maintenance_work_mem, while
work_mem is for workspaces
used during query execution.
Allow logging of session disconnections using server
configuration log_disconnections (Andrew)
Add new server configuration parameter log_line_prefix to allow control of
information emitted in each log line (Andrew)
Available information includes user name, database name, remote IP address, and session start time.
Remove server configuration parameters log_pid, log_timestamp, log_source_port; functionality
superseded by log_line_prefix (Andrew)
Replace the virtual_host and tcpip_socket parameters with a unified
listen_addresses parameter
(Andrew, Tom)
virtual_host could only
specify a single IP address to listen on. listen_addresses allows multiple
addresses to be specified.
Listen on localhost by default, which eliminates the
need for the -i postmaster
switch in many scenarios (Andrew)
Listening on localhost (127.0.0.1) opens no new security holes
but allows configurations like Windows and JDBC, which
do not support local sockets, to work without special
adjustments.
Remove syslog server
configuration parameter, and add more logical
log_destination variable
to control log output location (Magnus)
Change server configuration parameter log_statement to take values
all, mod, ddl,
or none to select which
queries are logged (Bruce)
This allows administrators to log only data definition changes or only data modification statements.
Some logging-related configuration parameters could
formerly be adjusted by ordinary users, but only in the
“more
verbose” direction. They are now treated
more strictly: only superusers can set them. However, a
superuser can use ALTER
USER to provide per-user settings of these
values for non-superusers. Also, it is now possible for
superusers to set values of superuser-only
configuration parameters via PGOPTIONS.
Allow configuration files to be placed outside the data directory (mlw)
By default, configuration files are kept in the cluster's top directory. With this addition, configuration files can be placed outside the data directory, easing administration.
Plan prepared queries only when first executed so constants can be used for statistics (Oliver Jowett)
Prepared statements plan queries once and execute them many times. While prepared queries avoid the overhead of re-planning on each use, the quality of the plan suffers from not knowing the exact parameters to be used in the query. In this release, planning of unnamed prepared statements is delayed until the first execution, and the actual parameter values of that execution are used as optimization hints. This allows use of out-of-line parameter passing without incurring a performance penalty.
Allow DECLARE CURSOR to
take parameters (Oliver Jowett)
It is now useful to issue DECLARE CURSOR in a Parse message with parameters. The
parameter values sent at Bind time will be substituted into
the execution of the cursor's query.
Fix hash joins and aggregates of inet and cidr
data types (Tom)
Release 7.4 handled hashing of mixed inet and cidr
values incorrectly. (This bug did not exist in prior
releases because they wouldn't try to hash either data
type.)
Make log_duration print
only when log_statement
prints the query (Ed L.)
Add savepoints (nested transactions) (Alvaro)
Unsupported isolation levels are now accepted and promoted to the nearest supported level (Peter)
The SQL specification states that if a database doesn't support a specific isolation level, it should use the next more restrictive level. This change complies with that recommendation.
Allow BEGIN WORK to
specify transaction isolation levels like START TRANSACTION does (Bruce)
Fix table permission checking for cases in which rules generate a query type different from the originally submitted query (Tom)
Implement dollar quoting to simplify single-quote usage (Andrew, Tom, David Fetter)
In previous releases, because single quotes had to be used to quote a function's body, the use of single quotes inside the function text required use of two single quotes or other error-prone notations. With this release we add the ability to use "dollar quoting" to quote a block of text. The ability to use different quoting delimiters at different nesting levels greatly simplifies the task of quoting correctly, especially in complex functions. Dollar quoting can be used anywhere quoted text is needed.
Make CASE val WHEN compval1
THEN ... evaluate val only once (Tom)
CASE no longer evaluates
the tested expression multiple times. This has benefits
when the expression is complex or is volatile.
Test HAVING before
computing target list of an aggregate query (Tom)
Fixes improper failure of cases such as SELECT SUM(win)/SUM(lose) ... GROUP BY ...
HAVING SUM(lose) > 0. This should work but
formerly could fail with divide-by-zero.
Replace max_expr_depth
parameter with max_stack_depth parameter, measured in
kilobytes of stack size (Tom)
This gives us a fairly bulletproof defense against crashing due to runaway recursive functions. Instead of measuring the depth of expression nesting, we now directly measure the size of the execution stack.
Allow arbitrary row expressions (Tom)
This release allows SQL expressions to contain arbitrary composite types, that is, row values. It also allows functions to more easily take rows as arguments and return row values.
Allow LIKE/ILIKE to be used as the operator in row
and subselect comparisons (Fabien Coelho)
Avoid locale-specific case conversion of basic ASCII letters in identifiers and keywords (Tom)
This solves the “Turkish problem” with mangling of
words containing I and
i. Folding of characters
outside the 7-bit-ASCII set is still locale-aware.
Improve syntax error reporting (Fabien, Tom)
Syntax error reports are more useful than before.
Change EXECUTE to
return a completion tag matching the executed statement
(Kris Jurka)
Previous releases return an EXECUTE tag for any EXECUTE call. In this release, the tag
returned will reflect the command executed.
Avoid emitting NATURAL CROSS
JOIN in rule listings (Tom)
Such a clause makes no logical sense, but in some cases the rule decompiler formerly produced this syntax.
Add COMMENT ON for
casts, conversions, languages, operator classes, and
large objects (Christopher)
Add new server configuration parameter default_with_oids to control whether
tables are created with OIDs
by default (Neil)
This allows administrators to control whether
CREATE TABLE commands
create tables with or without OID columns by default. (Note: the
current factory default setting for default_with_oids is TRUE, but the default will become
FALSE in future
releases.)
Add WITH / WITHOUT OIDS clause to CREATE TABLE AS (Neil)
Allow ALTER TABLE DROP
COLUMN to drop an OID
column (ALTER TABLE SET WITHOUT
OIDS still works) (Tom)
Allow composite types as table columns (Tom)
Allow ALTER ... ADD
COLUMN with defaults and NOT NULL constraints; works per SQL
spec (Rod)
It is now possible for ADD
COLUMN to create a column that is not initially
filled with NULLs, but with a specified default
value.
Add ALTER COLUMN TYPE
to change column's type (Rod)
It is now possible to alter a column's data type without dropping and re-adding the column.
Allow multiple ALTER
actions in a single ALTER
TABLE command (Rod)
This is particularly useful for ALTER commands that rewrite the table
(which include ALTER COLUMN
TYPE and ADD COLUMN
with a default). By grouping ALTER commands together, the table
need be rewritten only once.
Allow ALTER TABLE to
add SERIAL columns (Tom)
This falls out from the new capability of specifying defaults for new columns.
Allow changing the owners of aggregates, conversions, databases, functions, operators, operator classes, schemas, types, and tablespaces (Christopher, Euler Taveira de Oliveira)
Previously this required modifying the system tables directly.
Allow temporary object creation to be limited to
SECURITY DEFINER functions
(Sean Chittenden)
Add ALTER TABLE ... SET WITHOUT
CLUSTER (Christopher)
Prior to this release, there was no way to clear an auto-cluster specification except to modify the system tables.
Constraint/Index/SERIAL
names are now table_column_type with
numbers appended to guarantee uniqueness within the
schema (Tom)
The SQL specification states that such names should be unique within a schema.
Add pg_get_serial_sequence() to return a
SERIAL column's sequence name
(Christopher)
This allows automated scripts to reliably find the
SERIAL sequence name.
Warn when primary/foreign key data type mismatch requires costly lookup
New ALTER INDEX command
to allow moving of indexes between tablespaces
(Gavin)
Make ALTER TABLE OWNER
change dependent sequence ownership too (Alvaro)
Allow CREATE SCHEMA to
create triggers, indexes, and sequences (Neil)
Add ALSO keyword to
CREATE RULE (Fabien
Coelho)
This allows ALSO to be
added to rule creation to contrast it with INSTEAD rules.
Add NOWAIT option to
LOCK (Tatsuo)
This allows the LOCK
command to fail if it would have to wait for the
requested lock.
Allow COPY to read and
write comma-separated-value (CSV) files (Andrew,
Bruce)
Generate error if the COPY delimiter and NULL string
conflict (Bruce)
GRANT/REVOKE behavior follows the SQL spec
more closely
Avoid locking conflict between CREATE INDEX and CHECKPOINT (Tom)
In 7.3 and 7.4, a long-running B-tree index build
could block concurrent CHECKPOINTs from completing, thereby
causing WAL bloat because the WAL log could not be
recycled.
Database-wide ANALYZE
does not hold locks across tables (Tom)
This reduces the potential for deadlocks against
other backends that want exclusive locks on tables. To
get the benefit of this change, do not execute
database-wide ANALYZE
inside a transaction block (BEGIN block); it must be able to
commit and start a new transaction for each table.
REINDEX does not
exclusively lock the index's parent table anymore
The index itself is still exclusively locked, but readers of the table can continue if they are not using the particular index being rebuilt.
Erase MD5 user passwords when a user is renamed (Bruce)
PostgreSQL uses the user name as salt when encrypting passwords via MD5. When a user's name is changed, the salt will no longer match the stored MD5 password, so the stored password becomes useless. In this release a notice is generated and the password is cleared. A new password must then be assigned if the user is to be able to log in with a password.
New pg_ctl
kill option for Windows
(Andrew)
Windows does not have a kill command to send signals to
backends so this capability was added to pg_ctl.
Information schema improvements
Add --pwfile option to
initdb so the initial
password can be set by GUI tools (Magnus)
Detect locale/encoding mismatch in initdb (Peter)
Add register command to
pg_ctl to register
Windows operating system service (Dave Page)
More complete support for composite types (row types) (Tom)
Composite values can be used in many places where only scalar values worked before.
Reject nonrectangular array values as erroneous (Joe)
Formerly, array_in
would silently build a surprising result.
Overflow in integer arithmetic operations is now detected (Tom)
The arithmetic operators associated with the
single-byte "char" data type
have been removed.
Formerly, the parser would select these operators in
many situations where an “unable to select an
operator” error would be more
appropriate, such as null *
null. If you actually want to do arithmetic on a
"char" column, you can cast
it to integer explicitly.
Syntax checking of array input values considerably tightened up (Joe)
Junk that was previously allowed in odd places with
odd results now causes an ERROR, for example, non-whitespace
after the closing right brace.
Empty-string array element values must now be
written as "", rather than
writing nothing (Joe)
Formerly, both ways of writing an empty-string element value were allowed, but now a quoted empty string is required. The case where nothing at all appears will probably be considered to be a NULL element value in some future release.
Array element trailing whitespace is now ignored (Joe)
Formerly leading whitespace was ignored, but trailing whitespace between an element value and the delimiter or right brace was significant. Now trailing whitespace is also ignored.
Emit array values with explicit array bounds when lower bound is not one (Joe)
Accept YYYY-monthname-DD as a date string
(Tom)
Make netmask and
hostmask functions return
maximum-length mask length (Tom)
Change factorial function to return numeric (Gavin)
Returning numeric allows
the factorial function to work for a wider range of
input values.
to_char/to_date() date conversion
improvements (Kurt Roeckx, Fabien Coelho)
Make length()
disregard trailing spaces in CHAR(n) (Gavin)
This change was made to improve consistency:
trailing spaces are semantically insignificant in
CHAR(n) data, so they should
not be counted by length().
Warn about empty string being passed to OID/float4/float8
data types (Neil)
8.1 will throw an error instead.
Allow leading or trailing whitespace in int2/int4/int8/float4/float8
input routines (Neil)
Better support for IEEE Infinity and NaN values in float4/float8
(Neil)
These should now work on all platforms that support IEEE-compliant floating point arithmetic.
Add week option to
date_trunc() (Robert
Creager)
Fix to_char for
1 BC (previously it
returned 1 AD) (Bruce)
Fix date_part(year)
for BC dates (previously it returned one less than the
correct year) (Bruce)
Fix date_part() to
return the proper millennium and century (Fabien
Coelho)
In previous versions, the century and millennium results had a wrong number and started in the wrong year, as compared to standard reckoning of such things.
Add ceiling() as an
alias for ceil(), and
power() as an alias for
pow() for standards
compliance (Neil)
Change ln(),
log(), power(), and sqrt() to emit the correct
SQLSTATE error codes for
certain error conditions, as specified by SQL:2003
(Neil)
Add width_bucket()
function as defined by SQL:2003 (Neil)
Add generate_series()
functions to simplify working with numeric sets
(Joe)
Fix upper/lower/initcap() functions to
work with multibyte encodings (Tom)
Add boolean and bitwise integer AND/OR
aggregates (Fabien Coelho)
New session information functions to return network addresses for client and server (Sean Chittenden)
Add function to determine the area of a closed path (Sean Chittenden)
Add function to send cancel request to other backends (Magnus)
Add interval plus
datetime operators (Tom)
The reverse ordering, datetime plus interval, was already supported, but both
are required by the SQL standard.
Casting an integer to BIT(N) selects the rightmost N bits of
the integer (Tom)
In prior releases, the leftmost N bits were selected, but this was deemed unhelpful, not to mention inconsistent with casting from bit to int.
Require CIDR values to
have all nonmasked bits be zero (Kevin Brintnall)
In READ COMMITTED
serialization mode, volatile functions now see the
results of concurrent transactions committed up to the
beginning of each statement within the function, rather
than up to the beginning of the interactive command
that called the function.
Functions declared STABLE or IMMUTABLE always use the snapshot of
the calling query, and therefore do not see the effects
of actions taken after the calling query starts,
whether in their own transaction or other transactions.
Such a function must be read-only, too, meaning that it
cannot use any SQL commands other than SELECT. There is a considerable
performance gain from declaring a function STABLE or IMMUTABLE rather than VOLATILE.
Nondeferred AFTER
triggers are now fired immediately after completion of
the triggering query, rather than upon finishing the
current interactive command. This makes a difference
when the triggering query occurred within a function:
the trigger is invoked before the function proceeds to
its next operation. For example, if a function inserts
a new row into a table, any nondeferred foreign key
checks occur before proceeding with the function.
Allow function parameters to be declared with names (Dennis Björklund)
This allows better documentation of functions. Whether the names actually do anything depends on the specific function language being used.
Allow PL/pgSQL parameter names to be referenced in the function (Dennis Björklund)
This basically creates an automatic alias for each named parameter.
Do minimal syntax checking of PL/pgSQL functions at creation time (Tom)
This allows us to catch simple syntax errors sooner.
More support for composite types (row and record variables) in PL/pgSQL
For example, it now works to pass a rowtype variable to another function as a single variable.
Default values for PL/pgSQL variables can now reference previously declared variables
Improve parsing of PL/pgSQL FOR loops (Tom)
Parsing is now driven by presence of ".." rather than data type of
FOR variable. This makes no
difference for correct functions, but should result in
more understandable error messages when a mistake is
made.
Major overhaul of PL/Perl server-side language (Command Prompt, Andrew Dunstan)
In PL/Tcl, SPI commands are now run in
subtransactions. If an error occurs, the subtransaction
is cleaned up and the error is reported as an ordinary
Tcl error, which can be trapped with catch. Formerly, it was not possible
to catch such errors.
Accept ELSEIF in
PL/pgSQL (Neil)
Previously PL/pgSQL only allowed ELSIF, but many people are accustomed
to spelling this keyword ELSEIF.
Improve psql information display about database objects (Christopher)
Allow psql to
display group membership in \du and \dg (Markus Bertheau)
Prevent psql
\dn from showing temporary
schemas (Bruce)
Allow psql to handle tilde user expansion for file names (Zach Irmen)
Allow psql to display fancy prompts, including color, via readline (Reece Hart, Chet Ramey)
Make psql
\copy match COPY command syntax fully (Tom)
Show the location of syntax errors (Fabien Coelho, Tom)
Add CLUSTER information
to psql \d display (Bruce)
Change psql
\copy stdin/stdout to read
from command input/output (Bruce)
Add pstdin/pstdout to read from psql's stdin/stdout (Mark Feit)
Add global psql
configuration file, psqlrc.sample (Bruce)
This allows a central file where global psql startup commands can be stored.
Have psql
\d+ indicate if the table
has an OID column (Neil)
On Windows, use binary mode in psql when reading files so control-Z is not seen as end-of-file
Have \dn+ show
permissions and description for schemas (Dennis
Björklund)
Improve tab completion support (Stefan Kaltenbrunn, Greg Sabino Mullane)
Allow boolean settings to be set using upper or lower case (Michael Paesold)
Use dependency information to improve the reliability of pg_dump (Tom)
This should solve the longstanding problems with related objects sometimes being dumped in the wrong order.
Have pg_dump output objects in alphabetical order if possible (Tom)
This should make it easier to identify changes between dump files.
Allow pg_restore to ignore some SQL errors (Fabien Coelho)
This makes pg_restore's behavior similar to the results of feeding a pg_dump output script to psql. In most cases, ignoring errors and plowing ahead is the most useful thing to do. Also added was a pg_restore option to give the old behavior of exiting on an error.
pg_restore
-l display now includes
objects' schema names
New begin/end markers in pg_dump text output (Bruce)
Add start/stop times for pg_dump/pg_dumpall in verbose mode (Bruce)
Allow most pg_dump options in pg_dumpall (Christopher)
Have pg_dump use
ALTER OWNER rather than
SET SESSION AUTHORIZATION
by default (Christopher)
Make libpq's SIGPIPE
handling thread-safe (Bruce)
Add PQmbdsplen() which
returns the display length of a character (Tatsuo)
Add thread locking to SSL and Kerberos connections (Manfred Spraul)
Allow PQoidValue(),
PQcmdTuples(), and
PQoidStatus() to work on
EXECUTE commands
(Neil)
Add PQserverVersion()
to provide more convenient access to the server version
number (Greg Sabino Mullane)
Add PQprepare/PQsendPrepared() functions
to support preparing statements without necessarily
specifying the data types of their parameters (Abhijit
Menon-Sen)
Many ECPG improvements, including SET DESCRIPTOR (Michael)
Allow the database server to run natively on Windows (Claudio, Magnus, Andrew)
Shell script commands converted to C versions for Windows support (Andrew)
Create an extension makefile framework (Fabien Coelho, Peter)
This simplifies the task of building extensions outside the original source tree.
Support relocatable installations (Bruce)
Directory paths for installed files (such as the
/share directory) are now
computed relative to the actual location of the
executables, so that an installation tree can be moved
to another place without reconfiguring and
rebuilding.
Use --with-docdir to
choose installation location of documentation; also
allow --infodir (Peter)
Add --without-docdir to
prevent installation of documentation (Peter)
Upgrade to DocBook V4.2 SGML (Peter)
New PostgreSQL
CVS tag (Marc)
This was done to make it easier for organizations to manage their own copies of the PostgreSQL CVS repository. File version stamps from the master repository will not get munged by checking into or out of a copied repository.
Clarify locking code (Manfred Koizar)
Buffer manager cleanup (Neil)
Decouple platform tests from CPU spinlock code (Bruce, Tom)
Add inlined test-and-set code on PA-RISC for gcc (ViSolve, Tom)
Improve i386 spinlock code (Manfred Spraul)
Clean up spinlock assembly code to avoid warnings from newer gcc releases (Tom)
Remove JDBC from source tree; now a separate project
Remove the libpgtcl client interface; now a separate project
More accurately estimate memory and file descriptor usage (Tom)
Improvements to the macOS startup scripts (Ray A.)
New fsync() test
program (Bruce)
Major documentation improvements (Neil, Peter)
Remove pg_encoding; not needed anymore
Remove pg_id; not needed anymore
Remove initlocation; not needed anymore
Auto-detect thread flags (no more manual testing) (Bruce)
Use Olson's public domain timezone library (Magnus)
With threading enabled, use thread flags on Unixware for backend executables too (Bruce)
Unixware cannot mix threaded and nonthreaded object files in the same executable, so everything must be compiled as threaded.
psql now uses a flex-generated lexical analyzer to process command strings
Reimplement the linked list data structure used throughout the backend (Neil)
This improves performance by allowing list append and length operations to be more efficient.
Allow dynamically loaded modules to create their own server configuration parameters (Thomas Hallgren)
New Brazilian version of FAQ (Euler Taveira de Oliveira)
Add French FAQ (Guillaume Lelarge)
New pgevent for Windows logging
Make libpq and ECPG build as proper shared libraries on macOS (Tom)
Overhaul of contrib/dblink (Joe)
contrib/dbmirror
improvements (Steven Singer)
New contrib/xml2 (John
Gray, Torchbox)
Updated contrib/mysql
New version of contrib/btree_gist (Teodor)
New contrib/trgm,
trigram matching for PostgreSQL (Teodor)
Many contrib/tsearch2
improvements (Teodor)
Add double metaphone to contrib/fuzzystrmatch (Andrew)
Allow contrib/pg_autovacuum to run as a
Windows service (Dave Page)
Add functions to contrib/dbsize (Andreas Pflug)
Removed contrib/pg_logger: obsoleted by
integrated logging subprocess
Removed contrib/rserv:
obsoleted by various separate projects
⇑ Upgrade to 8.0.1 released on 2005-01-31 - docs
Check that creator of an aggregate function has the right to execute the specified transition functions
This oversight made it possible to bypass denial of EXECUTE permission on a function.
Fix security and 64-bit issues in contrib/intagg
Make ALTER TABLE ADD
COLUMN enforce domain constraints in all cases
Improve planning of grouped aggregate queries
ROLLBACK TO closes
cursors created since the savepointsavepoint
Fix inadequate backend stack size on Windows
Avoid SHGetSpecialFolderPath() on Windows (Magnus)
Fix some problems in running pg_autovacuum as a Windows service (Dave Page)
Multiple minor bug fixes in pg_dump/pg_restore
Fix ecpg segfault with named structs used in typedefs (Michael)
⇑ Upgrade to 8.0.2 released on 2005-04-07 - docs
Increment the major version number of all interface libraries (Bruce)
This should have been done in 8.0.0. It is required so 7.4.X versions of PostgreSQL client applications, like psql, can be used on the same machine as 8.0.X applications. This might require re-linking user applications that use these libraries.
Add Windows-only wal_sync_method setting of fsync_writethrough (Magnus, Bruce)
This setting causes PostgreSQL to write through any
disk-drive write cache when writing to WAL. This behavior
was formerly called fsync,
but was renamed because it acts quite differently from
fsync on other platforms.
Enable the wal_sync_method setting of open_datasync on Windows, and make it the
default for that platform (Magnus, Bruce)
Because the default is no longer fsync_writethrough, data loss is possible
during a power failure if the disk drive has write
caching enabled. To turn off the write cache on Windows,
from the Device Manager,
choose the drive properties, then Policies.
New cache management algorithm 2Q replaces ARC (Tom)
This was done to avoid a pending US patent on ARC. The 2Q code might be a few percentage points slower than ARC for some work loads. A better cache management algorithm will appear in 8.1.
Planner adjustments to improve behavior on freshly-created tables (Tom)
Allow plpgsql to assign to an element of an array that
is initially NULL (Tom)
Formerly the array would remain NULL, but now it becomes a
single-element array. The main SQL engine was changed to
handle UPDATE of a null
array value this way in 8.0, but the similar case in
plpgsql was overlooked.
Convert \r\n and
\r to \n in plpython function bodies (Michael
Fuhr)
This prevents syntax errors when plpython code is written on a Windows or Mac client.
Allow SPI cursors to handle utility commands that
return rows, such as EXPLAIN
(Tom)
Fix CLUSTER failure after
ALTER TABLE SET WITHOUT OIDS
(Tom)
Reduce memory usage of ALTER
TABLE ADD COLUMN (Neil)
Fix ALTER LANGUAGE RENAME
(Tom)
Document the Windows-only register and unregister options of pg_ctl (Magnus)
Ensure operations done during backend shutdown are counted by statistics collector
This is expected to resolve reports of pg_autovacuum not vacuuming the system catalogs often enough — it was not being told about catalog deletions caused by temporary table removal during backend exit.
Change the Windows default for configuration parameter
log_destination to
eventlog (Magnus)
By default, a server running on Windows will now send log output to the Windows event logger rather than standard error.
Make Kerberos authentication work on Windows (Magnus)
Allow ALTER DATABASE
RENAME by superusers who aren't flagged as having
CREATEDB privilege (Tom)
Modify WAL log entries for CREATE and DROP
DATABASE to not specify absolute paths (Tom)
This allows point-in-time recovery on a different
machine with possibly different database location. Note
that CREATE TABLESPACE still
poses a hazard in such situations.
Fix crash from a backend exiting with an open transaction that created a table and opened a cursor on it (Tom)
Fix array_map() so it
can call PL functions (Tom)
Several contrib/tsearch2
and contrib/btree_gist
fixes (Teodor)
Fix crash of some contrib/pgcrypto functions on some
platforms (Marko Kreen)
Fix contrib/intagg for
64-bit platforms (Tom)
Fix ecpg bugs in parsing of CREATE statement (Michael)
Work around gcc bug on powerpc and amd64 causing problems in ecpg (Christof Petig)
Do not use locale-aware versions of upper(), lower(), and initcap() when the locale is
C (Bruce)
This allows these functions to work on platforms that
generate errors for non-7-bit data when the locale is
C.
Fix quote_ident() to
quote names that match keywords (Tom)
Fix to_date() to behave
reasonably when CC and
YY fields are both used
(Karel)
Prevent to_char(interval) from failing when
given a zero-month interval (Tom)
Fix wrong week returned by date_trunc('week') (Bruce)
date_trunc('week')
returned the wrong year for the first few days of January
in some years.
Use the correct default mask length for class
D addresses in INET data types (Tom)
⇑ Upgrade to 8.0.3 released on 2005-05-09 - docs
Change encoding function signature to prevent misuse
Change contrib/tsearch2
to avoid unsafe use of INTERNAL
function results
Guard against incorrect second parameter to
record_out
Fix comparisons of TIME WITH TIME
ZONE values
The comparison code was wrong in the case where the
--enable-integer-datetimes
configuration switch had been used. NOTE: if you have an
index on a TIME WITH TIME ZONE
column, it will need to be REINDEXed after installing this update,
because the fix corrects the sort order of column
values.
Fix mis-display of negative fractional seconds in
INTERVAL values
This error only occurred when the --enable-integer-datetimes configuration
switch had been used.
Fix pg_dump to dump trigger names containing
% correctly (Neil)
Still more 64-bit fixes for contrib/intagg
Prevent incorrect optimization of functions returning
RECORD
Prevent crash on COALESCE(NULL,NULL)
Fix Borland makefile for libpq
Fix contrib/btree_gist
for timetz type (Teodor)
Make pg_ctl check the PID
found in postmaster.pid to
see if it is still a live process
Fix pg_dump/pg_restore problems caused by addition
of dump timestamps
Fix interaction between materializing holdable cursors and firing deferred triggers during transaction commit
Fix memory leak in SQL functions returning pass-by-reference data types
⇑ Upgrade to 8.0.4 released on 2005-10-04 - docs
Fix error that allowed VACUUM to remove ctid chains too soon, and add more
checking in code that follows ctid links
This fixes a long-standing problem that could cause crashes in very rare circumstances.
Fix CHAR() to properly pad
spaces to the specified length when using a multiple-byte
character set (Yoshiyuki Asaba)
In prior releases, the padding of CHAR() was incorrect because it only padded
to the specified number of bytes without considering how
many characters were stored.
Force a checkpoint before committing CREATE DATABASE
This should fix recent reports of “index is not a
btree” failures when a crash occurs shortly
after CREATE DATABASE.
Fix the sense of the test for read-only transaction in
COPY
The code formerly prohibited COPY TO, where it should prohibit
COPY FROM.
Handle consecutive embedded newlines in COPY CSV-mode input
Fix date_trunc(week) for
dates near year end
Fix planning problem with outer-join ON clauses that reference only the inner-side relation
Further fixes for x FULL JOIN y
ON true corner cases
Fix overenthusiastic optimization of x IN (SELECT DISTINCT ...) and related
cases
Fix mis-planning of queries with small LIMIT values due to poorly thought out
“fuzzy” cost comparison
Make array_in and
array_recv more paranoid
about validating their OID parameter
Fix missing rows in queries like UPDATE a=... WHERE a... with GiST index
on column a
Improve robustness of datetime parsing
Improve checking for partially-written WAL pages
Improve robustness of signal handling when SSL is enabled
Improve MIPS and M68K spinlock code
Don't try to open more than max_files_per_process files during
postmaster startup
Various memory leakage fixes
Various portability improvements
Update timezone data files
Improve handling of DLL load failures on Windows
Improve random-number generation on Windows
Make psql -f filename
return a nonzero exit code when opening the file
fails
Change pg_dump to handle inherited check constraints more reliably
Fix password prompting in pg_restore on Windows
Fix PL/pgSQL to handle var :=
var correctly when the variable is of
pass-by-reference type
Fix PL/Perl %_SHARED so
it's actually shared
Fix contrib/pg_autovacuum to allow sleep
intervals over 2000 sec
Update contrib/tsearch2
to use current Snowball code
⇑ Upgrade to 8.1 released on 2005-11-08 - docs
Improve GiST and R-tree index performance (Neil)
Improve the optimizer, including auto-resizing of hash joins (Tom)
Overhaul internal API in several areas
Change WAL record CRCs from 64-bit to 32-bit (Tom)
We determined that the extra cost of computing 64-bit CRCs was significant, and the gain in reliability too marginal to justify it.
Prevent writing large empty gaps in WAL pages (Tom)
Improve spinlock behavior on SMP machines, particularly Opterons (Tom)
Allow nonconsecutive index columns to be used in a multicolumn index (Tom)
For example, this allows an index on columns a,b,c
to be used in a query with WHERE
a = 4 and c = 10.
Skip WAL logging for CREATE
TABLE AS / SELECT
INTO (Simon)
Since a crash during CREATE
TABLE AS would cause the table to be dropped
during recovery, there is no reason to WAL log as the
table is loaded. (Logging still happens if WAL
archiving is enabled, however.)
Allow concurrent GiST index access (Teodor, Oleg)
Add configuration parameter full_page_writes to control writing
full pages to WAL (Bruce)
To prevent partial disk writes from corrupting the database, PostgreSQL writes a complete copy of each database disk page to WAL the first time it is modified after a checkpoint. This option turns off that functionality for more speed. This is safe to use with battery-backed disk caches where partial page writes cannot happen.
Use O_DIRECT if
available when using O_SYNC for wal_sync_method (Itagaki Takahiro)
O_DIRECT causes disk
writes to bypass the kernel cache, and for WAL writes,
this improves performance.
Improve COPY FROM
performance (Alon Goldshuv)
This was accomplished by reading COPY input in larger chunks, rather
than character by character.
Improve the performance of COUNT(), SUM, AVG(), STDDEV(), and VARIANCE() (Neil, Tom)
Prevent problems due to transaction ID (XID) wraparound (Tom)
The server will now warn when the transaction counter approaches the wraparound point. If the counter becomes too close to wraparound, the server will stop accepting queries. This ensures that data is not lost before needed vacuuming is performed.
Fix problems with object IDs (OIDs) conflicting with existing system objects after the OID counter has wrapped around (Tom)
Add warning about the need to increase max_fsm_relations and max_fsm_pages during VACUUM (Ron Mayer)
Add temp_buffers
configuration parameter to allow users to determine the
size of the local buffer area for temporary table
access (Tom)
Add session start time and client IP address to
pg_stat_activity
(Magnus)
Adjust pg_stat views
for bitmap scans (Tom)
The meanings of some of the fields have changed slightly.
Enhance pg_locks view
(Tom)
Log queries for client-side PREPARE and EXECUTE (Simon)
Allow Kerberos name and user name case sensitivity
to be specified in postgresql.conf (Magnus)
Add configuration parameter krb_server_hostname so that the server
host name can be specified as part of service principal
(Todd Kover)
If not set, any service principal matching an entry in the keytab can be used. This is new Kerberos matching behavior in this release.
Add log_line_prefix
options for millisecond timestamps (%m) and remote host (%h) (Ed L.)
Add WAL logging for GiST indexes (Teodor, Oleg)
GiST indexes are now safe for crash and point-in-time recovery.
Remove old *.backup
files when we do pg_stop_backup() (Bruce)
This prevents a large number of *.backup files from existing in
pg_xlog/.
Add configuration parameters to control TCP/IP keep-alive times for idle, interval, and count (Oliver Jowett)
These values can be changed to allow more rapid detection of lost client connections.
Add per-user and per-database connection limits (Petr Jelinek)
Using ALTER USER and
ALTER DATABASE, limits can
now be enforced on the maximum number of sessions that
can concurrently connect as a specific user or to a
specific database. Setting the limit to zero disables
user or database connections.
Allow more than two gigabytes of shared memory and per-backend work memory on 64-bit machines (Koichi Suzuki)
New system catalog pg_pltemplate allows overriding
obsolete procedural-language definitions in dump files
(Tom)
Add temporary views (Koju Iijima, Neil)
Fix HAVING without any
aggregate functions or GROUP
BY so that the query returns a single group
(Tom)
Previously, such a case would treat the HAVING clause the same as a
WHERE clause. This was not
per spec.
Add USING clause to
allow additional tables to be specified to DELETE (Euler Taveira de Oliveira,
Neil)
In prior releases, there was no clear method for
specifying additional tables to be used for joins in a
DELETE statement.
UPDATE already has a
FROM clause for this
purpose.
Add support for \x hex
escapes in backend and ecpg strings (Bruce)
This is just like the standard C \x escape syntax. Octal escapes were
already supported.
Add BETWEEN SYMMETRIC
query syntax (Pavel Stehule)
This feature allows BETWEEN comparisons without requiring
the first value to be less than the second. For
example, 2 BETWEEN [ASYMMETRIC] 3
AND 1 returns false, while 2 BETWEEN SYMMETRIC 3 AND 1 returns
true. BETWEEN ASYMMETRIC
was already supported.
Add NOWAIT option to
SELECT ... FOR
UPDATE/SHARE (Hans-Juergen Schoenig)
While the statement_timeout configuration
parameter allows a query taking more than a certain
amount of time to be canceled, the NOWAIT option allows a query to be
canceled as soon as a SELECT ...
FOR UPDATE/SHARE command cannot immediately
acquire a row lock.
Track dependencies of shared objects (Alvaro)
PostgreSQL allows global tables (users, databases, tablespaces) to reference information in multiple databases. This addition adds dependency information for global tables, so, for example, user ownership can be tracked across databases, so a user who owns something in any database can no longer be removed. Dependency tracking already existed for database-local objects.
Allow limited ALTER
OWNER commands to be performed by the object
owner (Stephen Frost)
Prior releases allowed only superusers to change object owners. Now, ownership can be transferred if the user executing the command owns the object and would be able to create it as the new owner (that is, the user is a member of the new owning role and that role has the CREATE permission that would be needed to create the object afresh).
Add ALTER object
SET SCHEMA capability for
some object types (tables, functions, types) (Bernd
Helmle)
This allows objects to be moved to different schemas.
Add ALTER TABLE ENABLE/DISABLE
TRIGGER to disable triggers (Satoshi
Nagayasu)
Allow TRUNCATE to
truncate multiple tables in a single command
(Alvaro)
Because of referential integrity checks, it is not
allowed to truncate a table that is part of a
referential integrity constraint. Using this new
functionality, TRUNCATE
can be used to truncate such tables, if both tables
involved in a referential integrity constraint are
truncated in a single TRUNCATE command.
Properly process carriage returns and line feeds in
COPY CSV mode (Andrew)
In release 8.0, carriage returns and line feeds in
CSV COPY TO were processed
in an inconsistent manner. (This was documented on the
TODO list.)
Add COPY WITH CSV
HEADER to allow a header line as the first line
in COPY (Andrew)
This allows handling of the common CSV usage of placing the column names
on the first line of the data file. For COPY TO, the first line contains the
column names, and for COPY
FROM, the first line is ignored.
On Windows, display better sub-second precision in
EXPLAIN ANALYZE
(Magnus)
Add trigger duration display to EXPLAIN ANALYZE (Tom)
Prior releases included trigger execution time as part of the total execution time, but did not show it separately. It is now possible to see how much time is spent in each trigger.
Add support for \x hex
escapes in COPY (Sergey
Ten)
Previous releases only supported octal escapes.
Make SHOW ALL include
variable descriptions (Matthias Schmidt)
SHOW varname still only
displays the variable's value and does not include the
description.
Make initdb create
a new standard database called postgres, and convert utilities to use
postgres rather than
template1 for standard
lookups (Dave)
In prior releases, template1 was used both as a default
connection for utilities like createuser, and as a template for
new databases. This caused CREATE
DATABASE to sometimes fail, because a new
database cannot be created if anyone else is in the
template database. With this change, the default
connection database is now postgres, meaning it is much less
likely someone will be using template1 during CREATE DATABASE.
Create new reindexdb command-line utility by
moving /contrib/reindexdb
into the server (Euler Taveira de Oliveira)
Add MAX() and
MIN() aggregates for
array types (Koju Iijima)
Fix to_date() and
to_timestamp() to behave
reasonably when CC and
YY fields are both used
(Karel Zak)
If the format specification contains CC and a year specification is
YYY or longer, ignore the
CC. If the year
specification is YY or
shorter, interpret CC as
the previous century.
Add md5(bytea)
(Abhijit Menon-Sen)
md5(text) already
existed.
Add support for numeric ^
numeric based on power(numeric, numeric)
The function already existed, but there was no operator assigned to it.
Fix NUMERIC modulus by
properly truncating the quotient during computation
(Bruce)
In previous releases, modulus for large values sometimes returned negative results due to rounding of the quotient.
Add a function lastval() (Dennis Björklund)
lastval() is a
simplified version of currval(). It automatically
determines the proper sequence name based on the most
recent nextval() or
setval() call performed
by the current session.
Add to_timestamp(DOUBLE
PRECISION) (Michael Glaesemann)
Converts Unix seconds since 1970 to a TIMESTAMP WITH TIMEZONE.
Add pg_postmaster_start_time() function
(Euler Taveira de Oliveira, Matthias Schmidt)
Allow the full use of time zone names in
AT TIME ZONE, not just the
short list previously available (Magnus)
Previously, only a predefined list of time zone
names were supported by AT TIME
ZONE. Now any supported time zone name can be
used, e.g.:
SELECT CURRENT_TIMESTAMP AT TIME ZONE 'Europe/London';
In the above query, the time zone used is adjusted based on the daylight saving time rules that were in effect on the supplied date.
Add GREATEST() and
LEAST() variadic
functions (Pavel Stehule)
These functions take a variable number of arguments and return the greatest or least value among the arguments.
Add pg_column_size()
(Mark Kirkwood)
This returns storage size of a column, which might be compressed.
Add regexp_replace()
(Atsushi Ogawa)
This allows regular expression replacement, like sed. An optional flag argument allows selection of global (replace all) and case-insensitive modes.
Fix interval division and multiplication (Bruce)
Previous versions sometimes returned unjustified
results, like '4
months'::interval / 5 returning '1 mon -6 days'.
Fix roundoff behavior in timestamp, time, and interval output (Tom)
This fixes some cases in which the seconds field
would be shown as 60
instead of incrementing the higher-order fields.
Add a separate day field to type interval so a one day interval can be
distinguished from a 24 hour interval (Michael
Glaesemann)
Days that contain a daylight saving time adjustment
are not 24 hours long, but typically 23 or 25 hours.
This change creates a conceptual distinction between
intervals of “so many days” and intervals of
“so many
hours”. Adding 1
day to a timestamp now gives the same local time
on the next day even if a daylight saving time
adjustment occurs between, whereas adding 24 hours will give a different local
time when this happens. For example, under US DST
rules:
'2005-04-03 00:00:00-05' + '1 day' = '2005-04-04 00:00:00-04' '2005-04-03 00:00:00-05' + '24 hours' = '2005-04-04 01:00:00-04'
Add justify_days() and
justify_hours() (Michael
Glaesemann)
These functions, respectively, adjust days to an appropriate number of full months and days, and adjust hours to an appropriate number of full days and hours.
Move /contrib/dbsize
into the backend, and rename some of the functions
(Dave Page, Andreas Pflug)
pg_tablespace_size()
pg_database_size()
pg_relation_size()
pg_total_relation_size()
pg_size_pretty()
pg_total_relation_size() includes
indexes and TOAST tables.
pg_tablespace_size()
pg_database_size()
pg_relation_size()
pg_total_relation_size()
pg_size_pretty()
Add functions for read-only file access to the cluster directory (Dave Page, Andreas Pflug)
pg_stat_file()
pg_read_file()
pg_ls_dir()
pg_stat_file()
pg_read_file()
pg_ls_dir()
Add pg_reload_conf()
to force reloading of the configuration files (Dave
Page, Andreas Pflug)
Add pg_rotate_logfile() to force rotation
of the server log file (Dave Page, Andreas Pflug)
Change pg_stat_* views
to include TOAST tables (Tom)
Rename some encodings to be more consistent and to follow international standards (Bruce)
UNICODE is now
UTF8
ALT is now
WIN866
WIN is now
WIN1251
TCVN is now
WIN1258
The original names still work.
UNICODE is now
UTF8
ALT is now
WIN866
WIN is now
WIN1251
TCVN is now
WIN1258
Add support for WIN1252
encoding (Roland Volkmann)
Add support for four-byte UTF8 characters (John Hansen)
Previously only one, two, and three-byte
UTF8 characters were
supported. This is particularly important for support
for some Chinese character sets.
Allow direct conversion between EUC_JP and SJIS to improve performance (Atsushi
Ogawa)
Allow the UTF8 encoding to work on Windows (Magnus)
This is done by mapping UTF8 to the Windows-native UTF16 implementation.
Fix ALTER LANGUAGE
RENAME (Sergey Yatskevich)
Allow function characteristics, like strictness and
volatility, to be modified via ALTER FUNCTION (Neil)
Increase the maximum number of function arguments to 100 (Tom)
Allow SQL and PL/pgSQL functions to use OUT and INOUT parameters (Tom)
OUT is an alternate way
for a function to return values. Instead of using
RETURN, values can be
returned by assigning to parameters declared as
OUT or INOUT. This is notationally simpler in
some cases, particularly so when multiple values need
to be returned. While returning multiple values from a
function was possible in previous releases, this
greatly simplifies the process. (The feature will be
extended to other server-side languages in future
releases.)
Move language handler functions into the
pg_catalog schema
This makes it easier to drop the public schema if desired.
Add SPI_getnspname()
to SPI (Neil)
Overhaul the memory management of PL/pgSQL functions (Neil)
The parsetree of each function is now stored in a separate memory context. This allows this memory to be easily reclaimed when it is no longer needed.
Check function syntax at CREATE FUNCTION time, rather than at
runtime (Neil)
Previously, most syntax errors were reported only when the function was executed.
Allow OPEN to open
non-SELECT queries like
EXPLAIN and SHOW (Tom)
No longer require functions to issue a RETURN statement (Tom)
This is a byproduct of the newly added OUT and INOUT functionality. RETURN can be omitted when it is not
needed to provide the function's return value.
Add support for an optional INTO clause to PL/pgSQL's EXECUTE statement (Pavel Stehule,
Neil)
Make CREATE TABLE AS
set ROW_COUNT (Tom)
Define SQLSTATE and
SQLERRM to return the
SQLSTATE and error message
of the current exception (Pavel Stehule, Neil)
These variables are only defined inside exception blocks.
Allow the parameters to the RAISE statement to be expressions
(Pavel Stehule, Neil)
Add a loop CONTINUE
statement (Pavel Stehule, Neil)
Allow block and loop labels (Pavel Stehule)
Allow large result sets to be returned efficiently (Abhijit Menon-Sen)
This allows functions to use return_next() to avoid building the
entire result set in memory.
Allow one-row-at-a-time retrieval of query results (Abhijit Menon-Sen)
This allows functions to use spi_query() and spi_fetchrow() to avoid accumulating
the entire result set in memory.
Force PL/Perl to handle strings as UTF8 if the server encoding is
UTF8 (David Kamholz)
Add a validator function for PL/Perl (Andrew)
This allows syntax errors to be reported at definition time, rather than execution time.
Allow PL/Perl to return a Perl array when the function returns an array type (Andrew)
This basically maps PostgreSQL arrays to Perl arrays.
Allow Perl nonfatal warnings to generate
NOTICE messages
(Andrew)
Allow Perl's strict
mode to be enabled (Andrew)
Add \set
ON_ERROR_ROLLBACK to allow statements in a
transaction to error without affecting the rest of the
transaction (Greg Sabino Mullane)
This is basically implemented by wrapping every statement in a sub-transaction.
Add support for \x hex
strings in psql
variables (Bruce)
Octal escapes were already supported.
Add support for troff
-ms output format (Roger Leigh)
Allow the history file location to be controlled by
HISTFILE (Andreas
Seltenreich)
This allows configuration of per-database history storage.
Prevent \x (expanded
mode) from affecting the output of \d tablename (Neil)
Add -L option to
psql to log sessions
(Lorne Sunley)
This option was added because some operating systems do not have simple command-line activity logging functionality.
Make \d show the
tablespaces of indexes (Qingqing Zhou)
Allow psql help
(\h) to make a best guess
on the proper help information (Greg Sabino
Mullane)
This allows the user to just add \h to the front of the syntax error
query and get help on the supported syntax. Previously
any additional query text beyond the command name had
to be removed to use \h.
Add \pset numericlocale
to allow numbers to be output in a locale-aware format
(Eugen Nedelcu)
For example, using C
locale 100000 would be
output as 100,000.0 while
a European locale might output this value as
100.000,0.
Make startup banner show both server version number and psql's version number, when they are different (Bruce)
Also, a warning will be shown if the server and psql are from different major releases.
Add -n / --schema switch to pg_restore (Richard van den
Berg)
This allows just the objects in a specified schema to be restored.
Allow pg_dump to dump large objects even in text mode (Tom)
With this change, large objects are now always
dumped; the former -b
switch is a no-op.
Allow pg_dump to dump a consistent snapshot of large objects (Tom)
Dump comments for large objects (Tom)
Add --encoding to
pg_dump (Magnus
Hagander)
This allows a database to be dumped in an encoding that is different from the server's encoding. This is valuable when transferring the dump to a machine with a different encoding.
Rely on pg_pltemplate for procedural
languages (Tom)
If the call handler for a procedural language is in
the pg_catalog schema,
pg_dump does not dump
the handler. Instead, it dumps the language using just
CREATE LANGUAGE , relying on
the namepg_pltemplate
catalog to provide the language's creation parameters
at load time.
Add a PGPASSFILE
environment variable to specify the password file's
filename (Andrew)
Add lo_create(), that
is similar to lo_creat()
but allows the OID of the large object to be specified
(Tom)
Make libpq
consistently return an error to the client application
on malloc() failure
(Neil)
Fix pgxs to support building against a relocated installation
Add spinlock support for the Itanium processor using Intel compiler (Vikram Kalsi)
Add Kerberos 5 support for Windows (Magnus)
Add Chinese FAQ (laser@pgsqldb.com)
Rename Rendezvous to Bonjour to match OS/X feature renaming (Bruce)
Add support for fsync_writethrough on macOS (Chris
Campbell)
Streamline the passing of information within the server, the optimizer, and the lock system (Tom)
Allow pg_config to be compiled using MSVC (Andrew)
This is required to build DBD::Pg using MSVC.
Remove support for Kerberos V4 (Magnus)
Kerberos 4 had security vulnerabilities and is no longer maintained.
Code cleanups (Coverity static analysis performed by EnterpriseDB)
Modify postgresql.conf
to use documentation defaults on/off
rather than true/false (Bruce)
Enhance pg_config to be able to report more build-time values (Tom)
Allow libpq to be built thread-safe on Windows (Dave Page)
Allow IPv6 connections to be used on Windows (Andrew)
Add Server Administration documentation about I/O subsystem reliability (Bruce)
Move private declarations from gist.h to gist_private.h (Neil)
In previous releases, gist.h contained both the public GiST
API (intended for use by authors of GiST index
implementations) as well as some private declarations
used by the implementation of GiST itself. The latter
have been moved to a separate file, gist_private.h. Most GiST index
implementations should be unaffected.
Overhaul GiST memory management (Neil)
GiST methods are now always invoked in a short-lived
memory context. Therefore, memory allocated via
palloc() will be
reclaimed automatically, so GiST index implementations
do not need to manually release allocated memory via
pfree().
Add /contrib/pg_buffercache contrib
module (Mark Kirkwood)
This displays the contents of the buffer cache, for debugging and performance tuning purposes.
Remove /contrib/array
because it is obsolete (Tom)
Clean up the /contrib/lo module (Tom)
Move /contrib/findoidjoins to /src/tools (Tom)
Remove the <<,
>>, &<, and &> operators from /contrib/cube
These operators were not useful.
Improve /contrib/btree_gist (Janko
Richter)
Improve /contrib/pgbench (Tomoaki Sato,
Tatsuo)
There is now a facility for testing with SQL command scripts given by the user, instead of only a hard-wired command sequence.
Improve /contrib/pgcrypto (Marko Kreen)
Implementation of OpenPGP symmetric-key and public-key encryption
Both RSA and Elgamal public-key algorithms are supported.
Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG
OpenSSL build: support 3DES, use internal AES with OpenSSL < 0.9.7
Take build parameters (OpenSSL, zlib) from
configure
result
There is no need to edit the Makefile anymore.
Remove support for libmhash and libmcrypt
Implementation of OpenPGP symmetric-key and public-key encryption
Both RSA and Elgamal public-key algorithms are supported.
Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG
OpenSSL build: support 3DES, use internal AES with OpenSSL < 0.9.7
Take build parameters (OpenSSL, zlib) from
configure
result
There is no need to edit the Makefile anymore.
Remove support for libmhash and libmcrypt
⇑ Upgrade to 8.1.1 released on 2005-12-12 - docs
Fix incorrect optimizations of outer-join conditions (Tom)
Fix problems with wrong reported column names in cases involving sub-selects flattened by the optimizer (Tom)
Fix update failures in scenarios involving CHECK constraints, toasted columns, and indexes (Tom)
Fix bgwriter problems after recovering from errors (Tom)
The background writer was found to leak buffer pins after write errors. While not fatal in itself, this might lead to mysterious blockages of later VACUUM commands.
Prevent failure if client sends Bind protocol message when current transaction is already aborted
/contrib/tsearch2 and
/contrib/ltree fixes
(Teodor)
Fix problems with translated error messages in languages that require word reordering, such as Turkish; also problems with unexpected truncation of output strings and wrong display of the smallest possible bigint value (Andrew, Tom)
These problems only appeared on platforms that were
using our port/snprintf.c
code, which includes BSD variants if --enable-nls was given, and perhaps
others. In addition, a different form of the
translated-error-message problem could appear on Windows
depending on which version of libintl was used.
Re-allow AM/PM, HH,
HH12, and D format specifiers for to_char(time) and to_char(interval). (to_char(interval) should probably use
HH24.) (Bruce)
AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi Saito)
Retry file reads and writes after Windows NO_SYSTEM_RESOURCES error (Qingqing Zhou)
Prevent autovacuum from crashing during ANALYZE of expression index (Alvaro)
Fix problems with ON COMMIT DELETE ROWS temp tables
Fix problems when a trigger alters the output of a SELECT DISTINCT query
Add 8.1.0 release note item on how to migrate invalid
UTF-8 byte sequences (Paul
Lindner)
⇑ Upgrade to 8.1.2 released on 2006-01-09 - docs
Fix Windows code so that postmaster will continue rather than exit if there is no more room in ShmemBackendArray (Magnus)
The previous behavior could lead to a denial-of-service situation if too many connection requests arrive close together. This applies only to the Windows port.
Fix bug introduced in 8.0 that could allow ReadBuffer to return an already-used page as new, potentially causing loss of recently-committed data (Tom)
Fix for protocol-level Describe messages issued outside a transaction or in a failed transaction (Tom)
Fix character string comparison for locales that consider different character combinations as equal, such as Hungarian (Tom)
This might require REINDEX to fix existing indexes on
textual columns.
Set locale environment variables during postmaster startup to ensure that plperl won't change the locale later
This fixes a problem that occurred if the postmaster was started with
environment variables specifying a different locale than
what initdb had been
told. Under these conditions, any use of plperl was likely to lead to corrupt
indexes. You might need REINDEX to fix existing indexes on
textual columns if this has happened to you.
Allow more flexible relocation of installation directories (Tom)
Previous releases supported relocation only if all installation directory paths were the same except for the last component.
Prevent crashes caused by the use of ISO-8859-5 and ISO-8859-9 encodings (Tatsuo)
Fix longstanding bug in strpos() and regular expression handling in certain rarely used Asian multi-byte character sets (Tatsuo)
Fix bug where COPY CSV mode considered any
\. to terminate the copy
data
The new code requires \.
to appear alone on a line, as per documentation.
Make COPY CSV mode quote a literal data value of
\. to ensure it cannot be
interpreted as the end-of-data marker (Bruce)
Various fixes for functions returning RECORDs (Tom)
Fix processing of postgresql.conf so a final line with no
newline is processed properly (Tom)
Fix bug in /contrib/pgcrypto gen_salt, which
caused it not to use all available salt space for MD5 and
XDES algorithms (Marko Kreen, Solar Designer)
Salts for Blowfish and standard DES are unaffected.
Fix autovacuum crash when processing expression indexes
Fix /contrib/dblink to
throw an error, rather than crashing, when the number of
columns specified is different from what's actually
returned by the query (Joe)
⇑ Upgrade to 8.1.3 released on 2006-02-14 - docs
Fix bug that allowed any logged-in user to
SET ROLE to any other
database user id (CVE-2006-0553)
Due to inadequate validity checking, a user could
exploit the special case that SET
ROLE normally uses to restore the previous role
setting after an error. This allowed ordinary users to
acquire superuser status, for example. The
escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, in all releases back to 7.3 there is a related
bug in SET SESSION
AUTHORIZATION that allows unprivileged users to
crash the server, if it has been compiled with Asserts
enabled (which is not the default). Thanks to Akio Ishida
for reporting this problem.
Fix bug with row visibility logic in self-inserted rows (Tom)
Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases.
Fix race condition that could lead to “file already exists” errors during pg_clog and pg_subtrans file creation (Tom)
Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom)
Properly check DOMAIN
constraints for UNKNOWN
parameters in prepared statements (Neil)
Ensure ALTER COLUMN TYPE
will process FOREIGN KEY,
UNIQUE, and PRIMARY KEY constraints in the proper
order (Nakano Yoshihisa)
Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom)
Allow pg_restore to
continue properly after a COPY failure; formerly it tried to treat
the remaining COPY data as
SQL commands (Stephen Frost)
Fix pg_ctl
unregister crash when the
data directory is not specified (Magnus)
Fix libpq
PQprint HTML tags
(Christoph Zwerschke)
Fix ecpg crash on AMD64 and PPC (Neil)
Allow SETOF and
%TYPE to be used together in
function result type declarations
Recover properly if error occurs during argument passing in PL/Python (Neil)
Fix memory leak in plperl_return_next (Neil)
Fix PL/Perl's handling of locales on Win32 to match the backend (Andrew)
Various optimizer fixes (Tom)
Fix crash when log_min_messages is set to DEBUG3 or above in postgresql.conf on Win32 (Bruce)
Fix pgxs -L library path specification for Win32,
Cygwin, macOS, AIX (Bruce)
Check that SID is enabled while checking for Win32 admin privileges (Magnus)
Properly reject out-of-range date inputs (Kris Jurka)
Portability fix for testing presence of finite and isinf during configure (Tom)
Improve speed of COPY IN
via libpq, by avoiding a kernel call per data line (Alon
Goldshuv)
Improve speed of /contrib/tsearch2 index creation
(Tom)
⇑ Upgrade to 8.1.4 released on 2006-05-23 - docs
Change the server to reject invalidly-encoded multibyte characters in all cases (Tatsuo, Tom)
While PostgreSQL has been moving in this direction for some time, the checks are now applied uniformly to all encodings and all textual input, and are now always errors not merely warnings. This change defends against SQL-injection attacks of the type described in CVE-2006-2313.
Reject unsafe uses of \'
in string literals
As a server-side defense against SQL-injection attacks
of the type described in CVE-2006-2314, the server now
only accepts '' and not
\' as a representation of
ASCII single quote in SQL string literals. By default,
\' is rejected only when
client_encoding is set to a
client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC),
which is the scenario in which SQL injection is possible.
A new configuration parameter backslash_quote is available to adjust
this behavior when needed. Note that full security
against CVE-2006-2314 might require client-side changes;
the purpose of backslash_quote is in part to make it
obvious that insecure clients are insecure.
Modify libpq's
string-escaping routines to be aware of encoding
considerations and standard_conforming_strings
This fixes libpq-using applications for the
security issues described in CVE-2006-2313 and
CVE-2006-2314, and also future-proofs them against the
planned changeover to SQL-standard string literal syntax.
Applications that use multiple PostgreSQL connections concurrently
should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that
escaping is done correctly for the settings in use in
each database connection. Applications that do string
escaping “by
hand” should be modified to rely on library
routines instead.
Fix weak key selection in pgcrypto (Marko Kreen)
Errors in fortuna PRNG reseeding logic could cause a
predictable session key to be selected by pgp_sym_encrypt() in some cases. This
only affects non-OpenSSL-using builds.
Fix some incorrect encoding conversion functions
win1251_to_iso,
win866_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all broken to
varying extents.
Clean up stray remaining uses of \' in strings (Bruce, Jan)
Make autovacuum visible in pg_stat_activity (Alvaro)
Disable full_page_writes
(Tom)
In certain cases, having full_page_writes off would cause crash
recovery to fail. A proper fix will appear in 8.2; for
now it's just disabled.
Various planner fixes, particularly for bitmap index scans and MIN/MAX optimization (Tom)
Fix incorrect optimization in merge join (Tom)
Outer joins could sometimes emit multiple copies of unmatched rows.
Fix crash from using and modifying a plpgsql function in the same transaction
Fix WAL replay for case where a B-Tree index has been truncated
Fix SIMILAR TO for
patterns involving |
(Tom)
Fix SELECT INTO and
CREATE TABLE AS to create
tables in the default tablespace, not the base directory
(Kris Jurka)
Fix server to use custom DH SSL parameters correctly (Michael Fuhr)
Improve qsort performance (Dann Corbit)
Currently this code is only used on Solaris.
Fix for OS/X Bonjour on x86 systems (Ashley Clark)
Fix various minor memory leaks
Fix problem with password prompting on some Win32 systems (Robert Kinberg)
Improve pg_dump's handling of default values for domains
Fix pg_dumpall to handle identically-named users and groups reasonably (only possible when dumping from a pre-8.1 server) (Tom)
The user and group will be merged into a single role
with LOGIN permission.
Formerly the merged role wouldn't have LOGIN permission, making it unusable as
a user.
Fix pg_restore
-n to work as documented
(Tom)
⇑ Upgrade to 8.1.5 released on 2006-10-16 - docs
Disallow aggregate functions in UPDATE commands, except within
sub-SELECTs (Tom)
The behavior of such an aggregate was unpredictable, and in 8.1.X could cause a crash, so it has been disabled. The SQL standard does not allow this either.
Fix core dump when an untyped literal is taken as ANYARRAY
Fix core dump in duration logging for extended query
protocol when a COMMIT or
ROLLBACK is executed
Fix mishandling of AFTER triggers when query contains a SQL function returning multiple rows (Tom)
Fix ALTER TABLE ... TYPE
to recheck NOT NULL for
USING clause (Tom)
Fix string_to_array() to
handle overlapping matches for the separator string
For example, string_to_array('123xx456xxx789',
'xx').
Fix to_timestamp() for
AM/PM formats (Bruce)
Fix autovacuum's calculation that decides whether
ANALYZE is needed
(Alvaro)
Fix corner cases in pattern matching for psql's \d commands
Fix index-corrupting bugs in /contrib/ltree (Teodor)
Numerous robustness fixes in ecpg (Joachim Wieland)
Fix backslash escaping in /contrib/dbmirror
Minor fixes in /contrib/dblink and /contrib/tsearch2
Efficiency improvements in hash tables and bitmap index scans (Tom)
Fix instability of statistics collection on Windows (Tom, Andrew)
Fix statement_timeout to
use the proper units on Win32 (Bruce)
In previous Win32 8.1.X versions, the delay was off by a factor of 100.
Fixes for MSVC and Borland C++ compilers (Hiroshi Saito)
Fixes for AIX and Intel compilers (Tom)
Fix rare bug in continuous archiving (Tom)
⇑ Upgrade to 8.2 released on 2006-12-05 - docs
Allow the planner to reorder outer joins in some circumstances (Tom)
In previous releases, outer joins would always be evaluated in the order written in the query. This change allows the query optimizer to consider reordering outer joins, in cases where it can determine that the join order can be changed without altering the meaning of the query. This can make a considerable performance difference for queries involving multiple outer joins or mixed inner and outer joins.
Improve efficiency of IN (list-of-expressions) clauses
(Tom)
Improve sorting speed and reduce memory usage (Simon, Tom)
Improve subtransaction performance (Alvaro, Itagaki Takahiro, Tom)
Add FILLFACTOR to
table and index
creation (ITAGAKI Takahiro)
This leaves extra free space in each table or index page, allowing improved performance as the database grows. This is particularly valuable to maintain clustering.
Increase default values for
shared_buffers and max_fsm_pages (Andrew)
Improve locking performance by breaking the lock manager tables into sections (Tom)
This allows locking to be more fine-grained, reducing contention.
Reduce locking requirements of sequential scans (Qingqing Zhou)
Reduce locking required for database creation and destruction (Tom)
Improve the optimizer's selectivity estimates for
LIKE, ILIKE, and regular
expression operations (Tom)
Improve planning of joins to inherited tables and
UNION ALL views (Tom)
Allow constraint
exclusion to be applied to inherited UPDATE and DELETE queries (Tom)
SELECT already honored
constraint exclusion.
Improve planning of constant WHERE clauses, such as a condition
that depends only on variables inherited from an outer
query level (Tom)
Protocol-level unnamed prepared statements are
re-planned for each set of BIND values (Tom)
This improves performance because the exact parameter values can be used in the plan.
Speed up vacuuming of B-Tree indexes (Heikki Linnakangas, Tom)
Avoid extra scan of tables without indexes during
VACUUM (Greg
Stark)
Improve multicolumn GiST indexing (Oleg, Teodor)
Remove dead index entries before B-Tree page split (Junji Teramoto)
Allow a forced switch to a new transaction log file (Simon, Tom)
This is valuable for keeping warm standby slave
servers in sync with the master. Transaction log file
switching now also happens automatically during
pg_stop_backup(). This ensures that all
transaction log files needed for recovery can be
archived immediately.
Add WAL informational functions (Simon)
Add functions for interrogating the current
transaction log insertion point and determining
WAL filenames from
the hex WAL
locations displayed by
pg_stop_backup() and related functions.
Improve recovery from a crash during WAL replay (Simon)
The server now does periodic checkpoints during WAL recovery, so if there is a crash, future WAL recovery is shortened. This also eliminates the need for warm standby servers to replay the entire log since the base backup if they crash.
Improve reliability of long-term WAL replay (Heikki, Simon, Tom)
Formerly, trying to roll forward through more than 2 billion transactions would not work due to XID wraparound. This meant warm standby servers had to be reloaded from fresh base backups periodically.
Add
archive_timeout to force transaction log
file switches at a given interval (Simon)
This enforces a maximum replication delay for warm standby servers.
Add native LDAP authentication (Magnus Hagander)
This is particularly useful for platforms that do not support PAM, such as Windows.
Add GRANT
CONNECT ON DATABASE (Gevik Babakhani)
This gives SQL-level control over database access.
It works as an additional filter on top of the existing
pg_hba.conf controls.
Add support for SSL Certificate Revocation List (CRL) files (Libor Hohoš)
The server and libpq both recognize CRL files now.
GiST indexes are now clusterable (Teodor)
Remove routine autovacuum server log entries (Bruce)
pg_stat_activity now shows autovacuum
activity.
Track maximum XID age within individual tables, instead of whole databases (Alvaro)
This reduces the overhead involved in preventing transaction ID wraparound, by avoiding unnecessary VACUUMs.
Add last vacuum and analyze timestamp columns to the stats collector (Larry Rosenman)
These values now appear in the
pg_stat_*_tables system views.
Improve performance of statistics monitoring,
especially stats_command_string (Tom, Bruce)
This release enables stats_command_string by default, now
that its overhead is minimal. This means
pg_stat_activity will now show all active
queries by default.
Add a waiting column to
pg_stat_activity (Tom)
This allows pg_stat_activity to show all the
information included in the ps display.
Add configuration parameter
update_process_title to control whether the
ps display is updated
for every command (Bruce)
On platforms where it is expensive to update the
ps display, it might
be worthwhile to turn this off and rely solely on
pg_stat_activity for
status information.
Allow units to be specified in configuration settings (Peter)
For example, you can now set
shared_buffers to 32MB rather than mentally converting
sizes.
Add support for include directives
in postgresql.conf
(Joachim Wieland)
Improve logging of protocol-level prepare/bind/execute messages (Bruce, Tom)
Such logging now shows statement names, bind
parameter values, and the text of the query being
executed. Also, the query text is properly included in
logged error messages when enabled by log_min_error_statement.
Prevent
max_stack_depth from being set to unsafe
values
On platforms where we can determine the actual
kernel stack depth limit (which is most), make sure
that the initial default value of max_stack_depth is safe, and reject
attempts to set it to unsafely large values.
Enable highlighting of error location in query in more cases (Tom)
The server is now able to report a specific error location for some semantic errors (such as unrecognized column name), rather than just for basic syntax errors as before.
Fix “failed
to re-find parent key” errors in
VACUUM (Tom)
Clean out pg_internal.init cache files during
server restart (Simon)
This avoids a hazard that the cache files might contain stale data after PITR recovery.
Fix race condition for truncation of a large
relation across a gigabyte boundary by VACUUM (Tom)
Fix bug causing needless deadlock errors on row-level locks (Tom)
Fix bugs affecting multi-gigabyte hash indexes (Tom)
Each backend process is now its own process group leader (Tom)
This allows query cancel to abort subprocesses invoked from a backend or archive/recovery process.
Add INSERT/UPDATE/DELETE RETURNING (Jonah Harris, Tom)
This allows these commands to return values, such as
the computed serial key for a new row. In the
UPDATE case, values from
the updated version of the row are returned.
Add support for multiple-row VALUES clauses, per SQL standard
(Joe, Tom)
This allows INSERT to
insert multiple rows of constants, or queries to
generate result sets using constants. For example,
INSERT ... VALUES (...), (...),
...., and SELECT * FROM
(VALUES (...), (...), ....) AS alias(f1,
...).
Allow UPDATE and
DELETE to use
an alias for the target table (Atsushi Ogawa)
The SQL standard does not permit an alias in these commands, but many database systems allow one anyway for notational convenience.
Allow UPDATE to set
multiple columns with a list of values (Susanne
Ebrecht)
This is basically a short-hand for assigning the
columns and values in pairs. The syntax is UPDATE tab SET (.column, ...) =
(val,
...)
Make row comparisons work per standard (Tom)
The forms <, <=, >, >= now compare rows lexicographically, that is, compare the first elements, if equal compare the second elements, and so on. Formerly they expanded to an AND condition across all the elements, which was neither standard nor very useful.
Add CASCADE
option to TRUNCATE
(Joachim Wieland)
This causes TRUNCATE to
automatically include all tables that reference the
specified table(s) via foreign keys. While convenient,
this is a dangerous tool — use with caution!
Support FOR UPDATE and
FOR SHARE in the same
SELECT
command (Tom)
Add IS NOT DISTINCT FROM (Pavel
Stehule)
This operator is similar to equality (=), but evaluates to true when both
left and right operands are NULL, and to false when just one is,
rather than yielding NULL
in these cases.
Improve the length output used by UNION/INTERSECT/EXCEPT (Tom)
When all corresponding columns are of the same defined length, that length is used for the result, rather than a generic length.
Allow ILIKE to work for multi-byte
encodings (Tom)
Internally, ILIKE now
calls lower() and then
uses LIKE. Locale-specific
regular expression patterns still do not work in these
encodings.
Enable
standard_conforming_strings to be
turned on (Kevin
Grittner)
This allows backslash escaping in strings to be
disabled, making PostgreSQL more
standards-compliant. The default is off for backwards compatibility, but
future releases will default this to on.
Do not flatten subqueries that contain volatile functions in their target
lists (Jaime Casanova)
This prevents surprising behavior due to multiple
evaluation of a volatile
function (such as random() or nextval()). It might cause
performance degradation in the presence of functions
that are unnecessarily marked as volatile.
Add system views pg_prepared_statements and
pg_cursors to show prepared
statements and open cursors (Joachim Wieland, Neil)
These are very useful in pooled connection setups.
Support portal parameters in EXPLAIN and EXECUTE (Tom)
This allows, for example, JDBC ?
parameters to work in these commands.
If SQL-level
PREPARE
parameters are unspecified, infer their types from the
content of the query (Neil)
Protocol-level PREPARE
already did this.
Allow LIMIT and
OFFSET to exceed two
billion (Dhanaraj M)
Add TABLESPACE clause
to CREATE TABLE
AS (Neil)
This allows a tablespace to be specified for the new table.
Add ON COMMIT clause to
CREATE TABLE
AS (Neil)
This allows temporary tables to be truncated or dropped on transaction commit. The default behavior is for the table to remain until the session ends.
Add INCLUDING
CONSTRAINTS to CREATE TABLE
LIKE (Greg Stark)
This allows easy copying of CHECK constraints to a new table.
Allow the creation of placeholder (shell) types (Martijn van Oosterhout)
A shell type declaration creates a type name,
without specifying any of the details of the type.
Making a shell type is useful because it allows cleaner
declaration of the type's input/output functions, which
must exist before the type can be defined “for real”.
The syntax is CREATE TYPE
.typename
Aggregate functions now support multiple input parameters (Sergey Koposov, Tom)
Add new aggregate creation syntax (Tom)
The new syntax is CREATE
AGGREGATE .
This more naturally supports the new multi-parameter
aggregate functionality. The previous syntax is still
supported.aggname (input_type) (parameter_list)
Add ALTER ROLE PASSWORD
NULL to remove a previously set role
password (Peter)
Add DROP object
IF EXISTS for many object
types (Andrew)
This allows DROP
operations on non-existent objects without generating
an error.
Add DROP
OWNED to drop all objects owned by a role
(Alvaro)
Add REASSIGN
OWNED to reassign ownership of all objects
owned by a role (Alvaro)
This, and DROP OWNED
above, facilitate dropping roles.
Add GRANT ON
SEQUENCE syntax (Bruce)
This was added for setting sequence-specific
permissions. GRANT ON
TABLE for sequences is still supported for
backward compatibility.
Add USAGE
permission for sequences that allows only currval() and nextval(), not setval() (Bruce)
USAGE permission allows
more fine-grained control over sequence access.
Granting USAGE allows
users to increment a sequence, but prevents them from
setting the sequence to an arbitrary value using
setval().
Add ALTER TABLE [
NO ] INHERIT (Greg Stark)
This allows inheritance to be adjusted dynamically, rather than just at table creation and destruction. This is very valuable when using inheritance to implement table partitioning.
Allow comments on global objects to be stored globally (Kris Jurka)
Previously, comments attached to databases were
stored in individual databases, making them
ineffective, and there was no provision at all for
comments on roles or tablespaces. This change adds a
new shared catalog pg_shdescription and stores
comments on databases, roles, and tablespaces
therein.
Add option to allow indexes to be created without blocking concurrent writes to the table (Greg Stark, Tom)
The new syntax is CREATE INDEX
CONCURRENTLY. The default behavior is still
to block table modification while an index is being
created.
Provide advisory locking functionality (Abhijit Menon-Sen, Tom)
This is a new locking API designed to replace what used to be in /contrib/userlock. The userlock code is now on pgfoundry.
Allow COPY to dump a
SELECT query (Zoltan
Boszormenyi, Karel Zak)
This allows COPY to
dump arbitrary SQL
queries. The syntax is COPY
(SELECT ...) TO.
Make the COPY command
return a command tag that includes the number of rows
copied (Volkan YAZICI)
Allow VACUUM to
expire rows without being affected by other concurrent
VACUUM operations (Hannu
Krossing, Alvaro, Tom)
Make initdb
detect the operating system locale and set the default
DateStyle accordingly
(Peter)
This makes it more likely that the installed
postgresql.conf
DateStyle value will be as
desired.
Reduce number of progress messages displayed by initdb (Tom)
Allow full timezone names in timestamp input values (Joachim
Wieland)
For example, '2006-05-24 21:11
America/New_York'::timestamptz.
Support configurable timezone abbreviations (Joachim Wieland)
A desired set of timezone abbreviations can be
chosen via the configuration parameter
timezone_abbreviations.
Add pg_timezone_abbrevs and pg_timezone_names views to show
supported timezones (Magnus Hagander)
Add
clock_timestamp(),
statement_timestamp(), and
transaction_timestamp() (Bruce)
clock_timestamp() is
the current wall-clock time, statement_timestamp() is the time the
current statement arrived at the server, and
transaction_timestamp()
is an alias for now().
Allow to_char() to print localized
month and day names (Euler Taveira de Oliveira)
Allow to_char(time) and to_char(interval) to output
AM/PM specifications (Bruce)
Intervals and times are treated as 24-hour periods,
e.g. 25 hours is
considered AM.
Add new function
justify_interval() to adjust interval units
(Mark Dilger)
Allow timezone offsets up to 14:59 away from GMT
Kiribati uses GMT+14, so we'd better accept that.
Interval computation improvements (Michael Glaesemann, Bruce)
Allow arrays to contain NULL elements (Tom)
Allow assignment to array elements not contiguous with the existing entries (Tom)
The intervening array positions will be filled with nulls. This is per SQL standard.
New built-in operators
for array-subset comparisons (@>, <@, &&) (Teodor, Tom)
These operators can be indexed for many data types using GiST or GIN indexes.
Add convenient arithmetic operations
on INET/CIDR values (Stephen R. van den Berg)
The new operators are & (and), | (or), ~
(not), inet + int8,
inet - int8, and
inet - inet.
Add new aggregate functions from SQL:2003 (Neil)
The new functions are var_pop(), var_samp(), stddev_pop(), and stddev_samp(). var_samp() and stddev_samp() are merely renamings of
the existing aggregates variance() and stddev(). The latter names remain
available for backward compatibility.
Add SQL:2003 statistical aggregates (Sergey Koposov)
New functions: regr_intercept(), regr_slope(), regr_r2(), corr(), covar_samp(), covar_pop(), regr_avgx(), regr_avgy(), regr_sxy(), regr_sxx(), regr_syy(), regr_count().
Allow domains to be based on other domains (Tom)
Properly enforce domain CHECK constraints everywhere
(Neil, Tom)
For example, the result of a user-defined function that is declared to return a domain type is now checked against the domain's constraints. This closes a significant hole in the domain implementation.
Fix problems with dumping renamed SERIAL columns (Tom)
The fix is to dump a SERIAL column by explicitly specifying
its DEFAULT and sequence
elements, and reconstructing the SERIAL column on reload using a new
ALTER SEQUENCE
OWNED BY command. This also allows dropping
a SERIAL column
specification.
Add a server-side sleep function pg_sleep() (Joachim Wieland)
Add all comparison operators for the tid (tuple id) data type (Mark
Kirkwood, Greg Stark, Tom)
Add TG_table_name and
TG_table_schema to trigger
parameters (Andrew)
TG_relname is now
deprecated. Comparable changes have been made in the
trigger parameters for the other PLs as well.
Allow FOR statements to
return values to scalars as well as records and row
types (Pavel Stehule)
Add a BY clause to the
FOR loop, to control the
iteration increment (Jaime Casanova)
Add STRICT to
SELECT INTO (Matt
Miller)
STRICT mode throws an
exception if more or less than one row is returned by
the SELECT, for
Oracle PL/SQL
compatibility.
Add table_name and
table_schema to trigger
parameters (Adam Sjøgren)
Add prepared queries (Dmitry Karasik)
Make $_TD trigger data
a global variable (Andrew)
Previously, it was lexical, which caused unexpected sharing violations.
Run PL/Perl and PL/PerlU in separate interpreters, for security reasons (Andrew)
In consequence, they can no longer share data nor loaded modules. Also, if Perl has not been compiled with the requisite flags to allow multiple interpreters, only one of these languages can be used in any given backend process.
Named parameters are passed as ordinary variables,
as well as in the args[]
array (Sven Suursoho)
Add table_name and
table_schema to trigger
parameters (Andrew)
Allow returning of composite types and result sets (Sven Suursoho)
Return result-set as list, iterator, or generator (Sven Suursoho)
Allow functions to return void (Neil)
Python 2.5 is now supported (Tom)
Add new command \password for changing role password
with client-side password encryption (Peter)
Allow \c to connect to
a new host and port number (David, Volkan YAZICI)
Add tablespace display to \l+ (Philip Yarra)
Improve \df slash
command to include the argument names and modes
(OUT or INOUT) of the function (David
Fetter)
Support binary COPY
(Andreas Pflug)
Add option to run the entire session in a single transaction (Simon)
Use option -1 or
--single-transaction.
Support for automatically retrieving SELECT results in batches using a
cursor (Chris Mair)
This is enabled using \set
FETCH_COUNT . This feature
allows large result sets to be retrieved in
psql without
attempting to buffer the entire result set in
memory.n
Make multi-line values align in the proper column (Martijn van Oosterhout)
Field values containing newlines are now displayed in a more readable fashion.
Save multi-line statements as a single entry, rather than one line at a time (Sergey E. Koposov)
This makes up-arrow recall of queries easier. (This is not available on Windows, because that platform uses the native command-line editing present in the operating system.)
Make the line counter 64-bit so it can handle files with more than two billion lines (David Fetter)
Report both the returned data and the command status
tag for INSERT/UPDATE/DELETE
RETURNING (Tom)
Allow complex selection of objects to be included or excluded by pg_dump (Greg Sabino Mullane)
pg_dump now
supports multiple -n
(schema) and -t (table)
options, and adds -N and
-T options to exclude
objects. Also, the arguments of these switches can now
be wild-card expressions rather than single object
names, for example -t
'foo*', and a schema can be part of a
-t or -T switch, for example -t schema1.table1.
Add pg_restore --no-data-for-failed-tables option to
suppress loading data if table creation failed (i.e.,
the table already exists) (Martin Pitt)
Add pg_restore option to run the entire session in a single transaction (Simon)
Use option -1 or
--single-transaction.
Add PQencryptPassword() to encrypt
passwords (Tom)
This allows passwords to be sent pre-encrypted for
commands like ALTER ROLE ...
PASSWORD.
Add function
PQisthreadsafe() (Bruce)
This allows applications to query the thread-safety status of the library.
Add PQdescribePrepared(), PQdescribePortal(), and related
functions to return information about previously
prepared statements and open cursors (Volkan
YAZICI)
Allow
LDAP lookups from pg_service.conf (Laurenz
Albe)
Allow a hostname in ~/.pgpass to match the default
socket directory (Bruce)
A blank hostname continues to match any Unix-socket connection, but this addition allows entries that are specific to one of several postmasters on the machine.
Allow SHOW to put its
result into a variable (Joachim Wieland)
Add COPY TO STDOUT
(Joachim Wieland)
Add regression tests (Joachim Wieland, Michael)
Major source code cleanups (Joachim Wieland, Michael)
Allow MSVC to compile the PostgreSQL server (Magnus, Hiroshi Saito)
Add MSVC support for utility commands and pg_dump (Hiroshi Saito)
Add support for Windows code pages 1253, 1254, 1255, and 1257 (Kris Jurka)
Drop privileges on startup, so that the server can be started from an administrative account (Magnus)
Stability fixes (Qingqing Zhou, Magnus)
Add native semaphore implementation (Qingqing Zhou)
The previous code mimicked SysV semaphores.
Add GIN (Generalized Inverted iNdex) index access method (Teodor, Oleg)
Remove R-tree indexing (Tom)
Rtree has been re-implemented using GiST. Among other differences, this means that rtree indexes now have support for crash recovery via write-ahead logging (WAL).
Reduce libraries needlessly linked into the backend (Martijn van Oosterhout, Tom)
Add a configure flag to allow libedit to be preferred over GNU readline (Bruce)
Use configure --with-libedit-preferred.
Allow installation into directories containing spaces (Peter)
Improve ability to relocate installation directories (Tom)
Add support for Solaris x86_64 using the Solaris compiler (Pierre Girard, Theo Schlossnagle, Bruce)
Add DTrace support (Robert Lor)
Add PG_VERSION_NUM for
use by third-party applications wanting to test the
backend version in C using > and < comparisons
(Bruce)
Add XLOG_BLCKSZ as
independent from BLCKSZ
(Mark Wong)
Add LWLOCK_STATS define
to report locking activity (Tom)
Emit warnings for unknown configure options (Martijn van Oosterhout)
Add server support for “plugin” libraries that can be used for add-on tasks such as debugging and performance measurement (Korry Douglas)
This consists of two features: a table of
“rendezvous
variables” that allows separately-loaded
shared libraries to communicate, and a new
configuration parameter
local_preload_libraries that
allows libraries to be loaded into specific sessions
without explicit cooperation from the client
application. This allows external add-ons to implement
features such as a PL/pgSQL debugger.
Rename existing configuration parameter preload_libraries to
shared_preload_libraries (Tom)
This was done for clarity in comparison to
local_preload_libraries.
Add new configuration parameter
server_version_num
(Greg Sabino Mullane)
This is like server_version, but is an integer,
e.g. 80200. This allows
applications to make version checks more easily.
Add a configuration parameter
seq_page_cost (Tom)
Re-implement the regression test script as a C program (Magnus, Tom)
Allow loadable modules to allocate shared memory and lightweight locks (Marc Munro)
Add automatic initialization and finalization of dynamically loaded libraries (Ralf Engelschall, Tom)
New functions
_PG_init() and
_PG_fini() are called if
the library defines such symbols. Hence we no longer
need to specify an initialization function in
shared_preload_libraries;
we can assume that the library used the _PG_init() convention instead.
Add PG_MODULE_MAGIC header block to
all shared object files (Martijn van Oosterhout)
The magic block prevents version mismatches between loadable object files and servers.
Add shared library support for AIX (Laurenz Albe)
New XML documentation section (Bruce)
Major tsearch2 improvements (Oleg, Teodor)
multibyte encoding support, including UTF8
query rewriting support
improved ranking functions
thesaurus dictionary support
Ispell dictionaries now recognize MySpell format, used by OpenOffice
GIN support
multibyte encoding support, including UTF8
query rewriting support
improved ranking functions
thesaurus dictionary support
Ispell dictionaries now recognize MySpell format, used by OpenOffice
GIN support
Add adminpack module containing Pgadmin administration functions (Dave)
These functions provide additional file system access routines not present in the default PostgreSQL server.
Add sslinfo module (Victor Wagner)
Reports information about the current connection's SSL certificate.
Add pgrowlocks module (Tatsuo)
This shows row locking information for a specified table.
Add hstore module (Oleg, Teodor)
Add isn module, replacing isbn_issn (Jeremy Kronuz)
This new implementation supports EAN13, UPC, ISBN (books), ISMN (music), and ISSN (serials).
Add index information functions to pgstattuple (ITAGAKI Takahiro, Satoshi Nagayasu)
Add pg_freespacemap module to display free space map information (Mark Kirkwood)
pgcrypto now has all planned functionality (Marko Kreen)
Include iMath library in pgcrypto to have the public-key encryption functions always available.
Add SHA224 algorithm that was missing in OpenBSD code.
Activate builtin code for SHA224/256/384/512 hashes on older OpenSSL to have those algorithms always available.
New function gen_random_bytes() that returns cryptographically strong randomness. Useful for generating encryption keys.
Remove digest_exists(), hmac_exists() and cipher_exists() functions.
Include iMath library in pgcrypto to have the public-key encryption functions always available.
Add SHA224 algorithm that was missing in OpenBSD code.
Activate builtin code for SHA224/256/384/512 hashes on older OpenSSL to have those algorithms always available.
New function gen_random_bytes() that returns cryptographically strong randomness. Useful for generating encryption keys.
Remove digest_exists(), hmac_exists() and cipher_exists() functions.
Improvements to cube module (Joshua Reich)
New functions are cube(float[]), cube(float[], float[]), and
cube_subset(cube,
int4[]).
Add async query capability to dblink (Kai Londenberg, Joe Conway)
New operators for array-subset comparisons
(@>, <@, &&) (Tom)
Various contrib packages already had these operators for their datatypes, but the naming wasn't consistent. We have now added consistently named array-subset comparison operators to the core code and all the contrib packages that have such functionality. (The old names remain available, but are deprecated.)
Add uninstall scripts for all contrib packages that have install scripts (David, Josh Drake)
⇑ Upgrade to 8.2.1 released on 2007-01-08 - docs
Fix crash with SELECT ...
LIMIT ALL (also LIMIT NULL) (Tom)
Several
/contrib/tsearch2 fixes (Teodor)
On Windows, make log messages coming from the operating system use ASCII encoding (Hiroshi Saito)
This fixes a conversion problem when there is a mismatch between the encoding of the operating system and database server.
Fix Windows linking of pg_dump using win32.mak (Hiroshi Saito)
Fix planner mistakes for outer join queries (Tom)
Fix several problems in queries involving sub-SELECTs (Tom)
Fix potential crash in SPI during subtransaction abort (Tom)
This affects all PL functions since they all use SPI.
Improve build speed of PDF documentation (Peter)
Re-add JST (Japan) timezone abbreviation (Tom)
Improve optimization decisions related to index scans (Tom)
Have psql print
multi-byte combining characters as before, rather than
output as \u (Tom)
Improve index usage of regular expressions that use parentheses (Tom)
This improves psql
\d performance also.
Make pg_dumpall
assume that databases have public CONNECT privilege, when dumping from a
pre-8.2 server (Tom)
This preserves the previous behavior that anyone can
connect to a database if allowed by pg_hba.conf.
⇑ Upgrade to 8.2.2 released on 2007-02-05 - docs
Remove security vulnerabilities that allowed connected users to read backend memory (Tom)
The vulnerabilities involve suppressing the normal check that a SQL function returns the data type it's declared to, and changing the data type of a table column (CVE-2007-0555, CVE-2007-0556). These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.
Fix not-so-rare-anymore bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas)
Fix Borland C compile scripts (L Bayuk)
Properly handle to_char('CC') for years ending in
00 (Tom)
Year 2000 is in the twentieth century, not the twenty-first.
/contrib/tsearch2
localization improvements (Tatsuo, Teodor)
Fix incorrect permission check in information_schema.key_column_usage view
(Tom)
The symptom is “relation with OID nnnnn does not
exist” errors. To get this fix without
using initdb, use
CREATE OR REPLACE VIEW to
install the corrected definition found in share/information_schema.sql. Note you
will need to do this in each database.
Improve VACUUM
performance for databases with many tables (Tom)
Fix for rare Assert() crash triggered by UNION (Tom)
Fix potentially incorrect results from index searches
using ROW inequality
conditions (Tom)
Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom)
Fix bogus “permission denied” failures occurring on Windows due to attempts to fsync already-deleted files (Magnus, Tom)
Fix bug that could cause the statistics collector to hang on Windows (Magnus)
This would in turn lead to autovacuum not working.
Fix possible crashes when an already-in-use PL/pgSQL function is updated (Tom)
Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom)
Fix possible errors in processing PL/pgSQL exception blocks (Tom)
⇑ Upgrade to 8.2.3 released on 2007-02-07 - docs
Remove overly-restrictive check for type length in constraints and functional indexes(Tom)
Fix optimization so MIN/MAX in subqueries can again use indexes (Tom)
⇑ Upgrade to 8.2.4 released on 2007-04-23 - docs
Support explicit placement of the temporary-table
schema within search_path,
and disable searching it for functions and operators
(Tom)
This is needed to allow a security-definer function to
set a truly secure value of search_path. Without it, an unprivileged
SQL user can use temporary objects to execute code with
the privileges of the security-definer function
(CVE-2007-2138). See CREATE
FUNCTION for more information.
Fix shared_preload_libraries for Windows by
forcing reload in each backend (Korry Douglas)
Fix to_char() so it
properly upper/lower cases localized day or month names
(Pavel Stehule)
/contrib/tsearch2 crash
fixes (Teodor)
Require COMMIT PREPARED
to be executed in the same database as the transaction
was prepared in (Heikki)
Allow pg_dump to do
binary backups larger than two gigabytes on Windows
(Magnus)
New traditional (Taiwan) Chinese FAQ (Zhou Daojing)
Prevent the statistics collector from writing to disk too frequently (Tom)
Fix potential-data-corruption bug in how VACUUM FULL handles UPDATE chains (Tom, Pavan Deolasee)
Fix bug in domains that use array types (Tom)
Fix pg_dump so it can
dump a serial column's sequence using -t when not also dumping the owning table
(Tom)
Planner fixes, including improving outer join and bitmap scan selection logic (Tom)
Fix possible wrong answers or crash when a PL/pgSQL
function tries to RETURN
from within an EXCEPTION
block (Tom)
Fix PANIC during enlargement of a hash index (Tom)
Fix POSIX-style timezone specs to follow new USA DST rules (Tom)
⇑ Upgrade to 8.2.5 released on 2007-09-17 - docs
Prevent index corruption when a transaction inserts
rows and then aborts close to the end of a concurrent
VACUUM on the same table
(Tom)
Fix ALTER DOMAIN ADD
CONSTRAINT for cases involving domains over
domains (Tom)
Make CREATE DOMAIN ... DEFAULT
NULL work properly (Tom)
Fix some planner problems with outer joins, notably
poor size estimation for t1 LEFT
JOIN t2 WHERE t2.col IS NULL (Tom)
Allow the interval data type
to accept input consisting only of milliseconds or
microseconds (Neil)
Allow timezone name to appear before the year in
timestamp input (Tom)
Fixes for GIN
indexes used by /contrib/tsearch2 (Teodor)
Speed up rtree index insertion (Teodor)
Fix excessive logging of SSL error messages (Tom)
Fix logging so that log messages are never interleaved when using the syslogger process (Andrew)
Fix crash when log_min_error_statement logging runs out
of memory (Tom)
Fix incorrect handling of some foreign-key corner cases (Tom)
Fix stddev_pop(numeric)
and var_pop(numeric)
(Tom)
Prevent REINDEX and
CLUSTER from failing due to
attempting to process temporary tables of other sessions
(Alvaro)
Update the time zone database rules, particularly New Zealand's upcoming changes (Tom)
Windows socket and semaphore improvements (Magnus)
Make pg_ctl -w work
properly in Windows service mode (Dave Page)
Fix memory allocation bug when using MIT Kerberos on Windows (Magnus)
Suppress timezone name (%Z) in log timestamps on Windows because
of possible encoding mismatches (Tom)
Require non-superusers who use /contrib/dblink to use only password
authentication, as a security measure (Joe)
Restrict /contrib/pgstattuple functions to
superusers, for security reasons (Tom)
Do not let /contrib/intarray try to make its GIN
opclass the default (this caused problems at
dump/restore) (Tom)
⇑ Upgrade to 8.2.6 released on 2008-01-07 - docs
Prevent functions in indexes from executing with the
privileges of the user running VACUUM, ANALYZE, etc (Tom)
Functions used in index expressions and partial-index
predicates are evaluated whenever a new table entry is
made. It has long been understood that this poses a risk
of trojan-horse code execution if one modifies a table
owned by an untrustworthy user. (Note that triggers,
defaults, check constraints, etc. pose the same type of
risk.) But functions in indexes pose extra danger because
they will be executed by routine maintenance operations
such as VACUUM FULL, which
are commonly performed automatically under a superuser
account. For example, a nefarious user can execute code
with superuser privileges by setting up a trojan-horse
index definition and waiting for the next routine vacuum.
The fix arranges for standard maintenance operations
(including VACUUM,
ANALYZE, REINDEX, and CLUSTER) to execute as the table owner
rather than the calling user, using the same
privilege-switching mechanism already used for
SECURITY DEFINER functions.
To prevent bypassing this security measure, execution of
SET SESSION AUTHORIZATION
and SET ROLE is now
forbidden within a SECURITY
DEFINER context. (CVE-2007-6600)
Repair assorted bugs in the regular-expression package (Tom, Will Drewry)
Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)
Require non-superusers who use /contrib/dblink to use only password
authentication, as a security measure (Joe)
The fix that appeared for this in 8.2.5 was
incomplete, as it plugged the hole for only some
dblink functions.
(CVE-2007-6601, CVE-2007-3278)
Fix bugs in WAL replay for GIN indexes (Teodor)
Fix GIN index build to work properly when maintenance_work_mem is 4GB or more
(Tom)
Update time zone data files to tzdata release 2007k (in particular, recent Argentina changes) (Tom)
Improve planner's handling of LIKE/regex estimation in non-C locales (Tom)
Fix planning-speed problem for deep outer-join nests, as well as possible poor choice of join order (Tom)
Fix planner failure in some cases of WHERE false AND var IN (SELECT ...)
(Tom)
Make CREATE TABLE ...
SERIAL and ALTER SEQUENCE
... OWNED BY not change the currval() state of the sequence
(Tom)
Preserve the tablespace and storage parameters of
indexes that are rebuilt by ALTER
TABLE ... ALTER COLUMN TYPE (Tom)
Make archive recovery always start a new WAL timeline, rather than only when a recovery stop time was used (Simon)
This avoids a corner-case risk of trying to overwrite an existing archived copy of the last WAL segment, and seems simpler and cleaner than the original definition.
Make VACUUM not use all
of maintenance_work_mem when
the table is too small for it to be useful (Alvaro)
Fix potential crash in translate() when using a multibyte
database encoding (Tom)
Make corr() return the
correct result for negative correlation values (Neil)
Fix overflow in extract(epoch
from interval) for intervals exceeding 68 years
(Tom)
Fix PL/Perl to not fail when a UTF-8 regular expression is used in a trusted function (Andrew)
Fix PL/Perl to cope when platform's Perl defines type
bool as int rather than char (Tom)
While this could theoretically happen anywhere, no standard build of Perl did things this way ... until macOS 10.5.
Fix PL/Python to work correctly with Python 2.5 on 64-bit machines (Marko Kreen)
Fix PL/Python to not crash on long exception messages (Alvaro)
Fix pg_dump to correctly handle inheritance child tables that have default expressions different from their parent's (Tom)
Fix libpq crash when
PGPASSFILE refers to a file
that is not a plain file (Martin Pitt)
ecpg parser fixes (Michael)
Make contrib/pgcrypto
defend against OpenSSL
libraries that fail on keys longer than 128 bits; which
is the case at least on some Solaris versions (Marko
Kreen)
Make contrib/tablefunc's
crosstab() handle NULL
rowid as a category in its own right, rather than
crashing (Joe)
Fix tsvector and
tsquery output routines to
escape backslashes correctly (Teodor, Bruce)
Fix crash of to_tsvector() on huge input strings
(Teodor)
Require a specific version of Autoconf to be used when
re-generating the configure
script (Peter)
This affects developers and packagers only. The change was made to prevent accidental use of untested combinations of Autoconf and PostgreSQL versions. You can remove the version check if you really want to use a different Autoconf version, but it's your responsibility whether the result works or not.
Update gettimeofday
configuration check so that PostgreSQL can be built on newer
versions of MinGW
(Magnus)
⇑ Upgrade to 8.3 released on 2008-02-04 - docs
Asynchronous commit delays writes to WAL during transaction commit (Simon)
This feature dramatically increases performance for
short data-modifying transactions. The disadvantage is
that because disk writes are delayed, if the database
or operating system crashes before data is written to
the disk, committed data will be lost. This feature is
useful for applications that can accept some data loss.
Unlike turning off fsync,
using asynchronous commit does not put database
consistency at risk; the worst case is that after a
crash the last few reportedly-committed transactions
might not be committed after all. This feature is
enabled by turning off synchronous_commit (which can be done
per-session or per-transaction, if some transactions
are critical and others are not). wal_writer_delay can be adjusted to
control the maximum delay before transactions actually
reach disk.
Checkpoint writes can be spread over a longer time period to smooth the I/O spike during each checkpoint (Itagaki Takahiro and Heikki Linnakangas)
Previously all modified buffers were forced to disk as quickly as possible during a checkpoint, causing an I/O spike that decreased server performance. This new approach spreads out disk writes during checkpoints, reducing peak I/O usage. (User-requested and shutdown checkpoints are still written as quickly as possible.)
Heap-Only Tuples (HOT) accelerate space reuse for
most UPDATEs and
DELETEs (Pavan Deolasee,
with ideas from many others)
UPDATEs and
DELETEs leave dead tuples
behind, as do failed INSERTs. Previously only VACUUM could reclaim space taken by
dead tuples. With HOT dead tuple space can be
automatically reclaimed at the time of INSERT or UPDATE if no changes are made to
indexed columns. This allows for more consistent
performance. Also, HOT avoids adding duplicate index
entries.
Just-in-time background writer strategy improves disk write efficiency (Greg Smith, Itagaki Takahiro)
This greatly reduces the need for manual tuning of the background writer.
Per-field and per-row storage overhead have been reduced (Greg Stark, Heikki Linnakangas)
Variable-length data types with data values less
than 128 bytes long will see a storage decrease of 3 to
6 bytes. For example, two adjacent char(1) fields now use 4 bytes instead of
16. Row headers are also 4 bytes shorter than
before.
Using non-persistent transaction IDs for read-only
transactions reduces overhead and VACUUM requirements (Florian
Pflug)
Non-persistent transaction IDs do not increment the
global transaction counter. Therefore, they reduce the
load on pg_clog and
increase the time between forced vacuums to prevent
transaction ID wraparound. Other performance
improvements were also made that should improve
concurrency.
Avoid incrementing the command counter after a read-only command (Tom)
There was formerly a hard limit of 232 (4 billion) commands per transaction. Now only commands that actually changed the database count, so while this limit still exists, it should be significantly less annoying.
Create a dedicated WAL writer process to off-load work from backends (Simon)
Skip unnecessary WAL writes for CLUSTER and COPY (Simon)
Unless WAL archiving is enabled, the system now
avoids WAL writes for CLUSTER and just fsync()s the table at the end of the
command. It also does the same for COPY if the table was created in the
same transaction.
Large sequential scans no longer force out frequently used cached pages (Simon, Heikki, Tom)
Concurrent large sequential scans can now share disk reads (Jeff Davis)
This is accomplished by starting the new sequential
scan in the middle of the table (where another
sequential scan is already in-progress) and wrapping
around to the beginning to finish. This can affect the
order of returned rows in a query that does not specify
ORDER BY. The synchronize_seqscans configuration
parameter can be used to disable this if necessary.
ORDER BY ... LIMIT can
be done without sorting (Greg Stark)
This is done by sequentially scanning the table and
tracking just the “top N” candidate rows, rather
than performing a full sort of the entire table. This
is useful when there is no matching index and the
LIMIT is not large.
Put a rate limit on messages sent to the statistics collector by backends (Tom)
This reduces overhead for short transactions, but might sometimes increase the delay before statistics are tallied.
Improve hash join performance for cases with many NULLs (Tom)
Speed up operator lookup for cases with non-exact datatype matches (Tom)
Autovacuum is now enabled by default (Alvaro)
Several changes were made to eliminate disadvantages of having autovacuum enabled, thereby justifying the change in default. Several other autovacuum parameter defaults were also modified.
Support multiple concurrent autovacuum processes (Alvaro, Itagaki Takahiro)
This allows multiple vacuums to run concurrently. This prevents vacuuming of a large table from delaying vacuuming of smaller tables.
Automatically re-plan cached queries when table definitions change or statistics are updated (Tom)
Previously PL/pgSQL functions that referenced
temporary tables would fail if the temporary table was
dropped and recreated between function invocations,
unless EXECUTE was used.
This improvement fixes that problem and many related
issues.
Add a temp_tablespaces
parameter to control the tablespaces for temporary
tables and files (Jaime Casanova, Albert Cervera, Bernd
Helmle)
This parameter defines a list of tablespaces to be
used. This enables spreading the I/O load across
multiple tablespaces. A random tablespace is chosen
each time a temporary object is created. Temporary
files are no longer stored in per-database pgsql_tmp/ directories but in
per-tablespace directories.
Place temporary tables' TOAST tables in special
schemas named pg_toast_temp_ (Tom)nnn
This allows low-level code to recognize these tables as temporary, which enables various optimizations such as not WAL-logging changes and using local rather than shared buffers for access. This also fixes a bug wherein backends unexpectedly held open file references to temporary TOAST tables.
Fix problem that a constant flow of new connection requests could indefinitely delay the postmaster from completing a shutdown or a crash restart (Tom)
Guard against a very-low-probability data loss scenario by preventing re-use of a deleted table's relfilenode until after the next checkpoint (Heikki)
Fix CREATE CONSTRAINT
TRIGGER to convert old-style foreign key trigger
definitions into regular foreign key constraints
(Tom)
This will ease porting of foreign key constraints
carried forward from pre-7.3 databases, if they were
never converted using contrib/adddepend.
Fix DEFAULT NULL to
override inherited defaults (Tom)
DEFAULT NULL was
formerly considered a noise phrase, but it should (and
now does) override non-null defaults that would
otherwise be inherited from a parent table or
domain.
Add new encodings EUC_JIS_2004 and SHIFT_JIS_2004 (Tatsuo)
These new encodings can be converted to and from UTF-8.
Change server startup log message from “database system is ready” to “database system is ready to accept connections”, and adjust its timing
The message now appears only when the postmaster is really ready to accept connections.
Add log_autovacuum_min_duration parameter
to support configurable logging of autovacuum activity
(Simon, Alvaro)
Add log_lock_waits
parameter to log lock waiting (Simon)
Add log_temp_files
parameter to log temporary file usage (Bill Moran)
Add log_checkpoints
parameter to improve logging of checkpoints (Greg
Smith, Heikki)
log_line_prefix now
supports %s and
%c escapes in all
processes (Andrew)
Previously these escapes worked only for user sessions, not for background database processes.
Add log_restartpoints
to control logging of point-in-time recovery restart
points (Simon)
Last transaction end time is now logged at end of recovery and at each logged restart point (Simon)
Autovacuum now reports its activity start time in
pg_stat_activity (Tom)
Allow server log output in comma-separated value (CSV) format (Arul Shaji, Greg Smith, Andrew Dunstan)
CSV-format log files can easily be loaded into a database table for subsequent analysis.
Use PostgreSQL-supplied timezone support for formatting timestamps displayed in the server log (Tom)
This avoids Windows-specific problems with localized
time zone names that are in the wrong encoding. There
is a new log_timezone
parameter that controls the timezone used in log
messages, independently of the client-visible
timezone parameter.
New system view pg_stat_bgwriter displays statistics
about background writer activity (Magnus)
Add new columns for database-wide tuple statistics
to pg_stat_database
(Magnus)
Add an xact_start
(transaction start time) column to pg_stat_activity (Neil)
This makes it easier to identify long-running transactions.
Add n_live_tuples and
n_dead_tuples columns to
pg_stat_all_tables and
related views (Glen Parker)
Merge stats_block_level
and stats_row_level
parameters into a single parameter track_counts, which controls all
messages sent to the statistics collector process
(Tom)
Rename stats_command_string parameter to
track_activities (Tom)
Fix statistical counting of live and dead tuples to recognize that committed and aborted transactions have different effects (Tom)
Support Security Service Provider Interface (SSPI) for authentication on Windows (Magnus)
Support GSSAPI authentication (Henry Hotz, Magnus)
This should be preferred to native Kerberos authentication because GSSAPI is an industry standard.
Support a global SSL configuration file (Victor Wagner)
Add ssl_ciphers
parameter to control accepted SSL ciphers (Victor
Wagner)
Add a Kerberos realm parameter, krb_realm (Magnus)
Change the timestamps recorded in transaction WAL records from time_t to TimestampTz representation (Tom)
This provides sub-second resolution in WAL, which can be useful for point-in-time recovery.
Reduce WAL disk space needed by warm standby servers (Simon)
This change allows a warm standby server to pass the
name of the earliest still-needed WAL file to the
recovery script, allowing automatic removal of
no-longer-needed WAL files. This is done using
%r in the restore_command parameter of
recovery.conf.
New boolean configuration parameter, archive_mode, controls archiving
(Simon)
Previously setting archive_command to an empty string
turned off archiving. Now archive_mode turns archiving on and
off, independently of archive_command. This is useful for
stopping archiving temporarily.
Full text search is integrated into the core database system (Teodor, Oleg)
Text search has been improved, moved into the core
code, and is now installed by default. contrib/tsearch2 now contains a
compatibility interface.
Add control over whether NULLs sort first or last (Teodor,
Tom)
The syntax is ORDER BY ...
NULLS FIRST/LAST.
Allow per-column ascending/descending (ASC/DESC)
ordering options for indexes (Teodor, Tom)
Previously a query using ORDER
BY with mixed ASC/DESC
specifiers could not fully use an index. Now an index
can be fully used in such cases if the index was
created with matching ASC/DESC
specifications. NULL sort
order within an index can be controlled, too.
Allow col IS NULL to
use an index (Teodor)
Updatable cursors (Arul Shaji, Tom)
This eliminates the need to reference a primary key
to UPDATE or DELETE rows returned by a cursor. The
syntax is UPDATE/DELETE WHERE
CURRENT OF.
Allow FOR UPDATE in
cursors (Arul Shaji, Tom)
Create a general mechanism that supports casts to
and from the standard string types (TEXT, VARCHAR,
CHAR) for every datatype, by invoking
the datatype's I/O functions (Tom)
Previously, such casts were available only for types that had specialized function(s) for the purpose. These new casts are assignment-only in the to-string direction, explicit-only in the other direction, and therefore should create no surprising behavior.
Allow UNION and related
constructs to return a domain type, when all inputs are
of that domain type (Tom)
Formerly, the output would be considered to be of the domain's base type.
Allow limited hashing when using two different data types (Tom)
This allows hash joins, hash indexes, hashed
subplans, and hash aggregation to be used in situations
involving cross-data-type comparisons, if the data
types have compatible hash functions. Currently,
cross-data-type hashing support exists for smallint/integer/bigint,
and for float4/float8.
Improve optimizer logic for detecting when variables
are equal in a WHERE
clause (Tom)
This allows mergejoins to work with descending sort orders, and improves recognition of redundant sort columns.
Improve performance when planning large inheritance trees in cases where most tables are excluded by constraints (Tom)
Arrays of composite types (David Fetter, Andrew, Tom)
In addition to arrays of explicitly-declared composite types, arrays of the rowtypes of regular tables and views are now supported, except for rowtypes of system catalogs, sequences, and TOAST tables.
Server configuration parameters can now be set on a per-function basis (Tom)
For example, functions can now set their own
search_path to prevent
unexpected behavior if a different search_path exists at run-time.
Security definer functions should set search_path to avoid security
loopholes.
CREATE/ALTER FUNCTION
now supports COST and
ROWS options (Tom)
COST allows
specification of the cost of a function call.
ROWS allows specification
of the average number or rows returned by a
set-returning function. These values are used by the
optimizer in choosing the best plan.
Implement CREATE TABLE LIKE
... INCLUDING INDEXES (Trevor Hardcastle, Nikhil
Sontakke, Neil)
Allow CREATE INDEX
CONCURRENTLY to ignore transactions in other
databases (Simon)
Add ALTER VIEW ... RENAME
TO and ALTER SEQUENCE ...
RENAME TO (David Fetter, Neil)
Previously this could only be done via ALTER TABLE ... RENAME TO.
Make CREATE/DROP/RENAME
DATABASE wait briefly for conflicting backends
to exit before failing (Tom)
This increases the likelihood that these commands will succeed.
Allow triggers and rules to be deactivated in groups using a configuration parameter, for replication purposes (Jan)
This allows replication systems to disable triggers
and rewrite rules as a group without modifying the
system catalogs directly. The behavior is controlled by
ALTER TABLE and a new
parameter session_replication_role.
User-defined types can now have type modifiers (Teodor, Tom)
This allows a user-defined type to take a modifier,
like ssnum(7). Previously
only built-in data types could have modifiers.
Non-superuser database owners now are able to add trusted procedural languages to their databases by default (Jeremy Drake)
While this is reasonably safe, some administrators
might wish to revoke the privilege. It is controlled by
pg_pltemplate.tmpldbacreate.
Allow a session's current parameter setting to be used as the default for future sessions (Tom)
This is done with SET ... FROM
CURRENT in CREATE/ALTER
FUNCTION, ALTER
DATABASE, or ALTER
ROLE.
Implement new commands DISCARD
ALL, DISCARD PLANS,
DISCARD TEMPORARY,
CLOSE ALL, and
DEALLOCATE ALL (Marko
Kreen, Neil)
These commands simplify resetting a database session to its initial state, and are particularly useful for connection-pooling software.
Make CLUSTER MVCC-safe
(Heikki Linnakangas)
Formerly, CLUSTER would
discard all tuples that were committed dead, even if
there were still transactions that should be able to
see them under MVCC visibility rules.
Add new CLUSTER syntax:
CLUSTER (Holger
Schurig)table USING index
The old CLUSTER syntax
is still supported, but the new form is considered more
logical.
Fix EXPLAIN so it can
show complex plans more accurately (Tom)
References to subplan outputs are now always shown
correctly, instead of using ?column for
complicated cases.N?
Limit the amount of information reported when a user is dropped (Alvaro)
Previously, dropping (or attempting to drop) a user
who owned many objects could result in large
NOTICE or ERROR messages listing all these
objects; this caused problems for some client
applications. The length of the message is now limited,
although a full list is still sent to the server
log.
Support for the SQL/XML standard, including new
operators and an XML data
type (Nikolay Samokhvalov, Pavel Stehule, Peter)
Enumerated data types (ENUM) (Tom Dunstan)
This feature provides convenient support for fields
that have a small, fixed set of allowed values. An
example of creating an ENUM type is CREATE TYPE mood AS ENUM ('sad', 'ok',
'happy').
Universally Unique Identifier (UUID) data type (Gevik Babakhani,
Neil)
This closely matches RFC 4122.
Widen the MONEY data type
to 64 bits (D'Arcy Cain)
This greatly increases the range of supported
MONEY values.
Fix float4/float8 to handle Infinity and NAN (Not A Number) consistently
(Bruce)
The code formerly was not consistent about
distinguishing Infinity
from overflow conditions.
Allow leading and trailing whitespace during input
of boolean values (Neil)
Prevent COPY from using
digits and lowercase letters as delimiters (Tom)
Add new regular expression functions regexp_matches(), regexp_split_to_array(), and
regexp_split_to_table()
(Jeremy Drake, Neil)
These functions provide extraction of regular expression subexpressions and allow splitting a string using a POSIX regular expression.
Add lo_truncate() for
large object truncation (Kris Jurka)
Implement width_bucket() for the float8 data type (Neil)
Add pg_stat_clear_snapshot() to discard
statistics snapshots collected during the current
transaction (Tom)
The first request for statistics in a transaction takes a statistics snapshot that does not change during the transaction. This function allows the snapshot to be discarded and a new snapshot loaded during the next statistics query. This is particularly useful for PL/pgSQL functions, which are confined to a single transaction.
Add isodow option to
EXTRACT() and
date_part() (Bruce)
This returns the day of the week, with Sunday as
seven. (dow returns Sunday
as zero.)
Add ID (ISO day of
week) and IDDD (ISO day of
year) format codes for to_char(), to_date(), and to_timestamp() (Brendan Jurd)
Make to_timestamp()
and to_date() assume
TM (trim) option for
potentially variable-width fields (Bruce)
This matches Oracle's behavior.
Fix off-by-one conversion error in to_date()/to_timestamp() D (non-ISO day of week) fields
(Bruce)
Make setseed() return
void, rather than a useless integer value (Neil)
Add a hash function for NUMERIC (Neil)
This allows hash indexes and hash-based plans to be
used with NUMERIC
columns.
Improve efficiency of LIKE/ILIKE, especially for multi-byte
character sets like UTF-8 (Andrew, Itagaki
Takahiro)
Make currtid()
functions require SELECT
privileges on the target table (Tom)
Add several txid_*()
functions to query active transaction IDs (Jan)
This is useful for various replication solutions.
Add scrollable cursor support, including directional
control in FETCH (Pavel
Stehule)
Allow IN as an
alternative to FROM in
PL/pgSQL's FETCH
statement, for consistency with the backend's
FETCH command (Pavel
Stehule)
Add MOVE to PL/pgSQL
(Magnus, Pavel Stehule, Neil)
Implement RETURN QUERY
(Pavel Stehule, Neil)
This adds convenient syntax for PL/pgSQL
set-returning functions that want to return the result
of a query. RETURN QUERY
is easier and more efficient than a loop around
RETURN NEXT.
Allow function parameter names to be qualified with the function's name (Tom)
For example, myfunc.myvar. This is particularly
useful for specifying variables in a query where the
variable name might match a column name.
Make qualification of variables with block labels work properly (Tom)
Formerly, outer-level block labels could unexpectedly interfere with recognition of inner-level record or row references.
Tighten requirements for FOR loop STEP values (Tom)
Prevent non-positive STEP values, and handle loop
overflows.
Improve accuracy when reporting syntax error locations (Tom)
Allow type-name arguments to PL/Perl spi_prepare() to be data type aliases
in addition to names found in pg_type (Andrew)
Allow type-name arguments to PL/Python plpy.prepare() to be data type
aliases in addition to names found in pg_type (Andrew)
Allow type-name arguments to PL/Tcl spi_prepare to be data type aliases
in addition to names found in pg_type (Andrew)
Enable PL/PythonU to compile on Python 2.5 (Marko Kreen)
Support a true PL/Python boolean type in compatible Python versions (Python 2.3 and later) (Marko Kreen)
Fix PL/Tcl problems with thread-enabled libtcl spawning multiple threads
within the backend (Steve Marshall, Paul Bayer, Doug
Knight)
This caused all sorts of unpleasantness.
List disabled triggers separately in \d output (Brendan Jurd)
In \d patterns, always
match $ literally
(Tom)
Show aggregate return types in \da output (Greg Sabino Mullane)
Add the function's volatility status to the output
of \df+ (Neil)
Add \prompt capability
(Chad Wagner)
Allow \pset,
\t, and \x to specify on or off, rather than just toggling (Chad
Wagner)
Add \sleep capability
(Jan)
Enable \timing output
for \copy (Andrew)
Improve \timing
resolution on Windows (Itagaki Takahiro)
Flush \o output after
each backslash command (Tom)
Correctly detect and report errors while reading a
-f input file (Peter)
Remove -u option (this
option has long been deprecated) (Tom)
Add --tablespaces-only
and --roles-only options
to pg_dumpall (Dave
Page)
Add an output file option to pg_dumpall (Dave Page)
This is primarily useful on Windows, where output redirection of child pg_dump processes does not work.
Allow pg_dumpall to
accept an initial-connection database name rather than
the default template1
(Dave Page)
In -n and -t switches, always match $ literally (Tom)
Improve performance when a database has thousands of objects (Tom)
In initdb, allow
the location of the pg_xlog directory to be specified
(Euler Taveira de Oliveira)
Enable server core dump generation in pg_regress on supported operating systems (Andrew)
Add a -t (timeout)
parameter to pg_ctl
(Bruce)
This controls how long pg_ctl will wait when waiting for server startup or shutdown. Formerly the timeout was hard-wired as 60 seconds.
Add a pg_ctl option to control generation of server core dumps (Andrew)
Allow Control-C to cancel clusterdb, reindexdb, and vacuumdb (Itagaki Takahiro, Magnus)
Suppress command tag output for createdb, createuser, dropdb, and dropuser (Peter)
The --quiet option is
ignored and will be removed in 8.4. Progress messages
when acting on all databases now go to stdout instead
of stderr because they are not actually errors.
Interpret the dbName
parameter of PQsetdbLogin() as a conninfo string if it contains an
equals sign (Andrew)
This allows use of conninfo strings in client programs
that still use PQsetdbLogin().
Add environment variable PGSSLKEY to control SSL hardware keys (Victor
Wagner)
Add PQconnectionNeedsPassword() that
returns true if the server required a password but none
was supplied (Joe Conway, Tom)
If this returns true after a failed connection attempt, a client application should prompt the user for a password. In the past applications have had to check for a specific error message string to decide whether a password is needed; that approach is now deprecated.
Add PQconnectionUsedPassword() that
returns true if the supplied password was actually used
(Joe Conway, Tom)
This is useful in some security contexts where it is important to know whether a user-supplied password is actually valid.
Use V3 frontend/backend protocol (Michael)
This adds support for server-side prepared statements.
Use native threads, instead of pthreads, on Windows (Magnus)
Improve thread-safety of ecpglib (Itagaki Takahiro)
Make the ecpg libraries export only necessary API symbols (Michael)
Allow the whole PostgreSQL distribution to be compiled with Microsoft Visual C++ (Magnus and others)
This allows Windows-based developers to use familiar development and debugging tools. Windows executables made with Visual C++ might also have better stability and performance than those made with other tool sets. The client-only Visual C++ build scripts have been removed.
Drastically reduce postmaster's memory usage when it has many child processes (Magnus)
Allow regression tests to be started by an administrative user (Magnus)
Add native shared memory implementation (Magnus)
Add cursor-related functionality in SPI (Pavel Stehule)
Allow access to the cursor-related planning options,
and add FETCH/MOVE routines.
Allow execution of cursor commands through
SPI_execute (Tom)
The macro SPI_ERROR_CURSOR still exists but will
never be returned.
SPI plan pointers are now declared as SPIPlanPtr instead of void * (Tom)
This does not break application code, but switching is recommended to help catch simple programming mistakes.
Add configure
option --enable-profiling
to enable code profiling (works only with gcc) (Korry Douglas and Nikhil
Sontakke)
Add configure
option --with-system-tzdata to use the
operating system's time zone database (Peter)
Fix PGXS so
extensions can be built against PostgreSQL
installations whose pg_config program does not appear
first in the PATH
(Tom)
Support gmake draft
when building the SGML documentation (Bruce)
Unless draft is used,
the documentation build will now be repeated if
necessary to ensure the index is up-to-date.
Rename macro DLLIMPORT
to PGDLLIMPORT to avoid
conflicting with third party includes (like Tcl) that
define DLLIMPORT
(Magnus)
Create “operator families” to improve planning of queries involving cross-data-type comparisons (Tom)
Update GIN extractQuery() API to allow
signalling that nothing can satisfy the query
(Teodor)
Move NAMEDATALEN
definition from postgres_ext.h to pg_config_manual.h (Peter)
Provide strlcpy() and
strlcat() on all
platforms, and replace error-prone uses of strncpy(), strncat(), etc (Peter)
Create hooks to let an external plugin monitor (or even replace) the planner and create plans for hypothetical situations (Gurjeet Singh, Tom)
Create a function variable join_search_hook to let plugins
override the join search order portion of the planner
(Julius Stroffek)
Add tas() support for
Renesas' M32R processor (Kazuhiro Inaoka)
quote_identifier() and
pg_dump no longer
quote keywords that are unreserved according to the
grammar (Tom)
Change the on-disk representation of the
NUMERIC data type so that the
sign_dscale word comes
before the weight (Tom)
Use SYSV semaphores rather than POSIX on Darwin >= 6.0, i.e., macOS 10.2 and up (Chris Marcellino)
"Postgres" is now documented as an accepted alias for "PostgreSQL" (Peter)
Add documentation about preventing database server spoofing when the server is down (Bruce)
Move contrib
README content into the
main PostgreSQL
documentation (Albert Cervera i Areny)
Add contrib/pageinspect module for
low-level page inspection (Simon, Heikki)
Add contrib/pg_standby
module for controlling warm standby operation
(Simon)
Add contrib/uuid-ossp
module for generating UUID
values using the OSSP UUID library (Peter)
Use configure
--with-ossp-uuid to
activate. This takes advantage of the new UUID builtin type.
Add contrib/dict_int,
contrib/dict_xsyn, and
contrib/test_parser
modules to provide sample add-on text search dictionary
templates and parsers (Sergey Karpov)
Allow contrib/pgbench to set the fillfactor (Pavan Deolasee)
Add timestamps to contrib/pgbench -l (Greg Smith)
Add usage count statistics to contrib/pgbuffercache (Greg
Smith)
Add GIN support for contrib/hstore (Teodor)
Add GIN support for contrib/pg_trgm (Guillaume Smet,
Teodor)
Update OS/X startup scripts in contrib/start-scripts (Mark Cotner,
David Fetter)
Restrict pgrowlocks()
and dblink_get_pkey() to
users who have SELECT
privilege on the target table (Tom)
Restrict contrib/pgstattuple functions to
superusers (Tom)
contrib/xml2 is
deprecated and planned for removal in 8.4 (Peter)
The new XML support in core PostgreSQL supersedes this module.
⇑ Upgrade to 8.3.1 released on 2008-03-17 - docs
Fix character string comparison for Windows locales that consider different character combinations as equal (Tom)
This fix applies only on Windows and only when using
UTF-8 database encoding. The same fix was made for all
other cases over two years ago, but Windows with UTF-8
uses a separate code path that was not updated. If you
are using a locale that considers some non-identical
strings as equal, you may need to REINDEX to fix existing indexes on
textual columns.
Repair corner-case bugs in VACUUM FULL (Tom)
A potential deadlock between concurrent VACUUM FULL operations on different
system catalogs was introduced in 8.2. This has now been
corrected. 8.3 made this worse because the deadlock could
occur within a critical code section, making it a PANIC
rather than just ERROR condition.
Also, a VACUUM FULL that
failed partway through vacuuming a system catalog could
result in cache corruption in concurrent database
sessions.
Another VACUUM FULL bug
introduced in 8.3 could result in a crash or
out-of-memory report when dealing with pages containing
no live tuples.
Fix misbehavior of foreign key checks involving
character or bit columns (Tom)
If the referencing column were of a different but
compatible type (for instance varchar), the constraint was enforced
incorrectly.
Avoid needless deadlock failures in no-op foreign-key checks (Stephan Szabo, Tom)
Fix possible core dump when re-planning a prepared query (Tom)
This bug affected only protocol-level prepare
operations, not SQL PREPARE,
and so tended to be seen only with JDBC, DBI, and other
client-side drivers that use prepared statements
heavily.
Fix possible failure when re-planning a query that calls an SPI-using function (Tom)
Fix failure in row-wise comparisons involving columns of different datatypes (Tom)
Fix longstanding LISTEN/NOTIFY race condition (Tom)
In rare cases a session that had just executed a
LISTEN might not get a
notification, even though one would be expected because
the concurrent transaction executing NOTIFY was observed to commit later.
A side effect of the fix is that a transaction that
has executed a not-yet-committed LISTEN command will not see any row in
pg_listener for the
LISTEN, should it choose to
look; formerly it would have. This behavior was never
documented one way or the other, but it is possible that
some applications depend on the old behavior.
Disallow LISTEN and
UNLISTEN within a prepared
transaction (Tom)
This was formerly allowed but trying to do it had
various unpleasant consequences, notably that the
originating backend could not exit as long as an
UNLISTEN remained
uncommitted.
Disallow dropping a temporary table within a prepared transaction (Heikki)
This was correctly disallowed by 8.1, but the check was inadvertently broken in 8.2 and 8.3.
Fix rare crash when an error occurs during a query using a hash index (Heikki)
Fix incorrect comparison of tsquery values (Teodor)
Fix incorrect behavior of LIKE with non-ASCII characters in
single-byte encodings (Rolf Jentsch)
Disable xmlvalidate
(Tom)
This function should have been removed before 8.3 release, but was inadvertently left in the source code. It poses a small security risk since unprivileged users could use it to read the first few characters of any file accessible to the server.
Fix memory leaks in certain usages of set-returning functions (Neil)
Make encode(
convert all high-bit-set byte values into bytea, 'escape')\nnn octal escape
sequences (Tom)
This is necessary to avoid encoding problems when the
database encoding is multi-byte. This change could pose
compatibility issues for applications that are expecting
specific results from encode.
Fix input of datetime values for February 29 in years BC (Tom)
The former coding was mistaken about which years were leap years.
Fix “unrecognized node type” error in
some variants of ALTER OWNER
(Tom)
Avoid tablespace permissions errors in CREATE TABLE LIKE INCLUDING INDEXES
(Tom)
Ensure pg_stat_activity.waiting flag is cleared when a lock
wait is aborted (Tom)
Fix handling of process permissions on Windows Vista (Dave, Magnus)
In particular, this fix allows starting the server as the Administrator user.
Update time zone data files to tzdata release 2008a (in particular,
recent Chile changes); adjust timezone abbreviation
VET (Venezuela) to mean
UTC-4:30, not UTC-4:00 (Tom)
Fix ecpg problems with arrays (Michael)
Fix pg_ctl to correctly extract the postmaster's port number from command-line options (Itagaki Takahiro, Tom)
Previously, pg_ctl start
-w could try to contact the postmaster on the
wrong port, leading to bogus reports of startup
failure.
Use -fwrapv to defend
against possible misoptimization in recent gcc versions (Tom)
This is known to be necessary when building PostgreSQL with gcc 4.3 or later.
Enable building contrib/uuid-ossp with MSVC (Hiroshi
Saito)
⇑ Upgrade to 8.3.2 released on 2008-06-12 - docs
Fix ERRORDATA_STACK_SIZE
exceeded crash that occurred on Windows when using
UTF-8 database encoding and a different client encoding
(Tom)
Fix incorrect archive truncation point calculation for
the %r macro in restore_command parameters (Simon)
This could lead to data loss if a warm-standby script
relied on %r to decide when
to throw away WAL segment files.
Fix ALTER TABLE ADD COLUMN ...
PRIMARY KEY so that the new column is correctly
checked to see if it's been initialized to all non-nulls
(Brendan Jurd)
Previous versions neglected to check this requirement at all.
Fix REASSIGN OWNED so
that it works on procedural languages too (Alvaro)
Fix problems with SELECT FOR
UPDATE/SHARE occurring as a subquery in a query
with a non-SELECT top-level
operation (Tom)
Fix possible CREATE TABLE
failure when inheriting the “same”
constraint from multiple parent relations that inherited
that constraint from a common ancestor (Tom)
Fix pg_get_ruledef() to
show the alias, if any, attached to the target table of
an UPDATE or DELETE (Tom)
Restore the pre-8.3 behavior that an out-of-range block number in a TID being used in a TidScan plan results in silently not matching any rows (Tom)
8.3.0 and 8.3.1 threw an error instead.
Fix GIN bug that could result in a too many LWLocks taken failure
(Teodor)
Fix broken GiST comparison function for tsquery (Teodor)
Fix tsvector_update_trigger() and
ts_stat() to accept domains
over the types they expect to work with (Tom)
Fix failure to support enum data types as foreign keys (Tom)
Avoid possible crash when decompressing corrupted data (Zdenek Kotala)
Fix race conditions between delayed unlinks and
DROP DATABASE (Heikki)
In the worst case this could result in deleting a newly created table in a new database that happened to get the same OID as the recently-dropped one; but of course that is an extremely low-probability scenario.
Repair two places where SIGTERM exit of a backend could leave corrupted state in shared memory (Tom)
Neither case is very important if SIGTERM is used to shut down the whole database cluster together, but there was a problem if someone tried to SIGTERM individual backends.
Fix possible crash due to incorrect plan generated for
an x IN (SELECT y FROM ...)x and
y have
different data types; and make sure the behavior is
semantically correct when the conversion from y's type to x's type is lossy
(Tom)
Fix oversight that prevented the planner from substituting known Param values as if they were constants (Tom)
This mistake partially disabled optimization of unnamed extended-Query statements in 8.3.0 and 8.3.1: in particular the LIKE-to-indexscan optimization would never be applied if the LIKE pattern was passed as a parameter, and constraint exclusion depending on a parameter value didn't work either.
Fix planner failure when an indexable MIN or MAX aggregate is used with DISTINCT or ORDER
BY (Tom)
Fix planner to ensure it never uses a “physical tlist” for a plan node that is feeding a Sort node (Tom)
This led to the sort having to push around more data than it really needed to, since unused column values were included in the sorted data.
Avoid unnecessary copying of query strings (Tom)
This fixes a performance problem introduced in 8.3.0 when a very large number of commands are submitted as a single query string.
Make TransactionIdIsCurrentTransactionId()
use binary search instead of linear search when checking
child-transaction XIDs (Heikki)
This fixes some cases in which 8.3.0 was significantly slower than earlier releases.
Fix conversions between ISO-8859-5 and other encodings
to handle Cyrillic “Yo” characters (e and E
with two dots) (Sergey Burladyan)
Fix several datatype input functions, notably
array_in(), that were
allowing unused bytes in their results to contain
uninitialized, unpredictable values (Tom)
This could lead to failures in which two apparently
identical literal values were not seen as equal,
resulting in the parser complaining about unmatched
ORDER BY and DISTINCT expressions.
Fix a corner case in regular-expression substring
matching (substring()
(Tom)string from pattern)
The problem occurs when there is a match to the
pattern overall but the user has specified a
parenthesized subexpression and that subexpression hasn't
got a match. An example is substring('foo' from 'foo(bar)?'). This
should return NULL, since (bar) isn't matched, but it was
mistakenly returning the whole-pattern match instead (ie,
foo).
Prevent cancellation of an auto-vacuum that was launched to prevent XID wraparound (Alvaro)
Improve ANALYZE's
handling of in-doubt tuples (those inserted or deleted by
a not-yet-committed transaction) so that the counts it
reports to the stats collector are more likely to be
correct (Pavan Deolasee)
Fix initdb to reject
a relative path for its --xlogdir (-X) option (Tom)
Make psql print tab
characters as an appropriate number of spaces, rather
than \x09 as was done in
8.3.0 and 8.3.1 (Bruce)
Update time zone data files to tzdata release 2008c (for DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, and Argentina/San_Luis)
Add ECPGget_PGconn()
function to ecpglib
(Michael)
Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function
(Michael)
Fix handling of continuation line markers in ecpg (Michael)
Fix possible crashes in contrib/cube functions (Tom)
Fix core dump in contrib/xml2's xpath_table() function when the input
query returns a NULL value (Tom)
Fix contrib/xml2's
makefile to not override CFLAGS, and make it auto-configure
properly for libxslt
present or not (Tom)
⇑ Upgrade to 8.3.3 released on 2008-06-12 - docs
Make pg_get_ruledef()
parenthesize negative constants (Tom)
Before this fix, a negative constant in a view or rule
might be dumped as, say, -42::integer, which is subtly incorrect:
it should be (-42)::integer
due to operator precedence rules. Usually this would make
little difference, but it could interact with another
recent patch to cause PostgreSQL to reject what had been a
valid SELECT DISTINCT view
query. Since this could result in pg_dump output failing to reload, it
is being treated as a high-priority fix. The only
released versions in which dump output is actually
incorrect are 8.3.1 and 8.2.7.
Make ALTER AGGREGATE ... OWNER
TO update pg_shdepend (Tom)
This oversight could lead to problems if the aggregate
was later involved in a DROP
OWNED or REASSIGN
OWNED operation.
⇑ Upgrade to 8.3.4 released on 2008-09-22 - docs
Fix bug in btree WAL recovery code (Heikki)
Recovery failed if the WAL ended partway through a page split operation.
Fix potential use of wrong cutoff XID for HOT page pruning (Alvaro)
This error created a risk of corruption in system
catalogs that are consulted by VACUUM: dead tuple versions might be
removed too soon. The impact of this on actual database
operations would be minimal, since the system doesn't
follow MVCC rules while examining catalogs, but it might
result in transiently wrong output from pg_dump or other client
programs.
Fix potential miscalculation of datfrozenxid (Alvaro)
This error may explain some recent reports of failure
to remove old pg_clog
data.
Fix incorrect HOT updates after pg_class is reindexed (Tom)
Corruption of pg_class
could occur if REINDEX TABLE
pg_class was followed in the same session by an
ALTER TABLE RENAME or
ALTER TABLE SET SCHEMA
command.
Fix missed “combo cid” case (Karl Schnaitter)
This error made rows incorrectly invisible to a transaction in which they had been deleted by multiple subtransactions that all aborted.
Prevent autovacuum from crashing if the table it's currently checking is deleted at just the wrong time (Alvaro)
Widen local lock counters from 32 to 64 bits (Tom)
This responds to reports that the counters could overflow in sufficiently long transactions, leading to unexpected “lock is already held” errors.
Fix possible duplicate output of tuples during a GiST index scan (Teodor)
Regenerate foreign key checking queries from scratch when either table is modified (Tom)
Previously, 8.3 would attempt to replan the query, but would work from previously generated query text. This led to failures if a table or column was renamed.
Fix missed permissions checks when a view contains a
simple UNION ALL construct
(Heikki)
Permissions for the referenced tables were checked properly, but not permissions for the view itself.
Add checks in executor startup to ensure that the
tuples produced by an INSERT
or UPDATE will match the
target table's current rowtype (Tom)
This situation is believed to be impossible in 8.3, but it can happen in prior releases, so a check seems prudent.
Fix possible repeated drops during DROP OWNED (Tom)
This would typically result in strange errors such as “cache lookup failed for relation NNN”.
Fix several memory leaks in XML operations (Kris Jurka, Tom)
Fix xmlserialize() to
raise error properly for unacceptable target data type
(Tom)
Fix a couple of places that mis-handled multibyte characters in text search configuration file parsing (Tom)
Certain characters occurring in configuration files would always cause “invalid byte sequence for encoding” failures.
Provide file name and line number location for all errors reported in text search configuration files (Tom)
Fix AT TIME ZONE to first
try to interpret its timezone argument as a timezone
abbreviation, and only try it as a full timezone name if
that fails, rather than the other way around as formerly
(Tom)
The timestamp input functions have always resolved
ambiguous zone names in this order. Making AT TIME ZONE do so as well improves
consistency, and fixes a compatibility bug introduced in
8.1: in ambiguous cases we now behave the same as 8.0 and
before did, since in the older versions AT TIME ZONE accepted only abbreviations.
Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform (Tom)
Prevent integer overflows during units conversion when displaying a configuration parameter that has units (Tom)
Improve performance of writing very long log messages to syslog (Tom)
Allow spaces in the suffix part of an LDAP URL in
pg_hba.conf (Tom)
Fix bug in backwards scanning of a cursor on a
SELECT DISTINCT ON query
(Tom)
Fix planner bug that could improperly push down
IS NULL tests below an outer
join (Tom)
This was triggered by occurrence of IS NULL tests for the same relation in
all arms of an upper OR
clause.
Fix planner bug with nested sub-select expressions (Tom)
If the outer sub-select has no direct dependency on the parent query, but the inner one does, the outer value might not get recalculated for new parent query rows.
Fix planner to estimate that GROUP BY expressions yielding boolean
results always result in two groups, regardless of the
expressions' contents (Tom)
This is very substantially more accurate than the
regular GROUP BY estimate
for certain boolean tests like col IS NULL.
Fix PL/pgSQL to not fail when a FOR loop's target variable is a record
containing composite-type fields (Tom)
Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful about the encoding of data sent to or from Tcl (Tom)
Improve performance of PQescapeBytea() (Rudolf Leitgeb)
On Windows, work around a Microsoft bug by preventing libpq from trying to send more than 64kB per system call (Magnus)
Fix ecpg to handle
variables properly in SET
commands (Michael)
Improve pg_dump and pg_restore's error reporting after failure to send a SQL command (Tom)
Fix pg_ctl to
properly preserve postmaster command-line arguments
across a restart (Bruce)
Fix erroneous WAL file cutoff point calculation in pg_standby (Simon)
Update time zone data files to tzdata release 2008f (for DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, Pakistan, Palestine, and Paraguay)
⇑ Upgrade to 8.3.5 released on 2008-11-03 - docs
Fix GiST index corruption due to marking the wrong index entry “dead” after a deletion (Teodor)
This would result in index searches failing to find
rows they should have found. Corrupted indexes can be
fixed with REINDEX.
Fix backend crash when the client encoding cannot represent a localized error message (Tom)
We have addressed similar issues before, but it would still fail if the “character has no equivalent” message itself couldn't be converted. The fix is to disable localization and send the plain ASCII error message when we detect such a situation.
Fix possible crash in bytea-to-XML mapping (Michael McMaster)
Fix possible crash when deeply nested functions are invoked from a trigger (Tom)
Improve optimization of expression IN (expression-list) queries
(Tom, per an idea from Robert Haas)
Cases in which there are query variables on the right-hand side had been handled less efficiently in 8.2.x and 8.3.x than in prior versions. The fix restores 8.1 behavior for such cases.
Fix mis-expansion of rule queries when a
sub-SELECT appears in a
function call in FROM, a
multi-row VALUES list, or a
RETURNING list (Tom)
The usual symptom of this problem is an “unrecognized node type” error.
Fix Assert failure during rescan of an IS NULL search of a GiST index
(Teodor)
Fix memory leak during rescan of a hashed aggregation plan (Neil)
Ensure an error is reported when a newly-defined PL/pgSQL trigger function is invoked as a normal function (Tom)
Force a checkpoint before CREATE
DATABASE starts to copy files (Heikki)
This prevents a possible failure if files had recently been deleted in the source database.
Prevent possible collision of relfilenode numbers when moving a
table to another tablespace with ALTER SET TABLESPACE (Heikki)
The command tried to re-use the existing filename, instead of picking one that is known unused in the destination directory.
Fix incorrect text search headline generation when single query item matches first word of text (Sushant Sinha)
Fix improper display of fractional seconds in interval
values when using a non-ISO datestyle in an --enable-integer-datetimes build (Ron
Mayer)
Make ILIKE compare
characters case-insensitively even when they're escaped
(Andrew)
Ensure DISCARD is handled
properly by statement logging (Tom)
Fix incorrect logging of last-completed-transaction time during PITR recovery (Tom)
Ensure SPI_getvalue and
SPI_getbinval behave
correctly when the passed tuple and tuple descriptor have
different numbers of columns (Tom)
This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication.
Mark SessionReplicationRole as PGDLLIMPORT so it can be used by
Slony on Windows
(Magnus)
Fix small memory leak when using libpq's gsslib parameter (Magnus)
The space used by the parameter string was not freed at connection close.
Ensure libgssapi is linked into libpq if needed (Markus Schaaf)
Fix ecpg's parsing of
CREATE ROLE (Michael)
Fix recent breakage of pg_ctl
restart (Tom)
Ensure pg_control is
opened in binary mode (Itagaki Takahiro)
pg_controldata and pg_resetxlog did this incorrectly, and so could fail on Windows.
Update time zone data files to tzdata release 2008i (for DST law changes in Argentina, Brazil, Mauritius, Syria)
⇑ Upgrade to 8.3.6 released on 2009-02-02 - docs
Make DISCARD ALL release
advisory locks, in addition to everything it already did
(Tom)
This was decided to be the most appropriate behavior. This could affect existing applications, however.
Fix whole-index GiST scans to work correctly (Teodor)
This error could cause rows to be lost if a table is clustered on a GiST index.
Fix crash of xmlconcat(NULL) (Peter)
Fix possible crash in ispell dictionary if high-bit-set
characters are used as flags (Teodor)
This is known to be done by one widely available Norwegian dictionary, and the same condition may exist in others.
Fix misordering of pg_dump output for composite types (Tom)
The most likely problem was for user-defined operator classes to be dumped after indexes or views that needed them.
Improve handling of URLs in headline() function (Teodor)
Improve handling of overlength headlines in
headline() function
(Teodor)
Prevent possible Assert failure or misconversion if an encoding conversion is created with the wrong conversion function for the specified pair of encodings (Tom, Heikki)
Fix possible Assert failure if a statement executed in
PL/pgSQL is rewritten into another kind of statement, for
example if an INSERT is
rewritten into an UPDATE
(Heikki)
Ensure that a snapshot is available to datatype input functions (Tom)
This primarily affects domains that are declared with
CHECK constraints involving
user-defined stable or immutable functions. Such
functions typically fail if no snapshot has been set.
Make it safer for SPI-using functions to be used within datatype I/O; in particular, to be used in domain check constraints (Tom)
Avoid unnecessary locking of small tables in
VACUUM (Heikki)
Fix a problem that sometimes kept ALTER TABLE ENABLE/DISABLE RULE from
being recognized by active sessions (Tom)
Fix a problem that made UPDATE
RETURNING tableoid return zero instead of the
correct OID (Tom)
Allow functions declared as taking ANYARRAY to work on the pg_statistic columns of that type
(Tom)
This used to work, but was unintentionally broken in 8.3.
Fix planner misestimation of selectivity when transitive equality is applied to an outer-join clause (Tom)
This could result in bad plans for queries like
... from a left join b on a.a1 =
b.b1 where a.a1 = 42 ...
Improve optimizer's handling of long IN lists (Tom)
This change avoids wasting large amounts of time on such lists when constraint exclusion is enabled.
Prevent synchronous scan during GIN index build (Tom)
Because GIN is optimized for inserting tuples in increasing TID order, choosing to use a synchronous scan could slow the build by a factor of three or more.
Ensure that the contents of a holdable cursor don't depend on the contents of TOAST tables (Tom)
Previously, large field values in a cursor result might be represented as TOAST pointers, which would fail if the referenced table got dropped before the cursor is read, or if the large value is deleted and then vacuumed away. This cannot happen with an ordinary cursor, but it could with a cursor that is held past its creating transaction.
Fix memory leak when a set-returning function is terminated without reading its whole result (Tom)
Fix encoding conversion problems in XML functions when the database encoding isn't UTF-8 (Tom)
Fix contrib/dblink's
dblink_get_result(text,bool) function
(Joe)
Fix possible garbage output from contrib/sslinfo functions (Tom)
Fix incorrect behavior of contrib/tsearch2 compatibility trigger
when it's fired more than once in a command (Teodor)
Fix possible mis-signaling in autovacuum (Heikki)
Support running as a service on Windows 7 beta (Dave and Magnus)
Fix ecpg's handling of varchar structs (Michael)
Fix configure script to properly report failure when unable to obtain linkage information for PL/Perl (Andrew)
Make all documentation reference pgsql-bugs and/or pgsql-hackers as appropriate, instead of
the now-decommissioned pgsql-ports and pgsql-patches mailing lists (Tom)
Update time zone data files to tzdata release 2009a (for Kathmandu and historical DST corrections in Switzerland, Cuba)
⇑ Upgrade to 8.3.7 released on 2009-03-16 - docs
Prevent error recursion crashes when encoding conversion fails (Tom)
This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that any error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (CVE-2009-0922)
Disallow CREATE
CONVERSION with the wrong encodings for the
specified conversion function (Heikki)
This prevents one possible scenario for encoding conversion failure. The previous change is a backstop to guard against other kinds of failures in the same area.
Fix xpath() to not
modify the path expression unless necessary, and to make
a saner attempt at it when necessary (Andrew)
The SQL standard suggests that xpath should work on data that is a
document fragment, but libxml doesn't support that, and
indeed it's not clear that this is sensible according to
the XPath standard. xpath
attempted to work around this mismatch by modifying both
the data and the path expression, but the modification
was buggy and could cause valid searches to fail. Now,
xpath checks whether the
data is in fact a well-formed document, and if so invokes
libxml with no change to
the data or path expression. Otherwise, a different
modification method that is somewhat less likely to fail
is used.
The new modification method is still not 100%
satisfactory, and it seems likely that no real solution
is possible. This patch should therefore be viewed as a
band-aid to keep from breaking existing applications
unnecessarily. It is likely that PostgreSQL 8.4 will simply reject
use of xpath on data that
is not a well-formed document.
Fix core dump when to_char() is given format codes that
are inappropriate for the type of the data argument
(Tom)
Fix possible failure in text search when C locale is used with a multi-byte encoding (Teodor)
Crashes were possible on platforms where wchar_t is narrower than int; Windows in particular.
Fix extreme inefficiency in text search parser's
handling of an email-like string containing multiple
@ characters (Heikki)
Fix planner problem with sub-SELECT in the output list of a larger
subquery (Tom)
The known symptom of this bug is a “failed to locate grouping columns” error that is dependent on the datatype involved; but there could be other issues as well.
Fix decompilation of CASE
WHEN with an implicit coercion (Tom)
This mistake could lead to Assert failures in an Assert-enabled build, or an “unexpected CASE WHEN clause” error message in other cases, when trying to examine or dump a view.
Fix possible misassignment of the owner of a TOAST table's rowtype (Tom)
If CLUSTER or a rewriting
variant of ALTER TABLE were
executed by someone other than the table owner, the
pg_type entry for the
table's TOAST table would end up marked as owned by that
someone. This caused no immediate problems, since the
permissions on the TOAST rowtype aren't examined by any
ordinary database operation. However, it could lead to
unexpected failures if one later tried to drop the role
that issued the command (in 8.1 or 8.2), or “owner of data type appears
to be invalid” warnings from pg_dump after having done so (in
8.3).
Change UNLISTEN to exit
quickly if the current session has never executed any
LISTEN command (Tom)
Most of the time this is not a particularly useful
optimization, but since DISCARD
ALL invokes UNLISTEN,
the previous coding caused a substantial performance
problem for applications that made heavy use of
DISCARD ALL.
Fix PL/pgSQL to not treat INTO after INSERT as an INTO-variables clause
anywhere in the string, not only at the start; in
particular, don't fail for INSERT
INTO within CREATE
RULE (Tom)
Clean up PL/pgSQL error status variables fully at block exit (Ashesh Vashi and Dave Page)
This is not a problem for PL/pgSQL itself, but the omission could cause the PL/pgSQL Debugger to crash while examining the state of a function.
Retry failed calls to CallNamedPipe() on Windows (Steve
Marshall, Magnus)
It appears that this function can sometimes fail
transiently; we previously treated any failure as a hard
error, which could confuse LISTEN/NOTIFY as well as other operations.
Add MUST (Mauritius
Island Summer Time) to the default list of known timezone
abbreviations (Xavier Bugaud)
⇑ Upgrade to 8.4 released on 2009-07-01 - docs
Improve optimizer statistics calculations (Jan Urbanski, Tom)
In particular, estimates for full-text-search operators are greatly improved.
Allow SELECT DISTINCT
and UNION/INTERSECT/EXCEPT to use hashing (Tom)
This means that these types of queries no longer automatically produce sorted output.
Create explicit concepts of semi-joins and anti-joins (Tom)
This work formalizes our previous ad-hoc treatment
of IN (SELECT ...)
clauses, and extends it to EXISTS and NOT
EXISTS clauses. It should result in
significantly better planning of EXISTS and NOT
EXISTS queries. In general, logically equivalent
IN and EXISTS clauses should now have similar
performance, whereas previously IN often won.
Improve optimization of sub-selects beneath outer joins (Tom)
Formerly, a sub-select or view could not be optimized very well if it appeared within the nullable side of an outer join and contained non-strict expressions (for instance, constants) in its result list.
Improve the performance of text_position() and related functions
by using Boyer-Moore-Horspool searching (David
Rowley)
This is particularly helpful for long search patterns.
Reduce I/O load of writing the statistics collection file by writing the file only when requested (Martin Pihlak)
Improve performance for bulk inserts (Robert Haas, Simon)
Increase the default value of default_statistics_target from
10 to 100 (Greg Sabino Mullane, Tom)
The maximum value was also increased from
1000 to 10000.
Perform constraint_exclusion checking by
default in queries involving inheritance or
UNION ALL (Tom)
A new constraint_exclusion setting,
partition, was added to
specify this behavior.
Allow I/O read-ahead for bitmap index scans (Greg Stark)
The amount of read-ahead is controlled by
effective_io_concurrency.
This feature is available only if the kernel has
posix_fadvise()
support.
Inline simple set-returning SQL functions in FROM clauses (Richard Rowell)
Improve performance of multi-batch hash joins by providing a special case for join key values that are especially common in the outer relation (Bryce Cutt, Ramon Lawrence)
Reduce volume of temporary data in multi-batch hash joins by suppressing “physical tlist” optimization (Michael Henderson, Ramon Lawrence)
Avoid waiting for idle-in-transaction sessions
during CREATE INDEX
CONCURRENTLY (Simon)
Improve performance of shared cache invalidation (Tom)
Convert many postgresql.conf settings to
enumerated values so that pg_settings can display the valid
values (Magnus)
Add cursor_tuple_fraction parameter to
control the fraction of a cursor's rows that the
planner assumes will be fetched (Robert Hell)
Allow underscores in the names of custom variable
classes in postgresql.conf (Tom)
Remove support for the (insecure) crypt authentication method
(Magnus)
This effectively obsoletes pre-PostgreSQL 7.2 client libraries, as there is no longer any non-plaintext password method that they can use.
Support regular expressions in pg_ident.conf (Magnus)
Allow Kerberos/GSSAPI parameters to be changed without restarting the postmaster (Magnus)
Support SSL certificate chains in server certificate file (Andrew Gierth)
Including the full certificate chain makes the client able to verify the certificate without having all intermediate CA certificates present in the local store, which is often the case for commercial CAs.
Report appropriate error message for combination
of MD5 authentication
and db_user_namespace
enabled (Bruce)
Change all authentication options to use
name=value syntax
(Magnus)
This makes incompatible changes to the
ldap, pam and ident authentication methods. All
pg_hba.conf entries
with these methods need to be rewritten using the new
format.
Remove the ident
sameuser option, instead making that behavior
the default if no usermap is specified (Magnus)
Allow a usermap parameter for all external authentication methods (Magnus)
Previously a usermap was only supported for
ident
authentication.
Add clientcert option
to control requesting of a client certificate
(Magnus)
Previously this was controlled by the presence of a root certificate file in the server's data directory.
Add cert
authentication method to allow user authentication via
SSL certificates
(Magnus)
Previously SSL certificates could only verify that the client had access to a certificate, not authenticate a user.
Allow krb5,
gssapi and sspi realm and krb5 host settings to be specified
in pg_hba.conf
(Magnus)
These override the settings in postgresql.conf.
Add include_realm
parameter for krb5,
gssapi, and sspi methods (Magnus)
This allows identical usernames from different realms to be authenticated as different database users using usermaps.
Parse pg_hba.conf
fully when it is loaded, so that errors are reported
immediately (Magnus)
Previously, most errors in the file wouldn't be detected until clients tried to connect, so an erroneous file could render the system unusable. With the new behavior, if an error is detected during reload then the bad file is rejected and the postmaster continues to use its old copy.
Show all parsing errors in pg_hba.conf instead of aborting
after the first one (Selena Deckelmann)
Support ident
authentication over Unix-domain sockets on
Solaris (Garick
Hamlin)
Provide an option to pg_start_backup() to force its
implied checkpoint to finish as quickly as possible
(Tom)
The default behavior avoids excess I/O consumption, but that is pointless if no concurrent query activity is going on.
Make pg_stop_backup() wait for modified
WAL files to be
archived (Simon)
This guarantees that the backup is valid at the
time pg_stop_backup()
completes.
When archiving is enabled, rotate the last WAL segment at shutdown so that all transactions can be archived immediately (Guillaume Smet, Heikki)
Delay “smart” shutdown while a continuous archiving base backup is in progress (Laurenz Albe)
Cancel a continuous archiving base backup if “fast” shutdown is requested (Laurenz Albe)
Allow recovery.conf
boolean variables to take the same range of string
values as postgresql.conf boolean variables
(Bruce)
Add pg_conf_load_time() to report when
the PostgreSQL
configuration files were last loaded (George
Gensure)
Add pg_terminate_backend() to safely
terminate a backend (the SIGTERM signal works also) (Tom,
Bruce)
While it's always been possible to SIGTERM a single backend, this was
previously considered unsupported; and testing of the
case found some bugs that are now fixed.
Add ability to track user-defined functions' call counts and runtimes (Martin Pihlak)
Function statistics appear in a new system view,
pg_stat_user_functions.
Tracking is controlled by the new parameter
track_functions.
Allow specification of the maximum query string
size in pg_stat_activity
via new track_activity_query_size parameter
(Thomas Lee)
Increase the maximum line length sent to syslog, in hopes of improving performance (Tom)
Add read-only configuration variables segment_size, wal_block_size, and wal_segment_size (Bernd Helmle)
When reporting a deadlock, report the text of all queries involved in the deadlock to the server log (Itagaki Takahiro)
Add pg_stat_get_activity(pid) function
to return information about a specific process id
(Magnus)
Allow the location of the server's statistics file
to be specified via stats_temp_directory (Magnus)
This allows the statistics file to be placed in a
RAM-resident
directory to reduce I/O requirements. On
startup/shutdown, the file is copied to its
traditional location ($PGDATA/global/) so it is preserved
across restarts.
Add support for WINDOW
functions (Hitoshi Harada)
Add support for WITH
clauses (CTEs), including WITH
RECURSIVE (Yoshiyuki Asaba, Tatsuo Ishii,
Tom)
Add TABLE command
(Peter)
TABLE tablename is a
SQL standard short-hand for SELECT * FROM tablename.
Allow AS to be optional
when specifying a SELECT
(or RETURNING) column
output label (Hiroshi Saito)
This works so long as the column label is not any
PostgreSQL keyword;
otherwise AS is still
needed.
Support set-returning functions in SELECT result lists even for functions
that return their result via a tuplestore (Tom)
In particular, this means that functions written in PL/pgSQL and other PL languages can now be called this way.
Support set-returning functions in the output of aggregation and grouping queries (Tom)
Allow SELECT FOR
UPDATE/SHARE to
work on inheritance trees (Tom)
Add infrastructure for SQL/MED (Martin Pihlak, Peter)
There are no remote or external SQL/MED capabilities yet, but this
change provides a standardized and future-proof system
for managing connection information for modules like
dblink and plproxy.
Invalidate cached plans when referenced schemas, functions, operators, or operator classes are modified (Martin Pihlak, Tom)
This improves the system's ability to respond to on-the-fly DDL changes.
Allow comparison of composite types and allow arrays of anonymous composite types (Tom)
This allows constructs such as row(1, 1.1) = any (array[row(7, 7.7), row(1,
1.0)]). This is particularly useful in recursive
queries.
Add support for Unicode string literal and
identifier specifications using code points, e.g.
U&'d\0061t\+000061'
(Peter)
Reject \000 in string
literals and COPY data
(Tom)
Previously, this was accepted but had the effect of terminating the string contents.
Improve the parser's ability to report error locations (Tom)
An error location is now reported for many semantic errors, such as mismatched datatypes, that previously could not be localized.
Support statement-level ON
TRUNCATE triggers (Simon)
Add RESTART/CONTINUE IDENTITY options for
TRUNCATE TABLE (Zoltan
Boszormenyi)
The start value of a sequence can be changed by
ALTER SEQUENCE START
WITH.
Allow TRUNCATE tab1,
tab1 to succeed (Bruce)
Add a separate TRUNCATE permission (Robert
Haas)
Make EXPLAIN VERBOSE
show the output columns of each plan node (Tom)
Previously EXPLAIN
VERBOSE output an internal representation of
the query plan. (That behavior is now available via
debug_print_plan.)
Make EXPLAIN identify
subplans and initplans with individual labels
(Tom)
Make EXPLAIN honor
debug_print_plan
(Tom)
Allow EXPLAIN on
CREATE TABLE AS
(Peter)
Allow sub-selects in LIMIT and OFFSET (Tom)
Add SQL-standard syntax for
LIMIT/OFFSET capabilities (Peter)
To wit, OFFSET num
{ROW|ROWS} FETCH {FIRST|NEXT} [num] {ROW|ROWS}
ONLY.
Add support for column-level privileges (Stephen Frost, KaiGai Kohei)
Refactor multi-object DROP operations to reduce the need for
CASCADE (Alex
Hunsaker)
For example, if table B
has a dependency on table A, the command DROP TABLE A, B no longer requires the
CASCADE option.
Fix various problems with concurrent DROP commands by ensuring that locks
are taken before we begin to drop dependencies of an
object (Tom)
Improve reporting of dependencies during
DROP commands (Tom)
Add WITH [NO] DATA
clause to CREATE TABLE AS,
per the SQL standard
(Peter, Tom)
Add support for user-defined I/O conversion casts (Heikki)
Allow CREATE AGGREGATE
to use an internal transition
datatype (Tom)
Add LIKE clause to
CREATE TYPE (Tom)
This simplifies creation of data types that use the same internal representation as an existing type.
Allow specification of the type category and “preferred” status for user-defined base types (Tom)
This allows more control over the coercion behavior of user-defined types.
Allow CREATE OR REPLACE
VIEW to add columns to the end of a view (Robert
Haas)
Add ALTER TYPE RENAME
(Petr Jelinek)
Add ALTER SEQUENCE ...
RESTART (with no parameter) to reset a
sequence to its initial value (Zoltan
Boszormenyi)
Modify the ALTER
TABLE syntax to allow all reasonable
combinations for tables, indexes, sequences, and
views (Tom)
This change allows the following new syntaxes:
ALTER SEQUENCE OWNER
TO
ALTER VIEW ALTER
COLUMN SET/DROP DEFAULT
ALTER VIEW OWNER
TO
ALTER VIEW SET
SCHEMA
There is no actual new functionality here, but
formerly you had to say ALTER
TABLE to do these things, which was
confusing.
ALTER SEQUENCE OWNER
TO
ALTER VIEW ALTER
COLUMN SET/DROP DEFAULT
ALTER VIEW OWNER
TO
ALTER VIEW SET
SCHEMA
Add support for the syntax ALTER TABLE ... ALTER COLUMN ... SET DATA
TYPE (Peter)
This is SQL-standard syntax for functionality that was already supported.
Make ALTER TABLE SET WITHOUT
OIDS rewrite the table to physically remove
OID values (Tom)
Also, add ALTER TABLE SET
WITH OIDS to rewrite the table to add
OIDs.
Improve reporting of CREATE/DROP/RENAME
DATABASE failure when uncommitted prepared
transactions are the cause (Tom)
Make LC_COLLATE and
LC_CTYPE into
per-database settings (Radek Strnad, Heikki)
This makes collation similar to encoding, which was always configurable per database.
Improve checks that the database encoding,
collation (LC_COLLATE),
and character classes (LC_CTYPE) match (Heikki, Tom)
Note in particular that a new database's encoding
and locale settings can be changed only when copying
from template0. This
prevents possibly copying data that doesn't match the
settings.
Add ALTER DATABASE SET
TABLESPACE to move a database to a new
tablespace (Guillaume Lelarge, Bernd Helmle)
Add a VERBOSE option to
the CLUSTER command and
clusterdb (Jim
Cox)
Decrease memory requirements for recording pending trigger events (Tom)
Dramatically improve the speed of building and accessing hash indexes (Tom Raney, Shreya Bhargava)
This allows hash indexes to be sometimes faster than btree indexes. However, hash indexes are still not crash-safe.
Make hash indexes store only the hash code, not the full value of the indexed column (Xiao Meng)
This greatly reduces the size of hash indexes for long indexed values, improving performance.
Implement fast update option for GIN indexes (Teodor, Oleg)
This option greatly improves update speed at a small penalty in search speed.
xxx_pattern_ops
indexes can now be used for simple equality
comparisons, not only for LIKE (Tom)
Remove the requirement to use @@@ when doing GIN weighted lookups on full text
indexes (Tom, Teodor)
The normal @@ text
search operator can be used instead.
Add an optimizer selectivity function for
@@ text search
operations (Jan Urbanski)
Allow prefix matching in full text searches (Teodor Sigaev, Oleg Bartunov)
Support multi-column GIN indexes (Teodor Sigaev)
Improve support for Nepali language and Devanagari alphabet (Teodor)
Track free space in separate per-relation “fork” files (Heikki)
Free space discovered by VACUUM is now recorded in
*_fsm files, rather
than in a fixed-sized shared memory area. The
max_fsm_pages and
max_fsm_relations
settings have been removed, greatly simplifying
administration of free space management.
Add a visibility map to track pages that do not require vacuuming (Heikki)
This allows VACUUM to
avoid scanning all of a table when only a portion of
the table needs vacuuming. The visibility map is
stored in per-relation “fork”
files.
Add vacuum_freeze_table_age parameter to
control when VACUUM
should ignore the visibility map and do a full table
scan to freeze tuples (Heikki)
Track transaction snapshots more carefully (Alvaro)
This improves VACUUM's ability to reclaim space in
the presence of long-running transactions.
Add ability to specify per-relation autovacuum and
TOAST parameters
in CREATE TABLE (Alvaro,
Euler Taveira de Oliveira)
Autovacuum options used to be stored in a system table.
Add --freeze option
to vacuumdb
(Bruce)
Add a CaseSensitive
option for text search synonym dictionaries (Simon)
Improve the precision of NUMERIC division (Tom)
Add basic arithmetic operators for int2 with int8
(Tom)
This eliminates the need for explicit casting in some situations.
Allow UUID input to accept
an optional hyphen after every fourth digit (Robert
Haas)
Allow on/off as input for the boolean data type
(Itagaki Takahiro)
Allow spaces around NaN
in the input string for type numeric (Sam Mason)
Reject year 0 BC and
years 000 and
0000 (Tom)
Previously these were interpreted as 1 BC. (Note: years 0 and 00 are still assumed to be the year
2000.)
Include SGT
(Singapore time) in the default list of known time
zone abbreviations (Tom)
Support infinity and
-infinity as values of
type date (Tom)
Make parsing of interval
literals more standard-compliant (Tom, Ron Mayer)
For example, INTERVAL '1'
YEAR now does what it's supposed to.
Allow interval
fractional-seconds precision to be specified after
the second keyword, for
SQL standard
compliance (Tom)
Formerly the precision had to be specified after
the keyword interval. (For
backwards compatibility, this syntax is still
supported, though deprecated.) Data type definitions
will now be output using the standard format.
Support the IS0
8601 interval
syntax (Ron Mayer, Kevin Grittner)
For example, INTERVAL
'P1Y2M3DT4H5M6.7S' is now supported.
Add IntervalStyle
parameter which controls how interval values are output (Ron
Mayer)
Valid values are: postgres, postgres_verbose, sql_standard, iso_8601. This setting also controls
the handling of negative interval input when only some fields
have positive/negative designations.
Improve consistency of handling of fractional
seconds in timestamp and
interval output (Ron
Mayer)
Improve the handling of casts applied to
ARRAY[] constructs, such
as ARRAY[...]::integer[]
(Brendan Jurd)
Formerly PostgreSQL attempted to
determine a data type for the ARRAY[] construct without reference
to the ensuing cast. This could fail unnecessarily in
many cases, in particular when the ARRAY[] construct was empty or
contained only ambiguous entries such as NULL. Now the cast is consulted to
determine the type that the array elements must
be.
Make SQL-syntax
ARRAY dimensions optional
to match the SQL
standard (Peter)
Add array_ndims() to
return the number of dimensions of an array (Robert
Haas)
Add array_length()
to return the length of an array for a specified
dimension (Jim Nasby, Robert Haas, Peter
Eisentraut)
Add aggregate function array_agg(), which returns all
aggregated values as a single array (Robert Haas,
Jeff Davis, Peter)
Add unnest(), which
converts an array to individual row values (Tom)
This is the opposite of array_agg().
Add array_fill() to
create arrays initialized with a value (Pavel
Stehule)
Add generate_subscripts() to simplify
generating the range of an array's subscripts (Pavel
Stehule)
Consider TOAST compression on values as short as 32 bytes (previously 256 bytes) (Greg Stark)
Require 25% minimum space savings before using TOAST compression (previously 20% for small values and any-savings-at-all for large values) (Greg)
Improve TOAST heuristics for rows that have a mix of large and small toastable fields, so that we prefer to push large values out of line and don't compress small values unnecessarily (Greg, Tom)
Document that setseed() allows values from
-1 to 1 (not just 0 to 1),
and enforce the valid range (Kris Jurka)
Add server-side function lo_import(filename, oid) (Tatsuo)
Add quote_nullable(),
which behaves like quote_literal() but returns the
string NULL for a null
argument (Brendan Jurd)
Improve full text search headline() function to allow
extracting several fragments of text (Sushant
Sinha)
Add suppress_redundant_updates_trigger()
trigger function to avoid overhead for
non-data-changing updates (Andrew)
Add div(numeric,
numeric) to perform numeric division without rounding
(Tom)
Add timestamp and
timestamptz versions of
generate_series()
(Hitoshi Harada)
Implement current_query() for use by
functions that need to know the currently running
query (Tomas Doran)
Add pg_get_keywords() to return a list
of the parser keywords (Dave Page)
Add pg_get_functiondef() to see a
function's definition (Abhijit Menon-Sen)
Allow the second argument of pg_get_expr() to be zero when
deparsing an expression that does not contain
variables (Tom)
Modify pg_relation_size() to use
regclass (Heikki)
pg_relation_size(data_type_name) no
longer works.
Add boot_val and
reset_val columns to
pg_settings output (Greg
Smith)
Add source file name and line number columns to
pg_settings output for
variables set in a configuration file (Magnus,
Alvaro)
For security reasons, these columns are only visible to superusers.
Add support for CURRENT_CATALOG, CURRENT_SCHEMA, SET CATALOG, SET SCHEMA (Peter)
These provide SQL-standard syntax for existing features.
Add pg_typeof()
which returns the data type of any value (Brendan
Jurd)
Make version()
return information about whether the server is a 32-
or 64-bit binary (Bruce)
Fix the behavior of information schema columns
is_insertable_into
and is_updatable to
be consistent (Peter)
Improve the behavior of information schema
datetime_precision
columns (Peter)
These columns now show zero for date columns, and 6 (the default
precision) for time,
timestamp, and interval without a declared precision,
rather than showing null as formerly.
Convert remaining builtin set-returning functions
to use OUT parameters
(Jaime Casanova)
This makes it possible to call these functions
without specifying a column list: pg_show_all_settings(),
pg_lock_status(),
pg_prepared_xact(),
pg_prepared_statement(),
pg_cursor()
Make pg_*_is_visible() and has_*_privilege() functions return
NULL for invalid OIDs,
rather than reporting an error (Tom)
Extend has_*_privilege() functions to
allow inquiring about the OR of multiple privileges
in one call (Stephen Frost, Tom)
Add has_column_privilege() and
has_any_column_privilege()
functions (Stephen Frost, Tom)
Support variadic functions (functions with a variable number of arguments) (Pavel Stehule)
Only trailing arguments can be optional, and they all must be of the same data type.
Support default values for function arguments (Pavel Stehule)
Add CREATE FUNCTION ...
RETURNS TABLE clause (Pavel Stehule)
Allow SQL-language functions to return
the output of an INSERT/UPDATE/DELETE RETURNING clause (Tom)
Support EXECUTE USING
for easier insertion of data values into a dynamic
query string (Pavel Stehule)
Allow looping over the results of a cursor using a
FOR loop (Pavel
Stehule)
Support RETURN QUERY
EXECUTE (Pavel Stehule)
Improve the RAISE
command (Pavel Stehule)
Support DETAIL
and HINT
fields
Support specification of the SQLSTATE error code
Support an exception name parameter
Allow RAISE
without parameters in an exception block to
re-throw the current error
Support DETAIL
and HINT
fields
Support specification of the SQLSTATE error code
Support an exception name parameter
Allow RAISE
without parameters in an exception block to
re-throw the current error
Allow specification of SQLSTATE codes in EXCEPTION lists (Pavel Stehule)
This is useful for handling custom SQLSTATE codes.
Support the CASE
statement (Pavel Stehule)
Make RETURN QUERY set
the special FOUND and
GET DIAGNOSTICS
ROW_COUNT variables
(Pavel Stehule)
Make FETCH and
MOVE set the
GET DIAGNOSTICS
ROW_COUNT variable
(Andrew Gierth)
Make EXIT without a
label always exit the innermost loop (Tom)
Formerly, if there were a BEGIN block more closely nested than
any loop, it would exit that block instead. The new
behavior matches Oracle(TM) and is also what was
previously stated by our own documentation.
Make processing of string literals and nested block comments match the main SQL parser's processing (Tom)
In particular, the format string in RAISE now works the same as any
other string literal, including being subject to
standard_conforming_strings. This
change also fixes other cases in which valid commands
would fail when standard_conforming_strings is
on.
Avoid memory leakage when the same function is called at varying exception-block nesting depths (Tom)
Fix pg_ctl restart to
preserve command-line arguments (Bruce)
Add -w/--no-password option that prevents
password prompting in all utilities that have a
-W/--password option (Peter)
Remove -q (quiet) option
of createdb,
createuser,
dropdb, dropuser (Peter)
These options have had no effect since PostgreSQL 8.3.
Remove verbose startup banner; now just suggest
help (Joshua Drake)
Make help show common
backslash commands (Greg Sabino Mullane)
Add \pset format
wrapped mode to wrap output to the screen
width, or file/pipe output too if \pset columns is set (Bryce
Nesbitt)
Allow all supported spellings of boolean values in
\pset, rather than just
on and off (Bruce)
Formerly, any string other than “off” was
silently taken to mean true. psql will now complain about
unrecognized spellings (but still take them as
true).
Use the pager for wide output (Bruce)
Require a space between a one-letter backslash command and its first argument (Bernd Helmle)
This removes a historical source of ambiguity.
Improve tab completion support for schema-qualified and quoted identifiers (Greg Sabino Mullane)
Add optional on/off
argument for \timing
(David Fetter)
Display access control rights on multiple lines (Brendan Jurd, Andreas Scherbaum)
Make \l show database
access privileges (Andrew Gilligan)
Make \l+ show
database sizes, if permissions allow (Andrew
Gilligan)
Add the \ef command
to edit function definitions (Abhijit Menon-Sen)
Make \d* commands
that do not have a pattern argument show system
objects only if the S
modifier is specified (Greg Sabino Mullane,
Bruce)
The former behavior was inconsistent across
different variants of \d, and in most cases it provided no
easy way to see just user objects.
Improve \d* commands
to work with older PostgreSQL server versions (back
to 7.4), not only the current server version
(Guillaume Lelarge)
Make \d show
foreign-key constraints that reference the selected
table (Kenneth D'Souza)
Make \d on a sequence
show its column values (Euler Taveira de
Oliveira)
Add column storage type and other relation options
to the \d+ display
(Gregory Stark, Euler Taveira de Oliveira)
Show relation size in \dt+ output (Dickson S. Guedes)
Show the possible values of enum types in \dT+ (David Fetter)
Allow \dC to accept a
wildcard pattern, which matches either datatype
involved in the cast (Tom)
Add a function type column to \df's output, and add options to
list only selected types of functions (David
Fetter)
Make \df not hide
functions that take or return type cstring (Tom)
Previously, such functions were hidden because most of them are datatype I/O functions, which were deemed uninteresting. The new policy about hiding system functions by default makes this wart unnecessary.
Add a --no-tablespaces option to
pg_dump/pg_dumpall/pg_restore so that dumps can be
restored to clusters that have non-matching
tablespace layouts (Gavin Roy)
Remove -d and
-D options from
pg_dump and
pg_dumpall (Tom)
These options were too frequently confused with
the option to select a database name in other
PostgreSQL client
applications. The functionality is still available,
but you must now spell out the long option name
--inserts or --column-inserts.
Remove -i/--ignore-version option from
pg_dump and
pg_dumpall (Tom)
Use of this option does not throw an error, but it has no effect. This option was removed because the version checks are necessary for safety.
Disable statement_timeout during dump and
restore (Joshua Drake)
Add pg_dump/pg_dumpall option --lock-wait-timeout (David Gould)
This allows dumps to fail if unable to acquire a shared lock within the specified amount of time.
Reorder pg_dump
--data-only output to
dump tables referenced by foreign keys before the
referencing tables (Tom)
This allows data loads when foreign keys are
already present. If circular references make a safe
ordering impossible, a NOTICE is issued.
Allow pg_dump, pg_dumpall, and pg_restore to use a specified role (Benedek László)
Allow pg_restore to use multiple concurrent connections to do the restore (Andrew)
The number of concurrent connections is controlled
by the option --jobs.
This is supported only for custom-format
archives.
Allow the OID to be
specified when importing a large object, via new
function lo_import_with_oid() (Tatsuo)
Add “events” support (Andrew Chernow, Merlin Moncure)
This adds the ability to register callbacks to
manage private data associated with PGconn and PGresult objects.
Improve error handling to allow the return of multiple error messages as multi-line error reports (Magnus)
Make PQexecParams()
and related functions return PGRES_EMPTY_QUERY for an empty query
(Tom)
They previously returned PGRES_COMMAND_OK.
Document how to avoid the overhead of WSACleanup() on Windows (Andrew
Chernow)
Do not rely on Kerberos tickets to determine the default database username (Magnus)
Previously, a Kerberos-capable build of libpq would use the principal name from any available Kerberos ticket as default database username, even if the connection wasn't using Kerberos authentication. This was deemed inconsistent and confusing. The default username is now determined the same way with or without Kerberos. Note however that the database username must still match the ticket when Kerberos authentication is used.
Fix certificate validation for SSL connections (Magnus)
libpq now
supports verifying both the certificate and the name
of the server when making SSL connections. If a root
certificate is not available to use for verification,
SSL connections
will fail. The sslmode
parameter is used to enable certificate verification
and set the level of checking. The default is still
not to do any verification, allowing connections to
SSL-enabled servers without requiring a root
certificate on the client.
Support wildcard server certificates (Magnus)
If a certificate CN starts with *, it will be treated as a wildcard
when matching the hostname, allowing the use of the
same certificate for multiple servers.
Allow the file locations for client certificates to be specified (Mark Woodward, Alvaro, Magnus)
Add a PQinitOpenSSL
function to allow greater control over
OpenSSL/libcrypto initialization (Andrew Chernow)
Make libpq unregister its OpenSSL callbacks when no database connections remain open (Bruce, Magnus, Russell Smith)
This is required for applications that unload the libpq library, otherwise invalid OpenSSL callbacks will remain.
Add localization support for messages (Euler Taveira de Oliveira)
ecpg parser is now automatically generated from the server parser (Michael)
Previously the ecpg parser was hand-maintained.
Add support for single-use plans with out-of-line parameters (Tom)
Add new SPI_OK_REWRITTEN return code for
SPI_execute()
(Heikki)
This is used when a command is rewritten to another type of command.
Remove unnecessary inclusions from executor/spi.h (Tom)
SPI-using modules might need to add some
#include lines if they
were depending on spi.h
to include things for them.
Update build system to use Autoconf 2.61 (Peter)
Require GNU bison for source code builds (Peter)
This has effectively been required for several years, but now there is no infrastructure claiming to support other parser tools.
Add pg_config
--htmldir option
(Peter)
Pass float4 by value
inside the server (Zoltan Boszormenyi)
Add configure
option --disable-float4-byval to use the old
behavior. External C functions that use old-style
(version 0) call convention and pass or return
float4 values will be broken
by this change, so you may need the configure option if you have such
functions and don't want to update them.
Pass float8, int8, and related datatypes by value
inside the server on 64-bit platforms (Zoltan
Boszormenyi)
Add configure
option --disable-float8-byval to use the old
behavior. As above, this change might break old-style
external C functions.
Add configure options --with-segsize, --with-blocksize, --with-wal-blocksize, --with-wal-segsize (Zdenek Kotala,
Tom)
This simplifies build-time control over several
constants that previously could only be changed by
editing pg_config_manual.h.
Allow threaded builds on Solaris 2.5 (Bruce)
Use the system's getopt_long() on Solaris (Zdenek Kotala, Tom)
This makes option processing more consistent with what Solaris users expect.
Add support for the Sun Studio compiler on Linux (Julius Stroffek)
Append the major version number to the backend
gettext domain, and
the soname major version
number to libraries' gettext domain (Peter)
This simplifies parallel installations of multiple versions.
Add support for code coverage testing with gcov (Michelle Caisse)
Allow out-of-tree builds on Mingw and Cygwin (Richard Evans)
Fix the use of Mingw as a cross-compiling source platform (Peter)
Support 64-bit time zone data files (Heikki)
This adds support for daylight saving time (DST) calculations beyond the year 2038.
Deprecate use of platform's time_t data type (Tom)
Some platforms have migrated to 64-bit time_t, some have not, and Windows can't
make up its mind what it's doing. Define pg_time_t to have the same meaning as
time_t, but always be 64 bits
(unless the platform has no 64-bit integer type), and
use that type in all module APIs and on-disk data
formats.
Fix bug in handling of the time zone database when cross-compiling (Richard Evans)
Link backend object files in one step, rather than in stages (Peter)
Improve gettext support to allow better translation of plurals (Peter)
Add message translation support to the PL languages (Alvaro, Peter)
Add more DTrace probes (Robert Lor)
Enable DTrace support on macOS Leopard and other non-Solaris platforms (Robert Lor)
Simplify and standardize conversions between C
strings and text datums, by
providing common functions for the purpose (Brendan
Jurd, Tom)
Clean up the include/catalog/ header files so that
frontend programs can include them without including
postgres.h (Zdenek
Kotala)
Make name char-aligned,
and suppress zero-padding of name entries in indexes (Tom)
Recover better if dynamically-loaded code executes
exit() (Tom)
Add a hook to let plug-ins monitor the executor (Itagaki Takahiro)
Add a hook to allow the planner's statistics lookup behavior to be overridden (Simon Riggs)
Add shmem_startup_hook() for custom
shared memory requirements (Tom)
Replace the index access method amgetmulti entry point with
amgetbitmap, and extend
the API for amgettuple to
support run-time determination of operator lossiness
(Heikki, Tom, Teodor)
The API for GIN and GiST opclass consistent functions has been
extended as well.
Add support for partial-match searches in GIN indexes (Teodor Sigaev, Oleg Bartunov)
Replace pg_class
column reltriggers
with boolean relhastriggers (Simon)
Also remove unused pg_class columns relukeys, relfkeys, and relrefs.
Add a relistemp
column to pg_class to
ease identification of temporary tables (Tom)
Move platform FAQs into the main documentation (Peter)
Prevent parser input files from being built with any conflicts (Peter)
Add support for the KOI8U (Ukrainian) encoding (Peter)
Add Japanese message translations (Japan PostgreSQL Users Group)
This used to be maintained as a separate project.
Fix problem when setting LC_MESSAGES on MSVC-built systems (Hiroshi Inoue,
Hiroshi Saito, Magnus)
Add contrib/auto_explain to automatically
run EXPLAIN on queries
exceeding a specified duration (Itagaki Takahiro,
Tom)
Add contrib/btree_gin
to allow GIN indexes to handle more datatypes (Oleg,
Teodor)
Add contrib/citext to
provide a case-insensitive, multibyte-aware text data
type (David Wheeler)
Add contrib/pg_stat_statements for
server-wide tracking of statement execution statistics
(Itagaki Takahiro)
Add duration and query mode options to contrib/pgbench (Itagaki
Takahiro)
Make contrib/pgbench
use table names pgbench_accounts, pgbench_branches, pgbench_history, and pgbench_tellers, rather than just
accounts, branches, history, and tellers (Tom)
This is to reduce the risk of accidentally destroying real data by running pgbench.
Fix contrib/pgstattuple to handle tables
and indexes with over 2 billion pages (Tatsuhito
Kasahara)
In contrib/fuzzystrmatch, add a version
of the Levenshtein string-distance function that allows
the user to specify the costs of insertion, deletion,
and substitution (Volkan Yazici)
Make contrib/ltree
support multibyte encodings (laser)
Enable contrib/dblink
to use connection information stored in the SQL/MED
catalogs (Joe Conway)
Improve contrib/dblink's reporting of errors
from the remote server (Joe Conway)
Make contrib/dblink
set client_encoding to
match the local database's encoding (Joe Conway)
This prevents encoding problems when communicating with a remote database that uses a different encoding.
Make sure contrib/dblink uses a password
supplied by the user, and not accidentally taken from
the server's .pgpass file
(Joe Conway)
This is a minor security enhancement.
Add fsm_page_contents() to contrib/pageinspect (Heikki)
Modify get_raw_page()
to support free space map (*_fsm) files. Also update
contrib/pg_freespacemap.
Add support for multibyte encodings to contrib/pg_trgm (Teodor)
Rewrite contrib/intagg
to use new functions array_agg() and unnest() (Tom)
Make contrib/pg_standby recover all
available WAL before failover (Fujii Masao, Simon,
Heikki)
To make this work safely, you now need to set the
new recovery_end_command
option in recovery.conf
to clean up the trigger file after failover.
pg_standby will no
longer remove the trigger file itself.
contrib/pg_standby's
-l option is now a no-op,
because it is unsafe to use a symlink (Simon)
⇑ Upgrade to 8.4.1 released on 2009-09-09 - docs
Fix WAL page header initialization at the end of archive recovery (Heikki)
This could lead to failure to process the WAL in a subsequent archive recovery.
Fix “cannot make new WAL entries during recovery” error (Tom)
Fix problem that could make expired rows visible after a crash (Tom)
This bug involved a page status bit potentially not being set correctly after a server crash.
Disallow RESET ROLE and
RESET SESSION AUTHORIZATION
inside security-definer functions (Tom, Heikki)
This covers a case that was missed in the previous
patch that disallowed SET
ROLE and SET SESSION
AUTHORIZATION inside security-definer functions.
(See CVE-2007-6600)
Make LOAD of an
already-loaded loadable module into a no-op (Tom)
Formerly, LOAD would
attempt to unload and re-load the module, but this is
unsafe and not all that useful.
Make window function PARTITION
BY and ORDER BY items
always be interpreted as simple expressions (Tom)
In 8.4.0 these lists were parsed following the rules
used for top-level GROUP BY
and ORDER BY lists. But this
was not correct per the SQL standard, and it led to
possible circularity.
Fix several errors in planning of semi-joins (Tom)
These led to wrong query results in some cases where
IN or EXISTS was used together with another
join.
Fix handling of whole-row references to subqueries that are within an outer join (Tom)
An example is SELECT COUNT(ss.*)
FROM ... LEFT JOIN (SELECT ...) ss ON .... Here,
ss.* would be treated as
ROW(NULL,NULL,...) for
null-extended join rows, which is not the same as a
simple NULL. Now it is treated as a simple NULL.
Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus)
This bug led to the often-reported “could not reattach to shared memory” error message.
Fix locale handling with plperl (Heikki)
This bug could cause the server's locale setting to change when a plperl function is called, leading to data corruption.
Fix handling of reloptions to ensure setting one option doesn't force default values for others (Itagaki Takahiro)
Ensure that a “fast shutdown” request will forcibly terminate open sessions, even if a “smart shutdown” was already in progress (Fujii Masao)
Avoid memory leak for array_agg() in GROUP BY queries (Tom)
Treat to_char(..., 'TH')
as an uppercase ordinal suffix with 'HH'/'HH12'
(Heikki)
It was previously handled as 'th' (lowercase).
Include the fractional part in the result of
EXTRACT(second) and
EXTRACT(milliseconds) for
time and time with time zone inputs (Tom)
This has always worked for floating-point datetime configurations, but was broken in the integer datetime code.
Fix overflow for INTERVAL
'
when x ms'x is more
than 2 million and integer datetimes are in use (Alex
Hunsaker)
Improve performance when processing toasted values in index scans (Tom)
This is particularly useful for PostGIS.
Fix a typo that disabled commit_delay (Jeff Janes)
Output early-startup messages to postmaster.log if the server is started
in silent mode (Tom)
Previously such error messages were discarded, leading to difficulty in debugging.
Remove translated FAQs (Peter)
They are now on the wiki. The main FAQ was moved to the wiki some time ago.
Fix pg_ctl to not go
into an infinite loop if postgresql.conf is empty (Jeff
Davis)
Fix several errors in pg_dump's --binary-upgrade mode (Bruce, Tom)
pg_dump --binary-upgrade
is used by pg_migrator.
Fix contrib/xml2's
xslt_process() to properly
handle the maximum number of parameters (twenty)
(Tom)
Improve robustness of libpq's code to recover from errors
during COPY FROM STDIN
(Tom)
Avoid including conflicting readline and editline header files when both libraries are installed (Zdenek Kotala)
Work around gcc bug that causes “floating-point exception” instead of “division by zero” on some platforms (Tom)
Update time zone data files to tzdata release 2009l for DST law changes in Bangladesh, Egypt, Mauritius.
⇑ Upgrade to 8.4.2 released on 2009-12-14 - docs
Protect against indirect security threats caused by index functions changing session-local state (Gurjeet Singh, Tom)
This change prevents allegedly-immutable index functions from possibly subverting a superuser's session (CVE-2009-4136).
Reject SSL certificates containing an embedded null byte in the common name (CN) field (Magnus)
This prevents unintended matching of a certificate to a server or client name during SSL validation (CVE-2009-4034).
Fix hash index corruption (Tom)
The 8.4 change that made hash indexes keep entries
sorted by hash value failed to update the bucket
splitting and compaction routines to preserve the
ordering. So application of either of those operations
could lead to permanent corruption of an index, in the
sense that searches might fail to find entries that are
present. To deal with this, it is recommended to
REINDEX any hash indexes you
may have after installing this update.
Fix possible crash during backend-startup-time cache initialization (Tom)
Avoid crash on empty thesaurus dictionary (Tom)
Prevent signals from interrupting VACUUM at unsafe times (Alvaro)
This fix prevents a PANIC if a VACUUM FULL is canceled after it's
already committed its tuple movements, as well as
transient errors if a plain VACUUM is interrupted after having
truncated the table.
Fix possible crash due to integer overflow in hash table size calculation (Tom)
This could occur with extremely large planner estimates for the size of a hashjoin's result.
Fix crash if a DROP is
attempted on an internally-dependent object (Tom)
Fix very rare crash in inet/cidr
comparisons (Chris Mikkelson)
Ensure that shared tuple-level locks held by prepared transactions are not ignored (Heikki)
Fix premature drop of temporary files used for a cursor that is accessed within a subtransaction (Heikki)
Fix memory leak in syslogger process when rotating to a new CSV logfile (Tom)
Fix memory leak in postmaster when re-parsing
pg_hba.conf (Tom)
Fix Windows permission-downgrade logic (Jesse Morris)
This fixes some cases where the database failed to start on Windows, often with misleading error messages such as “could not locate matching postgres executable”.
Make FOR UPDATE/SHARE in
the primary query not propagate into WITH queries (Tom)
For example, in
WITH w AS (SELECT * FROM foo) SELECT * FROM w, bar ... FOR UPDATE
the FOR UPDATE will now
affect bar but not
foo. This is more useful and
consistent than the original 8.4 behavior, which tried to
propagate FOR UPDATE into
the WITH query but always
failed due to assorted implementation restrictions. It
also follows the design rule that WITH queries are executed as if
independent of the main query.
Fix bug with a WITH
RECURSIVE query immediately inside another one
(Tom)
Fix concurrency bug in hash indexes (Tom)
Concurrent insertions could cause index scans to transiently report wrong results.
Fix incorrect logic for GiST index page splits, when the split depends on a non-first column of the index (Paul Ramsey)
Fix wrong search results for a multi-column GIN index
with fastupdate enabled
(Teodor)
Fix bugs in WAL entry creation for GIN indexes (Tom)
These bugs were masked when full_page_writes was on, but with it off
a WAL replay failure was certain if a crash occurred
before the next checkpoint.
Don't error out if recycling or removing an old WAL file fails at the end of checkpoint (Heikki)
It's better to treat the problem as non-fatal and allow the checkpoint to complete. Future checkpoints will retry the removal. Such problems are not expected in normal operation, but have been seen to be caused by misdesigned Windows anti-virus and backup software.
Ensure WAL files aren't repeatedly archived on Windows (Heikki)
This is another symptom that could happen if some other process interfered with deletion of a no-longer-needed file.
Fix PAM password processing to be more robust (Tom)
The previous code is known to fail with the
combination of the Linux pam_krb5 PAM module with Microsoft
Active Directory as the domain controller. It might have
problems elsewhere too, since it was making unjustified
assumptions about what arguments the PAM stack would pass
to it.
Raise the maximum authentication token (Kerberos ticket) size in GSSAPI and SSPI authentication methods (Ian Turner)
While the old 2000-byte limit was more than enough for Unix Kerberos implementations, tickets issued by Windows Domain Controllers can be much larger.
Ensure that domain constraints are enforced in
constructs like ARRAY[...]::domain, where the domain is
over an array type (Heikki)
Fix foreign-key logic for some cases involving composite-type columns as foreign keys (Tom)
Ensure that a cursor's snapshot is not modified after it is created (Alvaro)
This could lead to a cursor delivering wrong results if later operations in the same transaction modify the data the cursor is supposed to return.
Fix CREATE TABLE to
properly merge default expressions coming from different
inheritance parent tables (Tom)
This used to work but was broken in 8.4.
Re-enable collection of access statistics for sequences (Akira Kurosawa)
This used to work but was broken in 8.3.
Fix processing of ownership dependencies during
CREATE OR REPLACE FUNCTION
(Tom)
Fix incorrect handling of WHERE x=x conditions (Tom)
In some cases these could get ignored as redundant,
but they aren't — they're equivalent to x IS NOT NULL.
Fix incorrect plan construction when using hash
aggregation to implement DISTINCT for textually identical
volatile expressions (Tom)
Fix Assert failure for a volatile SELECT DISTINCT ON expression (Tom)
Fix ts_stat() to not
fail on an empty tsvector value
(Tom)
Make text search parser accept underscores in XML attributes (Peter)
Fix encoding handling in xml
binary input (Heikki)
If the XML header doesn't specify an encoding, we now assume UTF-8 by default; the previous handling was inconsistent.
Fix bug with calling plperl from plperlu or vice versa (Tom)
An error exit from the inner function could result in crashes due to failure to re-select the correct Perl interpreter for the outer function.
Fix session-lifespan memory leak when a PL/Perl function is redefined (Tom)
Ensure that Perl arrays are properly converted to PostgreSQL arrays when returned by a set-returning PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen)
This worked correctly already for non-set-returning functions.
Fix rare crash in exception processing in PL/Python (Peter)
Fix ecpg problem with
comments in DECLARE CURSOR
statements (Michael)
Fix ecpg to not treat recently-added keywords as reserved words (Tom)
This affected the keywords CALLED, CATALOG, DEFINER, ENUM, FOLLOWING, INVOKER, OPTIONS, PARTITION, PRECEDING, RANGE, SECURITY, SERVER, UNBOUNDED, and WRAPPER.
Re-allow regular expression special characters in
psql's \df function name parameter (Tom)
In contrib/fuzzystrmatch, correct the
calculation of levenshtein
distances with non-default costs (Marcin Mank)
In contrib/pg_standby,
disable triggering failover with a signal on Windows
(Fujii Masao)
This never did anything useful, because Windows doesn't have Unix-style signals, but recent changes made it actually crash.
Put FREEZE and
VERBOSE options in the right
order in the VACUUM command
that contrib/vacuumdb
produces (Heikki)
Fix possible leak of connections when contrib/dblink encounters an error
(Tatsuhito Kasahara)
Ensure psql's flex module is compiled with the correct system header definitions (Tom)
This fixes build failures on platforms where
--enable-largefile causes
incompatible changes in the generated code.
Make the postmaster ignore any application_name parameter in connection
request packets, to improve compatibility with future
libpq versions (Tom)
Update the timezone abbreviation files to match current reality (Joachim Wieland)
This includes adding IDT
to the default timezone abbreviation set.
Update time zone data files to tzdata release 2009s for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical corrections for Hong Kong.
⇑ Upgrade to 8.4.3 released on 2010-03-15 - docs
Add new configuration parameter ssl_renegotiation_limit to control how
often we do session key renegotiation for an SSL
connection (Magnus)
This can be set to zero to disable renegotiation completely, which may be required if a broken SSL library is used. In particular, some vendors are shipping stopgap patches for CVE-2009-3555 that cause renegotiation attempts to fail.
Fix possible deadlock during backend startup (Tom)
Fix possible crashes due to not handling errors during relcache reload cleanly (Tom)
Fix possible crash due to use of dangling pointer to a cached plan (Tatsuo)
Fix possible crash due to overenthusiastic
invalidation of cached plan for ROLLBACK (Tom)
Fix possible crashes when trying to recover from a failure in subtransaction start (Tom)
Fix server memory leak associated with use of savepoints and a client encoding different from server's encoding (Tom)
Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST index page split (Yoichi Hirai)
This would result in index corruption, or even more likely an error during WAL replay, if we were unlucky enough to crash during end-of-recovery cleanup after having completed an incomplete GIST insertion.
Fix bug in WAL redo cleanup method for GIN indexes (Heikki)
Fix incorrect comparison of scan key in GIN index search (Teodor)
Make substring() for
bit types treat any negative
length as meaning “all the rest of the string”
(Tom)
The previous coding treated only -1 that way, and would produce an invalid result value for other negative values, possibly leading to a crash (CVE-2010-0442).
Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits (Tom)
Fix some cases of pathologically slow regular expression matching (Tom)
Fix bug occurring when trying to inline a SQL function that returns a set of a composite type that contains dropped columns (Tom)
Fix bug with trying to update a field of an element of a composite-type array column (Tom)
Avoid failure when EXPLAIN has to print a FieldStore or
assignment ArrayRef expression (Tom)
These cases can arise now that EXPLAIN VERBOSE tries to print plan node
target lists.
Avoid an unnecessary coercion failure in some cases
where an undecorated literal string appears in a subquery
within UNION/INTERSECT/EXCEPT (Tom)
This fixes a regression for some cases that worked before 8.4.
Avoid undesirable rowtype compatibility check failures in some cases where a whole-row Var has a rowtype that contains dropped columns (Tom)
Fix the STOP WAL LOCATION
entry in backup history files to report the next WAL
segment's name when the end location is exactly at a
segment boundary (Itagaki Takahiro)
Always pass the catalog ID to an option validator
function specified in CREATE
FOREIGN DATA WRAPPER (Martin Pihlak)
Fix some more cases of temporary-file leakage (Heikki)
This corrects a problem introduced in the previous minor release. One case that failed is when a plpgsql function returning set is called within another function's exception handler.
Add support for doing FULL JOIN
ON FALSE (Tom)
This prevents a regression from pre-8.4 releases for some queries that can now be simplified to a constant-false join condition.
Improve constraint exclusion processing of boolean-variable cases, in particular make it possible to exclude a partition that has a “bool_column = false” constraint (Tom)
Prevent treating an INOUT
cast as representing binary compatibility (Heikki)
Include column name in the message when warning about inability to grant or revoke column-level privileges (Stephen Frost)
This is more useful than before and helps to prevent
confusion when a REVOKE
generates multiple messages, which formerly appeared to
be duplicates.
When reading pg_hba.conf
and related files, do not treat @something as a file inclusion request
if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion request
(Tom)
This prevents erratic behavior if a role or database
name starts with @. If you
need to include a file whose path name contains spaces,
you can still do so, but you must write @"/path to/file" rather than putting the
quotes around the whole construct.
Prevent infinite loop on some platforms if a directory
is named as an inclusion target in pg_hba.conf and related files (Tom)
Fix possible infinite loop if SSL_read or SSL_write fails without setting
errno (Tom)
This is reportedly possible with some Windows versions of openssl.
Disallow GSSAPI authentication on local connections, since it requires a hostname to function correctly (Magnus)
Protect ecpg against applications freeing strings unexpectedly (Michael)
Make ecpg report the proper SQLSTATE if the connection disappears (Michael)
Fix translation of cell contents in psql \d
output (Heikki)
Fix psql's
numericlocale option to not
format strings it shouldn't in latex and troff output
formats (Heikki)
Fix a small per-query memory leak in psql (Tom)
Make psql return the
correct exit status (3) when ON_ERROR_STOP and --single-transaction are both specified
and an error occurs during the implied COMMIT (Bruce)
Fix pg_dump's output of permissions for foreign servers (Heikki)
Fix possible crash in parallel pg_restore due to out-of-range dependency IDs (Tom)
Fix plpgsql failure in one case where a composite column is set to NULL (Tom)
Fix possible failure when calling PL/Perl functions from PL/PerlU or vice versa (Tim Bunce)
Add volatile markings in
PL/Python to avoid possible compiler-specific misbehavior
(Zdenek Kotala)
Ensure PL/Tcl initializes the Tcl interpreter fully (Tom)
The only known symptom of this oversight is that the
Tcl clock command misbehaves
if using Tcl 8.5 or later.
Prevent ExecutorEnd from
being run on portals created within a failed transaction
or subtransaction (Tom)
This is known to cause issues when using contrib/auto_explain.
Prevent crash in contrib/dblink when too many key
columns are specified to a dblink_build_sql_* function (Rushabh
Lathia, Joe Conway)
Allow zero-dimensional arrays in contrib/ltree operations (Tom)
This case was formerly rejected as an error, but it's
more convenient to treat it the same as a zero-element
array. In particular this avoids unnecessary failures
when an ltree operation is
applied to the result of ARRAY(SELECT ...) and the sub-select
returns no rows.
Fix assorted crashes in contrib/xml2 caused by sloppy memory
management (Tom)
Make building of contrib/xml2 more robust on Windows
(Andrew)
Fix race condition in Windows signal handling (Radu Ilie)
One known symptom of this bug is that rows in
pg_listener could be
dropped under heavy load.
Make the configure script report failure if the C compiler does not provide a working 64-bit integer datatype (Tom)
This case has been broken for some time, and no longer seems worth supporting, so just reject it at configure time instead.
Update time zone data files to tzdata release 2010e for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa.
⇑ Upgrade to 8.4.4 released on 2010-05-17 - docs
Enforce restrictions in plperl using an opmask applied to the
whole interpreter, instead of using Safe.pm (Tim Bunce, Andrew Dunstan)
Recent developments have convinced us that
Safe.pm is too insecure to
rely on for making plperl
trustable. This change removes use of Safe.pm altogether, in favor of using a
separate interpreter with an opcode mask that is always
applied. Pleasant side effects of the change include that
it is now possible to use Perl's strict pragma in a natural way in
plperl, and that Perl's
$a and $b variables work as expected in sort
routines, and that function compilation is significantly
faster. (CVE-2010-1169)
Prevent PL/Tcl from executing untrustworthy code from
pltcl_modules (Tom)
PL/Tcl's feature for autoloading Tcl code from a
database table could be exploited for trojan-horse
attacks, because there was no restriction on who could
create or insert into that table. This change disables
the feature unless pltcl_modules is owned by a
superuser. (However, the permissions on the table are not
checked, so installations that really need a
less-than-secure modules table can still grant suitable
privileges to trusted non-superusers.) Also, prevent
loading code into the unrestricted “normal” Tcl
interpreter unless we are really going to execute a
pltclu function.
(CVE-2010-1170)
Fix data corruption during WAL replay of ALTER ... SET TABLESPACE (Tom)
When archive_mode is on,
ALTER ... SET TABLESPACE
generates a WAL record whose replay logic was incorrect.
It could write the data to the wrong place, leading to
possibly-unrecoverable data corruption. Data corruption
would be observed on standby slaves, and could occur on
the master as well if a database crash and recovery
occurred after committing the ALTER and before the next
checkpoint.
Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki)
This error was introduced in 8.4.3 while fixing a related failure.
Apply per-function GUC settings while running the language validator for the function (Itagaki Takahiro)
This avoids failures if the function's code is invalid
without the setting; an example is that SQL functions may
not parse if the search_path
is not correct.
Do constraint exclusion for inherited UPDATE and DELETE target tables when constraint_exclusion = partition (Tom)
Due to an oversight, this setting previously only
caused constraint exclusion to be checked in SELECT commands.
Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro)
Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or
ALTER DATABASE ... RESET ALL
for a database he owns, this would remove all special
parameter settings for the user or database, even ones
that are only supposed to be changeable by a superuser.
Now, the ALTER will only
remove the parameters that the user has permission to
change.
Avoid possible crash during backend shutdown if
shutdown occurs when a CONTEXT addition would be made to log
entries (Tom)
In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message.
Fix erroneous handling of %r parameter in recovery_end_command (Heikki)
The value always came out zero.
Ensure the archiver process responds to changes in
archive_command as soon as
possible (Tom)
Fix PL/pgSQL's CASE
statement to not fail when the case expression is a query
that returns no rows (Tom)
Update PL/Perl's ppport.h for modern Perl versions
(Andrew)
Fix assorted memory leaks in PL/Python (Andreas Freund, Tom)
Handle empty-string connect parameters properly in ecpg (Michael)
Prevent infinite recursion in psql when expanding a variable that refers to itself (Tom)
Fix psql's
\copy to not add spaces
around a dot within \copy (select
...) (Tom)
Addition of spaces around the decimal point in a numeric literal would result in a syntax error.
Avoid formatting failure in psql when running in a locale
context that doesn't match the client_encoding (Tom)
Fix unnecessary “GIN indexes do not support whole-index
scans” errors for unsatisfiable queries
using contrib/intarray
operators (Tom)
Ensure that contrib/pgstattuple functions respond
to cancel interrupts promptly (Tatsuhito Kasahara)
Make server startup deal properly with the case that
shmget() returns
EINVAL for an existing
shared memory segment (Tom)
This behavior has been observed on BSD-derived kernels including macOS. It resulted in an entirely-misleading startup failure complaining that the shared memory request size was too large.
Avoid possible crashes in syslogger process on Windows (Heikki)
Deal more robustly with incomplete time zone information in the Windows registry (Magnus)
Update the set of known Windows time zone names (Magnus)
Update time zone data files to tzdata release 2010j for DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also historical corrections for Taiwan.
Also, add PKST (Pakistan
Summer Time) to the default set of timezone
abbreviations.
⇑ Upgrade to 9.0 released on 2010-09-20 - docs
Allow a standby server to accept read-only queries (Simon Riggs, Heikki Linnakangas)
This feature is called Hot Standby. There are new
postgresql.conf and
recovery.conf settings
to control this feature, as well as extensive
documentation.
Allow write-ahead log (WAL) data to be streamed to a standby server (Fujii Masao, Heikki Linnakangas)
This feature is called Streaming Replication.
Previously WAL
data could be sent to standby servers only in units
of entire WAL
files (normally 16 megabytes each). Streaming
Replication eliminates this inefficiency and allows
updates on the master to be propagated to standby
servers with very little delay. There are new
postgresql.conf and
recovery.conf settings
to control this feature, as well as extensive
documentation.
Add
pg_last_xlog_receive_location()
and pg_last_xlog_replay_location(),
which can be used to monitor standby server
WAL activity
(Simon Riggs, Fujii Masao, Heikki Linnakangas)
Allow per-tablespace values to be set for
sequential and random page cost estimates
(seq_page_cost/random_page_cost) via ALTER
TABLESPACE ... SET/RESET (Robert Haas)
Improve performance and reliability of EvalPlanQual rechecks in join queries (Tom Lane)
UPDATE, DELETE, and SELECT FOR UPDATE/SHARE queries that
involve joins will now behave much better when
encountering freshly-updated rows.
Improve performance of TRUNCATE when the table was
created or truncated earlier in the same transaction
(Tom Lane)
Improve performance of finding inheritance child tables (Tom Lane)
Remove unnecessary outer joins (Robert Haas)
Outer joins where the inner side is unique and not referenced above the join are unnecessary and are therefore now removed. This will accelerate many automatically generated queries, such as those created by object-relational mappers (ORMs).
Allow IS NOT NULL
restrictions to use indexes (Tom Lane)
This is particularly useful for finding
MAX()/MIN() values in indexes that
contain many null values.
Improve the optimizer's choices about when to use
materialize nodes, and when to use sorting versus
hashing for DISTINCT
(Tom Lane)
Improve the optimizer's equivalence detection for
expressions involving boolean <> operators (Tom Lane)
Use the same random seed every time GEQO plans a query (Andres Freund)
While the Genetic Query Optimizer (GEQO) still
selects random plans, it now always selects the same
random plans for identical queries, thus giving more
consistent performance. You can modify
geqo_seed to experiment with alternative
plans.
Improve GEQO plan selection (Tom Lane)
This avoids the rare error “failed to make a valid plan”, and should also improve planning speed.
Improve ANALYZE to support
inheritance-tree statistics (Tom Lane)
This is particularly useful for partitioned tables. However, autovacuum does not yet automatically re-analyze parent tables when child tables change.
Improve autovacuum's detection of when re-analyze is necessary (Tom Lane)
Improve optimizer's estimation for greater/less-than comparisons (Tom Lane)
When looking up statistics for greater/less-than comparisons, if the comparison value is in the first or last histogram bucket, use an index (if available) to fetch the current actual column minimum or maximum. This greatly improves the accuracy of estimates for comparison values near the ends of the data range, particularly if the range is constantly changing due to addition of new data.
Allow setting of number-of-distinct-values
statistics using ALTER
TABLE (Robert Haas)
This allows users to override the estimated number
or percentage of distinct values for a column. This
statistic is normally computed by ANALYZE, but the estimate can be
poor, especially on tables with very large numbers of
rows.
Add support for RADIUS (Remote Authentication Dial In User Service) authentication (Magnus Hagander)
Allow LDAP (Lightweight Directory Access Protocol) authentication to operate in “search/bind” mode (Robert Fleming, Magnus Hagander)
This allows the user to be looked up first, then the system uses the DN (Distinguished Name) returned for that user.
Add samehost and samenet designations to pg_hba.conf (Stef Walter)
These match the server's IP address and subnet address respectively.
Pass trusted SSL root certificate names to the client so the client can return an appropriate client certificate (Craig Ringer)
Add the ability for clients to set an application
name, which is displayed in pg_stat_activity (Dave Page)
This allows administrators to characterize database traffic and troubleshoot problems by source application.
Add a SQLSTATE option (%e) to
log_line_prefix (Guillaume Smet)
This allows users to compile statistics on errors and messages by error code number.
Write to the Windows event log in UTF16 encoding (Itagaki Takahiro)
Now there is true multilingual support for PostgreSQL log messages on Windows.
Add
pg_stat_reset_shared('bgwriter')
to reset the cluster-wide shared statistics for the
background writer (Greg Smith)
Add
pg_stat_reset_single_table_counters()
and pg_stat_reset_single_function_counters()
to allow resetting the statistics counters for
individual tables and functions (Magnus Hagander)
Allow setting of configuration parameters based on database/role combinations (Alvaro Herrera)
Previously only per-database and per-role settings
were possible, not combinations. All role and
database settings are now stored in the new
pg_db_role_setting
system catalog. A new psql command \drds shows these settings. The
legacy system views pg_roles, pg_shadow, and pg_user do not show combination
settings, and therefore no longer completely
represent the configuration for a user or
database.
Add server parameter
bonjour, which controls whether a
Bonjour-enabled server advertises itself via
Bonjour (Tom
Lane)
The default is off, meaning it does not advertise. This allows packagers to distribute Bonjour-enabled builds without worrying that individual users might not want the feature.
Add server parameter
enable_material, which controls the use of
materialize nodes in the optimizer (Robert Haas)
The default is on. When off, the optimizer will not add materialize nodes purely for performance reasons, though they will still be used when necessary for correctness.
Change server parameter
log_temp_files to use default file size
units of kilobytes (Robert Haas)
Previously this setting was interpreted in bytes if no units were specified.
Log changes of parameter values when postgresql.conf is reloaded (Peter
Eisentraut)
This lets administrators and security staff audit
changes of database settings, and is also very
convenient for checking the effects of postgresql.conf edits.
Properly enforce superuser permissions for custom server parameters (Tom Lane)
Non-superusers can no longer issue ALTER ROLE/DATABASE SET for parameters that are
not currently known to the server. This allows the
server to correctly check that superuser-only
parameters are only set by superusers. Previously,
the SET would be allowed
and then ignored at session start, making
superuser-only custom parameters much less useful
than they should be.
Perform SELECT FOR
UPDATE/SHARE
processing after applying LIMIT, so the number of rows returned
is always predictable (Tom Lane)
Previously, changes made by concurrent transactions
could cause a SELECT FOR
UPDATE to unexpectedly return fewer rows than
specified by its LIMIT.
FOR UPDATE in combination
with ORDER BY can still
produce surprising results, but that can be corrected
by placing FOR UPDATE in a
subquery.
Allow mixing of traditional and SQL-standard
LIMIT/OFFSET syntax (Tom Lane)
Extend the supported frame options in window functions (Hitoshi Harada)
Frames can now start with CURRENT ROW, and the ROWS /n
PRECEDINGFOLLOWING
options are now supported.
Make SELECT INTO and
CREATE TABLE AS return row
counts to the client in their command tags (Boszormenyi
Zoltan)
This can save an entire round-trip to the client,
allowing result counts and pagination to be calculated
without an additional COUNT query.
Support Unicode surrogate pairs (dual 16-bit
representation) in
U& strings and
identifiers (Peter Eisentraut)
Support Unicode escapes in
E'...' strings
(Marko Kreen)
Speed up CREATE
DATABASE by deferring flushes to disk
(Andres Freund, Greg Stark)
Allow comments on columns of tables, views, and composite types only, not other relation types such as indexes and TOAST tables (Tom Lane)
Allow the creation of enumerated types containing no values (Bruce Momjian)
Let values of columns having storage type
MAIN remain on the main
heap page unless the row cannot fit on a page (Kevin
Grittner)
Previously MAIN values
were forced out to TOAST tables until the row size was
less than one-quarter of the page size.
Implement IF EXISTS
for ALTER TABLE DROP
COLUMN and ALTER TABLE
DROP CONSTRAINT (Andres Freund)
Allow ALTER TABLE
commands that rewrite tables to skip WAL logging (Itagaki
Takahiro)
Such operations either produce a new copy of the table or are rolled back, so WAL archiving can be skipped, unless running in continuous archiving mode. This reduces I/O overhead and improves performance.
Fix failure of ALTER TABLE
when done by non-owner of table (Tom
Lane)table ADD
COLUMN col
serial
Add support for copying COMMENTS and STORAGE settings in CREATE TABLE ... LIKE commands
(Itagaki Takahiro)
Add a shortcut for copying all properties in
CREATE TABLE ... LIKE
commands (Itagaki Takahiro)
Add the SQL-standard CREATE
TABLE ... OF command
(Peter Eisentraut)type
This allows creation of a table that matches an existing composite type. Additional constraints and defaults can be specified in the command.
Add deferrable unique constraints (Dean Rasheed)
This allows mass updates, such as UPDATE tab SET col = col + 1, to
work reliably on columns that have unique indexes or
are marked as primary keys. If the constraint is
specified as DEFERRABLE
it will be checked at the end of the statement,
rather than after each row is updated. The constraint
check can also be deferred until the end of the
current transaction, allowing such updates to be
spread over multiple SQL commands.
Add exclusion constraints (Jeff Davis)
Exclusion constraints generalize uniqueness
constraints by allowing arbitrary comparison
operators, not just equality. They are created with
the
CREATE TABLE CONSTRAINT ... EXCLUDE
clause. The most common use of exclusion constraints
is to specify that column entries must not overlap,
rather than simply not be equal. This is useful for
time periods and other ranges, as well as arrays.
This feature enhances checking of data integrity for
many calendaring, time-management, and scientific
applications.
Improve uniqueness-constraint violation error messages to report the values causing the failure (Itagaki Takahiro)
For example, a uniqueness constraint violation
might now report Key (x)=(2)
already exists.
Add the ability to make mass permission changes
across a whole schema using the new GRANT/REVOKE
IN SCHEMA clause (Petr Jelinek)
This simplifies management of object permissions and makes it easier to utilize database roles for application data security.
Add ALTER DEFAULT PRIVILEGES command
to control privileges of objects created later (Petr
Jelinek)
This greatly simplifies the assignment of object privileges in a complex database application. Default privileges can be set for tables, views, sequences, and functions. Defaults may be assigned on a per-schema basis, or database-wide.
Add the ability to control large object (BLOB)
permissions with GRANT/REVOKE (KaiGai Kohei)
Formerly, any database user could read or modify any large object. Read and write permissions can now be granted and revoked per large object, and the ownership of large objects is tracked.
Make LISTEN/NOTIFY store pending events in a
memory queue, rather than in a system table (Joachim
Wieland)
This substantially improves performance, while retaining the existing features of transactional support and guaranteed delivery.
Allow NOTIFY to
pass an optional “payload” string to listeners
(Joachim Wieland)
This greatly improves the usefulness of LISTEN/NOTIFY as a general-purpose event
queue system.
Allow CLUSTER on
all per-database system catalogs (Tom Lane)
Shared catalogs still cannot be clustered.
Accept COPY ... CSV FORCE
QUOTE * (Itagaki Takahiro)
Now * can be used as
shorthand for “all columns” in the
FORCE QUOTE clause.
Add new COPY syntax
that allows options to be specified inside
parentheses (Robert Haas, Emmanuel Cecchet)
This allows greater flexibility for future
COPY options. The old
syntax is still supported, but only for pre-existing
options.
Allow EXPLAIN to
output in XML,
JSON, or
YAML format
(Robert Haas, Greg Sabino Mullane)
The new output formats are easily
machine-readable, supporting the development of new
tools for analysis of EXPLAIN output.
Add new BUFFERS
option to report query buffer usage during
EXPLAIN ANALYZE (Itagaki
Takahiro)
This allows better query profiling for individual queries. Buffer usage is no longer reported in the output for log_statement_stats and related settings.
Add hash usage information to EXPLAIN output (Robert Haas)
Add new EXPLAIN
syntax that allows options to be specified inside
parentheses (Robert Haas)
This allows greater flexibility for future
EXPLAIN options. The old
syntax is still supported, but only for pre-existing
options.
Change VACUUM FULL to
rewrite the entire table and rebuild its indexes,
rather than moving individual rows around to compact
space (Itagaki Takahiro, Tom Lane)
The previous method was usually slower and caused
index bloat. Note that the new method will use more
disk space transiently during VACUUM FULL; potentially as much as
twice the space normally occupied by the table and
its indexes.
Add new VACUUM syntax
that allows options to be specified inside
parentheses (Itagaki Takahiro)
This allows greater flexibility for future
VACUUM options. The old
syntax is still supported, but only for pre-existing
options.
Allow an index to be named automatically by
omitting the index name in CREATE
INDEX (Tom Lane)
By default, multicolumn indexes are now named after all their columns; and index expression columns are now named based on their expressions (Tom Lane)
Reindexing shared system catalogs is now fully transactional and crash-safe (Tom Lane)
Formerly, reindexing a shared index was only allowed in standalone mode, and a crash during the operation could leave the index in worse condition than it was before.
Add point_ops
operator class for GiST (Teodor Sigaev)
This feature permits GiST indexing of point columns. The index can be used
for several types of queries such as point <@ polygon (point is in
polygon). This should make many PostGIS queries faster.
Use red-black binary trees for GIN index creation (Teodor Sigaev)
Red-black trees are self-balancing. This avoids slowdowns in cases where the input is in nonrandom order.
Allow bytea values to be written in hex
notation (Peter Eisentraut)
The server parameter
bytea_output controls whether hex or
traditional format is used for bytea output. Libpq's PQescapeByteaConn() function
automatically uses the hex format when connected to
PostgreSQL 9.0 or
newer servers. However, pre-9.0 libpq versions will not
correctly process hex format from newer servers.
The new hex format will be directly compatible with more applications that use binary data, allowing them to store and retrieve it without extra conversion. It is also significantly faster to read and write than the traditional format.
Allow server parameter extra_float_digits
to be increased to 3 (Tom
Lane)
The previous maximum extra_float_digits setting was
2. There are cases where 3
digits are needed to dump and restore float4 values exactly. pg_dump will now use the setting
of 3 when dumping from a server that allows it.
Tighten input checking for int2vector values (Caleb Welton)
Add prefix support in synonym dictionaries (Teodor
Sigaev)
Add filtering dictionaries (Teodor Sigaev)
Filtering dictionaries allow tokens to be modified then passed to subsequent dictionaries.
Allow underscores in email-address tokens (Teodor Sigaev)
Use more standards-compliant rules for parsing URL tokens (Tom Lane)
Allow function calls to supply parameter names and match them to named parameters in the function definition (Pavel Stehule)
For example, if a function is defined to take
parameters a and
b, it can be called with
func(a := 7, b := 12) or
func(b := 12, a := 7).
Support locale-specific regular expression processing with UTF-8 server encoding (Tom Lane)
Locale-specific regular expression functionality includes case-insensitive matching and locale-specific character classes. Previously, these features worked correctly for non-ASCII characters only if the database used a single-byte server encoding (such as LATIN1). They will still misbehave in multi-byte encodings other than UTF-8.
Add support for scientific notation in to_char() (EEEE
specification) (Pavel Stehule, Brendan Jurd)
Make to_char() honor
FM (fill mode) in
Y, YY, and YYY specifications (Bruce Momjian, Tom
Lane)
It was already honored by YYYY.
Fix to_char() to
output localized numeric and monetary strings in the
correct encoding on Windows (Hiroshi Inoue, Itagaki
Takahiro, Bruce Momjian)
Correct calculations of “overlaps” and “contains” operations for polygons (Teodor Sigaev)
The polygon &&
(overlaps) operator formerly just checked to see if the
two polygons' bounding boxes overlapped. It now does a
more correct check. The polygon @> and <@ (contains/contained by)
operators formerly checked to see if one polygon's
vertexes were all contained in the other; this can
wrongly report “true” for some non-convex
polygons. Now they check that all line segments of one
polygon are contained in the other.
Allow aggregate functions to use ORDER BY (Andrew Gierth)
For example, this is now supported: array_agg(a ORDER BY b). This is
useful with aggregates for which the order of input
values is significant, and eliminates the need to use
a nonstandard subquery to determine the ordering.
Multi-argument aggregate functions can now use
DISTINCT (Andrew
Gierth)
Add the
string_agg()
aggregate function to combine values into a single
string (Pavel Stehule)
Aggregate functions that are called with
DISTINCT are now passed
NULL values if the aggregate transition function is
not marked as STRICT
(Andrew Gierth)
For example, agg(DISTINCT
x) might pass a NULL x value to agg(). This is more consistent with
the behavior in non-DISTINCT cases.
Add
get_bit() and
set_bit() functions for
bit strings, mirroring
those for bytea (Leonardo
F)
Implement
OVERLAY() (replace)
for bit strings and
bytea (Leonardo F)
Add
pg_table_size() and
pg_indexes_size() to
provide a more user-friendly interface to the
pg_relation_size()
function (Bernd Helmle)
Add
has_sequence_privilege() for
sequence permission checking (Abhijit Menon-Sen)
Update the information_schema views to conform to SQL:2008 (Peter Eisentraut)
Make the information_schema views correctly
display maximum octet lengths for char and varchar columns (Peter Eisentraut)
Speed up information_schema privilege views
(Joachim Wieland)
Support execution of anonymous code blocks using
the DO statement
(Petr Jelinek, Joshua Tolley, Hannu Valtonen)
This allows execution of server-side code without the need to create and delete a temporary function definition. Code can be executed in any language for which the user has permissions to define a function.
Implement SQL-standard-compliant per-column triggers (Itagaki Takahiro)
Such triggers are fired only when the specified
column(s) are affected by the query, e.g. appear in
an UPDATE's SET list.
Add the WHEN clause
to CREATE
TRIGGER to allow control over whether a
trigger is fired (Itagaki Takahiro)
While the same type of check can always be
performed inside the trigger, doing it in an external
WHEN clause can have
performance benefits.
Add the OR REPLACE
clause to CREATE
LANGUAGE (Tom Lane)
This is helpful to optionally install a language if it does not already exist, and is particularly helpful now that PL/pgSQL is installed by default.
Install PL/pgSQL by default (Bruce Momjian)
The language can still be removed from a particular database if the administrator has security or performance concerns about making it available.
Improve handling of cases where PL/pgSQL variable names conflict with identifiers used in queries within a function (Tom Lane)
The default behavior is now to throw an error when
there is a conflict, so as to avoid surprising
behaviors. This can be modified, via the
configuration parameter
plpgsql.variable_conflict or the
per-function option #variable_conflict, to allow either
the variable or the query-supplied column to be used.
In any case PL/pgSQL will no longer attempt to
substitute variables in places where they would not
be syntactically valid.
Make PL/pgSQL use the main lexer, rather than its own version (Tom Lane)
This ensures accurate tracking of the main system's behavior for details such as string escaping. Some user-visible details, such as the set of keywords considered reserved in PL/pgSQL, have changed in consequence.
Avoid throwing an unnecessary error for an invalid record reference (Tom Lane)
An error is now thrown only if the reference is actually fetched, rather than whenever the enclosing expression is reached. For example, many people have tried to do this in triggers:
if TG_OP = 'INSERT' and NEW.col1 = ... then
This will now actually work as expected.
Improve PL/pgSQL's ability to handle row types with dropped columns (Pavel Stehule)
Allow input parameters to be assigned values within PL/pgSQL functions (Steve Prentice)
Formerly, input parameters were treated as being
declared CONST, so the
function's code could not change their values. This
restriction has been removed to simplify porting of
functions from other DBMSes that do not impose the
equivalent restriction. An input parameter now acts
like a local variable initialized to the passed-in
value.
Improve error location reporting in PL/pgSQL (Tom Lane)
Add count and
ALL options to
MOVE
FORWARD/BACKWARD
in PL/pgSQL (Pavel Stehule)
Allow PL/pgSQL's WHERE
CURRENT OF to use a cursor variable (Tom
Lane)
Allow PL/pgSQL's OPEN
to use parameters (Pavel Stehule,
Itagaki Takahiro)cursor FOR
EXECUTE
This is accomplished with a new USING clause.
Add new PL/Perl functions:
quote_literal(), quote_nullable(), quote_ident(), encode_bytea(), decode_bytea(), looks_like_number(), encode_array_literal(),
encode_array_constructor()
(Tim Bunce)
Add server parameter
plperl.on_init to specify a PL/Perl
initialization function (Tim Bunce)
plperl.on_plperl_init and
plperl.on_plperlu_init are also
available for initialization that is specific to the
trusted or untrusted language respectively.
Support END blocks in
PL/Perl (Tim Bunce)
END blocks do not
currently allow database access.
Allow use strict in
PL/Perl (Tim Bunce)
Perl strict checks
can also be globally enabled with the new server
parameter
plperl.use_strict.
Allow require in
PL/Perl (Tim Bunce)
This basically tests to see if the module is loaded, and if not, generates an error. It will not allow loading of modules that the administrator has not preloaded via the initialization parameters.
Allow use feature in
PL/Perl if Perl version 5.10 or later is used (Tim
Bunce)
Verify that PL/Perl return values are valid in the server encoding (Andrew Dunstan)
Add Unicode support in PL/Python (Peter Eisentraut)
Strings are automatically converted from/to the server encoding as necessary.
Improve bytea support in
PL/Python (Caleb Welton)
Bytea values passed into
PL/Python are now represented as binary, rather than
the PostgreSQL bytea text
format. Bytea values
containing null bytes are now also output properly
from PL/Python. Passing of boolean, integer, and
float values was also improved.
Support arrays as parameters and return values in PL/Python (Peter Eisentraut)
Improve mapping of SQL domains to Python types (Peter Eisentraut)
Add Python 3 support to PL/Python (Peter Eisentraut)
The new server-side language is called plpython3u. This cannot be used
in the same session with the Python 2 server-side
language.
Improve error location and exception reporting in PL/Python (Peter Eisentraut)
Add an --analyze-only
option to vacuumdb, to analyze without
vacuuming (Bruce Momjian)
Add support for quoting/escaping the values of psql variables as SQL strings or identifiers (Pavel Stehule, Robert Haas)
For example, :'var'
will produce the value of var quoted and properly escaped as a
literal string, while :"var" will produce its value quoted
and escaped as an identifier.
Ignore a leading UTF-8-encoded Unicode byte-order marker in script files read by psql (Itagaki Takahiro)
This is enabled when the client encoding is UTF-8. It improves compatibility with certain editors, mostly on Windows, that insist on inserting such markers.
Fix psql --file - to
properly honor --single-transaction (Bruce
Momjian)
Avoid overwriting of psql's command-line history when two psql sessions are run concurrently (Tom Lane)
Improve psql's tab completion support (Itagaki Takahiro)
Show \timing output
when it is enabled, regardless of “quiet”
mode (Peter Eisentraut)
Improve display of wrapped columns in psql (Roger Leigh)
This behavior is now the default. The previous
formatting is available by using \pset linestyle old-ascii.
Allow psql to
use fancy Unicode line-drawing characters via
\pset linestyle
unicode (Roger Leigh)
Make \d show child
tables that inherit from the specified parent
(Damien Clochard)
\d shows only the
number of child tables, while \d+ shows the names of all child
tables.
Show definitions of index columns in
\d index_name (Khee
Chin)
The definition is useful for expression indexes.
Show a view's defining query only in
\d+, not in
\d (Peter
Eisentraut)
Always including the query was deemed overly verbose.
Make pg_dump/pg_restore --clean
also remove large objects (Itagaki Takahiro)
Fix pg_dump to
properly dump large objects when standard_conforming_strings is
enabled (Tom Lane)
The previous coding could fail when dumping to an archive file and then generating script output from pg_restore.
pg_restore now emits large-object data in hex format when generating script output (Tom Lane)
This could cause compatibility problems if the script is then loaded into a pre-9.0 server. To work around that, restore directly to the server, instead.
Allow pg_dump to dump comments attached to columns of composite types (Taro Minowa (Higepon))
Make pg_dump
--verbose
output the pg_dump
and server versions in text output mode (Jim Cox, Tom
Lane)
These were already provided in custom output mode.
pg_restore now complains if any command-line arguments remain after the switches and optional file name (Tom Lane)
Previously, it silently ignored any such arguments.
Allow pg_ctl to be used safely to start the postmaster during a system reboot (Tom Lane)
Previously, pg_ctl's parent process could have been mistakenly identified as a running postmaster based on a stale postmaster lock file, resulting in a transient failure to start the database.
Give pg_ctl the ability to initialize the database (by invoking initdb) (Zdenek Kotala)
Add new libpq
functions
PQconnectdbParams() and PQconnectStartParams() (Guillaume
Lelarge)
These functions are similar to PQconnectdb() and PQconnectStart() except that they
accept a null-terminated array of connection options,
rather than requiring all options to be provided in a
single string.
Add libpq
functions
PQescapeLiteral()
and PQescapeIdentifier() (Robert
Haas)
These functions return appropriately quoted and
escaped SQL string literals and identifiers. The
caller is not required to pre-allocate the string
result, as is required by PQescapeStringConn().
Add support for a per-user service file (.pg_service.conf),
which is checked before the site-wide service file
(Peter Eisentraut)
Properly report an error if the specified libpq service cannot be found (Peter Eisentraut)
Add TCP keepalive settings in libpq (Tollef Fog Heen, Fujii Masao, Robert Haas)
Keepalive settings were already supported on the server end of TCP connections.
Avoid extra system calls to block and unblock
SIGPIPE in libpq, on platforms that offer
alternative methods (Jeremy Kerr)
When a .pgpass-supplied password
fails, mention where the password came from in the
error message (Bruce Momjian)
Load all SSL certificates given in the client certificate file (Tom Lane)
This improves support for indirectly-signed SSL certificates.
Add SQLDA (SQL Descriptor Area) support to ecpg (Boszormenyi Zoltan)
Add the DESCRIBE [ OUTPUT ] statement to
ecpg (Boszormenyi
Zoltan)
Add an ECPGtransactionStatus function to return the current transaction status (Bernd Helmle)
Add the string data
type in ecpg
Informix-compatibility mode (Boszormenyi Zoltan)
Allow ecpg to use
new and old variable names without
restriction (Michael Meskes)
Allow ecpg to use
variable names in free() (Michael Meskes)
Make ecpg_dynamic_type() return zero for
non-SQL3 data types (Michael Meskes)
Previously it returned the negative of the data type OID. This could be confused with valid type OIDs, however.
Support long long types
on platforms that already have 64-bit long (Michael Meskes)
Add out-of-scope cursor support in ecpg's native mode (Boszormenyi Zoltan)
This allows DECLARE
to use variables that are not in scope when
OPEN is called. This
facility already existed in ecpg's Informix-compatibility
mode.
Allow dynamic cursor names in ecpg (Boszormenyi Zoltan)
Allow ecpg to
use noise words FROM
and IN in FETCH and MOVE (Boszormenyi Zoltan)
Enable client thread safety by default (Bruce Momjian)
The thread-safety option can be disabled with
configure --disable-thread-safety.
Add support for controlling the Linux out-of-memory killer (Alex Hunsaker, Tom Lane)
Now that /proc/self/oom_adj allows disabling
of the Linux
out-of-memory (OOM)
killer, it's recommendable to disable OOM kills for the
postmaster. It may then be desirable to re-enable OOM
kills for the postmaster's child processes. The new
compile-time option LINUX_OOM_ADJ allows the killer to
be reactivated for child processes.
New Makefile targets
world,
install-world, and
installcheck-world
(Andrew Dunstan)
These are similar to the existing all, install, and installcheck targets, but they also
build the HTML
documentation, build and test contrib, and test server-side
languages and ecpg.
Add data and documentation installation location control to PGXS Makefiles (Mark Cave-Ayland)
Add Makefile rules to build the PostgreSQL documentation as a single HTML file or as a single plain-text file (Peter Eisentraut, Bruce Momjian)
Support compiling on 64-bit Windows and running in 64-bit mode (Tsutomu Yamada, Magnus Hagander)
This allows for large shared memory sizes on Windows.
Support server builds using Visual Studio 2008 (Magnus Hagander)
Distribute prebuilt documentation in a subdirectory tree, rather than as tar archive files inside the distribution tarball (Peter Eisentraut)
For example, the prebuilt HTML documentation is now in
doc/src/sgml/html/; the
manual pages are packaged similarly.
Make the server's lexer reentrant (Tom Lane)
This was needed for use of the lexer by PL/pgSQL.
Improve speed of memory allocation (Tom Lane, Greg Stark)
User-defined constraint triggers now have entries in
pg_constraint as well
as pg_trigger (Tom
Lane)
Because of this change, pg_constraint.pgconstrname is now redundant and
has been removed.
Add system catalog columns pg_constraint.conindid and pg_trigger.tgconstrindid to better document
the use of indexes for constraint enforcement (Tom
Lane)
Allow multiple conditions to be communicated to backends using a single operating system signal (Fujii Masao)
This allows new features to be added without a platform-specific constraint on the number of signal conditions.
Improve source code test coverage, including
contrib, PL/Python, and
PL/Perl (Peter Eisentraut, Andrew Dunstan)
Remove the use of flat files for system table bootstrapping (Tom Lane, Alvaro Herrera)
This improves performance when using many roles or databases, and eliminates some possible failure conditions.
Automatically generate the initial contents of
pg_attribute for
“bootstrapped” catalogs (John
Naylor)
This greatly simplifies changes to these catalogs.
Split the processing of INSERT/UPDATE/DELETE operations out of execMain.c (Marko Tiikkaja)
Updates are now executed in a separate ModifyTable node. This change is necessary infrastructure for future improvements.
Simplify translation of psql's SQL help text (Peter Eisentraut)
Reduce the lengths of some file names so that all file paths in the distribution tarball are less than 100 characters (Tom Lane)
Some decompression programs have problems with longer file paths.
Add a new
ERRCODE_INVALID_PASSWORD SQLSTATE error code (Bruce
Momjian)
With authors' permissions, remove the few remaining personal source code copyright notices (Bruce Momjian)
The personal copyright notices were insignificant but the community occasionally had to answer questions about them.
Add new documentation section about running PostgreSQL in non-durable mode to improve performance (Bruce Momjian)
Restructure the HTML documentation Makefile rules to make their
dependency checks work correctly, avoiding unnecessary
rebuilds (Peter Eisentraut)
Use DocBook XSL stylesheets for man page building, rather than Docbook2X (Peter Eisentraut)
This changes the set of tools needed to build the man pages.
Improve PL/Perl code structure (Tim Bunce)
Improve error context reports in PL/Perl (Alexey Klyukin)
Require Autoconf 2.63 to build configure (Peter Eisentraut)
Require Flex 2.5.31 or later to build from a CVS checkout (Tom Lane)
Require Perl version 5.8 or later to build from a CVS checkout (John Naylor, Andrew Dunstan)
Use a more modern API for Bonjour (Tom Lane)
Bonjour support now requires macOS 10.3 or later. The older API has been deprecated by Apple.
Add spinlock support for the SuperH architecture (Nobuhiro Iwamatsu)
Allow non-GCC compilers to use inline functions if they support them (Kurt Harriman)
Remove support for platforms that don't have a working 64-bit integer data type (Tom Lane)
Restructure use of LDFLAGS to be more consistent across
platforms (Tom Lane)
LDFLAGS is now used
for linking both executables and shared libraries,
and we add on LDFLAGS_EX
when linking executables, or LDFLAGS_SL when linking shared
libraries.
Make backend header files safe to include in C++ (Kurt Harriman, Peter Eisentraut)
These changes remove keyword conflicts that
previously made C++
usage difficult in backend code. However, there are
still other complexities when using C++ for backend functions.
extern "C" { } is still
necessary in appropriate places, and memory
management and error handling are still
problematic.
Add AggCheckCallContext() for use
in detecting if a C
function is being called as an aggregate (Hitoshi
Harada)
Change calling convention for SearchSysCache() and related
functions to avoid hard-wiring the maximum number of
cache keys (Robert Haas)
Existing calls will still work for the moment, but can be expected to break in 9.1 or later if not converted to the new style.
Require calls of fastgetattr() and heap_getattr() backend macros to
provide a non-NULL fourth argument (Robert Haas)
Custom typanalyze functions should no longer rely
on VacAttrStats.attr to determine the type of
data they will be passed (Tom Lane)
This was changed to allow collection of statistics on index columns for which the storage type is different from the underlying column data type. There are new fields that tell the actual datatype being analyzed.
Add parser hooks for processing ColumnRef and ParamRef nodes (Tom Lane)
Add a ProcessUtility hook so loadable modules can control utility commands (Itagaki Takahiro)
Add contrib/pg_upgrade to support
in-place upgrades (Bruce Momjian)
This avoids the requirement of dumping/reloading the database when upgrading to a new major release of PostgreSQL, thus reducing downtime by orders of magnitude. It supports upgrades to 9.0 from PostgreSQL 8.3 and 8.4.
Add support for preserving relation relfilenode values during
binary upgrades (Bruce Momjian)
Add support for preserving pg_type and pg_enum OIDs during binary
upgrades (Bruce Momjian)
Move data files within tablespaces into PostgreSQL-version-specific subdirectories (Bruce Momjian)
This simplifies binary upgrades.
Add multithreading option (-j) to contrib/pgbench (Itagaki
Takahiro)
This allows multiple CPUs to be used by pgbench, reducing the risk of pgbench itself becoming the test bottleneck.
Add \shell and
\setshell meta commands to
contrib/pgbench (Michael
Paquier)
New features for contrib/dict_xsyn (Sergey
Karpov)
The new options are matchorig, matchsynonyms, and keepsynonyms.
Add full text dictionary contrib/unaccent
(Teodor Sigaev)
This filtering dictionary removes accents from letters, which makes full-text searches over multiple languages much easier.
Add dblink_get_notify() to
contrib/dblink (Marcus
Kempe)
This allows asynchronous notifications in dblink.
Improve contrib/dblink's handling of dropped
columns (Tom Lane)
This affects dblink_build_sql_insert() and
related functions. These functions now number columns
according to logical not physical column numbers.
Greatly increase contrib/hstore's data length
limit, and add B-tree and hash support so GROUP BY and DISTINCT operations are possible on
hstore columns (Andrew
Gierth)
New functions and operators were also added. These
improvements make hstore a
full-function key-value store embedded in PostgreSQL.
Add contrib/passwordcheck to support
site-specific password strength policies (Laurenz
Albe)
The source code of this module should be modified to implement site-specific password policies.
Add contrib/pg_archivecleanup tool
(Simon Riggs)
This is designed to be used in the archive_cleanup_command server
parameter, to remove no-longer-needed archive
files.
Add query text to contrib/auto_explain output
(Andrew Dunstan)
Add buffer access counters to contrib/pg_stat_statements
(Itagaki Takahiro)
Update contrib/start-scripts/linux to
use /proc/self/oom_adj to
disable the Linux out-of-memory
(OOM) killer (Alex
Hunsaker, Tom Lane)
⇑ Upgrade to 9.0.1 released on 2010-10-04 - docs
Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane)
This change prevents security problems that can be
caused by subverting Perl or Tcl code that will be
executed later in the same session under another SQL user
identity (for example, within a SECURITY DEFINER function). Most
scripting languages offer numerous ways that that might
be done, such as redefining standard functions or
operators called by the target function. Without this
change, any SQL user with Perl or Tcl language usage
rights can do essentially anything with the SQL
privileges of the target function's owner.
The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already.
It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes.
Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
Improve pg_get_expr()
security fix so that the function can still be used on
the output of a sub-select (Tom Lane)
Fix incorrect placement of placeholder evaluation (Tom Lane)
This bug could result in query outputs being non-null when they should be null, in cases where the inner side of an outer join is a sub-select with non-strict expressions in its output list.
Fix join removal's handling of placeholder expressions (Tom Lane)
Fix possible duplicate scans of UNION ALL member relations (Tom
Lane)
Prevent infinite loop in ProcessIncomingNotify() after unlistening (Jeff Davis)
Prevent show_session_authorization() from crashing within autovacuum processes (Tom Lane)
Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane)
Input such as 'J100000'::date worked before 8.4, but
was unintentionally broken by added error-checking.
Make psql recognize DISCARD
ALL as a command that should not be encased in a
transaction block in autocommit-off mode (Itagaki
Takahiro)
Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git (Magnus Hagander and others)
⇑ Upgrade to 9.0.2 released on 2010-12-16 - docs
Force the default
wal_sync_method to be fdatasync on Linux (Tom Lane, Marti
Raudsepp)
The default on Linux has actually been fdatasync for many years, but recent
kernel changes caused PostgreSQL to choose open_datasync instead. This choice did
not result in any performance improvement, and caused
outright failures on certain filesystems, notably
ext4 with the data=journal mount option.
Fix “too many KnownAssignedXids” error during Hot Standby replay (Heikki Linnakangas)
Fix race condition in lock acquisition during Hot Standby (Simon Riggs)
Avoid unnecessary conflicts during Hot Standby (Simon Riggs)
This fixes some cases where replay was considered to conflict with standby queries (causing delay of replay or possibly cancellation of the queries), but there was no real conflict.
Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane)
This could result in “bad buffer id: 0” failures or corruption of index contents during replication.
Fix recovery from base backup when the starting checkpoint WAL record is not in the same WAL segment as its redo point (Jeff Davis)
Fix corner-case bug when streaming replication is enabled immediately after creating the master database cluster (Heikki Linnakangas)
Fix persistent slowdown of autovacuum workers when multiple workers remain active for a long time (Tom Lane)
The effective vacuum_cost_limit for an autovacuum
worker could drop to nearly zero if it processed enough
tables, causing it to run extremely slowly.
Fix long-term memory leak in autovacuum launcher (Alvaro Herrera)
Avoid failure when trying to report an impending transaction wraparound condition from outside a transaction (Tom Lane)
This oversight prevented recovery after transaction wraparound got too close, because database startup processing would fail.
Add support for detecting register-stack overrun on
IA64 (Tom Lane)
The IA64 architecture has
two hardware stacks. Full prevention of stack-overrun
failures requires checking both.
Add a check for stack overflow in copyObject() (Tom Lane)
Certain code paths could crash due to stack overflow given a sufficiently complex query.
Fix detection of page splits in temporary GiST indexes (Heikki Linnakangas)
It is possible to have a “concurrent” page split in a temporary index, if for example there is an open cursor scanning the index when an insertion is done. GiST failed to detect this case and hence could deliver wrong results when execution of the cursor continued.
Fix error checking during early connection processing (Tom Lane)
The check for too many child processes was skipped in some cases, possibly leading to postmaster crash when attempting to add the new child process to fixed-size arrays.
Improve efficiency of window functions (Tom Lane)
Certain cases where a large number of tuples needed to
be read in advance, but work_mem was large enough to allow them
all to be held in memory, were unexpectedly slow.
percent_rank(),
cume_dist() and
ntile() in particular were
subject to this problem.
Avoid memory leakage while ANALYZE'ing complex index expressions
(Tom Lane)
Ensure an index that uses a whole-row Var still depends on its table (Tom Lane)
An index declared like create
index i on t (foo(t.*)) would not automatically
get dropped when its table was dropped.
Add missing support in DROP
OWNED BY for removing foreign data wrapper/server
privileges belonging to a user (Heikki Linnakangas)
Do not “inline” a SQL function with
multiple OUT parameters (Tom
Lane)
This avoids a possible crash due to loss of information about the expected result rowtype.
Fix crash when inline-ing a set-returning function whose argument list contains a reference to an inline-able user function (Tom Lane)
Behave correctly if ORDER
BY, LIMIT,
FOR UPDATE, or WITH is attached to the VALUES part of INSERT ... VALUES (Tom Lane)
Make the OFF keyword
unreserved (Heikki Linnakangas)
This prevents problems with using off as a variable name in PL/pgSQL. That worked before 9.0,
but was now broken because PL/pgSQL now treats all core
reserved words as reserved.
Fix constant-folding of COALESCE() expressions (Tom Lane)
The planner would sometimes attempt to evaluate sub-expressions that in fact could never be reached, possibly leading to unexpected errors.
Fix “could not find pathkey item to sort” planner failure with comparison of whole-row Vars (Tom Lane)
Fix postmaster crash when connection acceptance
(accept() or one of the
calls made immediately after it) fails, and the
postmaster was compiled with GSSAPI support (Alexander
Chernikov)
Retry after receiving an invalid response packet from a RADIUS authentication server (Magnus Hagander)
This fixes a low-risk potential denial of service condition.
Fix missed unlink of temporary files when log_temp_files is active (Tom Lane)
If an error occurred while attempting to emit the log message, the unlink was not done, resulting in accumulation of temp files.
Add print functionality for InhRelation nodes (Tom Lane)
This avoids a failure when debug_print_parse is enabled and certain
types of query are executed.
Fix incorrect calculation of distance from a point to a horizontal line segment (Tom Lane)
This bug affected several different geometric distance-measurement operators.
Fix incorrect calculation of transaction status in ecpg (Itagaki Takahiro)
Fix errors in psql's Unicode-escape support (Tom Lane)
Speed up parallel pg_restore when the archive contains many large objects (blobs) (Tom Lane)
Fix PL/pgSQL's handling of “simple” expressions to not fail in recursion or error-recovery cases (Tom Lane)
Fix PL/pgSQL's error reporting for no-such-column cases (Tom Lane)
As of 9.0, it would sometimes report “missing FROM-clause entry for table foo” when “record foo has no field bar” would be more appropriate.
Fix PL/Python to honor typmod (i.e., length or precision restrictions) when assigning to tuple fields (Tom Lane)
This fixes a regression from 8.4.
Fix PL/Python's handling of set-returning functions (Jan Urbanski)
Attempts to call SPI functions within the iterator generating a set result would fail.
Fix bug in contrib/cube's GiST picksplit algorithm
(Alexander Korotkov)
This could result in considerable inefficiency, though
not actually incorrect answers, in a GiST index on a
cube column. If you have such
an index, consider REINDEXing it after installing this
update.
Don't emit “identifier will be truncated”
notices in contrib/dblink
except when creating new connections (Itagaki
Takahiro)
Fix potential coredump on missing public key in
contrib/pgcrypto (Marti
Raudsepp)
Fix buffer overrun in contrib/pg_upgrade (Hernan
Gonzalez)
Fix memory leak in contrib/xml2's XPath query functions
(Tom Lane)
Update time zone data files to tzdata release 2010o for DST law changes in Fiji and Samoa; also historical corrections for Hong Kong.
⇑ Upgrade to 9.0.3 released on 2011-01-31 - docs
Before exiting walreceiver, ensure all the received WAL is fsync'd to disk (Heikki Linnakangas)
Otherwise the standby server could replay some un-synced WAL, conceivably leading to data corruption if the system crashes just at that point.
Avoid excess fsync activity in walreceiver (Heikki Linnakangas)
Make ALTER TABLE
revalidate uniqueness and exclusion constraints when
needed (Noah Misch)
This was broken in 9.0 by a change that was intended
to suppress revalidation during VACUUM FULL and CLUSTER, but unintentionally affected
ALTER TABLE as well.
Fix EvalPlanQual for UPDATE of an inheritance tree in which
the tables are not all alike (Tom Lane)
Any variation in the table row types (including dropped columns present in only some child tables) would confuse the EvalPlanQual code, leading to misbehavior or even crashes. Since EvalPlanQual is only executed during concurrent updates to the same row, the problem was only seen intermittently.
Avoid failures when EXPLAIN tries to display a simple-form
CASE expression (Tom
Lane)
If the CASE's test
expression was a constant, the planner could simplify the
CASE into a form that
confused the expression-display code, resulting in
“unexpected CASE
WHEN clause” errors.
Fix assignment to an array slice that is before the existing range of subscripts (Tom Lane)
If there was a gap between the newly added subscripts and the first pre-existing subscript, the code miscalculated how many entries needed to be copied from the old array's null bitmap, potentially leading to data corruption or crash.
Avoid unexpected conversion overflow in planner for very distant date values (Tom Lane)
The date type supports a
wider range of dates than can be represented by the
timestamp types, but the
planner assumed it could always convert a date to
timestamp with impunity.
Fix PL/Python crash when an array contains null entries (Alex Hunsaker)
Remove ecpg's fixed length limit for constants defining an array dimension (Michael Meskes)
Fix erroneous parsing of tsquery values containing ... & !(subexpression) | ... (Tom
Lane)
Queries containing this combination of operators were
not executed correctly. The same error existed in
contrib/intarray's
query_int type and contrib/ltree's ltxtquery type.
Fix buffer overrun in contrib/intarray's input function for
the query_int type (Apple)
This bug is a security risk since the function's return address could be overwritten. Thanks to Apple Inc's security team for reporting this issue and supplying the fix. (CVE-2010-4015)
Fix bug in contrib/seg's
GiST picksplit algorithm (Alexander Korotkov)
This could result in considerable inefficiency, though
not actually incorrect answers, in a GiST index on a
seg column. If you have such an
index, consider REINDEXing
it after installing this update. (This is identical to
the bug that was fixed in contrib/cube in the previous
update.)
⇑ Upgrade to 9.0.4 released on 2011-04-18 - docs
Fix pg_upgrade's handling of TOAST tables (Bruce Momjian)
The pg_class.relfrozenxid value for TOAST tables
was not correctly copied into the new installation during
pg_upgrade. This could
later result in pg_clog
files being discarded while they were still needed to
validate tuples in the TOAST tables, leading to
“could not access
status of transaction” failures.
This error poses a significant risk of data loss for installations that have been upgraded with pg_upgrade. This patch corrects the problem for future uses of pg_upgrade, but does not in itself cure the issue in installations that have been processed with a buggy version of pg_upgrade.
Suppress incorrect “PD_ALL_VISIBLE flag was incorrectly set” warning (Heikki Linnakangas)
VACUUM would sometimes
issue this warning in cases that are actually valid.
Use better SQLSTATE error codes for hot standby conflict cases (Tatsuo Ishii and Simon Riggs)
All retryable conflict errors now have an error code
that indicates that a retry is possible. Also, session
closure due to the database being dropped on the master
is now reported as ERRCODE_DATABASE_DROPPED, rather than
ERRCODE_ADMIN_SHUTDOWN, so
that connection poolers can handle the situation
correctly.
Prevent intermittent hang in interactions of startup process with bgwriter process (Simon Riggs)
This affected recovery in non-hot-standby cases.
Disallow including a composite type in itself (Tom Lane)
This prevents scenarios wherein the server could recurse infinitely while processing the composite type. While there are some possible uses for such a structure, they don't seem compelling enough to justify the effort required to make sure it always works safely.
Avoid potential deadlock during catalog cache initialization (Nikhil Sontakke)
In some cases the cache loading code would acquire share lock on a system index before locking the index's catalog. This could deadlock against processes trying to acquire exclusive locks in the other, more standard order.
Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling when
there was a concurrent update to the target tuple (Tom
Lane)
This bug has been observed to result in intermittent
“cannot extract
system attribute from virtual tuple”
failures while trying to do UPDATE
RETURNING ctid. There is a very small probability
of more serious errors, such as generating incorrect
index entries for the updated tuple.
Disallow DROP TABLE when
there are pending deferred trigger events for the table
(Tom Lane)
Formerly the DROP would
go through, leading to “could not open relation with OID
nnn” errors when the triggers were
eventually fired.
Allow “replication” as a user name in
pg_hba.conf (Andrew
Dunstan)
“replication” is special in the database name column, but it was mistakenly also treated as special in the user name column.
Prevent crash triggered by constant-false WHERE conditions during GEQO optimization (Tom Lane)
Improve planner's handling of semi-join and anti-join cases (Tom Lane)
Fix handling of SELECT FOR
UPDATE in a sub-SELECT (Tom Lane)
This bug typically led to “cannot extract system attribute from virtual tuple” errors.
Fix selectivity estimation for text search to account for NULLs (Jesper Krogh)
Fix get_actual_variable_range() to support hypothetical indexes injected by an index adviser plugin (Gurjeet Singh)
Fix PL/Python memory leak involving array slices (Daniel Popowich)
Allow libpq's SSL initialization to succeed when user's home directory is unavailable (Tom Lane)
If the SSL mode is such that a root certificate file is not required, there is no need to fail. This change restores the behavior to what it was in pre-9.0 releases.
Fix libpq to return a
useful error message for errors detected in conninfo_array_parse (Joseph Adams)
A typo caused the library to return NULL, rather than
the PGconn structure
containing the error message, to the application.
Fix ecpg preprocessor's handling of float constants (Heikki Linnakangas)
Fix parallel pg_restore to handle comments on POST_DATA items correctly (Arnd Hannemann)
Fix pg_restore to cope with long lines (over 1KB) in TOC files (Tom Lane)
Put in more safeguards against crashing due to division-by-zero with overly enthusiastic compiler optimization (Aurelien Jarno)
Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane)
There was a hard-wired assumption that this system function was not available on MIPS hardware on these systems. Use a compile-time test instead, since more recent versions have it.
Fix compilation failures on HP-UX (Heikki Linnakangas)
Avoid crash when trying to write to the Windows console very early in process startup (Rushabh Lathia)
Support building with MinGW 64 bit compiler for Windows (Andrew Dunstan)
Fix version-incompatibility problem with libintl on Windows (Hiroshi Inoue)
Fix usage of xcopy in Windows build scripts to work correctly under Windows 7 (Andrew Dunstan)
This affects the build scripts only, not installation or usage.
Fix path separator used by pg_regress on Cygwin (Andrew Dunstan)
Update time zone data files to tzdata release 2011f for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, and Turkey; also historical corrections for South Australia, Alaska, and Hawaii.
⇑ Upgrade to 9.1 released on 2011-09-12 - docs
Support unlogged tables using the UNLOGGED option in CREATE
TABLE (Robert Haas)
Such tables provide better update performance than regular tables, but are not crash-safe: their contents are automatically cleared in case of a server crash. Their contents do not propagate to replication slaves, either.
Allow FULL OUTER JOIN
to be implemented as a hash join, and allow either
side of a LEFT OUTER
JOIN or RIGHT OUTER
JOIN to be hashed (Tom Lane)
Previously FULL OUTER
JOIN could only be implemented as a merge
join, and LEFT OUTER
JOIN and RIGHT OUTER
JOIN could hash only the nullable side of the
join. These changes provide additional query
optimization possibilities.
Merge duplicate fsync requests (Robert Haas, Greg Smith)
This greatly improves performance under heavy write loads.
Improve performance of
commit_siblings (Greg Smith)
This allows the use of commit_siblings with less
overhead.
Reduce the memory requirement for large ispell dictionaries (Pavel Stehule, Tom Lane)
Avoid leaving data files open after “blind writes” (Alvaro Herrera)
This fixes scenarios in which backends might hold files open long after they were deleted, preventing the kernel from reclaiming disk space.
Allow inheritance table scans to return meaningfully-sorted results (Greg Stark, Hans-Jurgen Schonig, Robert Haas, Tom Lane)
This allows better optimization of queries that
use ORDER BY,
LIMIT, or MIN/MAX
with inherited tables.
Improve GIN index scan cost estimation (Teodor Sigaev)
Improve cost estimation for aggregates and window functions (Tom Lane)
Support host names and host suffixes (e.g.
.example.com) in
pg_hba.conf (Peter
Eisentraut)
Previously only host IP addresses and CIDR values were supported.
Support the key word all in the host column of pg_hba.conf (Peter
Eisentraut)
Previously people used 0.0.0.0/0 or ::/0 for this.
Reject local lines in
pg_hba.conf on platforms that
don't support Unix-socket connections (Magnus
Hagander)
Formerly, such lines were silently ignored, which could be surprising. This makes the behavior more like other unsupported cases.
Allow GSSAPI to be used to authenticate to servers via SSPI (Christian Ullrich)
Specifically this allows Unix-based GSSAPI clients to do SSPI authentication with Windows servers.
ident authentication over local
sockets is now known as peer (Magnus Hagander)
The old term is still accepted for backward compatibility, but since the two methods are fundamentally different, it seemed better to adopt different names for them.
Rewrite peer authentication to avoid use of credential control messages (Tom Lane)
This change makes the peer authentication code
simpler and better-performing. However, it requires
the platform to provide the getpeereid function or an
equivalent socket operation. So far as is known, the
only platform for which peer authentication worked
before and now will not is pre-5.0 NetBSD.
Add details to the logging of restartpoints and
checkpoints, which is controlled by
log_checkpoints (Fujii Masao, Greg
Smith)
New details include WAL file and sync activity.
Add
log_file_mode which controls the
permissions on log files created by the logging
collector (Martin Pihlak)
Reduce the default maximum line length for syslog logging to 900 bytes plus prefixes (Noah Misch)
This avoids truncation of long log lines on syslog implementations that have a 1KB length limit, rather than the more common 2KB.
Add client_hostname column to
pg_stat_activity (Peter Eisentraut)
Previously only the client address was reported.
Add
pg_stat_xact_* statistics functions and
views (Joel Jacobson)
These are like the database-wide statistics counter views, but reflect counts for only the current transaction.
Add time of last reset in database-level and background writer statistics views (Tomas Vondra)
Add columns showing the number of vacuum and
analyze operations in
pg_stat_*_tables views (Magnus
Hagander)
Add buffers_backend_fsync column to
pg_stat_bgwriter (Greg Smith)
This new column counts the number of times a backend fsyncs a buffer.
Provide auto-tuning of
wal_buffers (Greg Smith)
By default, the value of wal_buffers is now chosen
automatically based on the value of shared_buffers.
Increase the maximum values for
deadlock_timeout,
log_min_duration_statement, and
log_autovacuum_min_duration
(Peter Eisentraut)
The maximum value for each of these parameters was previously only about 35 minutes. Much larger values are now allowed.
Allow synchronous replication (Simon Riggs, Fujii Masao)
This allows the primary server to wait for a
standby to write a transaction's information to disk
before acknowledging the commit. One standby at a
time can take the role of the synchronous standby, as
controlled by the
synchronous_standby_names
setting. Synchronous replication can be enabled or
disabled on a per-transaction basis using the
synchronous_commit setting.
Add protocol support for sending file system backups to standby servers using the streaming replication network connection (Magnus Hagander, Heikki Linnakangas)
This avoids the requirement of manually transferring a file system backup when setting up a standby server.
Add replication_timeout setting (Fujii
Masao, Heikki Linnakangas)
Replication connections that are idle for more
than the replication_timeout interval will be
terminated automatically. Formerly, a failed
connection was typically not detected until the TCP
timeout elapsed, which is inconveniently long in many
situations.
Add command-line tool pg_basebackup for creating a new standby server or database backup (Magnus Hagander)
Add a replication permission for roles (Magnus Hagander)
This is a read-only permission used for streaming replication. It allows a non-superuser role to be used for replication connections. Previously only superusers could initiate replication connections; superusers still have this permission by default.
Add system view
pg_stat_replication which displays
activity of WAL
sender processes (Itagaki Takahiro, Simon Riggs)
This reports the status of all connected standby servers.
Add monitoring function
pg_last_xact_replay_timestamp()
(Fujii Masao)
This returns the time at which the primary generated the most recent commit or abort record applied on the standby.
Add configuration parameter
hot_standby_feedback
to enable standbys to postpone cleanup of old row
versions on the primary (Simon Riggs)
This helps avoid canceling long-running queries on the standby.
Add the
pg_stat_database_conflicts system view to
show queries that have been canceled and the reason
(Magnus Hagander)
Cancellations can occur because of dropped tablespaces, lock timeouts, old snapshots, pinned buffers, and deadlocks.
Add a conflicts
count to
pg_stat_database (Magnus Hagander)
This is the number of conflicts that occurred in the database.
Increase the maximum values for
max_standby_archive_delay and
max_standby_streaming_delay
The maximum value for each of these parameters was previously only about 35 minutes. Much larger values are now allowed.
Add
ERRCODE_T_R_DATABASE_DROPPED error code to
report recovery conflicts due to dropped databases
(Tatsuo Ishii)
This is useful for connection pooling software.
Add functions to control streaming replication replay (Simon Riggs)
The new functions are
pg_xlog_replay_pause(),
pg_xlog_replay_resume(), and the status
function
pg_is_xlog_replay_paused().
Add recovery.conf
setting pause_at_recovery_target to pause
recovery at target (Simon Riggs)
This allows a recovery server to be queried to check whether the recovery point is the one desired.
Add the ability to create named restore points
using
pg_create_restore_point() (Jaime
Casanova)
These named restore points can be specified as
recovery targets using the new recovery.conf setting
recovery_target_name.
Allow standby recovery to switch to a new timeline automatically (Heikki Linnakangas)
Now standby servers scan the archive directory for new timelines periodically.
Add
restart_after_crash
setting which disables automatic server restart after
a backend crash (Robert Haas)
This allows external cluster management software to control whether the database server restarts or not.
Allow
recovery.conf to use the same quoting
behavior as postgresql.conf (Dimitri
Fontaine)
Previously all values had to be quoted.
Add a true serializable isolation level (Kevin Grittner, Dan Ports)
Previously, asking for serializable isolation
guaranteed only that a single MVCC snapshot would be
used for the entire transaction, which allowed certain
documented anomalies. The old snapshot isolation
behavior is still available by requesting the
REPEATABLE READ isolation level.
Allow data-modification commands (INSERT/UPDATE/DELETE) in
WITH clauses (Marko Tiikkaja, Hitoshi
Harada)
These commands can use RETURNING to pass data up to the
containing query.
Allow
WITH clauses to be
attached to INSERT,
UPDATE, DELETE statements (Marko Tiikkaja,
Hitoshi Harada)
Allow non-GROUP
BY columns in the query target list when the
primary key is specified in the GROUP BY clause (Peter Eisentraut)
The SQL standard allows this behavior, and because of the primary key, the result is unambiguous.
Allow use of the key word DISTINCT in UNION/INTERSECT/EXCEPT clauses (Tom Lane)
DISTINCT is the default
behavior so use of this key word is redundant, but the
SQL standard allows it.
Fix ordinary queries with rules to use the same
snapshot behavior as EXPLAIN
ANALYZE (Marko Tiikkaja)
Previously EXPLAIN
ANALYZE used slightly different snapshot timing
for queries involving rules. The EXPLAIN ANALYZE behavior was judged to
be more logical.
Add per-column collation support (Peter Eisentraut, Tom Lane)
Previously collation (the sort ordering of text
strings) could only be chosen at database creation.
Collation can now be set per column, domain, index,
or expression, via the SQL-standard COLLATE clause.
Add extensions which simplify packaging of additions to PostgreSQL (Dimitri Fontaine, Tom Lane)
Extensions are controlled by the new CREATE/ALTER/DROP
EXTENSION commands. This replaces ad-hoc
methods of grouping objects that are added to a
PostgreSQL
installation.
Add support for foreign tables (Shigeru Hanada, Robert Haas, Jan Urbanski, Heikki Linnakangas)
This allows data stored outside the database to be used like native PostgreSQL-stored data. Foreign tables are currently read-only, however.
Allow new values to be added to an existing enum
type via ALTER
TYPE (Andrew Dunstan)
Add ALTER TYPE ...
ADD/DROP/ALTER/RENAME ATTRIBUTE (Peter
Eisentraut)
This allows modification of composite types.
Add RESTRICT/CASCADE to ALTER TYPE operations on typed
tables (Peter Eisentraut)
This controls ADD/DROP/ALTER/RENAME
ATTRIBUTE cascading behavior.
Support ALTER TABLE
(Noah
Misch)name {OF |
NOT OF} type
This syntax allows a standalone table to be made into a typed table, or a typed table to be made standalone.
Add support for more object types in ALTER ... SET SCHEMA commands
(Dimitri Fontaine)
This command is now supported for conversions, operators, operator classes, operator families, text search configurations, text search dictionaries, text search parsers, and text search templates.
Add ALTER TABLE ... ADD
UNIQUE/PRIMARY KEY USING INDEX (Gurjeet
Singh)
This allows a primary key or unique constraint to be defined using an existing unique index, including a concurrently created unique index.
Allow ALTER TABLE to
add foreign keys without validation (Simon Riggs)
The new option is called NOT
VALID. The constraint's state can later be
modified to VALIDATED
and validation checks performed. Together these allow
you to add a foreign key with minimal impact on read
and write operations.
Allow ALTER TABLE
... SET DATA TYPE to avoid table rewrites
in appropriate cases (Noah Misch, Robert Haas)
For example, converting a varchar column to text no longer requires a rewrite of
the table. However, increasing the length constraint
on a varchar column still
requires a table rewrite.
Add CREATE
TABLE IF NOT EXISTS syntax (Robert
Haas)
This allows table creation without causing an error if the table already exists.
Fix possible “tuple concurrently updated” error when two backends attempt to add an inheritance child to the same table at the same time (Robert Haas)
ALTER
TABLE now takes a stronger lock on the
parent table, so that the sessions cannot try to
update it simultaneously.
Add a SECURITY
LABEL command (KaiGai Kohei)
This allows security labels to be assigned to objects.
Add transaction-level advisory locks (Marko Tiikkaja)
These are similar to the existing session-level advisory locks, but such locks are automatically released at transaction end.
Make TRUNCATE ... RESTART
IDENTITY restart sequences transactionally
(Steve Singer)
Previously the counter could have been left out of sync if a backend crashed between the on-commit truncation activity and commit completion.
Add ENCODING option
to COPY TO/FROM
(Hitoshi Harada, Itagaki Takahiro)
This allows the encoding of the COPY file to be specified separately
from client encoding.
Add bidirectional COPY protocol support (Fujii
Masao)
This is currently only used by streaming replication.
Make EXPLAIN VERBOSE
show the function call expression in a FunctionScan node (Tom Lane)
Add additional details to the output of VACUUM FULL
VERBOSE and CLUSTER VERBOSE (Itagaki
Takahiro)
New information includes the live and dead tuple
count and whether CLUSTER is using an index to
rebuild.
Prevent autovacuum from waiting if it cannot acquire a table lock (Robert Haas)
It will try to vacuum that table later.
Allow CLUSTER to sort
the table rather than scanning the index when it
seems likely to be cheaper (Leonardo Francalanci)
Add nearest-neighbor (order-by-operator) searching to GiST indexes (Teodor Sigaev, Tom Lane)
This allows GiST indexes to quickly return
the N
closest values in a query with LIMIT. For example
SELECT * FROM places ORDER BY location <-> point '(101,456)' LIMIT 10;
finds the ten places closest to a given target point.
Allow GIN indexes to index null and empty values (Tom Lane)
This allows full GIN index scans, and fixes various corner cases in which GIN scans would fail.
Allow GIN indexes to better recognize duplicate search entries (Tom Lane)
This reduces the cost of index scans, especially in cases where it avoids unnecessary full index scans.
Fix GiST indexes to be fully crash-safe (Heikki Linnakangas)
Previously there were rare cases where a
REINDEX would be
required (you would be informed).
Allow numeric to use a
more compact, two-byte header in common cases (Robert
Haas)
Previously all numeric
values had four-byte headers; this change saves on disk
storage.
Add support for dividing money by money
(Andy Balholm)
Allow binary I/O on type void (Radoslaw Smogura)
Improve hypotenuse calculations for geometric operators (Paul Matthews)
This avoids unnecessary overflows, and may also be more accurate.
Support hashing array values (Tom Lane)
This provides additional query optimization possibilities.
Don't treat a composite type as sortable unless all its column types are sortable (Tom Lane)
This avoids possible “could not identify a
comparison function” failures at runtime,
if it is possible to implement the query without
sorting. Also, ANALYZE
won't try to use inappropriate statistics-gathering
methods for columns of such composite types.
Add support for casting between money and numeric (Andy Balholm)
Add support for casting from int4 and int8
to money (Joey Adams)
Allow casting a table's row type to the table's supertype if it's a typed table (Peter Eisentraut)
This is analogous to the existing facility that allows casting a row type to a supertable's row type.
Add XML
function XMLEXISTS and xpath_exists() functions (Mike
Fowler)
These are used for XPath matching.
Add XML
functions xml_is_well_formed(),
xml_is_well_formed_document(),
xml_is_well_formed_content() (Mike
Fowler)
These check whether the input is properly-formed
XML. They provide
functionality that was previously available only in
the deprecated contrib/xml2 module.
Add SQL function format(text, ...), which behaves
analogously to C's printf() (Pavel Stehule, Robert
Haas)
It currently supports formats for strings, SQL literals, and SQL identifiers.
Add string functions
concat(),
concat_ws(),
left(),
right(), and
reverse() (Pavel Stehule)
These improve compatibility with other database products.
Add function
pg_read_binary_file() to read binary files
(Dimitri Fontaine, Itagaki Takahiro)
Add a single-parameter version of function
pg_read_file() to read an entire file
(Dimitri Fontaine, Itagaki Takahiro)
Add three-parameter forms of array_to_string() and string_to_array() for null value
processing control (Pavel Stehule)
Add the
pg_describe_object() function
(Alvaro Herrera)
This function is used to obtain a human-readable
string describing an object, based on the pg_class OID, object OID, and
sub-object ID. It can be used to help interpret the
contents of pg_depend.
Update comments for built-in operators and their underlying functions (Tom Lane)
Functions that are meant to be used via an associated operator are now commented as such.
Add variable
quote_all_identifiers to force
the quoting of all identifiers in EXPLAIN and in system catalog
functions like
pg_get_viewdef()
(Robert Haas)
This makes exporting schemas to tools and other databases with different quoting rules easier.
Add columns to the information_schema.sequences
system view (Peter Eisentraut)
Previously, though the view existed, the columns about the sequence parameters were unimplemented.
Allow public as a
pseudo-role name in
has_table_privilege() and
related functions (Alvaro Herrera)
This allows checking for public permissions.
Support INSTEAD
OF triggers on views (Dean Rasheed)
This feature can be used to implement fully updatable views.
Add FOREACH IN ARRAY to PL/pgSQL
(Pavel Stehule)
This is more efficient and readable than previous methods of iterating through the elements of an array value.
Allow RAISE without
parameters to be caught in the same places that could
catch a RAISE ERROR from
the same location (Piyush Newe)
The previous coding threw the error from the block containing the active exception handler. The new behavior is more consistent with other DBMS products.
Allow generic record arguments to PL/Perl functions (Andrew Dunstan)
PL/Perl functions can now be declared to accept
type record. The behavior
is the same as for any named composite type.
Convert PL/Perl array arguments to Perl arrays (Alexey Klyukin, Alex Hunsaker)
String representations are still available.
Convert PL/Perl composite-type arguments to Perl hashes (Alexey Klyukin, Alex Hunsaker)
String representations are still available.
Add table function support for PL/Python (Jan Urbanski)
PL/Python can now return multiple OUT parameters and record sets.
Add a validator to PL/Python (Jan Urbanski)
This allows PL/Python functions to be syntax-checked at function creation time.
Allow exceptions for SQL queries in PL/Python (Jan Urbanski)
This allows access to SQL-generated exception error codes from PL/Python exception blocks.
Add explicit subtransactions to PL/Python (Jan Urbanski)
Add PL/Python functions for quoting strings (Jan Urbanski)
These functions are plpy.quote_ident, plpy.quote_literal, and
plpy.quote_nullable.
Add traceback information to PL/Python errors (Jan Urbanski)
Report PL/Python errors from iterators with
PLy_elog (Jan
Urbanski)
Fix exception handling with Python 3 (Jan Urbanski)
Exception classes were previously not available in
plpy under Python 3.
Mark createlang and droplang as deprecated now that they just invoke extension commands (Tom Lane)
Add psql command
\conninfo to show
current connection information (David
Christensen)
Add psql command
\sf to show a function's
definition (Pavel Stehule)
Add psql command
\dL to list languages
(Fernando Ike)
Add the S
(“system”) option to psql's \dn (list schemas) command (Tom
Lane)
\dn without
S now suppresses system
schemas.
Allow psql's
\e and \ef commands to accept a line number
to be used to position the cursor in the editor
(Pavel Stehule)
This is passed to the editor according to the
PSQL_EDITOR_LINENUMBER_ARG
environment variable.
Have psql set the client encoding from the operating system locale by default (Heikki Linnakangas)
This only happens if the PGCLIENTENCODING environment variable
is not set.
Make \d distinguish
between unique indexes and unique constraints (Josh
Kupershmidt)
Make \dt+ report
pg_table_size instead
of pg_relation_size
when talking to 9.0 or later servers (Bernd
Helmle)
This is a more useful measure of table size, but note that it is not identical to what was previously reported in the same display.
Additional tab completion support (Itagaki Takahiro, Pavel Stehule, Andrey Popp, Christoph Berg, David Fetter, Josh Kupershmidt)
Add pg_dump and pg_dumpall option
--quote-all-identifiers
to force quoting of all identifiers (Robert Haas)
Add directory format
to pg_dump (Joachim
Wieland, Heikki Linnakangas)
This is internally similar to the tar pg_dump format.
Fix pg_ctl so it no longer incorrectly reports that the server is not running (Bruce Momjian)
Previously this could happen if the server was running but pg_ctl could not authenticate.
Improve pg_ctl
start's “wait” (-w) option (Bruce Momjian, Tom
Lane)
The wait mode is now significantly more robust. It will not get confused by non-default postmaster port numbers, non-default Unix-domain socket locations, permission problems, or stale postmaster lock files.
Add promote option to
pg_ctl to switch a
standby server to primary (Fujii Masao)
Add a libpq connection option
client_encoding
which behaves like the PGCLIENTENCODING environment variable
(Heikki Linnakangas)
The value auto sets
the client encoding based on the operating system
locale.
Add PQlibVersion() function which
returns the libpq library version (Magnus
Hagander)
libpq already had PQserverVersion() which returns the
server version.
Allow libpq-using clients to check the user name
of the server process when connecting via Unix-domain
sockets, with the new
requirepeer connection option (Peter
Eisentraut)
PostgreSQL already allowed servers to check the client user name when connecting via Unix-domain sockets.
Add PQping() and PQpingParams() to libpq (Bruce
Momjian, Tom Lane)
These functions allow detection of the server's status without trying to open a new session.
Allow ECPG to accept dynamic cursor names even in
WHERE CURRENT OF clauses
(Zoltan Boszormenyi)
Make ecpglib
write double values with a
precision of 15 digits, not 14 as formerly (Akira
Kurosawa)
Use +Olibmerrno compile
flag with HP-UX C compilers that accept it (Ibrar
Ahmed)
This avoids possible misbehavior of math library calls on recent HP platforms.
Improved parallel make support (Peter Eisentraut)
This allows for faster compiles. Also,
make -k now works more
consistently.
Require GNU make 3.80 or newer (Peter Eisentraut)
This is necessary because of the parallel-make improvements.
Add make
maintainer-check target (Peter Eisentraut)
This target performs various source code checks that are not appropriate for either the build or the regression tests. Currently: duplicate_oids, SGML syntax and tabs check, NLS syntax check.
Support make check in
contrib (Peter
Eisentraut)
Formerly only make
installcheck worked, but now there is support
for testing in a temporary installation. The
top-level make
check-world target now includes testing
contrib this way.
On Windows, allow pg_ctl to register the service as auto-start or start-on-demand (Quan Zongliang)
Add support for collecting crash dumps on Windows (Craig Ringer, Magnus Hagander)
minidumps can now be generated by non-debug Windows binaries and analyzed by standard debugging tools.
Enable building with the MinGW64 compiler (Andrew Dunstan)
This allows building 64-bit Windows binaries even on non-Windows platforms via cross-compiling.
Revise the API for GUC variable assign hooks (Tom Lane)
The previous functions of assign hooks are now split between check hooks and assign hooks, where the former can fail but the latter shouldn't. This change will impact add-on modules that define custom GUC parameters.
Add latches to the source code to support waiting for events (Heikki Linnakangas)
Centralize data modification permissions-checking logic (KaiGai Kohei)
Add missing get_
functions, for consistency (Robert Haas)object_oid()
Improve ability to use C++ compilers for compiling add-on modules by removing conflicting key words (Tom Lane)
Add support for DragonFly BSD (Rumko)
Expose quote_literal_cstr() for backend use
(Robert Haas)
Run regression tests in the default encoding (Peter Eisentraut)
Regression tests were previously always run with
SQL_ASCII encoding.
Add src/tools/git_changelog to replace cvs2cl and pgcvslog (Robert Haas, Tom Lane)
Add git-external-diff script to
src/tools (Bruce
Momjian)
This is used to generate context diffs from git.
Improve support for building with Clang (Peter Eisentraut)
Add source code hooks to check permissions (Robert Haas, Stephen Frost)
Add post-object-creation function hooks for use by security frameworks (KaiGai Kohei)
Add a client authentication hook (KaiGai Kohei)
Modify contrib modules
and procedural languages to install via the new
extension mechanism (Tom Lane, Dimitri
Fontaine)
Add contrib/file_fdw foreign-data
wrapper (Shigeru Hanada)
Foreign tables using this foreign data wrapper can
read flat files in a manner very similar to
COPY.
Add nearest-neighbor search support to contrib/pg_trgm and contrib/btree_gist (Teodor
Sigaev)
Add contrib/btree_gist support for
searching on not-equals (Jeff Davis)
Fix contrib/fuzzystrmatch's
levenshtein() function to
handle multibyte characters (Alexander Korotkov)
Add ssl_cipher() and
ssl_version() functions
to contrib/sslinfo (Robert Haas)
Fix contrib/intarray and contrib/hstore to give consistent
results with indexed empty arrays (Tom Lane)
Previously an empty-array query that used an index might return different results from one that used a sequential scan.
Allow contrib/intarray to work properly
on multidimensional arrays (Tom Lane)
In contrib/intarray, avoid errors
complaining about the presence of nulls in cases where
no nulls are actually present (Tom Lane)
In contrib/intarray, fix behavior of
containment operators with respect to empty arrays (Tom
Lane)
Empty arrays are now correctly considered to be contained in any other array.
Remove contrib/xml2's arbitrary limit on
the number of parameter=value pairs that can be
handled by xslt_process()
(Pavel Stehule)
The previous limit was 10.
In contrib/pageinspect, fix
heap_page_item to return infomasks as 32-bit values
(Alvaro Herrera)
This avoids returning negative values, which was confusing. The underlying value is a 16-bit unsigned integer.
Add contrib/sepgsql to interface
permission checks with SELinux (KaiGai Kohei)
This uses the new SECURITY
LABEL facility.
Add contrib module auth_delay (KaiGai Kohei)
This causes the server to pause before returning authentication failure; it is designed to make brute force password attacks more difficult.
Add dummy_seclabel
contrib module (KaiGai Kohei)
This is used for permission regression testing.
Add support for LIKE
and ILIKE index searches
to contrib/pg_trgm (Alexander
Korotkov)
Add levenshtein_less_equal() function
to contrib/fuzzystrmatch, which is
optimized for small distances (Alexander
Korotkov)
Improve performance of index lookups on contrib/seg columns (Alexander
Korotkov)
Improve performance of pg_upgrade for databases with many relations (Bruce Momjian)
Add flag to contrib/pgbench to report
per-statement latencies (Florian Pflug)
Move src/tools/test_fsync to contrib/pg_test_fsync (Bruce
Momjian, Tom Lane)
Add O_DIRECT support
to contrib/pg_test_fsync (Bruce
Momjian)
This matches the use of O_DIRECT by
wal_sync_method.
Add new tests to contrib/pg_test_fsync (Bruce
Momjian)
Extensive ECPG documentation improvements (Satoshi Nagayasu)
Extensive proofreading and documentation improvements (Thom Brown, Josh Kupershmidt, Susanne Ebrecht)
Add documentation for
exit_on_error (Robert Haas)
This parameter causes sessions to exit on any error.
Add documentation for
pg_options_to_table()
(Josh Berkus)
This function shows table storage options in a readable form.
Document that it is possible to access all composite
type fields using (compositeval).* syntax (Peter
Eisentraut)
Document that
translate() removes characters in
from that don't have a
corresponding to character
(Josh Kupershmidt)
Merge documentation for CREATE
CONSTRAINT TRIGGER and CREATE
TRIGGER (Alvaro Herrera)
Centralize permission and upgrade documentation (Bruce Momjian)
Add kernel tuning documentation for Solaris 10 (Josh Berkus)
Previously only Solaris 9 kernel tuning was documented.
Handle non-ASCII characters consistently in
HISTORY file (Peter
Eisentraut)
While the HISTORY file
is in English, we do have to deal with non-ASCII
letters in contributor names. These are now
transliterated so that they are reasonably legible
without assumptions about character set.
⇑ Upgrade to 9.1.1 released on 2011-09-26 - docs
Make pg_options_to_table
return NULL for an option with no value (Tom Lane)
Previously such cases would result in a server crash.
Fix memory leak at end of a GiST index scan (Tom Lane)
Commands that perform many separate GiST index scans, such as verification of a new GiST-based exclusion constraint on a table already containing many rows, could transiently require large amounts of memory due to this leak.
Fix explicit reference to pg_temp schema in CREATE TEMPORARY TABLE (Robert Haas)
This used to be allowed, but failed in 9.1.0.
⇑ Upgrade to 9.1.2 released on 2011-12-05 - docs
Fix bugs in information_schema.referential_constraints
view (Tom Lane)
This view was being insufficiently careful about matching the foreign-key constraint to the depended-on primary or unique key constraint. That could result in failure to show a foreign key constraint at all, or showing it multiple times, or claiming that it depends on a different constraint than the one it really does.
Since the view definition is installed by initdb, merely upgrading will not
fix the problem. If you need to fix this in an existing
installation, you can (as a superuser) drop the
information_schema schema
then re-create it by sourcing SHAREDIR/information_schema.sqlpg_config --sharedir if
you're uncertain where SHAREDIR is.) This must
be repeated in each database to be fixed.
Make contrib/citext's
upgrade script fix collations of citext columns and indexes (Tom Lane)
Existing citext columns and
indexes aren't correctly marked as being of a collatable
data type during pg_upgrade from a pre-9.1 server, or
when a pre-9.1 dump containing the citext type is loaded into a 9.1 server.
That leads to operations on these columns failing with
errors such as “could not determine which collation to use for
string comparison”. This change allows them
to be fixed by the same script that upgrades the
citext module into a proper 9.1
extension during CREATE EXTENSION
citext FROM unpackaged.
If you have a previously-upgraded database that is
suffering from this problem, and you already ran the
CREATE EXTENSION command,
you can manually run (as superuser) the UPDATE commands found at the end of
SHAREDIR/extension/citext--unpackaged--1.0.sqlpg_config --sharedir if
you're uncertain where SHAREDIR is.) There is no
harm in doing this again if unsure.
Fix possible crash during UPDATE or DELETE that joins to the output of a
scalar-returning function (Tom Lane)
A crash could only occur if the target row had been concurrently updated, so this problem surfaced only intermittently.
Fix incorrect replay of WAL records for GIN index updates (Tom Lane)
This could result in transiently failing to find index
entries after a crash, or on a hot-standby server. The
problem would be repaired by the next VACUUM of the index, however.
Fix TOAST-related data corruption during CREATE TABLE dest AS SELECT * FROM src
or INSERT INTO dest SELECT * FROM
src (Tom Lane)
If a table has been modified by ALTER TABLE ADD COLUMN, attempts to copy
its data verbatim to another table could produce corrupt
results in certain corner cases. The problem can only
manifest in this precise form in 8.4 and later, but we
patched earlier versions as well in case there are other
code paths that could trigger the same bug.
Fix possible failures during hot standby startup (Simon Riggs)
Start hot standby faster when initial snapshot is incomplete (Simon Riggs)
Fix race condition during toast table access from stale syscache entries (Tom Lane)
The typical symptom was transient errors like “missing chunk number 0 for toast value NNNNN in pg_toast_2619”, where the cited toast table would always belong to a system catalog.
Track dependencies of functions on items used in parameter default expressions (Tom Lane)
Previously, a referenced object could be dropped
without having dropped or modified the function, leading
to misbehavior when the function was used. Note that
merely installing this update will not fix the missing
dependency entries; to do that, you'd need to
CREATE OR REPLACE each such
function afterwards. If you have functions whose defaults
depend on non-built-in objects, doing so is
recommended.
Fix incorrect management of placeholder variables in nestloop joins (Tom Lane)
This bug is known to lead to “variable not found in subplan target list” planner errors, and could possibly result in wrong query output when outer joins are involved.
Fix window functions that sort by expressions involving aggregates (Tom Lane)
Previously these could fail with “could not find pathkey item to sort” planner errors.
Fix “MergeAppend child's targetlist doesn't match MergeAppend” planner errors (Tom Lane)
Fix index matching for operators with both collatable and noncollatable inputs (Tom Lane)
In 9.1.0, an indexable operator that has a
non-collatable left-hand input type and a collatable
right-hand input type would not be recognized as matching
the left-hand column's index. An example is the
hstore ? text
operator.
Allow inlining of set-returning SQL functions with multiple OUT parameters (Tom Lane)
Don't trust deferred-unique indexes for join removal (Tom Lane and Marti Raudsepp)
A deferred uniqueness constraint might not hold intra-transaction, so assuming that it does could give incorrect query results.
Make DatumGetInetP()
unpack inet datums that have a 1-byte header, and add a
new macro, DatumGetInetPP(), that does not (Heikki
Linnakangas)
This change affects no core code, but might prevent
crashes in add-on code that expects DatumGetInetP() to produce an unpacked
datum as per usual convention.
Improve locale support in money type's input and output (Tom
Lane)
Aside from not supporting all standard lc_monetary formatting options, the
input and output functions were inconsistent, meaning
there were locales in which dumped money values could not be re-read.
Don't let
transform_null_equals
affect CASE foo WHEN NULL
... constructs (Heikki Linnakangas)
transform_null_equals is
only supposed to affect foo =
NULL expressions written directly by the user, not
equality checks generated internally by this form of
CASE.
Change foreign-key trigger creation order to better support self-referential foreign keys (Tom Lane)
For a cascading foreign key that references its own
table, a row update will fire both the ON UPDATE trigger and the CHECK trigger as one event. The
ON UPDATE trigger must
execute first, else the CHECK will check a non-final state of
the row and possibly throw an inappropriate error.
However, the firing order of these triggers is determined
by their names, which generally sort in creation order
since the triggers have auto-generated names following
the convention “RI_ConstraintTrigger_NNNN”. A
proper fix would require modifying that convention, which
we will do in 9.2, but it seems risky to change it in
existing releases. So this patch just changes the
creation order of the triggers. Users encountering this
type of error should drop and re-create the foreign key
constraint to get its triggers into the right order.
Fix IF EXISTS to work
correctly in DROP OPERATOR
FAMILY (Robert Haas)
Disallow dropping of an extension from within its own script (Tom Lane)
This prevents odd behavior in case of incorrect management of extension dependencies.
Don't mark auto-generated types as extension members (Robert Haas)
Relation rowtypes and automatically-generated array
types do not need to have their own extension membership
entries in pg_depend, and
creating such entries complicates matters for extension
upgrades.
Cope with invalid pre-existing search_path settings during CREATE EXTENSION (Tom Lane)
Avoid floating-point underflow while tracking buffer allocation rate (Greg Matthews)
While harmless in itself, on certain platforms this would result in annoying kernel log messages.
Prevent autovacuum transactions from running in serializable mode (Tom Lane)
Autovacuum formerly used the cluster-wide default transaction isolation level, but there is no need for it to use anything higher than READ COMMITTED, and using SERIALIZABLE could result in unnecessary delays for other processes.
Ensure walsender processes respond promptly to SIGTERM (Magnus Hagander)
Exclude postmaster.opts
from base backups (Magnus Hagander)
Preserve configuration file name and line number values when starting child processes under Windows (Tom Lane)
Formerly, these would not be displayed correctly in
the pg_settings view.
Fix incorrect field alignment in ecpg's SQLDA area (Zoltan Boszormenyi)
Preserve blank lines within commands in psql's command history (Robert Haas)
The former behavior could cause problems if an empty line was removed from within a string literal, for example.
Avoid platform-specific infinite loop in pg_dump (Steve Singer)
Fix compression of plain-text output format in pg_dump (Adrian Klaver and Tom Lane)
pg_dump has
historically understood -Z
with no -F switch to mean
that it should emit a gzip-compressed version of its
plain text output. Restore that behavior.
Fix pg_dump to dump user-defined casts between auto-generated types, such as table rowtypes (Tom Lane)
Fix missed quoting of foreign server names in pg_dump (Tom Lane)
Assorted fixes for pg_upgrade (Bruce Momjian)
Handle exclusion constraints correctly, avoid failures on Windows, don't complain about mismatched toast table names in 8.4 databases.
In PL/pgSQL, allow foreign tables to define row types (Alexander Soudakov)
Fix up conversions of PL/Perl functions' results (Alex Hunsaker and Tom Lane)
Restore the pre-9.1 behavior that PL/Perl functions
returning void ignore the
result value of their last Perl statement; 9.1.0 would
throw an error if that statement returned a reference.
Also, make sure it works to return a string value for a
composite type, so long as the string meets the type's
input format. In addition, throw errors for attempts to
return Perl arrays or hashes when the function's declared
result type is not an array or composite type,
respectively. (Pre-9.1 versions rather uselessly returned
strings like ARRAY(0x221a9a0) or HASH(0x221aa90) in such cases.)
Ensure PL/Perl strings are always correctly UTF8-encoded (Amit Khandekar and Alex Hunsaker)
Use the preferred version of xsubpp to build PL/Perl, not necessarily the operating system's main copy (David Wheeler and Alex Hunsaker)
Correctly propagate SQLSTATE in PL/Python exceptions (Mika Eloranta and Jan Urbanski)
Do not install PL/Python extension files for Python major versions other than the one built against (Peter Eisentraut)
Change all the contrib
extension script files to report a useful error message
if they are fed to psql
(Andrew Dunstan and Tom Lane)
This should help teach people about the new method of
using CREATE EXTENSION to
load these files. In most cases, sourcing the scripts
directly would fail anyway, but with harder-to-interpret
messages.
Fix incorrect coding in contrib/dict_int and contrib/dict_xsyn (Tom Lane)
Some functions incorrectly assumed that memory
returned by palloc() is
guaranteed zeroed.
Remove contrib/sepgsql
tests from the regular regression test mechanism (Tom
Lane)
Since these tests require root privileges for setup, they're impractical to run automatically. Switch over to a manual approach instead, and provide a testing script to help with that.
Fix assorted errors in contrib/unaccent's configuration file
parsing (Tom Lane)
Honor query cancel interrupts promptly in pgstatindex() (Robert Haas)
Fix incorrect quoting of log file name in macOS start script (Sidar Lopez)
Revert unintentional enabling of WAL_DEBUG (Robert Haas)
Fortunately, as debugging tools go, this one is pretty cheap; but it's not intended to be enabled by default, so revert.
Ensure VPATH builds properly install all server header files (Peter Eisentraut)
Shorten file names reported in verbose error messages (Peter Eisentraut)
Regular builds have always reported just the name of the C file containing the error message call, but VPATH builds formerly reported an absolute path name.
Fix interpretation of Windows timezone names for Central America (Tom Lane)
Map “Central
America Standard Time” to CST6, not CST6CDT, because DST is generally not
observed anywhere in Central America.
Update time zone data files to tzdata release 2011n for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; also historical corrections for Alaska and British East Africa.
⇑ Upgrade to 9.1.3 released on 2012-02-27 - docs
Require execute permission on the trigger function for
CREATE TRIGGER (Robert
Haas)
This missing check could allow another user to execute
a trigger function with forged input data, by installing
it on a table he owns. This is only of significance for
trigger functions marked SECURITY
DEFINER, since otherwise trigger functions run as
the table owner anyway. (CVE-2012-0866)
Remove arbitrary limitation on length of common name in SSL certificates (Heikki Linnakangas)
Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. (CVE-2012-0867)
Convert newlines to spaces in names written in pg_dump comments (Robert Haas)
pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. (CVE-2012-0868)
Fix btree index corruption from insertions concurrent with vacuuming (Tom Lane)
An index page split caused by an insertion could
sometimes cause a concurrently-running VACUUM to miss removing index entries
that it should remove. After the corresponding table rows
are removed, the dangling index entries would cause
errors (such as “could not read block N in file
...”) or worse, silently wrong query
results after unrelated rows are re-inserted at the
now-free table locations. This bug has been present since
release 8.2, but occurs so infrequently that it was not
diagnosed until now. If you have reason to suspect that
it has happened in your database, reindexing the affected
index will fix things.
Fix transient zeroing of shared buffers during WAL replay (Tom Lane)
The replay logic would sometimes zero and refill a shared buffer, so that the contents were transiently invalid. In hot standby mode this can result in a query that's executing in parallel seeing garbage data. Various symptoms could result from that, but the most common one seems to be “invalid memory alloc request size”.
Fix handling of data-modifying WITH subplans in READ COMMITTED rechecking (Tom Lane)
A WITH clause containing
INSERT/UPDATE/DELETE would crash if the parent
UPDATE or DELETE command needed to be re-evaluated
at one or more rows due to concurrent updates in
READ COMMITTED mode.
Fix corner case in SSI transaction cleanup (Dan Ports)
When finishing up a read-write serializable transaction, a crash could occur if all remaining active serializable transactions are read-only.
Fix postmaster to attempt restart after a hot-standby crash (Tom Lane)
A logic error caused the postmaster to terminate, rather than attempt to restart the cluster, if any backend process crashed while operating in hot standby mode.
Fix CLUSTER/VACUUM FULL handling of toast values
owned by recently-updated rows (Tom Lane)
This oversight could lead to “duplicate key value violates unique constraint” errors being reported against the toast table's index during one of these commands.
Update per-column permissions, not only per-table permissions, when changing table owner (Tom Lane)
Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions.
Support foreign data wrappers and foreign servers in
REASSIGN OWNED (Alvaro
Herrera)
This command failed with “unexpected classid” errors if it needed to change the ownership of any such objects.
Allow non-existent values for some settings in
ALTER USER/DATABASE SET
(Heikki Linnakangas)
Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that
are not known. This is because they might be known in
another database where the setting is intended to be
used, or for the tablespace cases because the tablespace
might not be created yet. The same issue was previously
recognized for search_path,
and these settings now act like that one.
Fix “unsupported node type” error caused
by COLLATE in an
INSERT expression (Tom
Lane)
Avoid crashing when we have problems deleting table files post-commit (Tom Lane)
Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database.
Recover from errors occurring during WAL replay of
DROP TABLESPACE (Tom
Lane)
Replay will attempt to remove the tablespace's directories, but there are various reasons why this might fail (for example, incorrect ownership or permissions on those directories). Formerly the replay code would panic, rendering the database unrestartable without manual intervention. It seems better to log the problem and continue, since the only consequence of failure to remove the directories is some wasted disk space.
Fix race condition in logging AccessExclusiveLocks for hot standby (Simon Riggs)
Sometimes a lock would be logged as being held by “transaction zero”. This is at least known to produce assertion failures on slave servers, and might be the cause of more serious problems.
Track the OID counter correctly during WAL replay, even when it wraps around (Tom Lane)
Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed.
Prevent emitting misleading “consistent recovery state reached” log message at the beginning of crash recovery (Heikki Linnakangas)
Fix initial value of pg_stat_replication.replay_location (Fujii Masao)
Previously, the value shown would be wrong until at least one WAL record had been replayed.
Fix regular expression back-references with
* attached (Tom Lane)
Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol.
A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release.
Fix recently-introduced memory leak in processing of
inet/cidr values (Heikki Linnakangas)
A patch in the December 2011 releases of PostgreSQL caused memory leakage in these operations, which could be significant in scenarios such as building a btree index on such a column.
Fix planner's ability to push down index-expression
restrictions through UNION
ALL (Tom Lane)
This type of optimization was inadvertently disabled by a fix for another problem in 9.1.2.
Fix planning of WITH
clauses referenced in UPDATE/DELETE on an inherited table (Tom
Lane)
This bug led to “could not find plan for CTE” failures.
Fix GIN cost estimation to handle column IN (...) index conditions (Marti
Raudsepp)
This oversight would usually lead to crashes if such a condition could be used with a GIN index.
Prevent assertion failure when exiting a session with an open, failed transaction (Tom Lane)
This bug has no impact on normal builds with asserts not enabled.
Fix dangling pointer after CREATE TABLE AS/SELECT INTO in a SQL-language function
(Tom Lane)
In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible.
Avoid double close of file handle in syslogger on Windows (MauMau)
Ordinarily this error was invisible, but it would cause an exception when running on a debug version of Windows.
Fix I/O-conversion-related memory leaks in plpgsql (Andres Freund, Jan Urbanski, Tom Lane)
Certain operations would leak memory until the end of the current function.
Work around bug in perl's SvPVutf8() function (Andrew Dunstan)
This function crashes when handed a typeglob or
certain read-only objects such as $^V. Make plperl avoid passing those to
it.
In pg_dump, don't dump contents of an extension's configuration tables if the extension itself is not being dumped (Tom Lane)
Improve pg_dump's handling of inherited table columns (Tom Lane)
pg_dump mishandled
situations where a child column has a different default
expression than its parent column. If the default is
textually identical to the parent's default, but not
actually the same (for instance, because of schema search
path differences) it would not be recognized as
different, so that after dump and restore the child would
be allowed to inherit the parent's default. Child columns
that are NOT NULL where
their parent is not could also be restored subtly
incorrectly.
Fix pg_restore's direct-to-database mode for INSERT-style table data (Tom Lane)
Direct-to-database restores from archive files made
with --inserts or
--column-inserts options fail
when using pg_restore
from a release dated September or December 2011, as a
result of an oversight in a fix for another problem. The
archive file itself is not at fault, and text-mode output
is okay.
Teach pg_upgrade to handle renaming of plpython's shared library (Bruce Momjian)
Upgrading a pre-9.1 database that included plpython would fail because of this oversight.
Allow pg_upgrade to
process tables containing regclass columns (Bruce Momjian)
Since pg_upgrade now
takes care to preserve pg_class OIDs, there was no longer
any reason for this restriction.
Make libpq ignore
ENOTDIR errors when looking
for an SSL client certificate file (Magnus Hagander)
This allows SSL connections to be established, though
without a certificate, even when the user's home
directory is set to something like /dev/null.
Fix some more field alignment issues in ecpg's SQLDA area (Zoltan Boszormenyi)
Allow AT option in
ecpg DEALLOCATE statements (Michael
Meskes)
The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case.
Do not use the variable name when defining a varchar structure in ecpg (Michael Meskes)
Fix contrib/auto_explain's JSON output mode
to produce valid JSON (Andrew Dunstan)
The output used brackets at the top level, when it should have used braces.
Fix error in contrib/intarray's int[] & int[] operator (Guillaume
Lelarge)
If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result.
Fix error detection in contrib/pgcrypto's encrypt_iv() and decrypt_iv() (Marko Kreen)
These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input.
Fix one-byte buffer overrun in contrib/test_parser (Paul Guyot)
The code would try to read one more byte than it
should, which would crash in corner cases. Since
contrib/test_parser is only
example code, this is not a security issue in itself, but
bad example code is still bad.
Use __sync_lock_test_and_set() for
spinlocks on ARM, if available (Martin Pitt)
This function replaces our previous use of the
SWPB instruction, which is
deprecated and not available on ARMv6 and later. Reports
suggest that the old code doesn't fail in an obvious way
on recent ARM boards, but simply doesn't interlock
concurrent accesses, leading to bizarre failures in
multiprocess operation.
Use -fexcess-precision=standard option when
building with gcc versions that accept it (Andrew
Dunstan)
This prevents assorted scenarios wherein recent versions of gcc will produce creative results.
Allow use of threaded Python on FreeBSD (Chris Rees)
Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check.
Allow MinGW builds to use standardly-named OpenSSL libraries (Tomasz Ostrowski)
⇑ Upgrade to 9.1.4 released on 2012-06-04 - docs
Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer)
If a password string contained the byte value
0x80, the remainder of the
password was ignored, causing the password to be much
weaker than it appeared. With this fix, the rest of the
string is properly included in the DES hash. Any stored
password values that are affected by this bug will thus
no longer match, so the stored values may need to be
updated. (CVE-2012-2143)
Ignore SECURITY DEFINER
and SET attributes for a
procedural language's call handler (Tom Lane)
Applying such attributes to a call handler could crash the server. (CVE-2012-2655)
Make contrib/citext's
upgrade script fix collations of citext arrays and domains over citext (Tom Lane)
Release 9.1.2 provided a fix for collations of
citext columns and indexes in
databases upgraded or reloaded from pre-9.1
installations, but that fix was incomplete: it neglected
to handle arrays and domains over citext. This release extends the module's
upgrade script to handle these cases. As before, if you
have already run the upgrade script, you'll need to run
the collation update commands by hand instead. See the
9.1.2 release notes for more information about doing
this.
Allow numeric timezone offsets in timestamp input to be up to 16 hours away
from UTC (Tom Lane)
Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload.
Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone (Tom Lane)
This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions.
Fix text to name and char to
name casts to perform string
truncation correctly in multibyte encodings (Karl
Schnaitter)
Fix memory copying bug in to_tsquery() (Heikki Linnakangas)
Ensure txid_current()
reports the correct epoch when executed in hot standby
(Simon Riggs)
Fix planner's handling of outer PlaceHolderVars within subqueries (Tom Lane)
This bug concerns sub-SELECTs that reference variables coming from the nullable side of an outer join of the surrounding query. In 9.1, queries affected by this bug would fail with “ERROR: Upper-level PlaceHolderVar found where not expected”. But in 9.0 and 8.4, you'd silently get possibly-wrong answers, since the value transmitted into the subquery wouldn't go to null when it should.
Fix planning of UNION ALL
subqueries with output columns that are not simple
variables (Tom Lane)
Planning of such cases got noticeably worse in 9.1 as a result of a misguided fix for “MergeAppend child's targetlist doesn't match MergeAppend” errors. Revert that fix and do it another way.
Fix slow session startup when pg_attribute is very large (Tom
Lane)
If pg_attribute
exceeds one-fourth of shared_buffers, cache rebuilding code
that is sometimes needed during session start would
trigger the synchronized-scan logic, causing it to take
many times longer than normal. The problem was
particularly acute if many new sessions were starting at
once.
Ensure sequential scans check for query cancel reasonably often (Merlin Moncure)
A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile.
Ensure the Windows implementation of PGSemaphoreLock() clears ImmediateInterruptOK before returning
(Tom Lane)
This oversight meant that a query-cancel interrupt received later in the same query could be accepted at an unsafe time, with unpredictable but not good consequences.
Show whole-row variables safely when printing views or rules (Abbas Butt, Tom Lane)
Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast.
Fix COPY FROM to properly
handle null marker strings that correspond to invalid
encoding (Tom Lane)
A null marker string such as E'\\0' should work, and did work in the
past, but the case got broken in 8.4.
Fix EXPLAIN VERBOSE for
writable CTEs containing RETURNING clauses (Tom Lane)
Fix PREPARE TRANSACTION
to work correctly in the presence of advisory locks (Tom
Lane)
Historically, PREPARE
TRANSACTION has simply ignored any session-level
advisory locks the session holds, but this case was
accidentally broken in 9.1.
Fix truncation of unlogged tables (Robert Haas)
Ignore missing schemas during non-interactive
assignments of search_path
(Tom Lane)
This re-aligns 9.1's behavior with that of older
branches. Previously 9.1 would throw an error for
nonexistent schemas mentioned in search_path settings obtained from
places such as ALTER DATABASE
SET.
Fix bugs with temporary or transient tables used in extension scripts (Tom Lane)
This includes cases such as a rewriting ALTER TABLE within an extension update
script, since that uses a transient table behind the
scenes.
Ensure autovacuum worker processes perform stack depth checking properly (Heikki Linnakangas)
Previously, infinite recursion in a function invoked
by auto-ANALYZE could crash
worker processes.
Fix logging collector to not lose log coherency under high load (Andrew Dunstan)
The collector previously could fail to reassemble large messages if it got too busy.
Fix logging collector to ensure it will restart file rotation after receiving SIGHUP (Tom Lane)
Fix “too many LWLocks taken” failure in GiST indexes (Heikki Linnakangas)
Fix WAL replay logic for GIN indexes to not fail if the index was subsequently dropped (Tom Lane)
Correctly detect SSI conflicts of prepared transactions after a crash (Dan Ports)
Avoid synchronous replication delay when committing a transaction that only modified temporary tables (Heikki Linnakangas)
In such a case the transaction's commit record need not be flushed to standby servers, but some of the code didn't know that and waited for it to happen anyway.
Fix error handling in pg_basebackup (Thomas Ogrisegg, Fujii Masao)
Fix walsender to not go into a busy loop if connection is terminated (Fujii Masao)
Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe Conway)
Fix PL/pgSQL's GET
DIAGNOSTICS command when the target is the
function's first variable (Tom Lane)
Ensure that PL/Perl package-qualifies the _TD variable (Alex Hunsaker)
This bug caused trigger invocations to fail when they are nested within a function invocation that changes the current package.
Fix PL/Python functions returning composite types to accept a string for their result value (Jan Urbanski)
This case was accidentally broken by the 9.1 additions to allow a composite result value to be supplied in other formats, such as dictionaries.
Fix potential access off the end of memory in
psql's expanded display
(\x) mode (Peter
Eisentraut)
Fix several performance problems in pg_dump when the database contains many objects (Jeff Janes, Tom Lane)
pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences.
Fix memory and file descriptor leaks in pg_restore when reading a directory-format archive (Peter Eisentraut)
Fix pg_upgrade for the case that a database stored in a non-default tablespace contains a table in the cluster's default tablespace (Bruce Momjian)
In ecpg, fix rare
memory leaks and possible overwrite of one byte after the
sqlca_t structure (Peter
Eisentraut)
Fix contrib/dblink's
dblink_exec() to not leak
temporary database connections upon error (Tom Lane)
Fix contrib/dblink to
report the correct connection name in error messages
(Kyotaro Horiguchi)
Fix contrib/vacuumlo to
use multiple transactions when dropping many large
objects (Tim Lewis, Robert Haas, Tom Lane)
This change avoids exceeding max_locks_per_transaction when many
objects need to be dropped. The behavior can be adjusted
with the new -l (limit)
option.
Update time zone data files to tzdata release 2012c for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; also historical corrections for Canada.
⇑ Upgrade to 9.1.5 released on 2012-08-17 - docs
Prevent access to external files/URLs via XML entity references (Noah Misch, Tom Lane)
xml_parse() would
attempt to fetch external files or URLs as needed to
resolve DTD and entity references in an XML value, thus
allowing unprivileged database users to attempt to fetch
data with the privileges of the database server. While
the external data wouldn't get returned directly to the
user, portions of it could be exposed in error messages
if the data didn't parse as valid XML; and in any case
the mere ability to check existence of a file might be
useful to an attacker. (CVE-2012-3489)
Prevent access to external files/URLs via contrib/xml2's xslt_process() (Peter Eisentraut)
libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. Disable that through proper use of libxslt's security options. (CVE-2012-3488)
Also, remove xslt_process()'s ability to fetch
documents and stylesheets from external files/URLs. While
this was a documented “feature”, it was long regarded as a
bad idea. The fix for CVE-2012-3489 broke that
capability, and rather than expend effort on trying to
fix it, we're just going to summarily remove it.
Prevent too-early recycling of btree index pages (Noah Misch)
When we allowed read-only transactions to skip assigning XIDs, we introduced the possibility that a deleted btree page could be recycled while a read-only transaction was still in flight to it. This would result in incorrect index search results. The probability of such an error occurring in the field seems very low because of the timing requirements, but nonetheless it should be fixed.
Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane)
If ALTER SEQUENCE was
executed on a freshly created or reset sequence, and then
precisely one nextval()
call was made on it, and then the server crashed, WAL
replay would restore the sequence to a state in which it
appeared that no nextval()
had been done, thus allowing the first sequence value to
be returned again by the next nextval() call. In particular this
could manifest for serial
columns, since creation of a serial column's sequence
includes an ALTER SEQUENCE OWNED
BY step.
Fix race condition in enum-type value comparisons (Robert
Haas, Tom Lane)
Comparisons could fail when encountering an enum value added since the current query started.
Fix txid_current() to
report the correct epoch when not in hot standby (Heikki
Linnakangas)
This fixes a regression introduced in the previous minor release.
Prevent selection of unsuitable replication connections as the synchronous standby (Fujii Masao)
The master might improperly choose pseudo-servers such as pg_receivexlog or pg_basebackup as the synchronous standby, and then wait indefinitely for them.
Fix bug in startup of Hot Standby when a master transaction has many subtransactions (Andres Freund)
This mistake led to failures reported as “out-of-order XID insertion in KnownAssignedXids”.
Ensure the backup_label
file is fsync'd after pg_start_backup() (Dave Kerr)
Fix timeout handling in walsender processes (Tom Lane)
WAL sender background processes neglected to establish a SIGALRM handler, meaning they would wait forever in some corner cases where a timeout ought to happen.
Wake walsenders after each background flush by walwriter (Andres Freund, Simon Riggs)
This greatly reduces replication delay when the workload contains only asynchronously-committed transactions.
Fix LISTEN/NOTIFY to cope better with I/O problems,
such as out of disk space (Tom Lane)
After a write failure, all subsequent attempts to send
more NOTIFY messages would
fail with messages like “Could not read from file "pg_notify/nnnn" at offset
nnnnn:
Success”.
Only allow autovacuum to be auto-canceled by a directly blocked process (Tom Lane)
The original coding could allow inconsistent behavior
in some cases; in particular, an autovacuum could get
canceled after less than deadlock_timeout grace period.
Improve logging of autovacuum cancels (Robert Haas)
Fix log collector so that log_truncate_on_rotation works during
the very first log rotation after server start (Tom
Lane)
Fix WITH attached to a
nested set operation (UNION/INTERSECT/EXCEPT) (Tom Lane)
Ensure that a whole-row reference to a subquery
doesn't include any extra GROUP
BY or ORDER BY
columns (Tom Lane)
Fix dependencies generated during ALTER TABLE ... ADD CONSTRAINT USING
INDEX (Tom Lane)
This command left behind a redundant pg_depend entry for the index, which
could confuse later operations, notably ALTER TABLE ... ALTER COLUMN TYPE on one
of the indexed columns.
Fix REASSIGN OWNED to
work on extensions (Alvaro Herrera)
Disallow copying whole-row references in CHECK constraints and index definitions
during CREATE TABLE (Tom
Lane)
This situation can arise in CREATE TABLE with LIKE or INHERITS. The copied whole-row variable
was incorrectly labeled with the row type of the original
table not the new one. Rejecting the case seems
reasonable for LIKE, since
the row types might well diverge later. For INHERITS we should ideally allow it,
with an implicit coercion to the parent table's row type;
but that will require more work than seems safe to
back-patch.
Fix memory leak in ARRAY(SELECT
...) subqueries (Heikki Linnakangas, Tom Lane)
Fix planner to pass correct collation to operator selectivity estimators (Tom Lane)
This was not previously required by any core selectivity estimation function, but third-party code might need it.
Fix extraction of common prefixes from regular expressions (Tom Lane)
The code could get confused by quantified
parenthesized subexpressions, such as ^(foo)?bar. This would lead to incorrect
index optimization of searches for such patterns.
Fix bugs with parsing signed hh:mm and hh:mm:ss fields in interval constants (Amit Kapila, Tom
Lane)
Fix pg_dump to better
handle views containing partial GROUP BY lists (Tom Lane)
A view that lists only a primary key column in
GROUP BY, but uses other
table columns as if they were grouped, gets marked as
depending on the primary key. Improper handling of such
primary key dependencies in pg_dump resulted in poorly-ordered
dumps, which at best would be inefficient to restore and
at worst could result in outright failure of a parallel
pg_restore run.
In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding (Alex Hunsaker, Kyotaro Horiguchi, Alvaro Herrera)
Use Postgres' encoding conversion functions, not Python's, when converting a Python Unicode string to the server encoding in PL/Python (Jan Urbanski)
This avoids some corner-case problems, notably that Python doesn't support all the encodings Postgres does. A notable functional change is that if the server encoding is SQL_ASCII, you will get the UTF-8 representation of the string; formerly, any non-ASCII characters in the string would result in an error.
Fix mapping of PostgreSQL encodings to Python encodings in PL/Python (Jan Urbanski)
Report errors properly in contrib/xml2's xslt_process() (Tom Lane)
Update time zone data files to tzdata release 2012e for DST law changes in Morocco and Tokelau
⇑ Upgrade to 9.2 released on 2012-09-10 - docs
Allow queries to retrieve data only from indexes, avoiding heap access (Robert Haas, Ibrar Ahmed, Heikki Linnakangas, Tom Lane)
This feature is often called index-only scans. Heap access can be skipped for heap pages containing only tuples that are visible to all sessions, as reported by the visibility map; so the benefit applies mainly to mostly-static data. The visibility map was made crash-safe as a necessary part of implementing this feature.
Add the SP-GiST (Space-Partitioned GiST) index access method (Teodor Sigaev, Oleg Bartunov, Tom Lane)
SP-GiST is comparable to GiST in flexibility, but supports unbalanced partitioned search structures rather than balanced trees. For suitable problems, SP-GiST can be faster than GiST in both index build time and search time.
Allow group commit to work effectively under heavy load (Peter Geoghegan, Simon Riggs, Heikki Linnakangas)
Previously, batching of commits became ineffective as the write workload increased, because of internal lock contention.
Allow uncontended locks to be managed using a new fast-path lock mechanism (Robert Haas)
Reduce overhead of creating virtual transaction ID locks (Robert Haas)
Reduce the overhead of serializable isolation level locks (Dan Ports)
Improve PowerPC and Itanium spinlock performance (Manabu Ori, Robert Haas, Tom Lane)
Reduce overhead for shared invalidation cache messages (Robert Haas)
Move the frequently accessed members of the
PGPROC shared memory
array to a separate array (Pavan Deolasee, Heikki
Linnakangas, Robert Haas)
Improve COPY
performance by adding tuples to the heap in batches
(Heikki Linnakangas)
Improve GiST index performance for geometric data types by producing better trees with less memory allocation overhead (Alexander Korotkov)
Improve GiST index build times (Alexander Korotkov, Heikki Linnakangas)
Allow hint bits to be set sooner for temporary and unlogged tables (Robert Haas)
Allow sorting to be performed by inlined, non-SQL-callable comparison functions (Peter Geoghegan, Robert Haas, Tom Lane)
Make the number of CLOG buffers scale based on
shared_buffers (Robert Haas, Simon Riggs,
Tom Lane)
Improve performance of buffer pool scans that occur when tables or databases are dropped (Jeff Janes, Simon Riggs)
Improve performance of checkpointer's fsync-request queue when many tables are being dropped or truncated (Tom Lane)
Pass the safe number of file descriptors to child processes on Windows (Heikki Linnakangas)
This allows Windows sessions to use more open file descriptors than before.
Create a dedicated background process to perform checkpoints (Simon Riggs)
Formerly the background writer did both dirty-page writing and checkpointing. Separating this into two processes allows each goal to be accomplished more predictably.
Improve asynchronous commit behavior by waking the walwriter sooner (Simon Riggs)
Previously, only
wal_writer_delay triggered WAL flushing to disk; now filling
a WAL buffer also
triggers WAL
writes.
Allow the bgwriter, walwriter, checkpointer, statistics collector, log collector, and archiver background processes to sleep more efficiently during periods of inactivity (Peter Geoghegan, Tom Lane)
This series of changes reduces the frequency of process wake-ups when there is nothing to do, dramatically reducing power consumption on idle servers.
Allow the planner to generate custom plans for specific parameter values even when using prepared statements (Tom Lane)
In the past, a prepared statement always had a single “generic” plan that was used for all parameter values, which was frequently much inferior to the plans used for non-prepared statements containing explicit constant values. Now, the planner attempts to generate custom plans for specific parameter values. A generic plan will only be used after custom plans have repeatedly proven to provide no benefit. This change should eliminate the performance penalties formerly seen from use of prepared statements (including non-dynamic statements in PL/pgSQL).
Improve the planner's ability to use nested loops with inner index scans (Tom Lane)
The new “parameterized path” mechanism allows inner index scans to use values from relations that are more than one join level up from the scan. This can greatly improve performance in situations where semantic restrictions (such as outer joins) limit the allowed join orderings.
Improve the planning API for foreign data wrappers (Etsuro Fujita, Shigeru Hanada, Tom Lane)
Wrappers can now provide multiple access “paths” for their tables, allowing more flexibility in join planning.
Recognize self-contradictory restriction clauses for non-table relations (Tom Lane)
This check is only performed when
constraint_exclusion is on.
Allow indexed_col op
ANY(ARRAY[...]) conditions to be used in plain
index scans and index-only scans (Tom Lane)
Formerly such conditions could only be used in bitmap index scans.
Support MIN/MAX index optimizations on
boolean columns (Marti
Raudsepp)
Account for set-returning functions in
SELECT target lists when
setting row count estimates (Tom Lane)
Fix planner to handle indexes with duplicated columns more reliably (Tom Lane)
Collect and use element-frequency statistics for arrays (Alexander Korotkov, Tom Lane)
This change improves selectivity estimation for
the array <@,
&&, and
@> operators (array
containment and overlaps).
Allow statistics to be collected for foreign tables (Etsuro Fujita)
Improve cost estimates for use of partial indexes (Tom Lane)
Improve the planner's ability to use statistics for columns referenced in subqueries (Tom Lane)
Improve statistical estimates for subqueries using
DISTINCT (Tom Lane)
Do not treat role names and samerole specified in pg_hba.conf as automatically
including superusers (Andrew Dunstan)
This makes it easier to use reject lines with group roles.
Adjust pg_hba.conf
processing to handle token parsing more consistently
(Brendan Jurd, Álvaro Herrera)
Disallow empty pg_hba.conf files (Tom Lane)
This was done to more quickly detect misconfiguration.
Make superuser privilege imply replication privilege (Noah Misch)
This avoids the need to explicitly assign such privileges.
Attempt to log the current query string during a backend crash (Marti Raudsepp)
Make logging of autovacuum I/O activity more verbose (Greg Smith, Noah Misch)
This logging is triggered by
log_autovacuum_min_duration.
Make WAL replay report failures sooner (Fujii Masao)
There were some cases where failures were only reported once the server went into master mode.
Add pg_xlog_location_diff() to
simplify WAL location comparisons (Euler Taveira de
Oliveira)
This is useful for computing replication lag.
Support configurable event log application names on Windows (MauMau, Magnus Hagander)
This allows different instances to use the event
log with different identifiers, by setting the
event_source server parameter, which is
similar to how
syslog_ident works.
Change “unexpected EOF” messages to
DEBUG1 level, except
when there is an open transaction (Magnus
Hagander)
This change reduces log chatter caused by applications that close database connections ungracefully.
Track temporary file sizes and file counts in the
pg_stat_database system view (Tomas
Vondra)
Add a deadlock counter to the pg_stat_database system view
(Magnus Hagander)
Add a server parameter
track_io_timing to track I/O timings (Ants
Aasma, Robert Haas)
Report checkpoint timing information in
pg_stat_bgwriter (Greg Smith, Peter
Geoghegan)
Silently ignore nonexistent schemas specified in
search_path (Tom Lane)
This makes it more convenient to use generic path settings, which might include some schemas that don't exist in all databases.
Allow superusers to set
deadlock_timeout per-session, not just
per-cluster (Noah Misch)
This allows deadlock_timeout to be reduced for
transactions that are likely to be involved in a
deadlock, thus detecting the failure more quickly.
Alternatively, increasing the value can be used to
reduce the chances of a session being chosen for
cancellation due to a deadlock.
Add a server parameter
temp_file_limit to constrain temporary
file space usage per session (Mark Kirkwood)
Allow a superuser to SET an extension's superuser-only
custom variable before loading the associated
extension (Tom Lane)
The system now remembers whether a SET was performed by a superuser, so
that proper privilege checking can be done when the
extension is loaded.
Add postmaster -C option to query configuration
parameters (Bruce Momjian)
This allows pg_ctl to better handle cases
where PGDATA or
-D points to a
configuration-only directory.
Replace an empty locale name with the implied
value in CREATE DATABASE
(Tom Lane)
This prevents cases where pg_database.datcollate or datctype could be interpreted
differently after a server restart.
Allow multiple errors in postgresql.conf to be reported,
rather than just the first one (Alexey Klyukin, Tom
Lane)
Allow a reload of postgresql.conf to be processed
by all sessions, even if there are some settings
that are invalid for particular sessions (Alexey
Klyukin)
Previously, such not-valid-within-session values would cause all setting changes to be ignored by that session.
Add an include_if_exists facility for
configuration files (Greg Smith)
This works the same as include, except that an error is
not thrown if the file is missing.
Identify the server time zone during
initdb, and set
postgresql.conf
entries
timezone and
log_timezone accordingly (Tom Lane)
This avoids expensive time zone probes during server start.
Fix pg_settings to report
postgresql.conf line
numbers on Windows (Tom Lane)
Allow streaming replication slaves to forward data to other slaves (cascading replication) (Fujii Masao)
Previously, only the master server could supply streaming replication log files to standby servers.
Add new
synchronous_commit mode remote_write (Fujii Masao, Simon
Riggs)
This mode waits for the standby server to write transaction data to its own operating system, but does not wait for the data to be flushed to the standby's disk.
Add a pg_receivexlog tool to archive WAL file changes as they are written, rather than waiting for completed WAL files (Magnus Hagander)
Allow pg_basebackup to make base backups from standby servers (Jun Ishizuka, Fujii Masao)
This feature lets the work of making new base backups be off-loaded from the primary server.
Allow streaming of WAL files while pg_basebackup is performing a backup (Magnus Hagander)
This allows passing of WAL files to the standby before they are discarded on the primary.
Cancel the running query if the client gets disconnected (Florian Pflug)
If the backend detects loss of client connection during a query, it will now cancel the query rather than attempting to finish it.
Retain column names at run time for row expressions (Andrew Dunstan, Tom Lane)
This change allows better results when a row value
is converted to hstore or
json type: the fields of the
resulting value will now have the expected names.
Improve column labels used for sub-SELECT results (Marti Raudsepp)
Previously, the generic label ?column? was used.
Improve heuristics for determining the types of unknown values (Tom Lane)
The longstanding rule that an unknown constant might have the same type as the value on the other side of the operator using it is now applied when considering polymorphic operators, not only for simple operator matches.
Warn about creating casts to or from domain types (Robert Haas)
Such casts have no effect.
When a row fails a CHECK or NOT
NULL constraint, show the row's contents as
error detail (Jan Kundrát)
This should make it easier to identify which row is problematic when an insert or update is processing many rows.
Provide more reliable operation during concurrent DDL (Robert Haas, Noah Misch)
This change adds locking that should eliminate “cache lookup failed” errors in many scenarios. Also, it is no longer possible to add relations to a schema that is being concurrently dropped, a scenario that formerly led to inconsistent system catalog contents.
Add CONCURRENTLY option
to DROP
INDEX (Simon Riggs)
This allows index removal without blocking other sessions.
Allow foreign data wrappers to have per-column options (Shigeru Hanada)
Improve pretty-printing of view definitions (Andrew Dunstan)
Allow CHECK constraints to be declared
NOT VALID (Álvaro
Herrera)
Adding a NOT VALID
constraint does not cause the table to be scanned to
verify that existing rows meet the constraint.
Subsequently, newly added or updated rows are
checked. Such constraints are ignored by the planner
when considering constraint_exclusion, since it is
not certain that all rows meet the constraint.
The new ALTER TABLE
VALIDATE command allows NOT VALID constraints to be checked
for existing rows, after which they are converted
into ordinary constraints.
Allow CHECK
constraints to be declared NO
INHERIT (Nikhil Sontakke, Alex Hunsaker,
Álvaro Herrera)
This makes them enforceable only on the parent table, not on child tables.
Add the ability to rename constraints (Peter Eisentraut)
Reduce need to rebuild tables and indexes for
certain ALTER
TABLE ... ALTER
COLUMN TYPE operations (Noah Misch)
Increasing the length limit for a varchar or varbit column, or removing the limit
altogether, no longer requires a table rewrite.
Similarly, increasing the allowable precision of a
numeric column, or changing
a column from constrained numeric to unconstrained numeric, no longer requires a table
rewrite. Table rewrites are also avoided in similar
cases involving the interval, timestamp, and timestamptz types.
Avoid having ALTER
TABLE revalidate foreign key constraints
in some cases where it is not necessary (Noah
Misch)
Add IF EXISTS options
to some ALTER commands
(Pavel Stehule)
For example, ALTER FOREIGN
TABLE IF EXISTS foo RENAME TO bar.
Add ALTER FOREIGN DATA WRAPPER ...
RENAME and ALTER
SERVER ... RENAME (Peter Eisentraut)
Add ALTER
DOMAIN ... RENAME (Peter Eisentraut)
You could already rename domains using
ALTER TYPE.
Throw an error for ALTER
DOMAIN ... DROP
CONSTRAINT on a nonexistent constraint (Peter
Eisentraut)
An IF EXISTS option
has been added to provide the previous behavior.
Allow CREATE TABLE (LIKE
...) from foreign tables, views, and composite
types (Peter Eisentraut)
For example, this allows a table to be created whose schema matches a view.
Fix CREATE TABLE (LIKE
...) to avoid index name conflicts when
copying index comments (Tom Lane)
Fix CREATE TABLE ...
AS EXECUTE to handle
WITH NO DATA and column
name specifications (Tom Lane)
Add a security_barrier option for
views (KaiGai Kohei, Robert Haas)
This option prevents optimizations that might
allow view-protected data to be exposed to users, for
example pushing a clause involving an insecure
function into the WHERE
clause of the view. Such views can be expected to
perform more poorly than ordinary views.
Add a new LEAKPROOF function attribute to
mark functions that can safely be pushed down into
security_barrier views
(KaiGai Kohei)
Add support for privileges on data types (Peter Eisentraut)
This adds support for the SQL-conforming USAGE privilege on types and
domains. The intent is to be able to restrict which
users can create dependencies on types, since such
dependencies limit the owner's ability to alter the
type.
Check for INSERT
privileges in SELECT
INTO / CREATE TABLE
AS (KaiGai Kohei)
Because the object is being created by
SELECT INTO or
CREATE TABLE AS, the
creator would ordinarily have insert permissions; but
there are corner cases where this is not true, such
as when ALTER DEFAULT
PRIVILEGES has removed such permissions.
Allow VACUUM to
more easily skip pages that cannot be locked (Simon
Riggs, Robert Haas)
This change should greatly reduce the incidence of
VACUUM getting
“stuck” waiting for other
sessions.
Make EXPLAIN
(BUFFERS) count blocks
dirtied and written (Robert Haas)
Make EXPLAIN ANALYZE
report the number of rows rejected by filter steps
(Marko Tiikkaja)
Allow EXPLAIN ANALYZE
to avoid timing overhead when time values are not
wanted (Tomas Vondra)
This is accomplished by setting the new TIMING option to FALSE.
Add support for range data types (Jeff Davis, Tom Lane, Alexander Korotkov)
A range data type stores a lower and upper bound belonging to its base data type. It supports operations like contains, overlaps, and intersection.
Add a JSON data type (Robert Haas)
This type stores JSON (JavaScript Object Notation) data with proper validation.
Add
array_to_json() and row_to_json() (Andrew Dunstan)
Add a SMALLSERIAL data type (Mike
Pultz)
This is like SERIAL,
except it stores the sequence in a two-byte integer
column (int2).
Allow domains to be declared
NOT VALID (Álvaro
Herrera)
This option can be set at domain creation time, or
via ALTER DOMAIN ...
ADD CONSTRAINT ...
NOT VALID. ALTER DOMAIN ... VALIDATE CONSTRAINT fully validates
the constraint.
Support more locale-specific formatting options for
the money data type (Tom Lane)
Specifically, honor all the POSIX options for ordering of the value, sign, and currency symbol in monetary output. Also, make sure that the thousands separator is only inserted to the left of the decimal point, as required by POSIX.
Add bitwise “and”, “or”, and
“not” operators for the
macaddr data type (Brendan
Jurd)
Allow xpath() to return a
single-element XML
array when supplied a scalar value (Florian Pflug)
Previously, it returned an empty array. This change
will also cause xpath_exists() to return true, not
false, for such expressions.
Improve XML error handling to be more robust (Florian Pflug)
Allow non-superusers to use pg_cancel_backend() and pg_terminate_backend() on other
sessions belonging to the same user (Magnus Hagander,
Josh Kupershmidt, Dan Farina)
Previously only superusers were allowed to use these functions.
Allow importing and exporting of transaction snapshots (Joachim Wieland, Tom Lane)
This allows multiple transactions to share identical
views of the database state. Snapshots are exported via
pg_export_snapshot() and imported via
SET TRANSACTION
SNAPSHOT. Only snapshots from
currently-running transactions can be imported.
Support
COLLATION FOR on
expressions (Peter Eisentraut)
This returns a string representing the collation of the expression.
Add
pg_opfamily_is_visible() (Josh
Kupershmidt)
Add a numeric variant of
pg_size_pretty() for use with pg_xlog_location_diff() (Fujii
Masao)
Add a
pg_trigger_depth() function (Kevin
Grittner)
This reports the current trigger call depth.
Allow
string_agg() to
process bytea values (Pavel
Stehule)
Fix regular expressions in which a back-reference occurs within a larger quantified subexpression (Tom Lane)
For example, ^(\w+)(
\1)+$. Previous releases did not check that the
back-reference actually matched the first
occurrence.
Add information schema views role_udt_grants, udt_privileges, and user_defined_types (Peter
Eisentraut)
Add composite-type attributes to the information
schema element_types
view (Peter Eisentraut)
Implement interval_type columns in the
information schema (Peter Eisentraut)
Formerly these columns read as nulls.
Implement collation-related columns in the
information schema attributes, columns, domains, and element_types views (Peter
Eisentraut)
Implement the with_hierarchy column in the
information schema table_privileges view (Peter
Eisentraut)
Add display of sequence USAGE privileges to information schema
(Peter Eisentraut)
Make the information schema show default privileges (Peter Eisentraut)
Previously, non-empty default permissions were not represented in the views.
Allow the PL/pgSQL OPEN cursor command to supply
parameters by name (Yeb Havinga)
Add a GET STACKED
DIAGNOSTICS PL/pgSQL command to retrieve
exception info (Pavel Stehule)
Speed up PL/pgSQL array assignment by caching type information (Pavel Stehule)
Improve performance and memory consumption for
long chains of ELSIF
clauses (Tom Lane)
Output the function signature, not just the name, in PL/pgSQL error messages (Pavel Stehule)
Add PL/Python SPI cursor support (Jan Urbanski)
This allows PL/Python to read partial result sets.
Add result metadata functions to PL/Python (Peter Eisentraut)
Specifically, this adds result object functions
.colnames, .coltypes, and .coltypmods.
Remove support for Python 2.2 (Peter Eisentraut)
Allow SQL-language functions to reference parameters by name (Matthew Draper)
To use this, simply name the function arguments and then reference the argument names in the SQL function body.
Add initdb
options --auth-local and
--auth-host (Peter
Eisentraut)
This allows separate control of local and host pg_hba.conf authentication settings.
--auth still controls
both.
Add --replication/--no-replication flags to createuser to control
replication permission (Fujii Masao)
Add the --if-exists
option to dropdb
and dropuser (Josh
Kupershmidt)
Give command-line tools the ability to specify the
name of the database to connect to, and fall back to
template1 if a
postgres database
connection fails (Robert Haas)
Add a display mode to auto-expand output based on the display width (Peter Eisentraut)
This adds the auto
option to the \x
command, which switches to the expanded mode when the
normal output would be wider than the screen.
Allow inclusion of a script file that is named relative to the directory of the file from which it was invoked (Gurjeet Singh)
This is done with a new command \ir.
Add support for non-ASCII characters in psql variable names (Tom Lane)
Add support for major-version-specific
.psqlrc files (Bruce
Momjian)
psql already
supported minor-version-specific .psqlrc files.
Provide environment variable overrides for psql history and startup file locations (Andrew Dunstan)
PSQL_HISTORY and
PSQLRC now determine these
file names if set.
Add a \setenv command
to modify the environment variables passed to child
processes (Andrew Dunstan)
Name psql's
temporary editor files with a .sql extension (Peter
Eisentraut)
This allows extension-sensitive editors to select the right mode.
Allow psql to use zero-byte field and record separators (Peter Eisentraut)
Various shell tools use zero-byte (NUL) separators, e.g. find.
Make the \timing
option report times for failed queries (Magnus
Hagander)
Previously times were reported only for successful queries.
Unify and tighten psql's treatment of \copy and SQL COPY (Noah Misch)
This fix makes failure behavior more predictable
and honors \set
ON_ERROR_ROLLBACK.
Make \d on a sequence
show the table/column name owning it (Magnus
Hagander)
Show statistics target for columns in \d+ (Magnus Hagander)
Show role password expiration dates in
\du (Fabrízio de Royes
Mello)
Display comments for casts, conversions, domains, and languages (Josh Kupershmidt)
These are included in the output of \dC+, \dc+, \dD+, and \dL respectively.
Display comments for SQL/MED objects (Josh Kupershmidt)
These are included in the output of \des+, \det+, and \dew+ for foreign servers, foreign
tables, and foreign data wrappers respectively.
Change \dd to display
comments only for object types without their own
backslash command (Josh Kupershmidt)
In psql tab
completion, complete SQL keywords in either upper or
lower case according to the new COMP_KEYWORD_CASE setting (Peter
Eisentraut)
Add tab completion support for EXECUTE (Andreas Karlsson)
Allow tab completion of role references in
GRANT/REVOKE (Peter Eisentraut)
Allow tab completion of file names to supply quotes, when necessary (Noah Misch)
Change tab completion support for TABLE to also include views (Magnus
Hagander)
Add an --exclude-table-data option to
pg_dump (Andrew
Dunstan)
This allows dumping of a table's definition but not its data, on a per-table basis.
Add a --section option
to pg_dump and
pg_restore (Andrew
Dunstan)
Valid values are pre-data, data, and post-data. The option can be given
more than once to select two or more sections.
Make pg_dumpall dump all roles first, then all configuration settings on roles (Phil Sorber)
This allows a role's configuration settings to mention other roles without generating an error.
Allow pg_dumpall
to avoid errors if the postgres database is missing in the
new cluster (Robert Haas)
Dump foreign server user mappings in user name order (Peter Eisentraut)
This helps produce deterministic dump files.
Dump operators in a predictable order (Peter Eisentraut)
Tighten rules for when extension configuration tables are dumped by pg_dump (Tom Lane)
Make pg_dump emit more useful dependency information (Tom Lane)
The dependency links included in archive-format dumps were formerly of very limited use, because they frequently referenced objects that appeared nowhere in the dump. Now they represent actual dependencies (possibly indirect) among the dumped objects.
Improve pg_dump's performance when dumping many database objects (Tom Lane)
Allow libpq connection strings to have the format of a URI (Alexander Shulgin)
The syntax begins with postgres://. This can allow
applications to avoid implementing their own parser for
URIs representing database connections.
Add a connection option to disable SSL compression (Laurenz Albe)
This can be used to remove the overhead of SSL compression on fast networks.
Add a single-row processing mode for better handling of large result sets (Kyotaro Horiguchi, Marko Kreen)
Previously, libpq always collected the entire query result in memory before passing it back to the application.
Add const qualifiers to
the declarations of the functions PQconnectdbParams, PQconnectStartParams, and
PQpingParams (Lionel Elie
Mamane)
Allow the .pgpass file
to include escaped characters in the password field
(Robert Haas)
Make library functions use abort() instead of exit() when it is necessary to
terminate the process (Peter Eisentraut)
This choice does not interfere with the normal exit codes used by the program, and generates a signal that can be caught by the caller.
Remove dead ports (Peter Eisentraut)
The following platforms are no longer supported: dgux, nextstep, sunos4, svr4, ultrix4, univel, bsdi.
Add support for building with MS Visual Studio 2010 (Brar Piening)
Enable compiling with the MinGW-w64 32-bit compiler (Lars Kanis)
Install plpgsql.h into
include/server during
installation (Heikki Linnakangas)
Improve the latch facility to include detection of postmaster death (Peter Geoghegan, Heikki Linnakangas, Tom Lane)
This eliminates one of the main reasons that background processes formerly had to wake up to poll for events.
Use C flexible array members, where supported (Peter Eisentraut)
Improve the concurrent transaction regression tests (isolationtester) (Noah Misch)
Modify thread_test
to create its test files in the current directory,
rather than /tmp (Bruce
Momjian)
Improve flex and bison warning and error reporting (Tom Lane)
Add memory barrier support (Robert Haas)
This is currently unused.
Modify pgindent to use a typedef file (Bruce Momjian)
Add a hook for processing messages due to be sent to the server log (Martin Pihlak)
Add object access hooks for DROP commands (KaiGai Kohei)
Centralize DROP
handling for some object types (KaiGai Kohei)
Add a pg_upgrade test suite (Peter Eisentraut)
Sync regular expression code with TCL 8.5.11 and improve internal processing (Tom Lane)
Move CRC tables to libpgport, and provide them in a separate include file (Daniel Farina)
Add options to git_changelog for use in major release note creation (Bruce Momjian)
Support Linux's /proc/self/oom_score_adj API (Tom
Lane)
Improve efficiency of dblink by using libpq's new single-row processing mode (Kyotaro Horiguchi, Marko Kreen)
This improvement does not apply to dblink_send_query()/dblink_get_result().
Support force_not_null
option in file_fdw (Shigeru Hanada)
Implement dry-run mode for pg_archivecleanup (Gabriele Bartolini)
This only outputs the names of files to be deleted.
Add new pgbench switches --unlogged-tables, --tablespace, and --index-tablespace (Robert Haas)
Change pg_test_fsync to test for a fixed amount of time, rather than a fixed number of cycles (Bruce Momjian)
The -o/cycles option was
removed, and -s/seconds
added.
Add a pg_test_timing utility to measure clock monotonicity and timing overhead (Ants Aasma, Greg Smith)
Add a tcn (triggered change
notification) module to generate NOTIFY events on table changes (Kevin
Grittner)
Adjust pg_upgrade environment variables (Bruce Momjian)
Rename data, bin, and port environment variables
to begin with PG, and
support PGPORTOLD/PGPORTNEW, to replace PGPORT.
Overhaul pg_upgrade logging and failure reporting (Bruce Momjian)
Create four append-only log files, and delete them
on success. Add -r/--retain option to unconditionally
retain these files. Also remove pg_upgrade options -g/-G/-l
options as unnecessary, and tighten log file
permissions.
Make pg_upgrade create a script to incrementally generate more accurate optimizer statistics (Bruce Momjian)
This reduces the time needed to generate minimal cluster statistics after an upgrade.
Allow pg_upgrade
to upgrade an old cluster that does not have a
postgres database (Bruce
Momjian)
Allow pg_upgrade to handle cases where some old or new databases are missing, as long as they are empty (Bruce Momjian)
Allow pg_upgrade to handle configuration-only directory installations (Bruce Momjian)
In pg_upgrade,
add -o/-O options to pass parameters to the
servers (Bruce Momjian)
This is useful for configuration-only directory installs.
Change pg_upgrade to use port 50432 by default (Bruce Momjian)
This helps avoid unintended client connections during the upgrade.
Reduce cluster locking in pg_upgrade (Bruce Momjian)
Specifically, only lock the old cluster if link mode is used, and do it right after the schema is restored.
Allow pg_stat_statements to aggregate similar queries via SQL text normalization (Peter Geoghegan, Tom Lane)
Users with applications that use non-parameterized SQL will now be able to monitor query performance without detailed log analysis.
Add dirtied and written block counts and read/write times to pg_stat_statements (Robert Haas, Ants Aasma)
Prevent pg_stat_statements from
double-counting PREPARE
and EXECUTE commands
(Tom Lane)
Support SECURITY
LABEL on global objects (KaiGai Kohei, Robert
Haas)
Specifically, add security labels to databases, tablespaces, and roles.
Allow sepgsql to honor database labels (KaiGai Kohei)
Perform sepgsql permission checks during the creation of various objects (KaiGai Kohei)
Add sepgsql_setcon()
and related functions to control the sepgsql security
domain (KaiGai Kohei)
Add a user space access cache to sepgsql to improve performance (KaiGai Kohei)
Add a rule to optionally build HTML documentation using the stylesheet from the website (Magnus Hagander)
Use gmake STYLE=website
draft.
Improve EXPLAIN
documentation (Tom Lane)
Document that user/database names are preserved with double-quoting by command-line tools like vacuumdb (Bruce Momjian)
Document the actual string returned by the client for MD5 authentication (Cyan Ogilvie)
Deprecate use of GLOBAL
and LOCAL in CREATE TEMP TABLE (Noah Misch)
PostgreSQL has long treated these keyword as no-ops, and continues to do so; but in future they might mean what the SQL standard says they mean, so applications should avoid using them.
⇑ Upgrade to 9.2.1 released on 2012-09-24 - docs
Fix persistence marking of shared buffers during WAL replay (Jeff Davis)
This mistake can result in buffers not being written out during checkpoints, resulting in data corruption if the server later crashes without ever having written those buffers. Corruption can occur on any server following crash recovery, but it is significantly more likely to occur on standby slave servers since those perform much more WAL replay. There is a low probability of corruption of btree and GIN indexes. There is a much higher probability of corruption of table “visibility maps”, which might lead to wrong answers from index-only scans. Table data proper cannot be corrupted by this bug.
While no index corruption due to this bug is known to
have occurred in the field, as a precautionary measure it
is recommended that production installations REINDEX all btree and GIN indexes at a
convenient time after upgrading to 9.2.1.
Also, it is recommended to perform a VACUUM of all tables while having
vacuum_freeze_table_age set to zero. This will
fix any incorrect visibility map data.
vacuum_cost_delay can be adjusted to reduce
the performance impact of vacuuming, while causing it to
take longer to finish.
Fix possible incorrect sorting of output from queries
involving WHERE
(Tom Lane)indexed_column IN
(list_of_values)
Fix planner failure for queries involving GROUP BY expressions along with window
functions and aggregates (Tom Lane)
Fix planner's assignment of executor parameters (Tom Lane)
This error could result in wrong answers from queries
that scan the same WITH
subquery multiple times.
Improve planner's handling of join conditions in index scans (Tom Lane)
Improve selectivity estimation for text search queries
involving prefixes, i.e. word:* patterns (Tom Lane)
Fix delayed recognition of permissions changes (Tom Lane)
A command that needed no locks other than ones its
transaction already had might fail to notice a concurrent
GRANT or REVOKE that committed since the start of
its transaction.
Fix ANALYZE to not fail
when a column is a domain over an array type (Tom
Lane)
Prevent PL/Perl from crashing if a recursive PL/Perl function is redefined while being executed (Tom Lane)
Work around possible misoptimization in PL/Perl (Tom Lane)
Some Linux distributions contain an incorrect version
of pthread.h that results
in incorrect compiled code in PL/Perl, leading to crashes
if a PL/Perl function calls another one that throws an
error.
Remove unnecessary dependency on pg_config from pg_upgrade (Peter Eisentraut)
Update time zone data files to tzdata release 2012f for DST law changes in Fiji
⇑ Upgrade to 9.2.2 released on 2012-12-06 - docs
Fix multiple bugs associated with CREATE/DROP INDEX CONCURRENTLY (Andres
Freund, Tom Lane, Simon Riggs, Pavan Deolasee)
An error introduced while adding DROP INDEX CONCURRENTLY allowed
incorrect indexing decisions to be made during the
initial phase of CREATE INDEX
CONCURRENTLY; so that indexes built by that
command could be corrupt. It is recommended that indexes
built in 9.2.X with CREATE INDEX
CONCURRENTLY be rebuilt after applying this
update.
In addition, fix CREATE/DROP
INDEX CONCURRENTLY to use in-place updates when
changing the state of an index's pg_index row. This prevents race
conditions that could cause concurrent sessions to miss
updating the target index, thus again resulting in
corrupt concurrently-created indexes.
Also, fix various other operations to ensure that they
ignore invalid indexes resulting from a failed
CREATE INDEX CONCURRENTLY
command. The most important of these is VACUUM, because an auto-vacuum could
easily be launched on the table before corrective action
can be taken to fix or remove the invalid index.
Also fix DROP INDEX
CONCURRENTLY to not disable insertions into the
target index until all queries using it are done.
Also fix misbehavior if DROP
INDEX CONCURRENTLY is canceled: the previous
coding could leave an un-droppable index behind.
Correct predicate locking for DROP INDEX CONCURRENTLY (Kevin
Grittner)
Previously, SSI predicate locks were processed at the
wrong time, possibly leading to incorrect behavior of
serializable transactions executing in parallel with the
DROP.
Fix buffer locking during WAL replay (Tom Lane)
The WAL replay code was insufficiently careful about locking buffers when replaying WAL records that affect more than one page. This could result in hot standby queries transiently seeing inconsistent states, resulting in wrong answers or unexpected failures.
Fix an error in WAL generation logic for GIN indexes (Tom Lane)
This could result in index corruption, if a torn-page failure occurred.
Fix an error in WAL replay logic for SP-GiST indexes (Tom Lane)
This could result in index corruption after a crash, or on a standby server.
Fix incorrect detection of end-of-base-backup location during WAL recovery (Heikki Linnakangas)
This mistake allowed hot standby mode to start up before the database reaches a consistent state.
Properly remove startup process's virtual XID lock when promoting a hot standby server to normal running (Simon Riggs)
This oversight could prevent subsequent execution of
certain operations such as CREATE
INDEX CONCURRENTLY.
Avoid bogus “out-of-sequence timeline ID” errors in standby mode (Heikki Linnakangas)
Prevent the postmaster from launching new child processes after it's received a shutdown signal (Tom Lane)
This mistake could result in shutdown taking longer than it should, or even never completing at all without additional user action.
Fix the syslogger process to not fail when
log_rotation_age exceeds
2^31 milliseconds (about 25 days) (Tom Lane)
Fix WaitLatch() to
return promptly when the requested timeout expires (Jeff
Janes, Tom Lane)
With the previous coding, a steady stream of
non-wait-terminating interrupts could delay return from
WaitLatch() indefinitely.
This has been shown to be a problem for the autovacuum
launcher process, and might cause trouble elsewhere as
well.
Avoid corruption of internal hash tables when out of memory (Hitoshi Harada)
Prevent file descriptors for dropped tables from being held open past transaction end (Tom Lane)
This should reduce problems with long-since-dropped tables continuing to occupy disk space.
Prevent database-wide crash and restart when a new child process is unable to create a pipe for its latch (Tom Lane)
Although the new process must fail, there is no good reason to force a database-wide restart, so avoid that. This improves robustness when the kernel is nearly out of file descriptors.
Avoid planner crash with joins to unflattened subqueries (Tom Lane)
Fix planning of non-strict equivalence clauses above outer joins (Tom Lane)
The planner could derive incorrect constraints from a
clause equating a non-strict construct to something else,
for example WHERE COALESCE(foo, 0)
= 0 when foo is
coming from the nullable side of an outer join. 9.2
showed this type of error in more cases than previous
releases, but the basic bug has been there for a long
time.
Fix SELECT DISTINCT with
index-optimized MIN/MAX
on an inheritance tree (Tom Lane)
The planner would fail with “failed to re-find MinMaxAggInfo record” given this combination of factors.
Make sure the planner sees implicit and explicit casts as equivalent for all purposes, except in the minority of cases where there's actually a semantic difference (Tom Lane)
Include join clauses when considering whether partial indexes can be used for a query (Tom Lane)
A strict join clause can be sufficient to establish an
x IS NOT NULL predicate, for example. This
fixes a planner regression in 9.2, since previous
versions could make comparable deductions.
Limit growth of planning time when there are many indexable join clauses for the same index (Tom Lane)
Improve planner's ability to prove exclusion constraints from equivalence classes (Tom Lane)
Fix partial-row matching in hashed subplans to handle cross-type cases correctly (Tom Lane)
This affects multicolumn NOT
IN subplans, such as WHERE
(a, b) NOT IN (SELECT x, y FROM ...) when for
instance b and y are int4 and
int8 respectively. This mistake
led to wrong answers or crashes depending on the specific
datatypes involved.
Fix btree mark/restore functions to handle array keys (Tom Lane)
This oversight could result in wrong answers from
merge joins whose inner side is an index scan using an
indexed_column =
ANY(array)
Revert patch for taking fewer snapshots (Tom Lane)
The 9.2 change to reduce the number of snapshots taken during query execution led to some anomalous behaviors not seen in previous releases, because execution would proceed with a snapshot acquired before locking the tables used by the query. Thus, for example, a query would not be guaranteed to see updates committed by a preceding transaction even if that transaction had exclusive lock. We'll probably revisit this in future releases, but meanwhile put it back the way it was before 9.2.
Acquire buffer lock when re-fetching the old tuple for
an AFTER ROW UPDATE/DELETE
trigger (Andres Freund)
In very unusual circumstances, this oversight could
result in passing incorrect data to a trigger
WHEN condition, or to the
precheck logic for a foreign-key enforcement trigger.
That could result in a crash, or in an incorrect decision
about whether to fire the trigger.
Fix ALTER COLUMN TYPE to
handle inherited check constraints properly (Pavan
Deolasee)
This worked correctly in pre-8.4 releases, and now works correctly in 8.4 and later.
Fix ALTER EXTENSION SET
SCHEMA's failure to move some subsidiary objects
into the new schema (Álvaro Herrera, Dimitri
Fontaine)
Handle CREATE TABLE AS
EXECUTE correctly in extended query protocol (Tom
Lane)
Don't modify the input parse tree in DROP RULE IF NOT EXISTS and DROP TRIGGER IF NOT EXISTS (Tom
Lane)
This mistake would cause errors if a cached statement of one of these types was re-executed.
Fix REASSIGN OWNED to
handle grants on tablespaces (Álvaro Herrera)
Ignore incorrect pg_attribute entries for system
columns for views (Tom Lane)
Views do not have any system columns. However, we forgot to remove such entries when converting a table to a view. That's fixed properly for 9.3 and later, but in previous branches we need to defend against existing mis-converted views.
Fix rule printing to dump INSERT
INTO correctly (Tom Lane)table
DEFAULT VALUES
Guard against stack overflow when there are too many
UNION/INTERSECT/EXCEPT clauses in a query (Tom Lane)
Prevent platform-dependent failures when dividing the minimum possible integer value by -1 (Xi Wang, Tom Lane)
Fix possible access past end of string in date parsing (Hitoshi Harada)
Fix failure to advance XID epoch if XID wraparound
happens during a checkpoint and wal_level is hot_standby (Tom Lane, Andres
Freund)
While this mistake had no particular impact on
PostgreSQL itself, it
was bad for applications that rely on txid_current() and related functions:
the TXID value would appear to go backwards.
Fix pg_terminate_backend() and pg_cancel_backend() to not throw error
for a non-existent target process (Josh Kupershmidt)
This case already worked as intended when called by a superuser, but not so much when called by ordinary users.
Fix display of pg_stat_replication.sync_state at a page boundary
(Kyotaro Horiguchi)
Produce an understandable error message if the length of the path name for a Unix-domain socket exceeds the platform-specific limit (Tom Lane, Andrew Dunstan)
Formerly, this would result in something quite unhelpful, such as “Non-recoverable failure in name resolution”.
Fix memory leaks when sending composite column values to the client (Tom Lane)
Save some cycles by not searching for subtransaction locks at commit (Simon Riggs)
In a transaction holding many exclusive locks, this useless activity could be quite costly.
Make pg_ctl more
robust about reading the postmaster.pid file (Heikki
Linnakangas)
This fixes race conditions and possible file descriptor leakage.
Fix possible crash in psql if incorrectly-encoded data is
presented and the client_encoding setting is a client-only
encoding, such as SJIS (Jiang Guiqing)
Make pg_dump dump
SEQUENCE SET items in the
data not pre-data section of the archive (Tom Lane)
This fixes an undesirable inconsistency between the
meanings of --data-only and
--section=data, and also
fixes dumping of sequences that are marked as extension
configuration tables.
Fix pg_dump's
handling of DROP DATABASE
commands in --clean mode
(Guillaume Lelarge)
Beginning in 9.2.0, pg_dump
--clean would issue a DROP
DATABASE command, which was either useless or
dangerous depending on the usage scenario. It no longer
does that. This change also fixes the combination of
--clean and --create to work sensibly, i.e., emit
DROP DATABASE then
CREATE DATABASE before
reconnecting to the target database.
Fix pg_dump for views with circular dependencies and no relation options (Tom Lane)
The previous fix to dump relation options when a view
is involved in a circular dependency didn't work right
for the case that the view has no options; it emitted
ALTER VIEW foo SET () which
is invalid syntax.
Fix bugs in the restore.sql script emitted by
pg_dump in tar output format (Tom Lane)
The script would fail outright on tables whose names
include upper-case characters. Also, make the script
capable of restoring data in --inserts mode as well as the regular
COPY mode.
Fix pg_restore to
accept POSIX-conformant tar
files (Brian Weaver, Tom Lane)
The original coding of pg_dump's tar output mode produced files that are
not fully conformant with the POSIX standard. This has
been corrected for version 9.3. This patch updates
previous branches so that they will accept both the
incorrect and the corrected formats, in hopes of avoiding
compatibility problems when 9.3 comes out.
Fix tar files emitted by
pg_basebackup to be
POSIX conformant (Brian Weaver, Tom Lane)
Fix pg_resetxlog to
locate postmaster.pid
correctly when given a relative path to the data
directory (Tom Lane)
This mistake could lead to pg_resetxlog not noticing that there is an active postmaster using the data directory.
Fix libpq's
lo_import() and
lo_export() functions to
report file I/O errors properly (Tom Lane)
Fix ecpg's processing of nested structure pointer variables (Muhammad Usama)
Fix ecpg's
ecpg_get_data function to
handle arrays properly (Michael Meskes)
Prevent pg_upgrade from trying to process TOAST tables for system catalogs (Bruce Momjian)
This fixes an error seen when the information_schema has been dropped and
recreated. Other failures were also possible.
Improve pg_upgrade
performance by setting synchronous_commit to off in the new cluster (Bruce
Momjian)
Make contrib/pageinspect's btree page
inspection functions take buffer locks while examining
pages (Tom Lane)
Work around unportable behavior of malloc(0) and realloc(NULL, 0) (Tom Lane)
On platforms where these calls return NULL, some code mistakenly thought that
meant out-of-memory. This is known to have broken
pg_dump for databases
containing no user-defined aggregates. There might be
other cases as well.
Ensure that make install
for an extension creates the extension installation directory
(Cédric Villemain)
Previously, this step was missed if MODULEDIR was set in the extension's
Makefile.
Fix pgxs support for building loadable modules on AIX (Tom Lane)
Building modules outside the original source tree didn't work on AIX.
Update time zone data files to tzdata release 2012j for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western Samoa, and portions of Brazil.
⇑ Upgrade to 9.2.3 released on 2013-02-07 - docs
Prevent execution of enum_recv from SQL (Tom Lane)
The function was misdeclared, allowing a simple SQL command to crash the server. In principle an attacker might be able to use it to examine the contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue. (CVE-2013-0255)
Fix multiple problems in detection of when a consistent database state has been reached during WAL replay (Fujii Masao, Heikki Linnakangas, Simon Riggs, Andres Freund)
Fix detection of end-of-backup point when no actual redo work is required (Heikki Linnakangas)
This mistake could result in incorrect “WAL ends before end of online backup” errors.
Update minimum recovery point when truncating a relation file (Heikki Linnakangas)
Once data has been discarded, it's no longer safe to stop recovery at an earlier point in the timeline.
Fix recycling of WAL segments after changing recovery target timeline (Heikki Linnakangas)
Properly restore timeline history files from archive on cascading standby servers (Heikki Linnakangas)
Fix lock conflict detection on hot-standby servers (Andres Freund, Robert Haas)
Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs)
The need to cancel conflicting hot-standby queries would sometimes be missed, allowing those queries to see inconsistent data.
Prevent recovery pause feature from pausing before users can connect (Tom Lane)
Fix SQL grammar to allow subscripting or field selection from a sub-SELECT result (Tom Lane)
Fix performance problems with autovacuum truncation in busy workloads (Jan Wieck)
Truncation of empty pages at the end of a table requires exclusive lock, but autovacuum was coded to fail (and release the table lock) when there are conflicting lock requests. Under load, it is easily possible that truncation would never occur, resulting in table bloat. Fix by performing a partial truncation, releasing the lock, then attempting to re-acquire the lock and continue. This fix also greatly reduces the average time before autovacuum releases the lock after a conflicting request arrives.
Improve performance of SPI_execute and related functions,
thereby improving PL/pgSQL's EXECUTE (Heikki Linnakangas, Tom
Lane)
Remove some data-copying overhead that was added in 9.2 as a consequence of revisions in the plan caching mechanism. This eliminates a performance regression compared to 9.1, and also saves memory, especially when the query string to be executed contains many SQL statements.
A side benefit is that multi-statement query strings are now processed fully serially, that is we complete execution of earlier statements before running parse analysis and planning on the following ones. This eliminates a long-standing issue, in that DDL that should affect the behavior of a later statement will now behave as expected.
Restore pre-9.2 cost estimates for index usage (Tom Lane)
An ill-considered change of a fudge factor led to undesirably high cost estimates for use of very large indexes.
Fix intermittent crash in DROP
INDEX CONCURRENTLY (Tom Lane)
Fix potential corruption of shared-memory lock table
during CREATE/DROP INDEX
CONCURRENTLY (Tom Lane)
Fix COPY's
multiple-tuple-insertion code for the case of a tuple
larger than page size minus fillfactor (Heikki
Linnakangas)
The previous coding could get into an infinite loop.
Protect against race conditions when scanning
pg_tablespace (Stephen
Frost, Tom Lane)
CREATE DATABASE and
DROP DATABASE could
misbehave if there were concurrent updates of
pg_tablespace
entries.
Prevent DROP OWNED from
trying to drop whole databases or tablespaces (Álvaro
Herrera)
For safety, ownership of these objects must be reassigned, not dropped.
Fix error in
vacuum_freeze_table_age implementation (Andres
Freund)
In installations that have existed for more than
vacuum_freeze_min_age transactions, this
mistake prevented autovacuum from using partial-table
scans, so that a full-table scan would always happen
instead.
Prevent misbehavior when a RowExpr or XmlExpr is parse-analyzed twice (Andres
Freund, Tom Lane)
This mistake could be user-visible in contexts such as
CREATE TABLE LIKE INCLUDING
INDEXES.
Improve defenses against integer overflow in hashtable sizing calculations (Jeff Davis)
Fix some bugs associated with privileges on datatypes (Tom Lane)
There were some issues with default privileges for types, and pg_dump failed to dump such privileges at all.
Fix failure to ignore leftover temporary tables after a server crash (Tom Lane)
Fix failure to rotate postmaster log files for size reasons on Windows (Jeff Janes, Heikki Linnakangas)
Reject out-of-range dates in to_date() (Hitoshi Harada)
Fix pg_extension_config_dump() to handle
extension-update cases properly (Tom Lane)
This function will now replace any existing entry for the target table, making it usable in extension update scripts.
Fix PL/pgSQL's reporting of plan-time errors in possibly-simple expressions (Tom Lane)
The previous coding resulted in sometimes omitting the
first line in the CONTEXT
traceback for the error.
Fix PL/Python's handling of functions used as triggers on multiple tables (Andres Freund)
Ensure that non-ASCII prompt strings are translated to the correct code page on Windows (Alexander Law, Noah Misch)
This bug affected psql and some other client programs.
Fix possible crash in psql's \? command when not connected to a
database (Meng Qingzhong)
Fix possible error if a relation file is removed while pg_basebackup is running (Heikki Linnakangas)
Tolerate timeline switches while pg_basebackup -X fetch is backing up a
standby server (Heikki Linnakangas)
Make pg_dump exclude data of unlogged tables when running on a hot-standby server (Magnus Hagander)
This would fail anyway because the data is not
available on the standby server, so it seems most
convenient to assume --no-unlogged-table-data
automatically.
Fix pg_upgrade to deal with invalid indexes safely (Bruce Momjian)
Fix pg_upgrade's -O/-o options (Marti Raudsepp)
Fix one-byte buffer overrun in libpq's PQprintTuples (Xi Wang)
This ancient function is not used anywhere by PostgreSQL itself, but it might still be used by some client code.
Make ecpglib use translated messages properly (Chen Huajun)
Properly install ecpg_compat and pgtypes libraries on MSVC (Jiang Guiqing)
Include our version of isinf() in libecpg if it's not provided by the
system (Jiang Guiqing)
Rearrange configure's tests for supplied functions so it is not fooled by bogus exports from libedit/libreadline (Christoph Berg)
Ensure Windows build number increases over time (Magnus Hagander)
Make pgxs build
executables with the right .exe suffix when cross-compiling for
Windows (Zoltan Boszormenyi)
Add new timezone abbreviation FET (Tom Lane)
This is now used in some eastern-European time zones.
⇑ Upgrade to 9.2.4 released on 2013-04-04 - docs
Fix insecure parsing of server command-line switches (Mitsumasa Kondo, Kyotaro Horiguchi)
A connection request containing a database name that
begins with “-”
could be crafted to damage or destroy files within the
server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
Reset OpenSSL randomness state in each postmaster child process (Marko Kreen)
This avoids a scenario wherein random numbers
generated by contrib/pgcrypto functions might be
relatively easy for another database user to guess. The
risk is only significant when the postmaster is
configured with ssl =
on but most connections
don't use SSL encryption. (CVE-2013-1900)
Make REPLICATION privilege checks test current user not authenticated user (Noah Misch)
An unprivileged database user could exploit this
mistake to call pg_start_backup() or pg_stop_backup(), thus possibly
interfering with creation of routine backups.
(CVE-2013-1901)
Fix GiST indexes to not use “fuzzy” geometric comparisons when it's not appropriate to do so (Alexander Korotkov)
The core geometric types perform comparisons using
“fuzzy” equality, but gist_box_same must do exact
comparisons, else GiST indexes using it might become
inconsistent. After installing this update, users should
REINDEX any GiST indexes on
box, polygon, circle,
or point columns, since all of
these use gist_box_same.
Fix erroneous range-union and penalty logic in GiST
indexes that use contrib/btree_gist for variable-width
data types, that is text,
bytea, bit, and numeric
columns (Tom Lane)
These errors could result in inconsistent indexes in
which some keys that are present would not be found by
searches, and also in useless index bloat. Users are
advised to REINDEX such
indexes after installing this update.
Fix bugs in GiST page splitting code for multi-column indexes (Tom Lane)
These errors could result in inconsistent indexes in
which some keys that are present would not be found by
searches, and also in indexes that are unnecessarily
inefficient to search. Users are advised to REINDEX multi-column GiST indexes after
installing this update.
Fix gist_point_consistent to handle
fuzziness consistently (Alexander Korotkov)
Index scans on GiST indexes on point columns would sometimes yield results
different from a sequential scan, because gist_point_consistent disagreed with
the underlying operator code about whether to do
comparisons exactly or fuzzily.
Fix buffer leak in WAL replay (Heikki Linnakangas)
This bug could result in “incorrect local pin count” errors during replay, making recovery impossible.
Ensure we do crash recovery before entering archive
recovery, if the database was not stopped cleanly and a
recovery.conf file is
present (Heikki Linnakangas, Kyotaro Horiguchi, Mitsumasa
Kondo)
This is needed to ensure that the database is consistent in certain scenarios, such as initializing a standby server with a filesystem snapshot from a running server.
Avoid deleting not-yet-archived WAL files during crash recovery (Heikki Linnakangas, Fujii Masao)
Fix race condition in DELETE
RETURNING (Tom Lane)
Under the right circumstances, DELETE RETURNING could attempt to fetch
data from a shared buffer that the current process no
longer has any pin on. If some other process changed the
buffer meanwhile, this would lead to garbage RETURNING output, or even a crash.
Fix infinite-loop risk in regular expression compilation (Tom Lane, Don Porter)
Fix potential null-pointer dereference in regular expression compilation (Tom Lane)
Fix to_char() to use
ASCII-only case-folding rules where appropriate (Tom
Lane)
This fixes misbehavior of some template patterns that
should be locale-independent, but mishandled “I” and “i” in Turkish locales.
Fix unwanted rejection of timestamp 1999-12-31 24:00:00 (Tom Lane)
Fix SQL-language functions to be safely usable as support functions for range types (Tom Lane)
Fix logic error when a single transaction does
UNLISTEN then LISTEN (Tom Lane)
The session wound up not listening for notify events at all, though it surely should listen in this case.
Fix possible planner crash after columns have been added to a view that's depended on by another view (Tom Lane)
Fix performance issue in EXPLAIN
(ANALYZE, TIMING OFF) (Pavel Stehule)
Remove useless “picksplit doesn't support secondary split” log messages (Josh Hansen, Tom Lane)
This message seems to have been added in expectation of code that was never written, and probably never will be, since GiST's default handling of secondary splits is actually pretty good. So stop nagging end users about it.
Remove vestigial secondary-split support in
gist_box_picksplit() (Tom
Lane)
Not only was this implementation of secondary-split not better than the default implementation, it's actually worse. So remove it and let the default code path handle the case.
Fix possible failure to send a session's last few transaction commit/abort counts to the statistics collector (Tom Lane)
Eliminate memory leaks in PL/Perl's spi_prepare() function (Alex Hunsaker,
Tom Lane)
Fix pg_dumpall to
handle database names containing “=” correctly (Heikki
Linnakangas)
Avoid crash in pg_dump when an incorrect connection string is given (Heikki Linnakangas)
Ignore invalid indexes in pg_dump and pg_upgrade (Michael Paquier, Bruce Momjian)
Dumping invalid indexes can cause problems at restore time, for example if the reason the index creation failed was because it tried to enforce a uniqueness condition not satisfied by the table's data. Also, if the index creation is in fact still in progress, it seems reasonable to consider it to be an uncommitted DDL change, which pg_dump wouldn't be expected to dump anyway. pg_upgrade now also skips invalid indexes rather than failing.
In pg_basebackup, include only the current server version's subdirectory when backing up a tablespace (Heikki Linnakangas)
Add a server version check in pg_basebackup and pg_receivexlog, so they fail cleanly with version combinations that won't work (Heikki Linnakangas)
Fix contrib/dblink to
handle inconsistent settings of DateStyle or IntervalStyle safely (Daniel Farina, Tom
Lane)
Previously, if the remote server had different
settings of these parameters, ambiguous dates might be
read incorrectly. This fix ensures that datetime and
interval columns fetched by a dblink query will be interpreted
correctly. Note however that inconsistent settings are
still risky, since literal values appearing in SQL
commands sent to the remote server might be interpreted
differently than they would be locally.
Fix contrib/pg_trgm's
similarity() function to
return zero for trigram-less strings (Tom Lane)
Previously it returned NaN due to internal division by
zero.
Enable building PostgreSQL with Microsoft Visual Studio 2012 (Brar Piening, Noah Misch)
Update time zone data files to tzdata release 2013b for DST law changes in Chile, Haiti, Morocco, Paraguay, and some Russian areas. Also, historical zone data corrections for numerous places.
Also, update the time zone abbreviation files for
recent changes in Russia and elsewhere: CHOT, GET,
IRKT, KGT, KRAT,
MAGT, MAWT, MSK,
NOVT, OMST, TKT,
VLAT, WST, YAKT,
YEKT now follow their
current meanings, and VOLT
(Europe/Volgograd) and MIST
(Antarctica/Macquarie) are added to the default
abbreviations list.
⇑ Upgrade to 9.3 released on 2013-09-09 - docs
Prevent non-key-field row updates from blocking foreign key checks (Álvaro Herrera, Noah Misch, Andres Freund, Alexander Shulgin, Marti Raudsepp, Alexander Shulgin)
This change improves concurrency and reduces the
probability of deadlocks when updating tables
involved in a foreign-key constraint. UPDATEs that do not change any
columns referenced in a foreign key now take the new
NO KEY UPDATE lock mode
on the row, while foreign key checks use the new
KEY SHARE lock mode,
which does not conflict with NO
KEY UPDATE. So there is no blocking unless a
foreign-key column is changed.
Add configuration variable
lock_timeout to allow limiting how long a
session will wait to acquire any one lock (Zoltán
Böszörményi)
Add SP-GiST support for range data types (Alexander Korotkov)
Allow GiST indexes to be unlogged (Jeevan Chalke)
Improve performance of GiST index insertion by randomizing the choice of which page to descend to when there are multiple equally good alternatives (Heikki Linnakangas)
Improve concurrency of hash index operations (Robert Haas)
Collect and use histograms of upper and lower bounds, as well as range lengths, for range types (Alexander Korotkov)
Improve optimizer's cost estimation for index access (Tom Lane)
Improve optimizer's hash table size estimate for
doing DISTINCT via hash
aggregation (Tom Lane)
Suppress no-op Result and Limit plan nodes (Kyotaro Horiguchi, Amit Kapila, Tom Lane)
Reduce optimizer overhead by not keeping plans on the basis of cheap startup cost when the optimizer only cares about total cost overall (Tom Lane)
Add COPY FREEZE
option to avoid the overhead of marking tuples as
frozen later (Simon Riggs, Jeff Davis)
Improve performance of NUMERIC calculations (Kyotaro
Horiguchi)
Improve synchronization of sessions waiting for
commit_delay (Peter Geoghegan)
This greatly improves the usefulness of
commit_delay.
Improve performance of the CREATE TEMPORARY
TABLE ... ON COMMIT DELETE ROWS option by
not truncating such temporary tables in transactions
that haven't touched any temporary tables (Heikki
Linnakangas)
Make vacuum recheck visibility after it has removed expired tuples (Pavan Deolasee)
This increases the chance of a page being marked as all-visible.
Add per-resource-owner lock caches (Jeff Janes)
This speeds up lock bookkeeping at statement completion in multi-statement transactions that hold many locks; it is particularly useful for pg_dump.
Avoid scanning the entire relation cache at commit of a transaction that creates a new relation (Jeff Janes)
This speeds up sessions that create many tables in successive small transactions, such as a pg_restore run.
Improve performance of transactions that drop many relations (Tomas Vondra)
Add optional ability to checksum data pages and report corruption (Simon Riggs, Jeff Davis, Greg Smith, Ants Aasma)
The checksum option can be set during initdb.
Split the statistics collector's data file into separate global and per-database files (Tomas Vondra)
This reduces the I/O required for statistics tracking.
Fix the statistics collector to operate properly in cases where the system clock goes backwards (Tom Lane)
Previously, statistics collection would stop until the time again reached the latest time previously recorded.
Emit an informative message to postmaster standard error when we are about to stop logging there (Tom Lane)
This should help reduce user confusion about where to look for log output in common configurations that log to standard error only during postmaster startup.
When an authentication failure occurs, log the
relevant pg_hba.conf line, to ease
debugging of unintended failures (Magnus
Hagander)
Improve LDAP error reporting and documentation (Peter Eisentraut)
Add support for specifying LDAP authentication parameters in URL format, per RFC 4516 (Peter Eisentraut)
Change the
ssl_ciphers parameter to start with
DEFAULT, rather than
ALL, then remove
insecure ciphers (Magnus Hagander)
This should yield a more appropriate SSL cipher set.
Parse and load pg_ident.conf once, not during
each connection (Amit Kapila)
This is similar to how pg_hba.conf is processed.
Greatly reduce System V shared memory requirements (Robert Haas)
On Unix-like systems, mmap() is now used for most of
PostgreSQL's shared
memory. For most users, this will eliminate any need
to adjust kernel parameters for shared memory.
Allow the postmaster to listen on multiple Unix-domain sockets (Honza Horák)
The configuration parameter unix_socket_directory is replaced by
unix_socket_directories, which
accepts a list of directories.
Allow a directory of configuration files to be processed (Magnus Hagander, Greg Smith, Selena Deckelmann)
Such a directory is specified with
include_dir in the server configuration
file.
Increase the maximum initdb-configured value for
shared_buffers to 128MB (Robert Haas)
This is the maximum value that initdb will attempt
to set in
postgresql.conf;
the previous maximum was 32MB.
Remove the external PID file, if any, on postmaster exit (Peter Eisentraut)
Allow a streaming replication standby to follow a timeline switch (Heikki Linnakangas)
This allows streaming standby servers to receive WAL data from a slave newly promoted to master status. Previously, other standbys would require a resync to begin following the new master.
Add SQL functions
pg_is_in_backup() and pg_backup_start_time() (Gilles
Darold)
These functions report the status of base backups.
Improve performance of streaming log shipping with
synchronous_commit disabled (Andres
Freund)
Allow much faster promotion of a streaming standby to primary (Simon Riggs, Kyotaro Horiguchi)
Add the last checkpoint's redo location to pg_controldata's output (Fujii Masao)
This information is useful for determining which WAL files are needed for restore.
Allow tools like pg_receivexlog to run on computers with different architectures (Heikki Linnakangas)
WAL files can still only be replayed on servers with the same architecture as the primary; but they can now be transmitted to and stored on machines of any architecture, since the streaming replication protocol is now machine-independent.
Make pg_basebackup --write-recovery-conf output a minimal
recovery.conf file
(Zoltán Böszörményi, Magnus Hagander)
This simplifies setting up a standby server.
Allow pg_receivexlog and pg_basebackup --xlog-method to handle streaming
timeline switches (Heikki Linnakangas)
Add
wal_receiver_timeout
parameter to control the WAL receiver's timeout (Amit
Kapila)
This allows more rapid detection of connection failure.
Change the WAL record format to allow splitting the record header across pages (Heikki Linnakangas)
The new format is slightly more compact, and is more efficient to write.
Implement SQL-standard LATERAL option for FROM-clause subqueries and function
calls (Tom Lane)
This feature allows subqueries and functions in
FROM to reference columns
from other tables in the FROM clause. The LATERAL keyword is optional for
functions.
Add support for piping COPY and psql \copy data to/from an external program
(Etsuro Fujita)
Allow a multirow VALUES clause in a rule to
reference OLD/NEW (Tom Lane)
Add support for event triggers (Dimitri Fontaine, Robert Haas, Álvaro Herrera)
This allows server-side functions written in event-enabled languages to be called when DDL commands are run.
Allow foreign data wrappers to support writes (inserts/updates/deletes) on foreign tables (KaiGai Kohei)
Add CREATE
SCHEMA ... IF NOT EXISTS clause (Fabrízio de
Royes Mello)
Make REASSIGN
OWNED also change ownership of shared
objects (Álvaro Herrera)
Make CREATE
AGGREGATE complain if the given initial
value string is not valid input for the transition
datatype (Tom Lane)
Suppress CREATE
TABLE's messages about implicit index and
sequence creation (Robert Haas)
These messages now appear at DEBUG1 verbosity, so that they will
not be shown by default.
Allow DROP TABLE IF
EXISTS to succeed when a non-existent schema
is specified in the table name (Bruce Momjian)
Previously, it threw an error if the schema did not exist.
Provide clients with constraint violation details as separate fields (Pavel Stehule)
This allows clients to retrieve table, column, data type, or constraint name error details. Previously such information had to be extracted from error strings. Client library support is required to access these fields.
Support IF NOT EXISTS
option in ALTER TYPE
... ADD VALUE (Andrew Dunstan)
This is useful for conditionally adding values to enumerated types.
Add ALTER ROLE
ALL SET to establish settings for all
users (Peter Eisentraut)
This allows settings to apply to all users in all
databases. ALTER DATABASE
SET already allowed addition of settings
for all users in a single database. postgresql.conf has a similar
effect.
Add support for ALTER RULE ... RENAME (Ali
Dar)
Add materialized views (Kevin Grittner)
Unlike ordinary views, where the base tables are read on every access, materialized views create physical tables at creation or refresh time. Access to the materialized view then reads from its physical table. There is not yet any facility for incrementally refreshing materialized views or auto-accessing them via base table access.
Make simple views auto-updatable (Dean Rasheed)
Simple views that reference some or all columns
from a single base table are now updatable by
default. More complex views can be made updatable
using INSTEAD
OF triggers or INSTEAD
rules.
Add CREATE
RECURSIVE VIEW syntax (Peter
Eisentraut)
Internally this is translated into CREATE VIEW ... WITH RECURSIVE
....
Improve view/rule printing code to handle cases where referenced tables are renamed, or columns are renamed, added, or dropped (Tom Lane)
Table and column renamings can produce cases where, if we merely substitute the new name into the original text of a rule or view, the result is ambiguous. This change fixes the rule-dumping code to insert manufactured table and column aliases when needed to preserve the original semantics.
Increase the maximum size of large objects from 2GB to 4TB (Nozomi Anzai, Yugo Nagata)
This change includes adding 64-bit-capable large object access functions, both in the server and in libpq.
Allow text timezone designations,
e.g. “America/Chicago”, in the
“T” field of ISO-format timestamptz input (Bruce Momjian)
Add operators
and functions to extract elements from
JSON values (Andrew
Dunstan)
Allow JSON values to be
converted
into records (Andrew Dunstan)
Add functions
to convert scalars, records, and hstore values to JSON (Andrew Dunstan)
Add array_remove() and array_replace() functions (Marco
Nenciarini, Gabriele Bartolini)
Allow
concat() and format() to properly expand
VARIADIC-labeled arguments
(Pavel Stehule)
Improve format() to provide field width
and left/right alignment options (Pavel Stehule)
Make
to_char(),
to_date(), and
to_timestamp() handle negative (BC) century
values properly (Bruce Momjian)
Previously the behavior was either wrong or inconsistent with positive/AD handling, e.g. with the format mask “IYYY-IW-DY”.
Make
to_date() and
to_timestamp() return proper results when
mixing ISO and
Gregorian week/day designations (Bruce Momjian)
Cause
pg_get_viewdef() to
start a new line by default after each SELECT target list entry and
FROM entry (Marko
Tiikkaja)
This reduces line length in view printing, for instance in pg_dump output.
Fix map_sql_value_to_xml_value() to print
values of domain types the same way their base type
would be printed (Pavel Stehule)
There are special formatting rules for certain
built-in types such as boolean; these rules now also apply to
domains over these types.
Allow PL/pgSQL to use RETURN with a composite-type
expression (Asif Rehman)
Previously, in a function returning a composite
type, RETURN could only
reference a variable of that type.
Allow PL/pgSQL to access constraint violation details as separate fields (Pavel Stehule)
Allow PL/pgSQL to access the number of rows
processed by COPY
(Pavel Stehule)
A COPY executed in a
PL/pgSQL function now updates the value retrieved by
GET DIAGNOSTICS x = ROW_COUNT.
Allow unreserved keywords to be used as identifiers everywhere in PL/pgSQL (Tom Lane)
In certain places in the PL/pgSQL grammar, keywords had to be quoted to be used as identifiers, even if they were nominally unreserved.
Add PL/Python result object string handler (Peter Eisentraut)
This allows plpy.debug(rv) to output something
reasonable.
Make PL/Python convert OID values to a proper Python numeric type (Peter Eisentraut)
Handle
SPI errors raised explicitly (with
PL/Python's RAISE) the
same as internal SPI errors (Oskari Saarenmaa and
Jan Urbanski)
Prevent leakage of SPI tuple tables during subtransaction abort (Tom Lane)
At the end of any failed subtransaction, the core
SPI code now releases any SPI tuple tables that were
created during that subtransaction. This avoids the
need for SPI-using code to keep track of such tuple
tables and release them manually in error-recovery
code. Failure to do so caused a number of
transaction-lifespan memory leakage issues in PL/pgSQL
and perhaps other SPI clients. SPI_freetuptable() now protects
itself against multiple freeing requests, so any
existing code that did take care to clean up shouldn't
be broken by this change.
Allow SPI
functions to access the number of rows processed by
COPY (Pavel
Stehule)
Add command-line utility pg_isready to check if the server is ready to accept connections (Phil Sorber)
Support multiple --table
arguments for pg_restore, clusterdb,
reindexdb, and vacuumdb (Josh
Kupershmidt)
This is similar to the way pg_dump's --table option works.
Add --dbname option to
pg_dumpall, pg_basebackup, and pg_receivexlog to allow
specifying a connection string (Amit Kapila)
Add libpq function PQconninfo() to return connection
information (Zoltán Böszörményi, Magnus Hagander)
Adjust function cost settings so psql tab completion and pattern searching are more efficient (Tom Lane)
Improve psql's tab completion coverage (Jeff Janes, Dean Rasheed, Peter Eisentraut, Magnus Hagander)
Allow the psql
--single-transaction mode
to work when reading from standard input (Fabien
Coelho, Robert Haas)
Previously this option only worked when reading from a file.
Remove psql warning when connecting to an older server (Peter Eisentraut)
A warning is still issued when connecting to a server of a newer major version than psql's.
Add psql
command \watch to
repeatedly execute a SQL command (Will
Leinweber)
Add psql
command \gset to store
query results in psql variables (Pavel
Stehule)
Add SSL
information to psql's \conninfo command (Alastair
Turner)
Add “Security” column to
psql's
\df+ output (Jon
Erdman)
Allow psql
command \l to accept a
database name pattern (Peter Eisentraut)
In psql, do not
allow \connect to use
defaults if there is no active connection (Bruce
Momjian)
This might be the case if the server had crashed.
Properly reset state after failure of a SQL
command executed with psql's \g file (Tom Lane)
Previously, the output from subsequent SQL commands would unexpectedly continue to go to the same file.
Add a latex-longtable output format to
psql (Bruce
Momjian)
This format allows tables to span multiple pages.
Add a border=3
output mode to the psql latex format (Bruce Momjian)
In psql's tuples-only and expanded output modes, no longer emit “(No rows)” for zero rows (Peter Eisentraut)
In psql's unaligned, expanded output mode, no longer print an empty line for zero rows (Peter Eisentraut)
Add pg_dump
--jobs option to dump
tables in parallel (Joachim Wieland)
Make pg_dump output functions in a more predictable order (Joel Jacobson)
Fix tar files emitted by pg_dump to be POSIX conformant (Brian Weaver, Tom Lane)
Add --dbname option to
pg_dump, for
consistency with other client commands (Heikki
Linnakangas)
The database name could already be supplied last without a flag.
Make initdb fsync the newly created data directory (Jeff Davis)
This insures data integrity in event of a system
crash shortly after initdb. This can be disabled by
using --nosync.
Add initdb --sync-only
option to sync the data directory to durable storage
(Bruce Momjian)
This is used by pg_upgrade.
Make initdb issue a warning about placing the data directory at the top of a file system mount point (Bruce Momjian)
Add infrastructure to allow plug-in background worker processes (Álvaro Herrera)
Create a centralized timeout API (Zoltán Böszörményi)
Create libpgcommon and move pg_malloc() and other functions there
(Álvaro Herrera, Andres Freund)
This allows libpgport to be used solely for portability-related code.
Add support for list links embedded in larger structs (Andres Freund)
Use SA_RESTART for all
signals, including SIGALRM
(Tom Lane)
Ensure that the correct text domain is used when
translating errcontext()
messages (Heikki Linnakangas)
Standardize naming of client-side memory allocation functions (Tom Lane)
Provide support for “static assertions” that will fail at compile time if some compile-time-constant condition is not met (Andres Freund, Tom Lane)
Support Assert() in
client-side code (Andrew Dunstan)
Add decoration to inform the C compiler that some
ereport() and
elog() calls do not
return (Peter Eisentraut, Andres Freund, Tom Lane,
Heikki Linnakangas)
Allow options to be passed to the regression test
output comparison utility via PG_REGRESS_DIFF_OPTS (Peter
Eisentraut)
Add isolation tests for CREATE INDEX
CONCURRENTLY (Abhijit Menon-Sen)
Remove typedefs for int2/int4 as
they are better represented as int16/int32
(Peter Eisentraut)
Fix install-strip on Mac OS X (Peter Eisentraut)
Remove configure flag --disable-shared, as it is no longer
supported (Bruce Momjian)
Rewrite pgindent in Perl (Andrew Dunstan)
Provide Emacs macro to set Perl formatting to match PostgreSQL's perltidy settings (Peter Eisentraut)
Run tool to check the keyword list whenever the backend grammar is changed (Tom Lane)
Change the way UESCAPE
is lexed, to significantly reduce the size of the lexer
tables (Heikki Linnakangas)
Centralize flex and bison make rules (Peter Eisentraut)
This is useful for pgxs authors.
Change many internal backend functions to return
object OIDs rather than void
(Dimitri Fontaine)
This is useful for event triggers.
Invent pre-commit/pre-prepare/pre-subcommit events for transaction callbacks (Tom Lane)
Loadable modules that use transaction callbacks might need modification to handle these new event types.
Add function
pg_identify_object()
to produce a machine-readable description of a database
object (Álvaro Herrera)
Add post-ALTER-object
server hooks (KaiGai Kohei)
Implement a generic binary heap and use it for Merge-Append operations (Abhijit Menon-Sen)
Provide a tool to help detect timezone abbreviation
changes when updating the src/timezone/data files (Tom
Lane)
Add pkg-config support for libpq and ecpg libraries (Peter Eisentraut)
Remove src/tools/backend, now that the
content is on the PostgreSQL wiki (Bruce
Momjian)
Split out WAL reading as an independent facility (Heikki Linnakangas, Andres Freund)
Use a 64-bit integer to represent
WAL positions
(XLogRecPtr) instead of
two 32-bit integers (Heikki Linnakangas)
Generally, tools that need to read the WAL format will need to be adjusted.
Allow PL/Python to support platform-specific include directories (Peter Eisentraut)
Allow PL/Python on OS X to build against custom versions of Python (Peter Eisentraut)
Add a Postgres foreign data wrapper contrib module to allow access to other Postgres servers (Shigeru Hanada)
This foreign data wrapper supports writes.
Add pg_xlogdump contrib program (Andres Freund)
Add support for indexing of regular-expression searches in pg_trgm (Alexander Korotkov)
Improve pg_trgm's handling of multibyte characters (Tom Lane)
On a platform that does not have the wcstombs() or
towlower() library functions, this could result in an
incompatible change in the contents of pg_trgm indexes for non-ASCII
data. In such cases, REINDEX those indexes to ensure
correct search results.
Add a pgstattuple function to report the size of the pending-insertions list of a GIN index (Fujii Masao)
Make oid2name, pgbench, and vacuumlo set fallback_application_name (Amit
Kapila)
Improve output of pg_test_timing (Bruce Momjian)
Improve output of pg_test_fsync (Peter Geoghegan)
Create a dedicated foreign data wrapper, with its own option validator function, for dblink (Shigeru Hanada)
When using this FDW to define the target of a dblink connection, instead of using a hard-wired list of connection options, the underlying libpq library is consulted to see what connection options it supports.
Allow pg_upgrade to do dumps and restores in parallel (Bruce Momjian, Andrew Dunstan)
This allows parallel schema dump/restore of
databases, as well as parallel copy/link of data
files per tablespace. Use the --jobs option to specify the level of
parallelism.
Make pg_upgrade create Unix-domain sockets in the current directory (Bruce Momjian, Tom Lane)
This reduces the possibility that someone will accidentally connect during the upgrade.
Make pg_upgrade
--check mode properly
detect the location of non-default socket directories
(Bruce Momjian, Tom Lane)
Improve performance of pg_upgrade for databases with many tables (Bruce Momjian)
Improve pg_upgrade's logs by showing executed commands (Álvaro Herrera)
Improve pg_upgrade's status display during copy/link (Bruce Momjian)
Add --foreign-keys
option to pgbench
(Jeff Janes)
This adds foreign key constraints to the standard tables created by pgbench, for use in foreign key performance testing.
Allow pgbench to
aggregate performance statistics and produce output
every --aggregate-interval seconds (Tomas
Vondra)
Add pgbench
--sampling-rate option to
control the percentage of transactions logged (Tomas
Vondra)
Reduce and improve the status message output of pgbench's initialization mode (Robert Haas, Peter Eisentraut)
Add pgbench
-q mode to print one
output line every five seconds (Tomas Vondra)
Output pgbench elapsed and estimated remaining time during initialization (Tomas Vondra)
Allow pgbench to
use much larger scale factors, by changing relevant
columns from integer to
bigint when the requested
scale factor exceeds 20000 (Greg Smith)
Allow EPUB-format documentation to be created (Peter Eisentraut)
Update FreeBSD kernel configuration documentation (Brad Davis)
Improve WINDOW function documentation
(Bruce Momjian, Florian Pflug)
Add instructions for setting up the documentation tool chain on macOS (Peter Eisentraut)
Improve commit_delay documentation (Peter
Geoghegan)
⇑ Upgrade to 9.3.1 released on 2013-10-10 - docs
Ensure new-in-9.3 JSON functionality is added to the
hstore extension during an
update (Andrew Dunstan)
Users who upgraded a pre-9.3 database containing
hstore should execute
ALTER EXTENSION hstore UPDATE;
after installing 9.3.1, to add two new JSON functions
and a cast. (If hstore is
already up to date, this command does nothing.)
Fix memory leak when creating B-tree indexes on range columns (Heikki Linnakangas)
Fix memory leak caused by lo_open() failure (Heikki
Linnakangas)
Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas)
Fix deadlock bug in libpq when using SSL (Stephen Frost)
Fix timeline handling bugs in pg_receivexlog (Heikki Linnakangas, Andrew Gierth)
Prevent CREATE FUNCTION
from checking SET variables
unless function body checking is enabled (Tom Lane)
Remove rare inaccurate warning during vacuum of index-less tables (Heikki Linnakangas)
⇑ Upgrade to 9.3.2 released on 2013-12-05 - docs
Fix VACUUM's tests to see
whether it can update relfrozenxid (Andres Freund)
In some cases VACUUM
(either manual or autovacuum) could incorrectly advance a
table's relfrozenxid
value, allowing tuples to escape freezing, causing those
rows to become invisible once 2^31 transactions have
elapsed. The probability of data loss is fairly low since
multiple incorrect advancements would need to happen
before actual loss occurs, but it's not zero. In 9.2.0
and later, the probability of loss is higher, and it's
also possible to get “could not access status of
transaction” errors as a consequence of
this bug. Users upgrading from releases 9.0.4 or 8.4.8 or
earlier are not affected, but all later versions contain
the bug.
The issue can be ameliorated by, after upgrading,
vacuuming all tables in all databases while having
vacuum_freeze_table_age set to zero. This will
fix any latent corruption but will not be able to fix all
pre-existing data errors. However, an installation can be
presumed safe after performing this vacuuming if it has
executed fewer than 2^31 update transactions in its
lifetime (check this with SELECT
txid_current() < 2^31).
Fix multiple bugs in MultiXactId freezing (Andres Freund, Álvaro Herrera)
These bugs could lead to “could not access status of transaction” errors, or to duplicate or vanishing rows. Users upgrading from releases prior to 9.3.0 are not affected.
The issue can be ameliorated by, after upgrading,
vacuuming all tables in all databases while having
vacuum_freeze_table_age set to zero. This will
fix latent corruption but will not be able to fix all
pre-existing data errors.
As a separate issue, these bugs can also cause standby servers to get out of sync with the primary, thus exhibiting data errors that are not in the primary. Therefore, it's recommended that 9.3.0 and 9.3.1 standby servers be re-cloned from the primary (e.g., with a new base backup) after upgrading.
Fix initialization of pg_clog and pg_subtrans during hot standby startup
(Andres Freund, Heikki Linnakangas)
This bug can cause data loss on standby servers at the moment they start to accept hot-standby queries, by marking committed transactions as uncommitted. The likelihood of such corruption is small unless, at the time of standby startup, the primary server has executed many updating transactions since its last checkpoint. Symptoms include missing rows, rows that should have been deleted being still visible, and obsolete versions of updated rows being still visible alongside their newer versions.
This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. Standby servers that have only been running earlier releases are not at risk. It's recommended that standby servers that have ever run any of the buggy releases be re-cloned from the primary (e.g., with a new base backup) after upgrading.
Fix multiple bugs in update chain traversal (Andres Freund, Álvaro Herrera)
These bugs could result in incorrect behavior, such as locking or even updating the wrong row, in the presence of concurrent updates. Spurious “unable to fetch updated version of tuple” errors were also possible.
Fix dangling-pointer problem in fast-path locking (Tom Lane)
This could lead to corruption of the lock data structures in shared memory, causing “lock already held” and other odd errors.
Fix assorted race conditions in timeout management (Tom Lane)
These errors could result in a server process becoming unresponsive because it had blocked SIGALRM and/or SIGINT.
Truncate pg_multixact
contents during WAL replay (Andres Freund)
This avoids ever-increasing disk space consumption in standby servers.
Ensure an anti-wraparound VACUUM counts a page as scanned when
it's only verified that no tuples need freezing (Sergey
Burladyan, Jeff Janes)
This bug could result in failing to advance
relfrozenxid, so that
the table would still be thought to need another
anti-wraparound vacuum. In the worst case the database
might even shut down to prevent wraparound.
Fix full-table-vacuum request mechanism for MultiXactIds (Andres Freund)
This bug could result in large amounts of useless autovacuum activity.
Fix race condition in GIN index posting tree page deletion (Heikki Linnakangas)
This could lead to transient wrong answers or query failures.
Fix “unexpected spgdoinsert() failure” error during SP-GiST index creation (Teodor Sigaev)
Fix assorted bugs in materialized views (Kevin Grittner, Andres Freund)
Re-allow duplicate table aliases if they're within aliased JOINs (Tom Lane)
Historically PostgreSQL has accepted queries like
SELECT ... FROM tab1 x CROSS JOIN (tab2 x CROSS JOIN tab3 y) z
although a strict reading of the SQL standard would
forbid the duplicate usage of table alias x. A misguided change in 9.3.0 caused it
to reject some such cases that were formerly accepted.
Restore the previous behavior.
Avoid flattening a subquery whose SELECT list contains a volatile function
wrapped inside a sub-SELECT
(Tom Lane)
This avoids unexpected results due to extra evaluations of the volatile function.
Fix planner's processing of non-simple-variable subquery outputs nested within outer joins (Tom Lane)
This error could lead to incorrect plans for queries
involving multiple levels of subqueries within
JOIN syntax.
Fix incorrect planning in cases where the same
non-strict expression appears in multiple WHERE and outer JOIN equality clauses (Tom Lane)
Fix planner crash with whole-row reference to a subquery (Tom Lane)
Fix incorrect generation of optimized MIN()/MAX() plans for inheritance trees (Tom Lane)
The planner could fail in cases where the MIN()/MAX() argument was an expression rather than a simple variable.
Fix premature deletion of temporary files (Andres Freund)
Prevent intra-transaction memory leak when printing range values (Tom Lane)
This fix actually cures transient memory leaks in any datatype output function, but range types are the only ones known to have had a significant problem.
Fix memory leaks when reloading configuration files (Heikki Linnakangas, Hari Babu)
Prevent incorrect display of dropped columns in NOT NULL and CHECK constraint violation messages (Michael Paquier and Tom Lane)
Allow default arguments and named-argument notation for window functions (Tom Lane)
Previously, these cases were likely to crash.
Suppress trailing whitespace on each line when pretty-printing rules and views (Tom Lane)
9.3.0 generated such whitespace in many more cases than previous versions did. To reduce unexpected behavioral changes, suppress unnecessary whitespace in all cases.
Fix possible read past end of memory in rule printing (Peter Eisentraut)
Fix array slicing of int2vector and oidvector values (Tom Lane)
Expressions of this kind are now implicitly promoted
to regular int2 or oid arrays.
Return a valid JSON value when converting an empty
hstore value to json (Oskari Saarenmaa)
Fix incorrect behaviors when using a SQL-standard, simple GMT offset timezone (Tom Lane)
In some cases, the system would use the simple GMT
offset value when it should have used the regular
timezone setting that had prevailed before the simple
offset was selected. This change also causes the
timeofday function to honor
the simple GMT offset zone.
Prevent possible misbehavior when logging translations of Windows error codes (Tom Lane)
Properly quote generated command lines in pg_ctl (Naoya Anzai and Tom Lane)
This fix applies only to Windows.
Fix pg_dumpall to
work when a source database sets
default_transaction_read_only via
ALTER DATABASE SET (Kevin
Grittner)
Previously, the generated script would fail during restore.
Fix pg_isready to
handle its -d option properly
(Fabrízio de Royes Mello and Fujii Masao)
Fix parsing of WAL file names in pg_receivexlog (Heikki Linnakangas)
This error made pg_receivexlog unable to restart streaming after stopping, once at least 4 GB of WAL had been written.
Report out-of-disk-space failures properly in pg_upgrade (Peter Eisentraut)
Make ecpg search for quoted cursor names case-sensitively (Zoltán Böszörményi)
Fix ecpg's processing
of lists of variables declared varchar (Zoltán Böszörményi)
Make contrib/lo defend
against incorrect trigger definitions (Marc Cousin)
Update time zone data files to tzdata release 2013h for DST law changes in Argentina, Brazil, Jordan, Libya, Liechtenstein, Morocco, and Palestine. Also, new timezone abbreviations WIB, WIT, WITA for Indonesia.
⇑ Upgrade to 9.3.3 released on 2014-02-20 - docs
Shore up GRANT ... WITH ADMIN
OPTION restrictions (Noah Misch)
Granting a role without ADMIN
OPTION is supposed to prevent the grantee from
adding or removing members from the granted role, but
this restriction was easily bypassed by doing
SET ROLE first. The security
impact is mostly that a role member can revoke the access
of others, contrary to the wishes of his grantor.
Unapproved role member additions are a lesser concern,
since an uncooperative role member could provide most of
his rights to others anyway by creating views or
SECURITY DEFINER functions.
(CVE-2014-0060)
Prevent privilege escalation via manual calls to PL validator functions (Andres Freund)
The primary role of PL validator functions is to be
called implicitly during CREATE
FUNCTION, but they are also normal SQL functions
that a user can call explicitly. Calling a validator on a
function actually written in some other language was not
checked for and could be exploited for
privilege-escalation purposes. The fix involves adding a
call to a privilege-checking function in each validator
function. Non-core procedural languages will also need to
make this change to their own validator functions, if
any. (CVE-2014-0061)
Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund)
If the name lookups come to different conclusions due
to concurrent activity, we might perform some parts of
the DDL on a different table than other parts. At least
in the case of CREATE INDEX,
this can be used to cause the permissions checks to be
performed against a different table than the index
creation, allowing for a privilege escalation attack.
(CVE-2014-0062)
Prevent buffer overrun with long datetime strings (Noah Misch)
The MAXDATELEN constant
was too small for the longest possible value of type
interval, allowing a buffer
overrun in interval_out().
Although the datetime input functions were more careful
about avoiding buffer overrun, the limit was short enough
to cause them to reject some valid inputs, such as input
containing a very long timezone name. The ecpg library contained these
vulnerabilities along with some of its own.
(CVE-2014-0063)
Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas)
Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064)
Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)
Use strlcpy() and
related functions to provide a clear guarantee that
fixed-size buffers are not overrun. Unlike the preceding
items, it is unclear whether these cases really represent
live issues, since in most cases there appear to be
previous constraints on the size of the input string.
Nonetheless it seems prudent to silence all Coverity
warnings of this type. (CVE-2014-0065)
Avoid crashing if crypt() returns NULL (Honza Horak,
Bruce Momjian)
There are relatively few scenarios in which
crypt() could return NULL,
but contrib/chkpass would
crash if it did. One practical case in which this could
be an issue is if libc
is configured to refuse to execute unapproved hashing
algorithms (e.g., “FIPS mode”). (CVE-2014-0066)
Document risks of make
check in the regression testing instructions (Noah
Misch, Tom Lane)
Since the temporary server started by make check uses “trust”
authentication, another user on the same machine could
connect to it as database superuser, and then potentially
exploit the privileges of the operating-system user who
started the tests. A future release will probably
incorporate changes in the testing procedure to prevent
this risk, but some public discussion is needed first. So
for the moment, just warn people against using
make check when there are
untrusted users on the same machine. (CVE-2014-0067)
Rework tuple freezing protocol (Álvaro Herrera, Andres Freund)
The logic for tuple freezing was unable to handle some cases involving freezing of multixact IDs, with the practical effect that shared row-level locks might be forgotten once old enough.
Fixing this required changing the WAL record format for tuple freezing. While this is no issue for standalone servers, when using replication it means that standby servers must be upgraded to 9.3.3 or later before their masters are. An older standby will be unable to interpret freeze records generated by a newer master, and will fail with a PANIC message. (In such a case, upgrading the standby should be sufficient to let it resume execution.)
Create separate GUC parameters to control multixact freezing (Álvaro Herrera)
9.3 requires multixact tuple labels to be frozen before they grow too old, in the same fashion as plain transaction ID labels have been frozen for some time. Previously, the transaction ID freezing parameters were used for multixact IDs too; but since the consumption rates of transaction IDs and multixact IDs can be quite different, this did not work very well. Introduce new settings vacuum_multixact_freeze_min_age, vacuum_multixact_freeze_table_age, and autovacuum_multixact_freeze_max_age to control when to freeze multixacts.
Account for remote row locks propagated by local updates (Álvaro Herrera)
If a row was locked by transaction A, and transaction B updated it, the new version of the row created by B would be locked by A, yet visible only to B. If transaction B then again updated the row, A's lock wouldn't get checked, thus possibly allowing B to complete when it shouldn't. This case is new in 9.3 since prior versions did not have any types of row locking that would permit another transaction to update the row at all.
This oversight could allow referential integrity
checks to give false positives (for instance, allow
deletes that should have been rejected). Applications
using the new commands SELECT FOR
KEY SHARE and SELECT FOR NO
KEY UPDATE might also have suffered locking
failures of this kind.
Prevent “forgetting” valid row locks when one of several holders of a row lock aborts (Álvaro Herrera)
This was yet another mechanism by which a shared row lock could be lost, thus possibly allowing updates that should have been prevented by foreign-key constraints.
Fix incorrect logic during update chain locking (Álvaro Herrera)
This mistake could result in spurious “could not serialize access
due to concurrent update” errors in
REPEATABLE READ and
SERIALIZABLE transaction
isolation modes.
Handle wraparound correctly during extension or
truncation of pg_multixact/members (Andres Freund,
Álvaro Herrera)
Fix handling of 5-digit filenames in pg_multixact/members (Álvaro
Herrera)
As of 9.3, these names can be more than 4 digits, but the directory cleanup code ignored such files.
Improve performance of multixact cache code (Álvaro Herrera)
Optimize updating a row that's already locked by the same transaction (Andres Freund, Álvaro Herrera)
This fixes a performance regression from pre-9.3
versions when doing SELECT FOR
UPDATE followed by UPDATE/DELETE.
During archive recovery, prefer highest timeline
number when WAL segments with the same ID are present in
both the archive and pg_xlog/ (Kyotaro Horiguchi)
Previously, not-yet-archived segments could get ignored during recovery. This reverts an undesirable behavioral change in 9.3.0 back to the way things worked pre-9.3.
Fix possible mis-replay of WAL records when some segments of a relation aren't full size (Greg Stark, Tom Lane)
The WAL update could be applied to the wrong page, potentially many pages past where it should have been. Aside from corrupting data, this error has been observed to result in significant “bloat” of standby servers compared to their masters, due to updates being applied far beyond where the end-of-file should have been. This failure mode does not appear to be a significant risk during crash recovery, only when initially synchronizing a standby created from a base backup taken from a quickly-changing master.
Fix bug in determining when recovery has reached consistency (Tomonari Katsumata, Heikki Linnakangas)
In some cases WAL replay would mistakenly conclude that the database was already consistent at the start of replay, thus possibly allowing hot-standby queries before the database was really consistent. Other symptoms such as “PANIC: WAL contains references to invalid pages” were also possible.
Fix WAL logging of visibility map changes (Heikki Linnakangas)
Fix improper locking of btree index pages while
replaying a VACUUM operation
in hot-standby mode (Andres Freund, Heikki Linnakangas,
Tom Lane)
This error could result in “PANIC: WAL contains references to invalid pages” failures.
Ensure that insertions into non-leaf GIN index pages write a full-page WAL record when appropriate (Heikki Linnakangas)
The previous coding risked index corruption in the event of a partial-page write during a system crash.
When pause_at_recovery_target and
recovery_target_inclusive
are both set, ensure the target record is applied before
pausing, not after (Heikki Linnakangas)
Ensure walreceiver sends hot-standby feedback messages on time even when there is a continuous stream of data (Andres Freund, Amit Kapila)
Prevent timeout interrupts from taking control away
from mainline code unless ImmediateInterruptOK is set (Andres
Freund, Tom Lane)
This is a serious issue for any application making use of statement timeouts, as it could cause all manner of strange failures after a timeout occurred. We have seen reports of “stuck” spinlocks, ERRORs being unexpectedly promoted to PANICs, unkillable backends, and other misbehaviors.
Fix race conditions during server process exit (Robert Haas)
Ensure that signal handlers don't attempt to use the
process's MyProc pointer
after it's no longer valid.
Fix race conditions in walsender shutdown logic and walreceiver SIGHUP signal handler (Tom Lane)
Fix unsafe references to errno within error reporting logic
(Christian Kruse)
This would typically lead to odd behaviors such as
missing or inappropriate HINT fields.
Fix possible crashes from using ereport() too early during server
startup (Tom Lane)
The principal case we've seen in the field is a crash if the server is started in a directory it doesn't have permission to read.
Clear retry flags properly in OpenSSL socket write function (Alexander Kukushkin)
This omission could result in a server lockup after unexpected loss of an SSL-encrypted connection.
Fix length checking for Unicode identifiers
(U&"..." syntax)
containing escapes (Tom Lane)
A spurious truncation warning would be printed for such identifiers if the escaped form of the identifier was too long, but the identifier actually didn't need truncation after de-escaping.
Fix parsing of Unicode literals and identifiers just before the end of a command string or function body (Tom Lane)
Allow keywords that are type names to be used in lists of roles (Stephen Frost)
A previous patch allowed such keywords to be used
without quoting in places such as role identifiers; but
it missed cases where a list of role identifiers was
permitted, such as DROP
ROLE.
Fix parser crash for EXISTS(SELECT * FROM zero_column_table)
(Tom Lane)
Fix possible crash due to invalid plan for nested
sub-selects, such as WHERE (... x
IN (SELECT ...) ...) IN (SELECT ...) (Tom
Lane)
Fix mishandling of WHERE
conditions pulled up from a LATERAL subquery (Tom Lane)
The typical symptom of this bug was a “JOIN qualification cannot refer to other relations” error, though subtle logic errors in created plans seem possible as well.
Disallow LATERAL
references to the target table of an UPDATE/DELETE (Tom Lane)
While this might be allowed in some future release, it was unintentional in 9.3, and didn't work quite right anyway.
Fix UPDATE/DELETE of an
inherited target table that has UNION ALL subqueries (Tom Lane)
Without this fix, UNION
ALL subqueries aren't correctly inserted into the
update plans for inheritance child tables after the first
one, typically resulting in no update happening for those
child table(s).
Fix ANALYZE to not fail
on a column that's a domain over a range type (Tom
Lane)
Ensure that ANALYZE
creates statistics for a table column even when all the
values in it are “too wide” (Tom Lane)
ANALYZE intentionally
omits very wide values from its histogram and
most-common-values calculations, but it neglected to do
something sane in the case that all the sampled entries
are too wide.
In ALTER TABLE ... SET
TABLESPACE, allow the database's default
tablespace to be used without a permissions check
(Stephen Frost)
CREATE TABLE has always
allowed such usage, but ALTER
TABLE didn't get the memo.
Fix support for extensions containing event triggers (Tom Lane)
Fix “cannot
accept a set” error when some arms of a
CASE return a set and others
don't (Tom Lane)
Fix memory leakage in JSON functions (Craig Ringer)
Properly distinguish numbers from non-numbers when generating JSON output (Andrew Dunstan)
Fix checks for all-zero client addresses in pgstat functions (Kevin Grittner)
Fix possible misclassification of multibyte characters by the text search parser (Tom Lane)
Non-ASCII characters could be misclassified when using C locale with a multibyte encoding. On Cygwin, non-C locales could fail as well.
Fix possible misbehavior in plainto_tsquery() (Heikki
Linnakangas)
Use memmove() not
memcpy() for copying
overlapping memory regions. There have been no field
reports of this actually causing trouble, but it's
certainly risky.
Fix placement of permissions checks in pg_start_backup() and pg_stop_backup() (Andres Freund, Magnus
Hagander)
The previous coding might attempt to do catalog access when it shouldn't.
Accept SHIFT_JIS as an
encoding name for locale checking purposes (Tatsuo
Ishii)
Fix *-qualification of
named parameters in SQL-language functions (Tom Lane)
Given a composite-type parameter named foo, $1.*
worked fine, but foo.* not
so much.
Fix misbehavior of PQhost() on Windows (Fujii Masao)
It should return localhost if no host has been
specified.
Improve error handling in libpq and psql for failures during
COPY TO STDOUT/FROM STDIN
(Tom Lane)
In particular this fixes an infinite loop that could
occur in 9.2 and up if the server connection was lost
during COPY FROM STDIN.
Variants of that scenario might be possible in older
versions, or with other client applications.
Fix incorrect translation handling in some
psql \d commands (Peter Eisentraut, Tom
Lane)
Ensure pg_basebackup's background process is killed when exiting its foreground process (Magnus Hagander)
Fix possible incorrect printing of filenames in pg_basebackup's verbose mode (Magnus Hagander)
Avoid including tablespaces inside PGDATA twice in base backups (Dimitri Fontaine, Magnus Hagander)
Fix misaligned descriptors in ecpg (MauMau)
In ecpg, handle lack of a hostname in the connection parameters properly (Michael Meskes)
Fix performance regression in contrib/dblink connection startup (Joe
Conway)
Avoid an unnecessary round trip when client and server encodings match.
In contrib/isn, fix
incorrect calculation of the check digit for ISMN values
(Fabien Coelho)
Fix contrib/pgbench's
progress logging to avoid overflow when the scale factor
is large (Tatsuo Ishii)
Fix contrib/pg_stat_statement's handling of
CURRENT_DATE and related
constructs (Kyotaro Horiguchi)
Improve lost-connection error handling in contrib/postgres_fdw (Tom Lane)
Ensure client-code-only installation procedure works as documented (Peter Eisentraut)
In Mingw and Cygwin builds, install the libpq DLL in the bin directory (Andrew Dunstan)
This duplicates what the MSVC build has long done. It should fix problems with programs like psql failing to start because they can't find the DLL.
Avoid using the deprecated dllwrap tool in Cygwin builds (Marco
Atzeri)
Enable building with Visual Studio 2013 (Brar Piening)
Don't generate plain-text HISTORY and src/test/regress/README files anymore
(Tom Lane)
These text files duplicated the main HTML and PDF
documentation formats. The trouble involved in
maintaining them greatly outweighs the likely audience
for plain-text format. Distribution tarballs will still
contain files by these names, but they'll just be stubs
directing the reader to consult the main documentation.
The plain-text INSTALL file
will still be maintained, as there is arguably a use-case
for that.
Update time zone data files to tzdata release 2013i for DST law changes in Jordan and historical changes in Cuba.
In addition, the zones Asia/Riyadh87, Asia/Riyadh88, and Asia/Riyadh89 have been removed, as they
are no longer maintained by IANA, and never represented
actual civil timekeeping practice.
⇑ Upgrade to 9.3.4 released on 2014-03-20 - docs
Fix WAL replay of locking an already-updated tuple (Andres Freund, Álvaro Herrera)
This error caused updated rows to not be found by index scans, resulting in inconsistent query results depending on whether an index scan was used. Subsequent processing could result in constraint violations, since the previously updated row would not be found by later index searches, thus possibly allowing conflicting rows to be inserted. Since this error is in WAL replay, it would only manifest during crash recovery or on standby servers. The improperly-replayed case most commonly arises when a table row that is referenced by a foreign-key constraint is updated concurrently with creation of a referencing row.
Restore GIN metapages unconditionally to avoid torn-page risk (Heikki Linnakangas)
Although this oversight could theoretically result in a corrupted index, it is unlikely to have caused any problems in practice, since the active part of a GIN metapage is smaller than a standard 512-byte disk sector.
Avoid race condition in checking transaction commit
status during receipt of a NOTIFY message (Marko Tiikkaja)
This prevents a scenario wherein a sufficiently fast client might respond to a notification before database updates made by the notifier have become visible to the recipient.
Allow materialized views to be referenced in
UPDATE and DELETE commands (Michael Paquier)
Previously such queries failed with a complaint about not being able to lock rows in the materialized view.
Allow regular-expression operators to be terminated early by query cancel requests (Tom Lane)
This prevents scenarios wherein a pathological regular expression could lock up a server process uninterruptibly for a long time.
Remove incorrect code that tried to allow OVERLAPS with single-element row
arguments (Joshua Yanovski)
This code never worked correctly, and since the case is neither specified by the SQL standard nor documented, it seemed better to remove it than fix it.
Avoid getting more than AccessShareLock when de-parsing a rule
or view (Dean Rasheed)
This oversight resulted in pg_dump unexpectedly acquiring
RowExclusiveLock locks on
tables mentioned as the targets of INSERT/UPDATE/DELETE commands in rules. While usually
harmless, that could interfere with concurrent
transactions that tried to acquire, for example,
ShareLock on those
tables.
Improve performance of index endpoint probes during planning (Tom Lane)
This change fixes a significant performance problem that occurred when there were many not-yet-committed rows at the end of the index, which is a common situation for indexes on sequentially-assigned values such as timestamps or sequence-generated identifiers.
Use non-default selectivity estimates for value
IN (list)value operator ANY (array)
Remove the correct per-database statistics file during
DROP DATABASE (Tomas
Vondra)
This fix prevents a permanent leak of statistics file
space. Users who have done many DROP DATABASE commands since upgrading
to PostgreSQL 9.3 may
wish to check their statistics directory and delete
statistics files that do not correspond to any existing
database. Please note that db_0.stat should not be removed.
Fix walsender ping logic to avoid inappropriate disconnects under continuous load (Andres Freund, Heikki Linnakangas)
walsender failed to send ping messages to the client if it was constantly busy sending WAL data; but it expected to see ping responses despite that, and would therefore disconnect once wal_sender_timeout elapsed.
Fix walsender's failure to shut down cleanly when client is pg_receivexlog (Fujii Masao)
Check WAL level and hot standby parameters correctly when doing crash recovery that will be followed by archive recovery (Heikki Linnakangas)
Fix test to see if hot standby connections can be allowed immediately after a crash (Heikki Linnakangas)
Add read-only data_checksums parameter to display whether page checksums are enabled (Heikki Linnakangas)
Without this parameter, determining the state of checksum processing was difficult.
Prevent interrupts while reporting non-ERROR messages (Tom Lane)
This guards against rare server-process freezeups due
to recursive entry to syslog(), and perhaps other related
problems.
Fix memory leak in PL/Perl when returning a composite result, including multiple-OUT-parameter cases (Alex Hunsaker)
Fix tracking of psql
script line numbers during \copy from out-of-line data (Kumar
Rajeev Rastogi, Amit Khandekar)
\copy ... from
incremented the script file line number for each data
line, even if the data was not coming from the script
file. This mistake resulted in wrong line numbers being
reported for any errors occurring later in the same
script file.
Fix contrib/postgres_fdw to handle multiple join conditions properly (Tom Lane)
This oversight could result in sending WHERE clauses to the remote server for
execution even though the clauses are not known to have
the same semantics on the remote server (for example,
clauses that use non-built-in operators). The query might
succeed anyway, but it could also fail with errors from
the remote server, or worse give silently wrong
answers.
Prevent intermittent “could not reserve shared memory region” failures on recent Windows versions (MauMau)
Update time zone data files to tzdata release 2014a for DST law changes in Fiji and Turkey, plus historical changes in Israel and Ukraine.
⇑ Upgrade to 9.3.5 released on 2014-07-24 - docs
In pg_upgrade, remove
pg_multixact files left
behind by initdb (Bruce
Momjian)
If you used a pre-9.3.5 version of pg_upgrade to upgrade a database
cluster to 9.3, it might have left behind a file
$PGDATA/pg_multixact/offsets/0000 that
should not be there and will eventually cause problems in
VACUUM. However, in common cases this file is
actually valid and must not be removed. To
determine whether your installation has this problem, run
this query as superuser, in any database of the
cluster:
WITH list(file) AS (SELECT * FROM pg_ls_dir('pg_multixact/offsets'))
SELECT EXISTS (SELECT * FROM list WHERE file = '0000') AND
NOT EXISTS (SELECT * FROM list WHERE file = '0001') AND
NOT EXISTS (SELECT * FROM list WHERE file = 'FFFF') AND
EXISTS (SELECT * FROM list WHERE file != '0000')
AS file_0000_removal_required;If this query returns t,
manually remove the file $PGDATA/pg_multixact/offsets/0000. Do
nothing if the query returns f.
Correctly initialize padding bytes in contrib/btree_gist indexes on
bit columns (Heikki
Linnakangas)
This error could result in incorrect query results due
to values that should compare equal not being seen as
equal. Users with GiST indexes on bit or bit
varying columns should REINDEX those indexes after installing
this update.
Protect against torn pages when deleting GIN list pages (Heikki Linnakangas)
This fix prevents possible index corruption if a system crash occurs while the page update is being written to disk.
Don't clear the right-link of a GiST index page while replaying updates from WAL (Heikki Linnakangas)
This error could lead to transiently wrong answers from GiST index scans performed in Hot Standby.
Fix corner-case infinite loop during insertion into an SP-GiST text index (Tom Lane)
Fix incorrect answers from SP-GiST index searches with
-|- (range adjacency)
operator (Heikki Linnakangas)
Fix wraparound handling for pg_multixact/members (Álvaro
Herrera)
Truncate pg_multixact
during checkpoints, not during VACUUM (Álvaro Herrera)
This change ensures that pg_multixact segments can't be
removed if they'd still be needed during WAL replay after
a crash.
Fix possible inconsistency of all-visible flags after WAL recovery (Heikki Linnakangas)
Fix possibly-incorrect cache invalidation during
nested calls to ReceiveSharedInvalidMessages (Andres
Freund)
Fix race condition when updating a tuple concurrently locked by another process (Andres Freund, Álvaro Herrera)
Fix “could not
find pathkey item to sort” planner failures
with UNION ALL over
subqueries reading from tables with inheritance children
(Tom Lane)
Don't assume a subquery's output is unique if there's a set-returning function in its targetlist (David Rowley)
This oversight could lead to misoptimization of
constructs like WHERE x IN (SELECT
y, generate_series(1,10) FROM t GROUP BY y).
Improve planner to drop constant-NULL inputs of
AND/OR when possible (Tom Lane)
This change fixes some cases where the more aggressive parameter substitution done by 9.2 and later can lead to a worse plan than older versions produced.
Ensure that the planner sees equivalent VARIADIC and non-VARIADIC function calls as equivalent
(Tom Lane)
This bug could for example result in failure to use expression indexes involving variadic functions. It might be necessary to re-create such indexes, and/or re-create views including variadic function calls that should match the indexes, for the fix to be effective for existing 9.3 installations.
Fix handling of nested JSON
objects in json_populate_recordset() and friends
(Michael Paquier, Tom Lane)
A nested JSON object could
result in previous fields of the parent object not being
shown in the output.
Fix identification of input type category in
to_json() and friends (Tom
Lane)
This is known to have led to inadequate quoting of
money fields in the
JSON result, and there may have
been wrong results for other data types as well.
Fix failure to detoast fields in composite elements of structured types (Tom Lane)
This corrects cases where TOAST pointers could be copied into other tables without being dereferenced. If the original data is later deleted, it would lead to errors like “missing chunk number 0 for toast value ...” when the now-dangling pointer is used.
Fix “record type has not been registered” failures with whole-row references to the output of Append plan nodes (Tom Lane)
Fix possible crash when invoking a user-defined function while rewinding a cursor (Tom Lane)
Fix query-lifespan memory leak while evaluating the
arguments for a function in FROM (Tom Lane)
Fix session-lifespan memory leaks in regular-expression processing (Tom Lane, Arthur O'Dwyer, Greg Stark)
Fix data encoding error in hungarian.stop (Tom Lane)
Prevent foreign tables from being created with OIDS when default_with_oids is true (Etsuro Fujita)
Fix liveness checks for rows that were inserted in the current transaction and then deleted by a now-rolled-back subtransaction (Andres Freund)
This could cause problems (at least spurious warnings,
and at worst an infinite loop) if CREATE INDEX or CLUSTER were done later in the same
transaction.
Clear pg_stat_activity.xact_start during PREPARE TRANSACTION (Andres Freund)
After the PREPARE, the
originating session is no longer in a transaction, so it
should not continue to display a transaction start
time.
Fix REASSIGN OWNED to not
fail for text search objects (Álvaro Herrera)
Prevent pg_class.relminmxid values from going
backwards during VACUUM FULL
(Álvaro Herrera)
Reduce indentation in rule/view dumps to improve readability and avoid excessive whitespace (Greg Stark, Tom Lane)
This change reduces the amount of indentation applied to nested constructs, including some cases that the user probably doesn't think of as nested, such as UNION lists. Previously, deeply nested constructs were printed with an amount of whitespace growing as O(N^2), which created a performance problem and even risk of out-of-memory failures. Now the indentation is reduced modulo 40, which is initially odd to look at but seems to preserve readability better than simply limiting the indentation would do. Redundant parenthesization of UNION lists has been reduced as well.
Fix dumping of rules/views when subsequent addition of
a column has resulted in multiple input columns matching
a USING specification (Tom
Lane)
Repair view printing for some cases involving
functions in FROM that
return a composite type containing dropped columns (Tom
Lane)
Block signals during postmaster startup (Tom Lane)
This ensures that the postmaster will properly clean up after itself if, for example, it receives SIGINT while still starting up.
Fix client host name lookup when processing
pg_hba.conf entries that
specify host names instead of IP addresses (Tom Lane)
Ensure that reverse-DNS lookup failures are reported, instead of just silently not matching such entries. Also ensure that we make only one reverse-DNS lookup attempt per connection, not one per host name entry, which is what previously happened if the lookup attempts failed.
Allow the root user to use postgres -C variable and postgres --describe-config (MauMau)
The prohibition on starting the server as root does not need to extend to these operations, and relaxing it prevents failure of pg_ctl in some scenarios.
Secure Unix-domain sockets of temporary postmasters
started during make check
(Noah Misch)
Any local user able to access the socket file could
connect as the server's bootstrap superuser, then proceed
to execute arbitrary code as the operating-system user
running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by
placing the server's socket in a temporary, mode 0700
subdirectory of /tmp. The
hazard remains however on platforms where Unix sockets
are not supported, notably Windows, because then the
temporary postmaster must accept local TCP
connections.
A useful side effect of this change is to simplify
make check testing in builds
that override DEFAULT_PGSOCKET_DIR. Popular
non-default values like /var/run/postgresql are often not
writable by the build user, requiring workarounds that
will no longer be necessary.
Fix tablespace creation WAL replay to work on Windows (MauMau)
Fix detection of socket creation failures on Windows (Bruce Momjian)
On Windows, allow new sessions to absorb values of PGC_BACKEND parameters (such as log_connections) from the configuration file (Amit Kapila)
Previously, if such a parameter were changed in the file post-startup, the change would have no effect.
Properly quote executable path names on Windows (Nikhil Deshpande)
This oversight could cause initdb and pg_upgrade to fail on Windows, if
the installation path contained both spaces and
@ signs.
Fix linking of libpython on macOS (Tom Lane)
The method we previously used can fail with the Python library supplied by Xcode 5.0 and later.
Avoid buffer bloat in libpq when the server consistently sends data faster than the client can absorb it (Shin-ichi Morita, Tom Lane)
libpq could be
coerced into enlarging its input buffer until it runs out
of memory (which would be reported misleadingly as
“lost
synchronization with server”). Under
ordinary circumstances it's quite far-fetched that data
could be continuously transmitted more quickly than the
recv() loop can absorb it,
but this has been observed when the client is
artificially slowed by scheduler constraints.
Ensure that LDAP lookup attempts in libpq time out as intended (Laurenz Albe)
Fix ecpg to do the
right thing when an array of char
* is the target for a FETCH statement returning
more than one row, as well as some other array-handling
fixes (Ashutosh Bapat)
Fix pg_dump to cope with a materialized view that depends on a table's primary key (Tom Lane)
This occurs if the view's query relies on functional
dependency to abbreviate a GROUP
BY list. pg_dump
got sufficiently confused that it dumped the materialized
view as a regular view.
Fix parsing of pg_dumpall's -i switch (Tom Lane)
Fix pg_restore's processing of old-style large object comments (Tom Lane)
A direct-to-database restore from an archive file generated by a pre-9.0 version of pg_dump would usually fail if the archive contained more than a few comments for large objects.
Fix pg_upgrade for cases where the new server creates a TOAST table but the old version did not (Bruce Momjian)
This rare situation would manifest as “relation OID mismatch” errors.
In pg_upgrade,
preserve pg_database.datminmxid and pg_class.relminmxid values from the old
cluster, or insert reasonable values when upgrading from
pre-9.3; also defend against unreasonable values in the
core server (Bruce Momjian, Álvaro Herrera, Tom Lane)
These changes prevent scenarios in which autovacuum might insist on scanning the entire cluster's contents immediately upon starting the new cluster, or in which tracking of unfrozen MXID values might be disabled completely.
Prevent contrib/auto_explain from changing the
output of a user's EXPLAIN
(Tom Lane)
If auto_explain is
active, it could cause an EXPLAIN
(ANALYZE, TIMING OFF) command to nonetheless print
timing information.
Fix query-lifespan memory leak in contrib/dblink (MauMau, Joe Conway)
In contrib/pgcrypto
functions, ensure sensitive information is cleared from
stack variables before returning (Marko Kreen)
Prevent use of already-freed memory in contrib/pgstattuple's pgstat_heap() (Noah Misch)
In contrib/uuid-ossp,
cache the state of the OSSP UUID library across calls
(Tom Lane)
This improves the efficiency of UUID generation and
reduces the amount of entropy drawn from /dev/urandom, on platforms that have
that.
Update time zone data files to tzdata release 2014e for DST law changes in Crimea, Egypt, and Morocco.
⇑ Upgrade to 9.4 released on 2014-12-18 - docs
Tighten checks for multidimensional array input (Bruce Momjian)
Previously, an input array string that started with a single-element sub-array could later contain multi-element sub-arrays, e.g. '{{1}, {2,3}}'::int[] would be accepted.
When converting values of type date, timestamp or timestamptz to JSON, render the values in a format compliant with ISO 8601 (Andrew Dunstan)
Previously such values were rendered according to the current DateStyle setting; but many JSON processors require timestamps to be in ISO 8601 format. If necessary, the previous behavior can be obtained by explicitly casting the datetime value to text before passing it to the JSON conversion function.
The json #> text[] path extraction operator now returns its lefthand input, not NULL, if the array is empty (Tom Lane)
This is consistent with the notion that this represents zero applications of the simple field/element extraction operator ->. Similarly, json #>> text[] with an empty array merely coerces its lefthand input to text.
Corner cases in the JSON field/element/path extraction operators now return NULL rather than raising an error (Tom Lane)
For example, applying field extraction to a JSON array now yields NULL not an error. This is more consistent (since some comparable cases such as no-such-field already returned NULL), and it makes it safe to create expression indexes that use these operators, since they will now not throw errors for any valid JSON input.
Cause consecutive whitespace in to_timestamp() and to_date() format strings to consume a corresponding number of characters in the input string (whitespace or not), then conditionally consume adjacent whitespace, if not in FX mode (Jeevan Chalke)
Previously, consecutive whitespace characters in a non-FX format string behaved like a single whitespace character and consumed all adjacent whitespace in the input string. For example, previously a format string of three spaces would consume only the first space in ' 12', but it will now consume all three characters.
Fix ts_rank_cd() to ignore stripped lexemes (Alex Hill)
Previously, stripped lexemes were treated as if they had a default location, producing a rank of dubious usefulness.
For functions declared to take VARIADIC "any", an actual parameter marked as VARIADIC must be of a determinable array type (Pavel Stehule)
Such parameters can no longer be written as an undecorated string literal or NULL; a cast to an appropriate array data type will now be required. Note that this does not affect parameters not marked VARIADIC.
Ensure that whole-row variables expose the expected column names to functions that pay attention to column names within composite arguments (Tom Lane)
Constructs like row_to_json(tab.*) now always emit column names that match the column aliases visible for table tab at the point of the call. In previous releases the emitted column names would sometimes be the table's actual column names regardless of any aliases assigned in the query.
DISCARD now also discards sequence-related state (Fabrízio de Royes Mello, Robert Haas)
Rename EXPLAIN ANALYZE's "total runtime" output to "execution time" (Tom Lane)
Now that planning time is also reported, the previous name was confusing.
SHOW TIME ZONE now outputs simple numeric UTC offsets in POSIX timezone format (Tom Lane)
Previously, such timezone settings were displayed as interval values. The new output is properly interpreted by SET TIME ZONE when passed as a simple string, whereas the old output required special treatment to be re-parsed correctly.
Foreign data wrappers that support updating foreign tables must consider the possible presence of AFTER ROW triggers (Noah Misch)
When an AFTER ROW trigger is present, all columns of the table must be returned by updating actions, since the trigger might inspect any or all of them. Previously, foreign tables never had triggers, so the FDW might optimize away fetching columns not mentioned in the RETURNING clause (if any).
Prevent CHECK constraints from referencing system columns, except tableoid (Amit Kapila)
Previously such check constraints were allowed, but they would often cause errors during restores.
Use the last specified recovery target parameter if multiple target parameters are specified (Heikki Linnakangas)
Previously, there was an undocumented precedence order among the recovery_target_xxx parameters.
On Windows, automatically preserve quotes in command strings supplied by the user (Heikki Linnakangas)
User commands that did their own quote preservation might need adjustment. This is likely to be an issue for commands used in archive_command, restore_command, and COPY TO/FROM PROGRAM.
Remove catalog column pg_class.reltoastidxid (Michael Paquier)
Remove catalog column pg_rewrite.ev_attr (Kevin Grittner)
Per-column rules have not been supported since PostgreSQL 7.3.
Remove native support for Kerberos authentication (--with-krb5, etc) (Magnus Hagander)
The supported way to use Kerberos authentication is with GSSAPI. The native code has been deprecated since PostgreSQL 8.3.
In PL/Python, handle domains over arrays like the underlying array type (Rodolfo Campero)
Previously such values were treated as strings.
Make libpq's PQconnectdbParams() and PQpingParams() functions process zero-length strings as defaults (Adrian Vondendriesch)
Previously, these functions treated zero-length string values as selecting the default in only some cases.
Change empty arrays returned by the intarray module to be zero-dimensional arrays (Bruce Momjian)
Previously, empty arrays were returned as zero-length one-dimensional arrays, whose text representation looked the same as zero-dimensional arrays ({}), but they acted differently in array operations. intarray's behavior in this area now matches the built-in array operators.
pg_upgrade now uses -U or --username to specify the user name (Bruce Momjian)
Previously this option was spelled -u or --user, but that was inconsistent with other tools.
Allow background worker processes to be dynamically registered, started and terminated (Robert Haas)
The new worker_spi module shows an example of use of this feature.
Allow dynamic allocation of shared memory segments (Robert Haas, Amit Kapila)
This feature is illustrated in the test_shm_mq module.
During crash recovery or immediate shutdown, send uncatchable termination signals (SIGKILL) to child processes that do not shut down promptly (MauMau, Álvaro Herrera)
This reduces the likelihood of leaving orphaned child processes behind after postmaster shutdown, as well as ensuring that crash recovery can proceed if some child processes have become "stuck".
Improve randomness of the database system identifier (Tom Lane)
Make VACUUM properly report dead but not-yet-removable rows to the statistics collector (Hari Babu)
Previously these were reported as live rows.
Reduce GIN index size (Alexander Korotkov, Heikki Linnakangas)
Indexes upgraded via pg_upgrade will work fine but will still be in the old, larger GIN format. Use REINDEX to recreate old GIN indexes in the new format.
Improve speed of multi-key GIN lookups (Alexander Korotkov, Heikki Linnakangas)
Add GiST index support for inet and cidr data types (Emre Hasegeli)
Such indexes improve subnet and supernet lookups and ordering comparisons.
Fix rare race condition in B-tree page deletion (Heikki Linnakangas)
Make the handling of interrupted B-tree page splits more robust (Heikki Linnakangas)
Allow multiple backends to insert into WAL buffers concurrently (Heikki Linnakangas)
This improves parallel write performance.
Conditionally write only the modified portion of updated rows to WAL (Amit Kapila)
Improve performance of aggregate functions used as window functions (David Rowley, Florian Pflug, Tom Lane)
Improve speed of aggregates that use numeric state values (Hadi Moshayedi)
Attempt to freeze tuples when tables are rewritten with CLUSTER or VACUUM FULL (Robert Haas, Andres Freund)
This can avoid the need to freeze the tuples in the future.
Improve speed of COPY with default nextval() columns (Simon Riggs)
Improve speed of accessing many different sequences in the same session (David Rowley)
Raise hard limit on the number of tuples held in memory during sorting and B-tree index builds (Noah Misch)
Reduce memory allocated by PL/pgSQL DO blocks (Tom Lane)
Make the planner more aggressive about extracting restriction clauses from mixed AND/OR clauses (Tom Lane)
Disallow pushing volatile WHERE clauses down into DISTINCT subqueries (Tom Lane)
Pushing down a WHERE clause can produce a more efficient plan overall, but at the cost of evaluating the clause more often than is implied by the text of the query; so don't do it if the clause contains any volatile functions.
Auto-resize the catalog caches (Heikki Linnakangas)
This reduces memory consumption for sessions accessing only a few tables, and improves performance for sessions accessing many tables.
Add pg_stat_archiver system view to report WAL archiver activity (Gabriele Bartolini)
Add n_mod_since_analyze columns to pg_stat_all_tables and related system views (Mark Kirkwood)
These columns expose the system's estimate of the number of changed tuples since the table's last ANALYZE. This estimate drives decisions about when to auto-analyze.
Add backend_xid and backend_xmin columns to the system view pg_stat_activity, and a backend_xmin column to pg_stat_replication (Christian Kruse)
Add support for SSL ECDH key exchange (Marko Kreen)
This allows use of Elliptic Curve keys for server authentication. Such keys are faster and have better security than RSA keys. The new configuration parameter ssl_ecdh_curve controls which curve is used for ECDH.
Improve the default ssl_ciphers setting (Marko Kreen)
By default, the server not the client now controls the preference order of SSL ciphers (Marko Kreen)
Previously, the order specified by ssl_ciphers was usually ignored in favor of client-side defaults, which are not configurable in most PostgreSQL clients. If desired, the old behavior can be restored via the new configuration parameter ssl_prefer_server_ciphers.
Make log_connections show SSL encryption information (Andreas Kunert)
Improve SSL renegotiation handling (Álvaro Herrera)
Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries (Amit Kapila)
Previously such settings could only be changed by manually editing postgresql.conf.
Add autovacuum_work_mem configuration parameter to control the amount of memory used by autovacuum workers (Peter Geoghegan)
Add huge_pages parameter to allow using huge memory pages on Linux (Christian Kruse, Richard Poole, Abhijit Menon-Sen)
This can improve performance on large-memory systems.
Add max_worker_processes parameter to limit the number of background workers (Robert Haas)
This is helpful in configuring a standby server to have the required number of worker processes (the same as the primary).
Add superuser-only session_preload_libraries parameter to load libraries at session start (Peter Eisentraut)
In contrast to local_preload_libraries, this parameter can load any shared library, not just those in the $libdir/plugins directory.
Add wal_log_hints parameter to enable WAL logging of hint-bit changes (Sawada Masahiko)
Hint bit changes are not normally logged, except when checksums are enabled. This is useful for external tools like pg_rewind.
Increase the default settings of work_mem and maintenance_work_mem by four times (Bruce Momjian)
The new defaults are 4MB and 64MB respectively.
Increase the default setting of effective_cache_size to 4GB (Bruce Momjian, Tom Lane)
Allow printf-style space padding to be specified in log_line_prefix (David Rowley)
Allow terabyte units (TB) to be used when specifying configuration variable values (Simon Riggs)
Show PIDs of lock holders and waiters and improve information about relations in log_lock_waits log messages (Christian Kruse)
Reduce server logging level when loading shared libraries (Peter Geoghegan)
The previous level was LOG, which was too verbose for libraries loaded per-session.
On Windows, make SQL_ASCII-encoded databases and server processes (e.g., postmaster) emit messages in the character encoding of the server's Windows user locale (Alexander Law, Noah Misch)
Previously these messages were output in the Windows ANSI code page.
Add replication slots to coordinate activity on streaming standbys with the node they are streaming from (Andres Freund, Robert Haas)
Replication slots allow preservation of resources like WAL files on the primary until they are no longer needed by standby servers.
Add recovery parameter recovery_min_apply_delay to delay replication (Robert Haas, Fabrízio de Royes Mello, Simon Riggs)
Delaying replay on standby servers can be useful for recovering from user errors.
Add recovery_target option immediate to stop WAL recovery as soon as a consistent state is reached (MauMau, Heikki Linnakangas)
Improve recovery target processing (Heikki Linnakangas)
The timestamp reported by pg_last_xact_replay_timestamp() now reflects already-committed records, not transactions about to be committed. Recovering to a restore point now replays the restore point, rather than stopping just before the restore point.
pg_switch_xlog() now clears any unused trailing space in the old WAL file (Heikki Linnakangas)
This improves the compression ratio for WAL files.
Report failure return codes from external recovery commands (Peter Eisentraut)
Reduce spinlock contention during WAL replay (Heikki Linnakangas)
Write WAL records of running transactions more frequently (Andres Freund)
This allows standby servers to start faster and clean up resources more aggressively.
Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format (Andres Freund)
Add new wal_level setting logical to enable logical change-set encoding in WAL (Andres Freund)
Add table-level parameter REPLICA IDENTITY to control logical replication (Andres Freund)
Add relation option user_catalog_table to identify user-created tables involved in logical change-set encoding (Andres Freund)
Add pg_recvlogical application to receive logical-decoding data (Andres Freund)
Add test_decoding module to illustrate logical decoding at the SQL level (Andres Freund)
Add WITH ORDINALITY syntax to number the rows returned from a set-returning function in the FROM clause (Andrew Gierth, David Fetter)
This is particularly useful for functions like unnest().
Add ROWS FROM() syntax to allow horizontal concatenation of set-returning functions in the FROM clause (Andrew Gierth)
Allow SELECT to have an empty target list (Tom Lane)
This was added so that views that select from a table with zero columns can be dumped and restored correctly.
Ensure that SELECT ... FOR UPDATE NOWAIT does not wait in corner cases involving already-concurrently-updated tuples (Craig Ringer and Thomas Munro)
Add DISCARD SEQUENCES command to discard cached sequence-related state (Fabrízio de Royes Mello, Robert Haas)
DISCARD ALL will now also discard such information.
Add FORCE NULL option to COPY FROM, which causes quoted strings matching the specified null string to be converted to NULLs in CSV mode (Ian Barwick, Michael Paquier)
Without this option, only unquoted matching strings will be imported as null values.
Issue warnings for commands used outside of transaction blocks when they can have no effect (Bruce Momjian)
New warnings are issued for SET LOCAL, SET CONSTRAINTS, SET TRANSACTION and ABORT when used outside a transaction block.
Make EXPLAIN ANALYZE show planning time (Andreas Karlsson)
Make EXPLAIN show the grouping columns in Agg and Group nodes (Tom Lane)
Make EXPLAIN ANALYZE show exact and lossy block counts in bitmap heap scans (Etsuro Fujita)
Allow a materialized view to be refreshed without blocking other sessions from reading the view meanwhile (Kevin Grittner)
This is done with REFRESH MATERIALIZED VIEW CONCURRENTLY.
Allow views to be automatically updated even if they contain some non-updatable columns (Dean Rasheed)
Previously the presence of non-updatable output columns such as expressions, literals, and function calls prevented automatic updates. Now INSERTs, UPDATEs and DELETEs are supported, provided that they do not attempt to assign new values to any of the non-updatable columns.
Allow control over whether INSERTs and UPDATEs can add rows to an auto-updatable view that would not appear in the view (Dean Rasheed)
This is controlled with the new CREATE VIEW clause WITH CHECK OPTION.
Allow security barrier views to be automatically updatable (Dean Rasheed)
Support triggers on foreign tables (Ronan Dunklau)
Allow moving groups of objects from one tablespace to another using the ALL IN TABLESPACE ... SET TABLESPACE form of ALTER TABLE, ALTER INDEX, or ALTER MATERIALIZED VIEW (Stephen Frost)
Allow changing foreign key constraint deferrability via ALTER TABLE ... ALTER CONSTRAINT (Simon Riggs)
Reduce lock strength for some ALTER TABLE commands (Simon Riggs, Noah Misch, Robert Haas)
Specifically, VALIDATE CONSTRAINT, CLUSTER ON, SET WITHOUT CLUSTER, ALTER COLUMN SET STATISTICS, ALTER COLUMN SET (attribute_option), ALTER COLUMN RESET (attribute_option) no longer require ACCESS EXCLUSIVE locks.
Allow tablespace options to be set in CREATE TABLESPACE (Vik Fearing)
Formerly these options could only be set via ALTER TABLESPACE.
Allow CREATE AGGREGATE to define the estimated size of the aggregate's transition state data (Hadi Moshayedi)
Proper use of this feature allows the planner to better estimate how much memory will be used by aggregates.
Fix DROP IF EXISTS to avoid errors for non-existent objects in more cases (Pavel Stehule, Dean Rasheed)
Improve how system relations are identified (Andres Freund, Robert Haas)
Previously, relations once moved into the pg_catalog schema could no longer be modified or dropped.
Fully implement the line data type (Peter Eisentraut)
The line segment data type (lseg) has always been fully supported. The previous line data type (which was enabled only via a compile-time option) is not binary or dump-compatible with the new implementation.
Add pg_lsn data type to represent a WAL log sequence number (LSN) (Robert Haas, Michael Paquier)
Allow single-point polygons to be converted to circles (Bruce Momjian)
Support time zone abbreviations that change UTC offset from time to time (Tom Lane)
Previously, PostgreSQL assumed that the UTC offset associated with a time zone abbreviation (such as EST) never changes in the usage of any particular locale. However this assumption fails in the real world, so introduce the ability for a zone abbreviation to represent a UTC offset that sometimes changes. Update the zone abbreviation definition files to make use of this feature in timezone locales that have changed the UTC offset of their abbreviations since 1970 (according to the IANA timezone database). In such timezones, PostgreSQL will now associate the correct UTC offset with the abbreviation depending on the given date.
Allow 5+ digit years for non-ISO timestamp and date strings, where appropriate (Bruce Momjian)
Add checks for overflow/underflow of interval values (Bruce Momjian)
Add jsonb, a more capable and efficient data type for storing JSON data (Oleg Bartunov, Teodor Sigaev, Alexander Korotkov, Peter Geoghegan, Andrew Dunstan)
This new type allows faster access to values within a JSON document, and faster and more useful indexing of JSON columns. Scalar values in jsonb documents are stored as appropriate scalar SQL types, and the JSON document structure is pre-parsed rather than being stored as text as in the original json data type.
Add new JSON functions to allow for the construction of arbitrarily complex JSON trees (Andrew Dunstan, Laurence Rowe)
New functions include json_array_elements_text(), json_build_array(), json_object(), json_object_agg(), json_to_record(), and json_to_recordset().
Add json_typeof() to return the data type of a json value (Andrew Tipton)
Add pg_sleep_for(interval) and pg_sleep_until(timestamp) to specify delays more flexibly (Vik Fearing, Julien Rouhaud)
The existing pg_sleep() function only supports delays specified in seconds.
Add cardinality() function for arrays (Marko Tiikkaja)
This returns the total number of elements in the array, or zero for an array with no elements.
Add SQL functions to allow large object reads/writes at arbitrary offsets (Pavel Stehule)
Allow unnest() to take multiple arguments, which are individually unnested then horizontally concatenated (Andrew Gierth)
Add functions to construct times, dates, timestamps, timestamptzs, and intervals from individual values, rather than strings (Pavel Stehule)
These functions' names are prefixed with make_, e.g. make_date().
Make to_char()'s TZ format specifier return a useful value for simple numeric time zone offsets (Tom Lane)
Previously, to_char(CURRENT_TIMESTAMP, 'TZ') returned an empty string if the timezone was set to a constant like -4.
Add timezone offset format specifier OF to to_char() (Bruce Momjian)
Improve the random seed used for random() (Honza Horak)
Tighten validity checking for Unicode code points in chr(int) (Tom Lane)
This function now only accepts values that are valid UTF8 characters according to RFC 3629.
Add functions for looking up objects in pg_class, pg_proc, pg_type, and pg_operator that do not generate errors for non-existent objects (Yugo Nagata, Nozomi Anzai, Robert Haas)
For example, to_regclass() does a lookup in pg_class similarly to the regclass input function, but it returns NULL for a non-existent object instead of failing.
Add function pg_filenode_relation() to allow for more efficient lookup of relation names from filenodes (Andres Freund)
Add parameter_default column to information_schema.parameters view (Peter Eisentraut)
Make information_schema.schemata show all accessible schemas (Peter Eisentraut)
Previously it only showed schemas owned by the current user.
Add control over which rows are passed into aggregate functions via the FILTER clause (David Fetter)
Support ordered-set (WITHIN GROUP) aggregates (Atri Sharma, Andrew Gierth, Tom Lane)
Add standard ordered-set aggregates percentile_cont(), percentile_disc(), mode(), rank(), dense_rank(), percent_rank(), and cume_dist() (Atri Sharma, Andrew Gierth)
Support VARIADIC aggregate functions (Tom Lane)
Allow polymorphic aggregates to have non-polymorphic state data types (Tom Lane)
This allows proper declaration in SQL of aggregates like the built-in aggregate array_agg().
Add event trigger support to PL/Perl and PL/Tcl (Dimitri Fontaine)
Convert numeric values to decimal in PL/Python (Szymon Guz, Ronan Dunklau)
Previously such values were converted to Python float values, risking loss of precision.
Add ability to retrieve the current PL/pgSQL call stack using GET DIAGNOSTICS (Pavel Stehule, Stephen Frost)
Add option print_strict_params to display the parameters passed to a query that violated a STRICT constraint (Marko Tiikkaja)
Add variables plpgsql.extra_warnings and plpgsql.extra_errors to enable additional PL/pgSQL warnings and errors (Marko Tiikkaja, Petr Jelinek)
Currently only warnings/errors about shadowed variables are available.
Make libpq's PQconndefaults() function ignore invalid service files (Steve Singer, Bruce Momjian)
Previously it returned NULL if an incorrect service file was encountered.
Accept TLS protocol versions beyond TLSv1 in libpq (Marko Kreen)
Add createuser option -g to specify role membership (Christopher Browne)
Add vacuumdb option --analyze-in-stages to analyze in stages of increasing granularity (Peter Eisentraut)
This allows minimal statistics to be created quickly.
Make pg_resetxlog with option -n output current and potentially changed values (Rajeev Rastogi)
Make initdb throw error for incorrect locale settings, rather than silently falling back to a default choice (Tom Lane)
Make pg_ctl return exit code 4 for an inaccessible data directory (Amit Kapila, Bruce Momjian)
This behavior more closely matches the Linux Standard Base (LSB) Core Specification.
On Windows, ensure that a non-absolute -D path specification is interpreted relative to pg_ctl's current directory (Kumar Rajeev Rastogi)
Previously it would be interpreted relative to whichever directory the underlying Windows service was started in.
Allow sizeof() in ECPG C array definitions (Michael Meskes)
Make ECPG properly handle nesting of C-style comments in both C and SQL text (Michael Meskes)
Suppress "No rows" output in psql expanded mode when the footer is disabled (Bruce Momjian)
Allow Control-C to abort psql when it's hung at connection startup (Peter Eisentraut)
Make psql's \db+ show tablespace options (Magnus Hagander)
Make \do+ display the functions that implement the operators (Marko Tiikkaja)
Make \d+ output an OID line only if an oid column exists in the table (Bruce Momjian)
Previously, the presence or absence of an oid column was always reported.
Make \d show disabled system triggers (Bruce Momjian)
Previously, if you disabled all triggers, only user triggers would show as disabled.
Fix \copy to no longer require a space between stdin and a semicolon (Etsuro Fujita)
Output the row count at the end of \copy, just like COPY already did (Kumar Rajeev Rastogi)
Fix \conninfo to display the server's IP address for connections using hostaddr (Fujii Masao)
Previously \conninfo could not display the server's IP address in such cases.
Show the SSL protocol version in \conninfo (Marko Kreen)
Add tab completion for \pset (Pavel Stehule)
Allow \pset with no arguments to show all settings (Gilles Darold)
Make \s display the name of the history file it wrote without converting it to an absolute path (Tom Lane)
The code previously attempted to convert a relative file name to an absolute path for display, but frequently got it wrong.
Allow pg_restore options -I, -P, -T and -n to be specified multiple times (Heikki Linnakangas)
This allows multiple objects to be restored in one operation.
Optionally add IF EXISTS clauses to the DROP commands emitted when removing old objects during a restore (Pavel Stehule)
This change prevents unnecessary errors when removing old objects. The new --if-exists option for pg_dump, pg_dumpall, and pg_restore is only available when --clean is also specified.
Add pg_basebackup option --xlogdir to specify the pg_xlog directory location (Haribabu Kommi)
Allow pg_basebackup to relocate tablespaces in the backup copy (Steeve Lennmark)
This is particularly useful for using pg_basebackup on the same machine as the primary.
Allow network-stream base backups to be throttled (Antonin Houska)
This can be controlled with the pg_basebackup --max-rate parameter.
Improve the way tuples are frozen to preserve forensic information (Robert Haas, Andres Freund)
This change removes the main objection to freezing tuples as soon as possible. Code that inspects tuple flag bits will need to be modified.
No longer require function prototypes for functions marked with the PG_FUNCTION_INFO_V1 macro (Peter Eisentraut)
This change eliminates the need to write boilerplate prototypes. Note that the PG_FUNCTION_INFO_V1 macro must appear before the corresponding function definition to avoid compiler warnings.
Remove SnapshotNow and HeapTupleSatisfiesNow() (Robert Haas)
All existing uses have been switched to more appropriate snapshot types. Catalog scans now use MVCC snapshots.
Add an API to allow memory allocations over one gigabyte (Noah Misch)
Add psprintf() to simplify memory allocation during string composition (Peter Eisentraut, Tom Lane)
Support printf() size modifier z to print size_t values (Andres Freund)
Change API of appendStringInfoVA() to better use vsnprintf() (David Rowley, Tom Lane)
Allow new types of external toast datums to be created (Andres Freund)
Add single-reader, single-writer, lightweight shared message queue (Robert Haas)
Improve spinlock speed on x86_64 CPUs (Heikki Linnakangas)
Remove spinlock support for unsupported platforms SINIX, Sun3, and NS32K (Robert Haas)
Remove IRIX port (Robert Haas)
Reduce the number of semaphores required by --disable-spinlocks builds (Robert Haas)
Rewrite duplicate_oids Unix shell script in Perl (Andrew Dunstan)
Add Test Anything Protocol (TAP) tests for client programs (Peter Eisentraut)
Currently, these tests are run by make check-world only if the --enable-tap-tests option was given to configure. This might become the default behavior in some future release.
Add make targets check-tests and installcheck-tests, which allow selection of individual tests to be run (Andrew Dunstan)
Remove maintainer-check makefile rule (Peter Eisentraut)
The default build rules now include all the formerly-optional tests.
Improve support for VPATH builds of PGXS modules (Cédric Villemain, Andrew Dunstan, Peter Eisentraut)
Upgrade to Autoconf 2.69 (Peter Eisentraut)
Add a configure flag that appends custom text to the PG_VERSION string (Oskari Saarenmaa)
This is useful for packagers building custom binaries.
Improve DocBook XML validity (Peter Eisentraut)
Fix various minor security and sanity issues reported by the Coverity scanner (Stephen Frost)
Improve detection of invalid memory usage when testing PostgreSQL with Valgrind (Noah Misch)
Improve sample Emacs configuration file emacs.samples (Peter Eisentraut)
Also add .dir-locals.el to the top of the source tree.
Allow pgindent to accept a command-line list of typedefs (Bruce Momjian)
Make pgindent smarter about blank lines around preprocessor conditionals (Bruce Momjian)
Avoid most uses of dlltool in Cygwin and Mingw builds (Marco Atzeri, Hiroshi Inoue)
Support client-only installs in MSVC (Windows) builds (MauMau)
Add pg_prewarm extension to preload relation data into the shared buffer cache at server start (Robert Haas)
This allows reaching full operating performance more quickly.
Add UUID random number generator gen_random_uuid() to pgcrypto (Oskari Saarenmaa)
This allows creation of version 4 UUIDs without requiring installation of uuid-ossp.
Allow uuid-ossp to work with the BSD or e2fsprogs UUID libraries, not only the OSSP UUID library (Matteo Beccati)
This improves the uuid-ossp module's portability since it no longer has to have the increasingly-obsolete OSSP library. The module's name is now rather a misnomer, but we won't change it.
Add option to auto_explain to include trigger execution time (Horiguchi Kyotaro)
Fix pgstattuple to not report rows from uncommitted transactions as dead (Robert Haas)
Make pgstattuple functions use regclass-type arguments (Satoshi Nagayasu)
While text-type arguments are still supported, they may be removed in a future major release.
Improve consistency of pgrowlocks output to honor snapshot rules more consistently (Robert Haas)
Improve pg_trgm's choice of trigrams for indexed regular expression searches (Alexander Korotkov)
This change discourages use of trigrams containing whitespace, which are usually less selective.
Allow pg_xlogdump to report a live log stream with --follow (Heikki Linnakangas)
Store cube data more compactly (Stas Kelvich)
Existing data must be dumped/restored to use the new format. The old format can still be read.
Reduce vacuumlo client-side memory usage by using a cursor (Andrew Dunstan)
Dramatically reduce memory consumption in pg_upgrade (Bruce Momjian)
Pass pg_upgrade's user name (-U) option to generated analyze scripts (Bruce Momjian)
Remove line length limit for pgbench scripts (Sawada Masahiko)
The previous line limit was BUFSIZ.
Add long option names to pgbench (Fabien Coelho)
Add pgbench option --rate to control the transaction rate (Fabien Coelho)
Add pgbench option --progress to print periodic progress reports (Fabien Coelho)
Make pg_stat_statements use a file, rather than shared memory, for query text storage (Peter Geoghegan)
This removes the previous limitation on query text length, and allows a higher number of unique statements to be tracked by default.
Allow reporting of pg_stat_statements's internal query hash identifier (Daniel Farina, Sameer Thakur, Peter Geoghegan)
Add the ability to retrieve all pg_stat_statements information except the query text (Peter Geoghegan)
This allows monitoring tools to fetch query text only for just-created entries, improving performance during repeated querying of the statistics.
Make pg_stat_statements ignore DEALLOCATE commands (Fabien Coelho)
It already ignored PREPARE, as well as planning time in general, so this seems more consistent.
Save the statistics file into $PGDATA/pg_stat at server shutdown, rather than $PGDATA/global (Fujii Masao)
⇑ Upgrade to 9.4.1 released on 2015-02-05 - docs
Fix buffer overruns in to_char() (Bruce Momjian)
When to_char() processes a numeric formatting template calling for a large number of digits, PostgreSQL would read past the end of a buffer. When processing a crafted timestamp formatting template, PostgreSQL would write past the end of a buffer. Either case could crash the server. We have not ruled out the possibility of attacks that lead to privilege escalation, though they seem unlikely. (CVE-2015-0241)
Fix buffer overrun in replacement *printf() functions (Tom Lane)
PostgreSQL includes a replacement implementation of printf and related functions. This code will overrun a stack buffer when formatting a floating point number (conversion specifiers e, E, f, F, g or G) with requested precision greater than about 500. This will crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. A database user can trigger such a buffer overrun through the to_char() SQL function. While that is the only affected core PostgreSQL functionality, extension modules that use printf-family functions may be at risk as well.
This issue primarily affects PostgreSQL on Windows. PostgreSQL uses the system implementation of these functions where adequate, which it is on other modern platforms. (CVE-2015-0242)
Fix buffer overruns in contrib/pgcrypto (Marko Tiikkaja, Noah Misch)
Errors in memory size tracking within the pgcrypto module permitted stack buffer overruns and improper dependence on the contents of uninitialized memory. The buffer overrun cases can crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. (CVE-2015-0243)
Fix possible loss of frontend/backend protocol synchronization after an error (Heikki Linnakangas)
If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit. Our thanks to Emil Lenngren for reporting this issue. (CVE-2015-0244)
Fix information leak via constraint-violation error messages (Stephen Frost)
Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the code so that values are displayed only when they came from the SQL command or could be selected by the user. (CVE-2014-8161)
Lock down regression testing's temporary installations on Windows (Noah Misch)
Use SSPI authentication to allow connections only from the OS user who launched the test suite. This closes on Windows the same vulnerability previously closed on other platforms, namely that other users might be able to connect to the test postmaster. (CVE-2014-0067)
Cope with the Windows locale named "Norwegian (Bokmål)" (Heikki Linnakangas)
Non-ASCII locale names are problematic since it's not clear what encoding they should be represented in. Map the troublesome locale name to a plain-ASCII alias, "Norwegian_Norway".
9.4.0 mapped the troublesome name to "norwegian-bokmal", but that turns out not to work on all Windows configurations. "Norwegian_Norway" is now recommended instead.
Fix use-of-already-freed-memory problem in EvalPlanQual processing (Tom Lane)
In READ COMMITTED mode, queries that lock or update recently-updated rows could crash as a result of this bug.
Avoid possible deadlock while trying to acquire tuple locks in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood)
Fix failure to wait when a transaction tries to acquire a FOR NO KEY EXCLUSIVE tuple lock, while multiple other transactions currently hold FOR SHARE locks (Álvaro Herrera)
Improve performance of EXPLAIN with large range tables (Tom Lane)
Fix jsonb Unicode escape processing, and in consequence disallow \u0000 (Tom Lane)
Previously, the JSON Unicode escape \u0000 was accepted and was stored as those six characters; but that is indistinguishable from what is stored for the input \\u0000, resulting in ambiguity. Moreover, in cases where de-escaped textual output is expected, such as the ->> operator, the sequence was printed as \u0000, which does not meet the expectation that JSON escaping would be removed. (Consistent behavior would require emitting a zero byte, but PostgreSQL does not support zero bytes embedded in text strings.) 9.4.0 included an ill-advised attempt to improve this situation by adjusting JSON output conversion rules; but of course that could not fix the fundamental ambiguity, and it turned out to break other usages of Unicode escape sequences. Revert that, and to avoid the core problem, reject \u0000 in jsonb input.
If a jsonb column contains a \u0000 value stored with 9.4.0, it will henceforth read out as though it were \\u0000, which is the other valid interpretation of the data stored by 9.4.0 for this case.
The json type did not have the storage-ambiguity problem, but it did have the problem of inconsistent de-escaped textual output. Therefore \u0000 will now also be rejected in json values when conversion to de-escaped form is required. This change does not break the ability to store \u0000 in json columns so long as no processing is done on the values. This is exactly parallel to the cases in which non-ASCII Unicode escapes are allowed when the database encoding is not UTF8.
Fix namespace handling in xpath() (Ali Akbar)
Previously, the xml value resulting from an xpath() call would not have namespace declarations if the namespace declarations were attached to an ancestor element in the input xml value, rather than to the specific element being returned. Propagate the ancestral declaration so that the result is correct when considered in isolation.
Fix assorted oversights in range-operator selectivity estimation (Emre Hasegeli)
This patch fixes corner-case "unexpected operator NNNN" planner errors, and improves the selectivity estimates for some other cases.
Revert unintended reduction in maximum size of a GIN index item (Heikki Linnakangas)
9.4.0 could fail with "index row size exceeds maximum" errors for data that previous versions would accept.
Fix query-duration memory leak during repeated GIN index rescans (Heikki Linnakangas)
Fix possible crash when using nonzero gin_fuzzy_search_limit (Heikki Linnakangas)
Assorted fixes for logical decoding (Andres Freund)
Fix incorrect replay of WAL parameter change records that report changes in the wal_log_hints setting (Petr Jelinek)
Change "pgstat wait timeout" warning message to be LOG level, and rephrase it to be more understandable (Tom Lane)
This message was originally thought to be essentially a can't-happen case, but it occurs often enough on our slower buildfarm members to be a nuisance. Reduce it to LOG level, and expend a bit more effort on the wording: it now reads "using stale statistics instead of current ones because stats collector is not responding".
Warn if macOS's setlocale() starts an unwanted extra thread inside the postmaster (Noah Misch)
Fix libpq's behavior when /etc/passwd isn't readable (Tom Lane)
While doing PQsetdbLogin(), libpq attempts to ascertain the user's operating system name, which on most Unix platforms involves reading /etc/passwd. As of 9.4, failure to do that was treated as a hard error. Restore the previous behavior, which was to fail only if the application does not provide a database role name to connect as. This supports operation in chroot environments that lack an /etc/passwd file.
Improve consistency of parsing of psql's special variables (Tom Lane)
Allow variant spellings of on and off (such as 1/0) for ECHO_HIDDEN and ON_ERROR_ROLLBACK. Report a warning for unrecognized values for COMP_KEYWORD_CASE, ECHO, ECHO_HIDDEN, HISTCONTROL, ON_ERROR_ROLLBACK, and VERBOSITY. Recognize all values for all these variables case-insensitively; previously there was a mishmash of case-sensitive and case-insensitive behaviors.
Fix pg_dump to handle comments on event triggers without failing (Tom Lane)
Allow parallel pg_dump to use --serializable-deferrable (Kevin Grittner)
Prevent WAL files created by pg_basebackup -x/-X from being archived again when the standby is promoted (Andres Freund)
Handle unexpected query results, especially NULLs, safely in contrib/tablefunc's connectby() (Michael Paquier)
connectby() previously crashed if it encountered a NULL key value. It now prints that row but doesn't recurse further.
Numerous cleanups of warnings from Coverity static code analyzer (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
These changes are mostly cosmetic but in some cases fix corner-case bugs, for example a crash rather than a proper error report after an out-of-memory failure. None are believed to represent security issues.
Allow CFLAGS from configure's environment to override automatically-supplied CFLAGS (Tom Lane)
Previously, configure would add any switches that it chose of its own accord to the end of the user-specified CFLAGS string. Since most compilers process switches left-to-right, this meant that configure's choices would override the user-specified flags in case of conflicts. That should work the other way around, so adjust the logic to put the user's string at the end not the beginning.
Make pg_regress remove any temporary installation it created upon successful exit (Tom Lane)
This results in a very substantial reduction in disk space usage during make check-world, since that sequence involves creation of numerous temporary installations.
Add CST (China Standard Time) to our lists of timezone abbreviations (Tom Lane)
Update time zone data files to tzdata release 2015a for DST law changes in Chile and Mexico, plus historical changes in Iceland.
⇑ Upgrade to 9.4.2 released on 2015-05-22 - docs
Avoid possible crash when client disconnects just before the authentication timeout expires (Benkocs Norbert Attila)
If the timeout interrupt fired partway through the session shutdown sequence, SSL-related state would be freed twice, typically causing a crash and hence denial of service to other sessions. Experimentation shows that an unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue. (CVE-2015-3165)
Improve detection of system-call failures (Noah Misch)
Our replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure, due to our code assuming that a buffer had been overwritten when it hadn't been. Also, there were a few places in which security-relevant calls of other system library functions did not check for failure.
It remains possible that some calls of the *printf() family of functions are vulnerable to information disclosure if an out-of-memory error occurs at just the wrong time. We judge the risk to not be large, but will continue analysis in this area. (CVE-2015-3166)
In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data" (Noah Misch)
Previously, some cases of decryption with an incorrect key could report other error message texts. It has been shown that such variance in error reports can aid attackers in recovering keys from other systems. While it's unknown whether pgcrypto's specific behaviors are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message. (CVE-2015-3167)
Protect against wraparound of multixact member IDs (Álvaro Herrera, Robert Haas, Thomas Munro)
Under certain usage patterns, the existing defenses against this might be insufficient, allowing pg_multixact/members files to be removed too early, resulting in data loss. The fix for this includes modifying the server to fail transactions that would result in overwriting old multixact member ID data, and improving autovacuum to ensure it will act proactively to prevent multixact member ID wraparound, as it does for transaction ID wraparound.
Fix incorrect declaration of contrib/citext's regexp_matches() functions (Tom Lane)
These functions should return setof text[], like the core functions they are wrappers for; but they were incorrectly declared as returning just text[]. This mistake had two results: first, if there was no match you got a scalar null result, whereas what you should get is an empty set (zero rows). Second, the g flag was effectively ignored, since you would get only one result array even if there were multiple matches.
While the latter behavior is clearly a bug, there might be applications depending on the former behavior; therefore the function declarations will not be changed by default until PostgreSQL 9.5. In pre-9.5 branches, the old behavior exists in version 1.0 of the citext extension, while we have provided corrected declarations in version 1.1 (which is not installed by default). To adopt the fix in pre-9.5 branches, execute ALTER EXTENSION citext UPDATE TO '1.1' in each database in which citext is installed. (You can also "update" back to 1.0 if you need to undo that.) Be aware that either update direction will require dropping and recreating any views or rules that use citext's regexp_matches() functions.
Render infinite dates and timestamps as infinity when converting to json, rather than throwing an error (Andrew Dunstan)
Fix json/jsonb's populate_record() and to_record() functions to handle empty input properly (Andrew Dunstan)
Fix incorrect checking of deferred exclusion constraints after a HOT update (Tom Lane)
If a new row that potentially violates a deferred exclusion constraint is HOT-updated (that is, no indexed columns change and the row can be stored back onto the same table page) later in the same transaction, the exclusion constraint would be reported as violated when the check finally occurred, even if the row(s) the new row originally conflicted with had been deleted.
Fix behavior when changing foreign key constraint deferrability status with ALTER TABLE ... ALTER CONSTRAINT (Tom Lane)
Operations later in the same session or concurrent sessions might not honor the status change promptly.
Fix planning of star-schema-style queries (Tom Lane)
Sometimes, efficient scanning of a large table requires that index parameters be provided from more than one other table (commonly, dimension tables whose keys are needed to index a large fact table). The planner should be able to find such plans, but an overly restrictive search heuristic prevented it.
Prevent improper reordering of antijoins (NOT EXISTS joins) versus other outer joins (Tom Lane)
This oversight in the planner has been observed to cause "could not find RelOptInfo for given relids" errors, but it seems possible that sometimes an incorrect query plan might get past that consistency check and result in silently-wrong query output.
Fix incorrect matching of subexpressions in outer-join plan nodes (Tom Lane)
Previously, if textually identical non-strict subexpressions were used both above and below an outer join, the planner might try to re-use the value computed below the join, which would be incorrect because the executor would force the value to NULL in case of an unmatched outer row.
Fix GEQO planner to cope with failure of its join order heuristic (Tom Lane)
This oversight has been seen to lead to "failed to join all relations together" errors in queries involving LATERAL, and that might happen in other cases as well.
Ensure that row locking occurs properly when the target of an UPDATE or DELETE is a security-barrier view (Stephen Frost)
Use a file opened for read/write when syncing replication slot data during database startup (Andres Freund)
On some platforms, the previous coding could result in errors like "could not fsync file "pg_replslot/...": Bad file descriptor".
Fix possible deadlock at startup when max_prepared_transactions is too small (Heikki Linnakangas)
Don't archive useless preallocated WAL files after a timeline switch (Heikki Linnakangas)
Recursively fsync() the data directory after a crash (Abhijit Menon-Sen, Robert Haas)
This ensures consistency if another crash occurs shortly later. (The second crash would have to be a system-level crash, not just a database crash, for there to be a problem.)
Fix autovacuum launcher's possible failure to shut down, if an error occurs after it receives SIGTERM (Álvaro Herrera)
Fix failure to handle invalidation messages for system catalogs early in session startup (Tom Lane)
This oversight could result in failures in sessions that start concurrently with a VACUUM FULL on a system catalog.
Fix crash in BackendIdGetTransactionIds() when trying to get status for a backend process that just exited (Tom Lane)
Cope with unexpected signals in LockBufferForCleanup() (Andres Freund)
This oversight could result in spurious errors about "multiple backends attempting to wait for pincount 1".
Fix crash when doing COPY IN to a table with check constraints that contain whole-row references (Tom Lane)
The known failure case only crashes in 9.4 and up, but there is very similar code in 9.3 and 9.2, so back-patch those branches as well.
Avoid waiting for WAL flush or synchronous replication during commit of a transaction that was read-only so far as the user is concerned (Andres Freund)
Previously, a delay could occur at commit in transactions that had written WAL due to HOT page pruning, leading to undesirable effects such as sessions getting stuck at startup if all synchronous replicas are down. Sessions have also been observed to get stuck in catchup interrupt processing when using synchronous replication; this will fix that problem as well.
Avoid busy-waiting with short recovery_min_apply_delay values (Andres Freund)
Fix crash when manipulating hash indexes on temporary tables (Heikki Linnakangas)
Fix possible failure during hash index bucket split, if other processes are modifying the index concurrently (Tom Lane)
Fix memory leaks in GIN index vacuum (Heikki Linnakangas)
Check for interrupts while analyzing index expressions (Jeff Janes)
ANALYZE executes index expressions many times; if there are slow functions in such an expression, it's desirable to be able to cancel the ANALYZE before that loop finishes.
Ensure tableoid of a foreign table is reported correctly when a READ COMMITTED recheck occurs after locking rows in SELECT FOR UPDATE, UPDATE, or DELETE (Etsuro Fujita)
Add the name of the target server to object description strings for foreign-server user mappings (Álvaro Herrera)
Include the schema name in object identity strings for conversions (Álvaro Herrera)
Recommend setting include_realm to 1 when using Kerberos/GSSAPI/SSPI authentication (Stephen Frost)
Without this, identically-named users from different realms cannot be distinguished. For the moment this is only a documentation change, but it will become the default setting in PostgreSQL 9.5.
Remove code for matching IPv4 pg_hba.conf entries to IPv4-in-IPv6 addresses (Tom Lane)
This hack was added in 2003 in response to a report that some Linux kernels of the time would report IPv4 connections as having IPv4-in-IPv6 addresses. However, the logic was accidentally broken in 9.0. The lack of any field complaints since then shows that it's not needed anymore. Now we have reports that the broken code causes crashes on some systems, so let's just remove it rather than fix it. (Had we chosen to fix it, that would make for a subtle and potentially security-sensitive change in the effective meaning of IPv4 pg_hba.conf entries, which does not seem like a good thing to do in minor releases.)
Fix status reporting for terminated background workers that were never actually started (Robert Haas)
After a database crash, don't restart background workers that are marked BGW_NEVER_RESTART (Amit Khandekar)
Report WAL flush, not insert, position in IDENTIFY_SYSTEM replication command (Heikki Linnakangas)
This avoids a possible startup failure in pg_receivexlog.
While shutting down service on Windows, periodically send status updates to the Service Control Manager to prevent it from killing the service too soon; and ensure that pg_ctl will wait for shutdown (Krystian Bigaj)
Reduce risk of network deadlock when using libpq's non-blocking mode (Heikki Linnakangas)
When sending large volumes of data, it's important to drain the input buffer every so often, in case the server has sent enough response data to cause it to block on output. (A typical scenario is that the server is sending a stream of NOTICE messages during COPY FROM STDIN.) This worked properly in the normal blocking mode, but not so much in non-blocking mode. We've modified libpq to opportunistically drain input when it can, but a full defense against this problem requires application cooperation: the application should watch for socket read-ready as well as write-ready conditions, and be sure to call PQconsumeInput() upon read-ready.
In libpq, fix misparsing of empty values in URI connection strings (Thomas Fanghaenel)
Fix array handling in ecpg (Michael Meskes)
Fix psql to sanely handle URIs and conninfo strings as the first parameter to \connect (David Fetter, Andrew Dunstan, Álvaro Herrera)
This syntax has been accepted (but undocumented) for a long time, but previously some parameters might be taken from the old connection instead of the given string, which was agreed to be undesirable.
Suppress incorrect complaints from psql on some platforms that it failed to write ~/.psql_history at exit (Tom Lane)
This misbehavior was caused by a workaround for a bug in very old (pre-2006) versions of libedit. We fixed it by removing the workaround, which will cause a similar failure to appear for anyone still using such versions of libedit. Recommendation: upgrade that library, or use libreadline.
Fix pg_dump's rule for deciding which casts are system-provided casts that should not be dumped (Tom Lane)
In pg_dump, fix failure to honor -Z compression level option together with -Fd (Michael Paquier)
Make pg_dump consider foreign key relationships between extension configuration tables while choosing dump order (Gilles Darold, Michael Paquier, Stephen Frost)
This oversight could result in producing dumps that fail to reload because foreign key constraints are transiently violated.
Avoid possible pg_dump failure when concurrent sessions are creating and dropping temporary functions (Tom Lane)
Fix dumping of views that are just VALUES(...) but have column aliases (Tom Lane)
Ensure that a view's replication identity is correctly set to nothing during dump/restore (Marko Tiikkaja)
Previously, if the view was involved in a circular dependency, it might wind up with an incorrect replication identity property.
In pg_upgrade, force timeline 1 in the new cluster (Bruce Momjian)
This change prevents upgrade failures caused by bogus complaints about missing WAL history files.
In pg_upgrade, check for improperly non-connectable databases before proceeding (Bruce Momjian)
In pg_upgrade, quote directory paths properly in the generated delete_old_cluster script (Bruce Momjian)
In pg_upgrade, preserve database-level freezing info properly (Bruce Momjian)
This oversight could cause missing-clog-file errors for tables within the postgres and template1 databases.
Run pg_upgrade and pg_resetxlog with restricted privileges on Windows, so that they don't fail when run by an administrator (Muhammad Asif Naeem)
Improve handling of readdir() failures when scanning directories in initdb and pg_basebackup (Marco Nenciarini)
Fix slow sorting algorithm in contrib/intarray (Tom Lane)
Fix compile failure on Sparc V8 machines (Rob Rowan)
Silence some build warnings on macOS (Tom Lane)
Update time zone data files to tzdata release 2015d for DST law changes in Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile. Also adopt revised zone abbreviations for the America/Adak zone (HST/HDT not HAST/HADT).
⇑ Upgrade to 9.4.3 released on 2015-06-04 - docs
Avoid failures while fsync'ing data directory during crash restart (Abhijit Menon-Sen, Tom Lane)
In the previous minor releases we added a patch to fsync everything in the data directory after a crash. Unfortunately its response to any error condition was to fail, thereby preventing the server from starting up, even when the problem was quite harmless. An example is that an unwritable file in the data directory would prevent restart on some platforms; but it is common to make SSL certificate files unwritable by the server. Revise this behavior so that permissions failures are ignored altogether, and other types of failures are logged but do not prevent continuing.
Also apply the same rules in initdb --sync-only. This case is less critical but it should act similarly.
Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set (Jeevan Chalke)
Fix pushJsonbValue() to unpack jbvBinary objects (Andrew Dunstan)
This change does not affect any behavior in the core code as of 9.4, but it avoids a corner case for possible third-party callers.
Remove configure's check prohibiting linking to a threaded libpython on OpenBSD (Tom Lane)
The failure this restriction was meant to prevent seems to not be a problem anymore on current OpenBSD versions.
⇑ Upgrade to 9.4.4 released on 2015-06-12 - docs
Fix possible failure to recover from an inconsistent database state (Robert Haas)
Recent PostgreSQL releases introduced mechanisms to protect against multixact wraparound, but some of that code did not account for the possibility that it would need to run during crash recovery, when the database may not be in a consistent state. This could result in failure to restart after a crash, or failure to start up a secondary server. The lingering effects of a previously-fixed bug in pg_upgrade could also cause such a failure, in installations that had used pg_upgrade versions between 9.3.0 and 9.3.4.
The pg_upgrade bug in question was that it would set oldestMultiXid to 1 in pg_control even if the true value should be higher. With the fixes introduced in this release, such a situation will result in immediate emergency autovacuuming until a correct oldestMultiXid value can be determined. If that would pose a hardship, users can avoid it by doing manual vacuuming before upgrading to this release. In detail:
Check whether pg_controldata reports "Latest checkpoint's oldestMultiXid" to be 1. If not, there's nothing to do.
Look in PGDATA/pg_multixact/offsets to see if there's a file named 0000. If there is, there's nothing to do.
Otherwise, for each table that has pg_class.relminmxid equal to 1, VACUUM that table with both vacuum_multixact_freeze_min_age and vacuum_multixact_freeze_table_age set to zero. (You can use the vacuum cost delay parameters described in Section 18.4.4 to reduce the performance consequences for concurrent sessions.)
Fix rare failure to invalidate relation cache init file (Tom Lane)
With just the wrong timing of concurrent activity, a VACUUM FULL on a system catalog might fail to update the "init file" that's used to avoid cache-loading work for new sessions. This would result in later sessions being unable to access that catalog at all. This is a very ancient bug, but it's so hard to trigger that no reproducible case had been seen until recently.
Avoid deadlock between incoming sessions and CREATE/DROP DATABASE (Tom Lane)
A new session starting in a database that is the target of a DROP DATABASE command, or is the template for a CREATE DATABASE command, could cause the command to wait for five seconds and then fail, even if the new session would have exited before that.
Improve planner's cost estimates for semi-joins and anti-joins with inner indexscans (Tom Lane, Tomas Vondra)
This type of plan is quite cheap when all the join clauses are used as index scan conditions, even if the inner scan would nominally fetch many rows, because the executor will stop after obtaining one row. The planner only partially accounted for that effect, and would therefore overestimate the cost, leading it to possibly choose some other much less efficient plan type.
⇑ Upgrade to 9.4.5 released on 2015-10-08 - docs
Guard against stack overflows in json parsing (Oskari Saarenmaa)
If an application constructs PostgreSQL json or jsonb values from arbitrary user input, the application's users can reliably crash the PostgreSQL server, causing momentary denial of service. (CVE-2015-5289)
Fix contrib/pgcrypto to detect and report too-short crypt() salts (Josh Kupershmidt)
Certain invalid salt arguments crashed the server or disclosed a few bytes of server memory. We have not ruled out the viability of attacks that arrange for presence of confidential information in the disclosed bytes, but they seem unlikely. (CVE-2015-5288)
Fix subtransaction cleanup after a portal (cursor) belonging to an outer subtransaction fails (Tom Lane, Michael Paquier)
A function executed in an outer-subtransaction cursor could cause an assertion failure or crash by referencing a relation created within an inner subtransaction.
Fix possible deadlock during WAL insertion when commit_delay is set (Heikki Linnakangas)
Ensure all relations referred to by an updatable view are properly locked during an update statement (Dean Rasheed)
Fix insertion of relations into the relation cache "init file" (Tom Lane)
An oversight in a patch in the most recent minor releases caused pg_trigger_tgrelid_tgname_index to be omitted from the init file. Subsequent sessions detected this, then deemed the init file to be broken and silently ignored it, resulting in a significant degradation in session startup time. In addition to fixing the bug, install some guards so that any similar future mistake will be more obvious.
Avoid O(N^2) behavior when inserting many tuples into a SPI query result (Neil Conway)
Improve LISTEN startup time when there are many unread notifications (Matt Newell)
Fix performance problem when a session alters large numbers of foreign key constraints (Jan Wieck, Tom Lane)
This was seen primarily when restoring pg_dump output for databases with many thousands of tables.
Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
While use of SSL renegotiation is a good idea in theory, we have seen too many bugs in practice, both in the underlying OpenSSL library and in our usage of it. Renegotiation will be removed entirely in 9.5 and later. In the older branches, just change the default value of ssl_renegotiation_limit to zero (disabled).
Lower the minimum values of the *_freeze_max_age parameters (Andres Freund)
This is mainly to make tests of related behavior less time-consuming, but it may also be of value for installations with limited disk space.
Limit the maximum value of wal_buffers to 2GB to avoid server crashes (Josh Berkus)
Avoid logging complaints when a parameter that can only be set at server start appears multiple times in postgresql.conf, and fix counting of line numbers after an include_dir directive (Tom Lane)
Fix rare internal overflow in multiplication of numeric values (Dean Rasheed)
Guard against hard-to-reach stack overflows involving record types, range types, json, jsonb, tsquery, ltxtquery and query_int (Noah Misch)
Fix handling of DOW and DOY in datetime input (Greg Stark)
These tokens aren't meant to be used in datetime values, but previously they resulted in opaque internal error messages rather than "invalid input syntax".
Add more query-cancel checks to regular expression matching (Tom Lane)
Add recursion depth protections to regular expression, SIMILAR TO, and LIKE matching (Tom Lane)
Suitable search patterns and a low stack depth limit could lead to stack-overrun crashes.
Fix potential infinite loop in regular expression execution (Tom Lane)
A search pattern that can apparently match a zero-length string, but actually doesn't match because of a back reference, could lead to an infinite loop.
In regular expression execution, correctly record match data for capturing parentheses within a quantifier even when the match is zero-length (Tom Lane)
Fix low-memory failures in regular expression compilation (Andreas Seltenreich)
Fix low-probability memory leak during regular expression execution (Tom Lane)
Fix rare low-memory failure in lock cleanup during transaction abort (Tom Lane)
Fix "unexpected out-of-memory situation during sort" errors when using tuplestores with small work_mem settings (Tom Lane)
Fix very-low-probability stack overrun in qsort (Tom Lane)
Fix "invalid memory alloc request size" failure in hash joins with large work_mem settings (Tomas Vondra, Tom Lane)
Fix assorted planner bugs (Tom Lane)
These mistakes could lead to incorrect query plans that would give wrong answers, or to assertion failures in assert-enabled builds, or to odd planner errors such as "could not devise a query plan for the given query", "could not find pathkey item to sort", "plan should not reference subplan's variable", or "failed to assign all NestLoopParams to plan nodes". Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz testing that exposed these problems.
Improve planner's performance for UPDATE/DELETE on large inheritance sets (Tom Lane, Dean Rasheed)
Ensure standby promotion trigger files are removed at postmaster startup (Michael Paquier, Fujii Masao)
This prevents unwanted promotion from occurring if these files appear in a database backup that is used to initialize a new standby server.
During postmaster shutdown, ensure that per-socket lock files are removed and listen sockets are closed before we remove the postmaster.pid file (Tom Lane)
This avoids race-condition failures if an external script attempts to start a new postmaster as soon as pg_ctl stop returns.
Ensure that the postmaster does not exit until all its child processes are gone, even in an immediate shutdown (Tom Lane)
Like the previous item, this avoids possible race conditions against a subsequently-started postmaster.
Fix postmaster's handling of a startup-process crash during crash recovery (Tom Lane)
If, during a crash recovery cycle, the startup process crashes without having restored database consistency, we'd try to launch a new startup process, which typically would just crash again, leading to an infinite loop.
Make emergency autovacuuming for multixact wraparound more robust (Andres Freund)
Do not print a WARNING when an autovacuum worker is already gone when we attempt to signal it, and reduce log verbosity for such signals (Tom Lane)
Prevent autovacuum launcher from sleeping unduly long if the server clock is moved backwards a large amount (Álvaro Herrera)
Ensure that cleanup of a GIN index's pending-insertions list is interruptable by cancel requests (Jeff Janes)
Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas)
Such a page might be left behind after a crash.
Fix handling of all-zeroes pages in SP-GiST indexes (Heikki Linnakangas)
VACUUM attempted to recycle such pages, but did so in a way that wasn't crash-safe.
Fix off-by-one error that led to otherwise-harmless warnings about "apparent wraparound" in subtrans/multixact truncation (Thomas Munro)
Fix misreporting of CONTINUE and MOVE statement types in PL/pgSQL's error context messages (Pavel Stehule, Tom Lane)
Fix PL/Perl to handle non-ASCII error message texts correctly (Alex Hunsaker)
Fix PL/Python crash when returning the string representation of a record result (Tom Lane)
Fix some places in PL/Tcl that neglected to check for failure of malloc() calls (Michael Paquier, Álvaro Herrera)
In contrib/isn, fix output of ISBN-13 numbers that begin with 979 (Fabien Coelho)
EANs beginning with 979 (but not 9790) are considered ISBNs, but they must be printed in the new 13-digit format, not the 10-digit format.
Improve contrib/pg_stat_statements' handling of query-text garbage collection (Peter Geoghegan)
The external file containing query texts could bloat to very large sizes; once it got past 1GB attempts to trim it would fail, soon leading to situations where the file could not be read at all.
Improve contrib/postgres_fdw's handling of collation-related decisions (Tom Lane)
The main user-visible effect is expected to be that comparisons involving varchar columns will be sent to the remote server for execution in more cases than before.
Improve libpq's handling of out-of-memory conditions (Michael Paquier, Heikki Linnakangas)
Fix memory leaks and missing out-of-memory checks in ecpg (Michael Paquier)
Fix psql's code for locale-aware formatting of numeric output (Tom Lane)
The formatting code invoked by \pset numericlocale on did the wrong thing for some uncommon cases such as numbers with an exponent but no decimal point. It could also mangle already-localized output from the money data type.
Prevent crash in psql's \c command when there is no current connection (Noah Misch)
Make pg_dump handle inherited NOT VALID check constraints correctly (Tom Lane)
Fix selection of default zlib compression level in pg_dump's directory output format (Andrew Dunstan)
Ensure that temporary files created during a pg_dump run with tar-format output are not world-readable (Michael Paquier)
Fix pg_dump and pg_upgrade to support cases where the postgres or template1 database is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
Fix pg_dump to handle object privileges sanely when dumping from a server too old to have a particular privilege type (Tom Lane)
When dumping data types from pre-9.2 servers, and when dumping functions or procedural languages from pre-7.3 servers, pg_dump would produce GRANT/REVOKE commands that revoked the owner's grantable privileges and instead granted all privileges to PUBLIC. Since the privileges involved are just USAGE and EXECUTE, this isn't a security problem, but it's certainly a surprising representation of the older systems' behavior. Fix it to leave the default privilege state alone in these cases.
Fix pg_dump to dump shell types (Tom Lane)
Shell types (that is, not-yet-fully-defined types) aren't useful for much, but nonetheless pg_dump should dump them.
Fix assorted minor memory leaks in pg_dump and other client-side programs (Michael Paquier)
Fix pgbench's progress-report behavior when a query, or pgbench itself, gets stuck (Fabien Coelho)
Fix spinlock assembly code for Alpha hardware (Tom Lane)
Fix spinlock assembly code for PPC hardware to be compatible with AIX's native assembler (Tom Lane)
Building with gcc didn't work if gcc had been configured to use the native assembler, which is becoming more common.
On AIX, test the -qlonglong compiler option rather than just assuming it's safe to use (Noah Misch)
On AIX, use -Wl,-brtllib link option to allow symbols to be resolved at runtime (Noah Misch)
Perl relies on this ability in 5.8.0 and later.
Avoid use of inline functions when compiling with 32-bit xlc, due to compiler bugs (Noah Misch)
Use librt for sched_yield() when necessary, which it is on some Solaris versions (Oskari Saarenmaa)
Translate encoding UHC as Windows code page 949 (Noah Misch)
This fixes presentation of non-ASCII log messages from processes that are not attached to any particular database, such as the postmaster.
On Windows, avoid failure when doing encoding conversion to UTF16 outside a transaction, such as for log messages (Noah Misch)
Fix postmaster startup failure due to not copying setlocale()'s return value (Noah Misch)
This has been reported on Windows systems with the ANSI code page set to CP936 ("Chinese (Simplified, PRC)"), and may occur with other multibyte code pages.
Fix Windows install.bat script to handle target directory names that contain spaces (Heikki Linnakangas)
Make the numeric form of the PostgreSQL version number (e.g., 90405) readily available to extension Makefiles, as a variable named VERSION_NUM (Michael Paquier)
Update time zone data files to tzdata release 2015g for DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk Island, North Korea, Turkey, and Uruguay. There is a new zone name America/Fort_Nelson for the Canadian Northern Rockies.
⇑ Upgrade to 9.5 released on 2016-01-07 - docs
Adjust operator precedence to match the SQL standard (Tom Lane)
The precedence of <=, >= and <> has been reduced to match that of <, > and =. The precedence of IS tests (e.g., x IS NULL) has been reduced to be just below these six comparison operators. Also, multi-keyword operators beginning with NOT now have the precedence of their base operator (for example, NOT BETWEEN now has the same precedence as BETWEEN) whereas before they had inconsistent precedence, behaving like NOT with respect to their left operand but like their base operator with respect to their right operand. The new configuration parameter operator_precedence_warning can be enabled to warn about queries in which these precedence changes result in different parsing choices.
Change pg_ctl's default shutdown mode from smart to fast (Bruce Momjian)
This means the default behavior will be to forcibly cancel existing database sessions, not simply wait for them to exit.
Use assignment cast behavior for data type conversions in PL/pgSQL assignments, rather than converting to and from text (Tom Lane)
This change causes conversions of Booleans to strings to produce true or false, not t or f. Other type conversions may succeed in more cases than before; for example, assigning a numeric value 3.9 to an integer variable will now assign 4 rather than failing. If no assignment-grade cast is defined for the particular source and destination types, PL/pgSQL will fall back to its old I/O conversion behavior.
Allow characters in server command-line options to be escaped with a backslash (Andres Freund)
Formerly, spaces in the options string always separated options, so there was no way to include a space in an option value. Including a backslash in an option value now requires writing \\.
Change the default value of the GSSAPI include_realm parameter to 1, so that by default the realm is not removed from a GSS or SSPI principal name (Stephen Frost)
Replace configuration parameter checkpoint_segments with min_wal_size and max_wal_size (Heikki Linnakangas)
If you previously adjusted checkpoint_segments, the following formula will give you an approximately equivalent setting:
max_wal_size = (3 * checkpoint_segments) * 16MB
Note that the default setting for max_wal_size is much higher than the default checkpoint_segments used to be, so adjusting it might no longer be necessary.
Control the Linux OOM killer via new environment variables PG_OOM_ADJUST_FILE and PG_OOM_ADJUST_VALUE, instead of compile-time options LINUX_OOM_SCORE_ADJ and LINUX_OOM_ADJ (Gurjeet Singh)
Decommission server configuration parameter ssl_renegotiation_limit, which was deprecated in earlier releases (Andres Freund)
While SSL renegotiation is a good idea in theory, it has caused enough bugs to be considered a net negative in practice, and it is due to be removed from future versions of the relevant standards. We have therefore removed support for it from PostgreSQL. The ssl_renegotiation_limit parameter still exists, but cannot be set to anything but zero (disabled). It's not documented anymore, either.
Remove server configuration parameter autocommit, which was already deprecated and non-operational (Tom Lane)
Remove the pg_authid catalog's rolcatupdate field, as it had no usefulness (Adam Brightwell)
The pg_stat_replication system view's sent field is now NULL, not zero, when it has no valid value (Magnus Hagander)
Allow json and jsonb array extraction operators to accept negative subscripts, which count from the end of JSON arrays (Peter Geoghegan, Andrew Dunstan)
Previously, these operators returned NULL for negative subscripts.
Add Block Range Indexes (BRIN) (Álvaro Herrera)
BRIN indexes store only summary data (such as minimum and maximum values) for ranges of heap blocks. They are therefore very compact and cheap to update; but if the data is naturally clustered, they can still provide substantial speedup of searches.
Allow queries to perform accurate distance filtering of bounding-box-indexed objects (polygons, circles) using GiST indexes (Alexander Korotkov, Heikki Linnakangas)
Previously, to exploit such an index a subquery had to be used to select a large number of rows ordered by bounding-box distance, and the result then had to be filtered further with a more accurate distance calculation.
Allow GiST indexes to perform index-only scans (Anastasia Lubennikova, Heikki Linnakangas, Andreas Karlsson)
Add configuration parameter gin_pending_list_limit to control the size of GIN pending lists (Fujii Masao)
This value can also be set on a per-index basis as an index storage parameter. Previously the pending-list size was controlled by work_mem, which was awkward because appropriate values for work_mem are often much too large for this purpose.
Issue a warning during the creation of hash indexes because they are not crash-safe (Bruce Momjian)
Improve the speed of sorting of varchar, text, and numeric fields via "abbreviated" keys (Peter Geoghegan, Andrew Gierth, Robert Haas)
Extend the infrastructure that allows sorting to be performed by inlined, non-SQL-callable comparison functions to cover CREATE INDEX, REINDEX, and CLUSTER (Peter Geoghegan)
Improve performance of hash joins (Tomas Vondra, Robert Haas)
Improve concurrency of shared buffer replacement (Robert Haas, Amit Kapila, Andres Freund)
Reduce the number of page locks and pins during index scans (Kevin Grittner)
The primary benefit of this is to allow index vacuums to be blocked less often.
Make per-backend tracking of buffer pins more memory-efficient (Andres Freund)
Improve lock scalability (Andres Freund)
This particularly addresses scalability problems when running on systems with multiple CPU sockets.
Allow the optimizer to remove unnecessary references to left-joined subqueries (David Rowley)
Allow pushdown of query restrictions into subqueries with window functions, where appropriate (David Rowley)
Allow a non-leakproof function to be pushed down into a security barrier view if the function does not receive any view output columns (Dean Rasheed)
Teach the planner to use statistics obtained from an expression index on a boolean-returning function, when a matching function call appears in WHERE (Tom Lane)
Make ANALYZE compute basic statistics (null fraction and average column width) even for columns whose data type lacks an equality function (Oleksandr Shulgin)
Speed up CRC (cyclic redundancy check) computations and switch to CRC-32C (Abhijit Menon-Sen, Heikki Linnakangas)
Improve bitmap index scan performance (Teodor Sigaev, Tom Lane)
Speed up CREATE INDEX by avoiding unnecessary memory copies (Robert Haas)
Increase the number of buffer mapping partitions (Amit Kapila, Andres Freund, Robert Haas)
This improves performance for highly concurrent workloads.
Add per-table autovacuum logging control via new log_autovacuum_min_duration storage parameter (Michael Paquier)
Add new configuration parameter cluster_name (Thomas Munro)
This string, typically set in postgresql.conf, allows clients to identify the cluster. This name also appears in the process title of all server processes, allowing for easier identification of processes belonging to the same cluster.
Prevent non-superusers from changing log_disconnections on connection startup (Fujii Masao)
Check "Subject Alternative Names" in SSL server certificates, if present (Alexey Klyukin)
When they are present, this replaces checks against the certificate's "Common Name".
Add system view pg_stat_ssl to report SSL connection information (Magnus Hagander)
Add libpq functions to return SSL information in an implementation-independent way (Heikki Linnakangas)
While PQgetssl() can still be used to call OpenSSL functions, it is now considered deprecated because future versions of libpq might support other SSL implementations. When possible, use the new functions PQsslAttribute(), PQsslAttributeNames(), and PQsslInUse() to obtain SSL information in an SSL-implementation-independent way.
Make libpq honor any OpenSSL thread callbacks (Jan Urbanski)
Previously they were overwritten.
Replace configuration parameter checkpoint_segments with min_wal_size and max_wal_size (Heikki Linnakangas)
This change allows the allocation of a large number of WAL files without keeping them after they are no longer needed. Therefore the default for max_wal_size has been set to 1GB, much larger than the old default for checkpoint_segments. Also note that standby servers perform restartpoints to try to limit their WAL space consumption to max_wal_size; previously they did not pay any attention to checkpoint_segments.
Control the Linux OOM killer via new environment variables PG_OOM_ADJUST_FILE and PG_OOM_ADJUST_VALUE (Gurjeet Singh)
The previous OOM control infrastructure involved compile-time options LINUX_OOM_SCORE_ADJ and LINUX_OOM_ADJ, which are no longer supported. The new behavior is available in all builds.
Allow recording of transaction commit time stamps when configuration parameter track_commit_timestamp is enabled (Álvaro Herrera, Petr Jelínek)
Time stamp information can be accessed using functions pg_xact_commit_timestamp() and pg_last_committed_xact().
Allow local_preload_libraries to be set by ALTER ROLE SET (Peter Eisentraut, Kyotaro Horiguchi)
Allow autovacuum workers to respond to configuration parameter changes during a run (Michael Paquier)
Make configuration parameter debug_assertions read-only (Andres Freund)
This means that assertions can no longer be turned off if they were enabled at compile time, allowing for more efficient code optimization. This change also removes the postgres -A option.
Allow setting effective_io_concurrency on systems where it has no effect (Peter Eisentraut)
Add system view pg_file_settings to show the contents of the server's configuration files (Sawada Masahiko)
Add pending_restart to the system view pg_settings to indicate a change has been made but will not take effect until a database restart (Peter Eisentraut)
Allow ALTER SYSTEM values to be reset with ALTER SYSTEM RESET (Vik Fearing)
This command removes the specified setting from postgresql.auto.conf.
Create mechanisms for tracking the progress of replication, including methods for identifying the origin of individual changes during logical replication (Andres Freund)
This is helpful when implementing replication solutions.
Rework truncation of the multixact commit log to be properly WAL-logged (Andres Freund)
This makes things substantially simpler and more robust.
Add recovery.conf parameter recovery_target_action to control post-recovery activity (Petr Jelínek)
This replaces the old parameter pause_at_recovery_target.
Add new archive_mode value always to allow standbys to always archive received WAL files (Fujii Masao)
Add configuration parameter wal_retrieve_retry_interval to control WAL read retry after failure (Alexey Vasiliev, Michael Paquier)
This is particularly helpful for warm standbys.
Allow compression of full-page images stored in WAL (Rahila Syed, Michael Paquier)
This feature reduces WAL volume, at the cost of more CPU time spent on WAL logging and WAL replay. It is controlled by a new configuration parameter wal_compression, which currently is off by default.
Archive WAL files with suffix .partial during standby promotion (Heikki Linnakangas)
Add configuration parameter log_replication_commands to log replication commands (Fujii Masao)
By default, replication commands, e.g. IDENTIFY_SYSTEM, are not logged, even when log_statement is set to all.
Report the processes holding replication slots in pg_replication_slots (Craig Ringer)
The new output column is active_pid.
Allow recovery.conf's primary_conninfo setting to use connection URIs, e.g. postgres:// (Alexander Shulgin)
Allow INSERTs that would generate constraint conflicts to be turned into UPDATEs or ignored (Peter Geoghegan, Heikki Linnakangas, Andres Freund)
The syntax is INSERT ... ON CONFLICT DO NOTHING/UPDATE. This is the Postgres implementation of the popular UPSERT command.
Add GROUP BY analysis features GROUPING SETS, CUBE and ROLLUP (Andrew Gierth, Atri Sharma)
Allow setting multiple target columns in an UPDATE from the result of a single sub-SELECT (Tom Lane)
This is accomplished using the syntax UPDATE tab SET (col1, col2, ...) = (SELECT ...).
Add SELECT option SKIP LOCKED to skip locked rows (Thomas Munro)
This does not throw an error for locked rows like NOWAIT does.
Add SELECT option TABLESAMPLE to return a subset of a table (Petr Jelínek)
This feature supports the SQL-standard table sampling methods. In addition, there are provisions for user-defined table sampling methods.
Suggest possible matches for mistyped column names (Peter Geoghegan, Robert Haas)
Add more details about sort ordering in EXPLAIN output (Marius Timmer, Lukas Kreft, Arne Scheffer)
Details include COLLATE, DESC, USING, and NULLS FIRST/LAST.
Make VACUUM log the number of pages skipped due to pins (Jim Nasby)
Make TRUNCATE properly update the pg_stat* tuple counters (Alexander Shulgin)
Allow REINDEX to reindex an entire schema using the SCHEMA option (Sawada Masahiko)
Add VERBOSE option to REINDEX (Sawada Masahiko)
Prevent REINDEX DATABASE and SCHEMA from outputting object names, unless VERBOSE is used (Simon Riggs)
Remove obsolete FORCE option from REINDEX (Fujii Masao)
Add row-level security control (Craig Ringer, KaiGai Kohei, Adam Brightwell, Dean Rasheed, Stephen Frost)
This feature allows row-by-row control over which users can add, modify, or even see rows in a table. This is controlled by new commands CREATE/ALTER/DROP POLICY and ALTER TABLE ... ENABLE/DISABLE ROW SECURITY.
Allow changing of the WAL logging status of a table after creation with ALTER TABLE ... SET LOGGED / UNLOGGED (Fabrízio de Royes Mello)
Add IF NOT EXISTS clause to CREATE TABLE AS, CREATE INDEX, CREATE SEQUENCE, and CREATE MATERIALIZED VIEW (Fabrízio de Royes Mello)
Add support for IF EXISTS to ALTER TABLE ... RENAME CONSTRAINT (Bruce Momjian)
Allow some DDL commands to accept CURRENT_USER or SESSION_USER, meaning the current user or session user, in place of a specific user name (Kyotaro Horiguchi, Álvaro Herrera)
This feature is now supported in ALTER USER, ALTER GROUP, ALTER ROLE, GRANT, and ALTER object OWNER TO commands.
Support comments on domain constraints (Álvaro Herrera)
Reduce lock levels of some create and alter trigger and foreign key commands (Simon Riggs, Andreas Karlsson)
Allow LOCK TABLE ... ROW EXCLUSIVE MODE for those with INSERT privileges on the target table (Stephen Frost)
Previously this command required UPDATE, DELETE, or TRUNCATE privileges.
Apply table and domain CHECK constraints in order by name (Tom Lane)
The previous ordering was indeterminate.
Allow CREATE/ALTER DATABASE to manipulate datistemplate and datallowconn (Vik Fearing)
This allows these per-database settings to be changed without manually modifying the pg_database system catalog.
Add support for IMPORT FOREIGN SCHEMA (Ronan Dunklau, Michael Paquier, Tom Lane)
This command allows automatic creation of local foreign tables that match the structure of existing tables on a remote server.
Allow CHECK constraints to be placed on foreign tables (Shigeru Hanada, Etsuro Fujita)
Such constraints are assumed to be enforced on the remote server, and are not enforced locally. However, they are assumed to hold for purposes of query optimization, such as constraint exclusion.
Allow foreign tables to participate in inheritance (Shigeru Hanada, Etsuro Fujita)
To let this work naturally, foreign tables are now allowed to have check constraints marked as not valid, and to set storage and OID characteristics, even though these operations are effectively no-ops for a foreign table.
Allow foreign data wrappers and custom scans to implement join pushdown (KaiGai Kohei)
Whenever a ddl_command_end event trigger is installed, capture details of DDL activity for it to inspect (Álvaro Herrera)
This information is available through a set-returning function pg_event_trigger_ddl_commands(), or by inspection of C data structures if that function doesn't provide enough detail.
Allow event triggers on table rewrites caused by ALTER TABLE (Dimitri Fontaine)
Add event trigger support for database-level COMMENT, SECURITY LABEL, and GRANT/REVOKE (Álvaro Herrera)
Add columns to the output of pg_event_trigger_dropped_objects (Álvaro Herrera)
This allows simpler processing of delete operations.
Allow the xml data type to accept empty or all-whitespace content values (Peter Eisentraut)
This is required by the SQL/XML specification.
Allow macaddr input using the format xxxx-xxxx-xxxx (Herwin Weststrate)
Disallow non-SQL-standard syntax for interval with both precision and field specifications (Bruce Momjian)
Per the standard, such type specifications should be written as, for example, INTERVAL MINUTE TO SECOND(2). PostgreSQL formerly allowed this to be written as INTERVAL(2) MINUTE TO SECOND, but it must now be written in the standard way.
Add selectivity estimators for inet/cidr operators and improve estimators for text search functions (Emre Hasegeli, Tom Lane)
Add data types regrole and regnamespace to simplify entering and pretty-printing the OID of a role or namespace (Kyotaro Horiguchi)
Add jsonb functions jsonb_set() and jsonb_pretty() (Dmitry Dolgov, Andrew Dunstan, Petr Jelínek)
Add jsonb generator functions to_jsonb(), jsonb_object(), jsonb_build_object(), jsonb_build_array(), jsonb_agg(), and jsonb_object_agg() (Andrew Dunstan)
Equivalent functions already existed for type json.
Reduce casting requirements to/from json and jsonb (Tom Lane)
Allow text, text array, and integer values to be subtracted from jsonb documents (Dmitry Dolgov, Andrew Dunstan)
Add jsonb || operator (Dmitry Dolgov, Andrew Dunstan)
Add json_strip_nulls() and jsonb_strip_nulls() functions to remove JSON null values from documents (Andrew Dunstan)
Add generate_series() for numeric values (Plato Malugin)
Allow array_agg() and ARRAY() to take arrays as inputs (Ali Akbar, Tom Lane)
Add functions array_position() and array_positions() to return subscripts of array values (Pavel Stehule)
Add a point-to-polygon distance operator <-> (Alexander Korotkov)
Allow multibyte characters as escapes in SIMILAR TO and SUBSTRING (Jeff Davis)
Previously, only a single-byte character was allowed as an escape.
Add a width_bucket() variant that supports any sortable data type and non-uniform bucket widths (Petr Jelínek)
Add an optional missing_ok argument to pg_read_file() and related functions (Michael Paquier, Heikki Linnakangas)
Allow => to specify named parameters in function calls (Pavel Stehule)
Previously only := could be used. This requires removing the possibility for => to be a user-defined operator. Creation of user-defined => operators has been issuing warnings since PostgreSQL 9.0.
Add POSIX-compliant rounding for platforms that use PostgreSQL-supplied rounding functions (Pedro Gimeno Fortea)
Add function pg_get_object_address() to return OIDs that uniquely identify an object, and function pg_identify_object_as_address() to return object information based on OIDs (Álvaro Herrera)
Loosen security checks for viewing queries in pg_stat_activity, executing pg_cancel_backend(), and executing pg_terminate_backend() (Stephen Frost)
Previously, only the specific role owning the target session could perform these operations; now membership in that role is sufficient.
Add pg_stat_get_snapshot_timestamp() to output the time stamp of the statistics snapshot (Matt Kelly)
This represents the last time the snapshot file was written to the file system.
Add mxid_age() to compute multi-xid age (Bruce Momjian)
Add min()/max() aggregates for inet/cidr data types (Haribabu Kommi)
Use 128-bit integers, where supported, as accumulators for some aggregate functions (Andreas Karlsson)
Improve support for composite types in PL/Python (Ed Behn, Ronan Dunklau)
This allows PL/Python functions to return arrays of composite types.
Reduce lossiness of PL/Python floating-point value conversions (Marko Kreen)
Allow specification of conversion routines between SQL data types and data types of procedural languages (Peter Eisentraut)
This change adds new commands CREATE/DROP TRANSFORM. This also adds optional transformations between the hstore and ltree types to/from PL/Perl and PL/Python.
Improve PL/pgSQL array performance (Tom Lane)
Add an ASSERT statement in PL/pgSQL (Pavel Stehule)
Allow more PL/pgSQL keywords to be used as identifiers (Tom Lane)
Move pg_archivecleanup, pg_test_fsync, pg_test_timing, and pg_xlogdump from contrib to src/bin (Peter Eisentraut)
This should result in these programs being installed by default in most installations.
Add pg_rewind, which allows re-synchronizing a master server after failback (Heikki Linnakangas)
Allow pg_receivexlog to manage physical replication slots (Michael Paquier)
This is controlled via new --create-slot and --drop-slot options.
Allow pg_receivexlog to synchronously flush WAL to storage using new --synchronous option (Furuya Osamu, Fujii Masao)
Without this, WAL files are fsync'ed only on close.
Allow vacuumdb to vacuum in parallel using new --jobs option (Dilip Kumar)
In vacuumdb, do not prompt for the same password repeatedly when multiple connections are necessary (Haribabu Kommi, Michael Paquier)
Add --verbose option to reindexdb (Sawada Masahiko)
Make pg_basebackup use a tablespace mapping file when using tar format, to support symbolic links and file paths of 100+ characters in length on MS Windows (Amit Kapila)
Add pg_xlogdump option --stats to display summary statistics (Abhijit Menon-Sen)
Allow psql to produce AsciiDoc output (Szymon Guz)
Add an errors mode that displays only failed commands to psql's ECHO variable (Pavel Stehule)
This behavior can also be selected with psql's -b option.
Provide separate column, header, and border linestyle control in psql's unicode linestyle (Pavel Stehule)
Single or double lines are supported; the default is single.
Add new option %l in psql's PROMPT variables to display the current multiline statement line number (Sawada Masahiko)
Add \pset option pager_min_lines to control pager invocation (Andrew Dunstan)
Improve psql line counting used when deciding to invoke the pager (Andrew Dunstan)
psql now fails if the file specified by an --output or --log-file switch cannot be written (Tom Lane, Daniel Vérité)
Previously, it effectively ignored the switch in such cases.
Add psql tab completion when setting the search_path variable (Jeff Janes)
Currently only the first schema can be tab-completed.
Improve psql's tab completion for triggers and rules (Andreas Karlsson)
Add psql \? help sections variables and options (Pavel Stehule)
\? variables shows psql's special variables and \? options shows the command-line options. \? commands shows the meta-commands, which is the traditional output and remains the default. These help displays can also be obtained with the command-line option --help=section.
Show tablespace size in psql's \db+ (Fabrízio de Royes Mello)
Show data type owners in psql's \dT+ (Magnus Hagander)
Allow psql's \watch to output \timing information (Fujii Masao)
Also prevent --echo-hidden from echoing \watch queries, since that is generally unwanted.
Make psql's \sf and \ef commands honor ECHO_HIDDEN (Andrew Dunstan)
Improve psql tab completion for \set, \unset, and :variable names (Pavel Stehule)
Allow tab completion of role names in psql \c commands (Ian Barwick)
Allow pg_dump to share a snapshot taken by another session using --snapshot (Simon Riggs, Michael Paquier)
The remote snapshot must have been exported by pg_export_snapshot() or logical replication slot creation. This can be used to share a consistent snapshot across multiple pg_dump processes.
Support table sizes exceeding 8GB in tar archive format (Tom Lane)
The POSIX standard for tar format does not allow elements of a tar archive to exceed 8GB, but most modern implementations of tar support an extension that does allow it. Use the extension format when necessary, rather than failing.
Make pg_dump always print the server and pg_dump versions (Jing Wang)
Previously, version information was only printed in --verbose mode.
Remove the long-ignored -i/--ignore-version option from pg_dump, pg_dumpall, and pg_restore (Fujii Masao)
Support multiple pg_ctl -o options, concatenating their values (Bruce Momjian)
Allow control of pg_ctl's event source logging on MS Windows (MauMau)
This only controls pg_ctl, not the server, which has separate settings in postgresql.conf.
If the server's listen address is set to a wildcard value (0.0.0.0 in IPv4 or :: in IPv6), connect via the loopback address rather than trying to use the wildcard address literally (Kondo Yuta)
This fix primarily affects Windows, since on other platforms pg_ctl will prefer to use a Unix-domain socket.
Move pg_upgrade from contrib to src/bin (Peter Eisentraut)
In connection with this change, the functionality previously provided by the pg_upgrade_support module has been moved into the core server.
Support multiple pg_upgrade -o/-O options, concatenating their values (Bruce Momjian)
Improve database collation comparisons in pg_upgrade (Heikki Linnakangas)
Remove support for upgrading from 8.3 clusters (Bruce Momjian)
Move pgbench from contrib to src/bin (Peter Eisentraut)
Fix calculation of TPS number "excluding connections establishing" (Tatsuo Ishii, Fabien Coelho)
The overhead for connection establishment was miscalculated whenever the number of pgbench threads was less than the number of client connections. Although this is clearly a bug, we won't back-patch it into pre-9.5 branches since it makes TPS numbers not comparable to previous results.
Allow counting of pgbench transactions that take over a specified amount of time (Fabien Coelho)
This is controlled by a new --latency-limit option.
Allow pgbench to generate Gaussian/exponential distributions using \setrandom (Kondo Mitsumasa, Fabien Coelho)
Allow pgbench's \set command to handle arithmetic expressions containing more than one operator, and add % (modulo) to the set of operators it supports (Robert Haas, Fabien Coelho)
Simplify WAL record format (Heikki Linnakangas)
This allows external tools to more easily track what blocks are modified.
Improve the representation of transaction commit and abort WAL records (Andres Freund)
Add atomic memory operations API (Andres Freund)
Allow custom path and scan methods (KaiGai Kohei, Tom Lane)
This allows extensions greater control over the optimizer and executor.
Allow foreign data wrappers to do post-filter locking (Etsuro Fujita)
Foreign tables can now take part in INSERT ... ON CONFLICT DO NOTHING queries (Peter Geoghegan, Heikki Linnakangas, Andres Freund)
Foreign data wrappers must be modified to handle this. INSERT ... ON CONFLICT DO UPDATE is not supported on foreign tables.
Improve hash_create()'s API for selecting simple-binary-key hash functions (Teodor Sigaev, Tom Lane)
Improve parallel execution infrastructure (Robert Haas, Amit Kapila, Noah Misch, Rushabh Lathia, Jeevan Chalke)
Remove Alpha (CPU) and Tru64 (OS) ports (Andres Freund)
Remove swap-byte-based spinlock implementation for ARMv5 and earlier CPUs (Robert Haas)
ARMv5's weak memory ordering made this locking implementation unsafe. Spinlock support is still possible on newer gcc implementations with atomics support.
Generate an error when excessively long (100+ character) file paths are written to tar files (Peter Eisentraut)
Tar does not support such overly-long paths.
Change index operator class for columns pg_seclabel.provider and pg_shseclabel.provider to be text_pattern_ops (Tom Lane)
This avoids possible problems with these indexes when different databases of a cluster have different default collations.
Change the spinlock primitives to function as compiler barriers (Robert Haas)
Allow higher-precision time stamp resolution on Windows 8, Windows Server 2012, and later Windows systems (Craig Ringer)
Install shared libraries to bin in MS Windows (Peter Eisentraut, Michael Paquier)
Install src/test/modules together with contrib on MSVC builds (Michael Paquier)
Allow configure's --with-extra-version option to be honored by the MSVC build (Michael Paquier)
Pass PGFILEDESC into MSVC contrib builds (Michael Paquier)
Add icons to all MSVC-built binaries and version information to all MS Windows binaries (Noah Misch)
MinGW already had such icons.
Add optional-argument support to the internal getopt_long() implementation (Michael Paquier, Andres Freund)
This is used by the MSVC build.
Add statistics for minimum, maximum, mean, and standard deviation times to pg_stat_statements (Mitsumasa Kondo, Andrew Dunstan)
Add pgcrypto function pgp_armor_headers() to extract PGP armor headers (Marko Tiikkaja, Heikki Linnakangas)
Allow empty replacement strings in unaccent (Mohammad Alhashash)
This is useful in languages where diacritic signs are represented as separate characters.
Allow multicharacter source strings in unaccent (Tom Lane)
This could be useful in languages where diacritic signs are represented as separate characters. It also allows more complex unaccent dictionaries.
Add contrib modules tsm_system_rows and tsm_system_time to allow additional table sampling methods (Petr Jelínek)
Add GIN index inspection functions to pageinspect (Heikki Linnakangas, Peter Geoghegan, Michael Paquier)
Add information about buffer pins to pg_buffercache display (Andres Freund)
Allow pgstattuple to report approximate answers with less overhead using pgstattuple_approx() (Abhijit Menon-Sen)
Move dummy_seclabel, test_shm_mq, test_parser, and worker_spi from contrib to src/test/modules (Álvaro Herrera)
These modules are only meant for server testing, so they do not need to be built or installed when packaging PostgreSQL.
⇑ Upgrade to 9.5.1 released on 2016-02-11 - docs
Fix infinite loops and buffer-overrun problems in regular expressions (Tom Lane)
Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773)
Fix an oversight that caused hash joins to miss joining to some tuples of the inner relation in rare cases (Tomas Vondra, Tom Lane)
Avoid pushdown of HAVING clauses when grouping sets are used (Andrew Gierth)
Fix deparsing of ON CONFLICT arbiter WHERE clauses (Peter Geoghegan)
Make %h and %r escapes in log_line_prefix work for messages emitted due to log_connections (Tom Lane)
Previously, %h/%r started to work just after a new session had emitted the "connection received" log message; now they work for that message too.
Avoid leaking a token handle during SSPI authentication (Christian Ullrich)
Fix psql's \det command to interpret its pattern argument the same way as other \d commands with potentially schema-qualified patterns do (Reece Hart)
In pg_ctl on Windows, check service status to decide where to send output, rather than checking if standard output is a terminal (Michael Paquier)
Fix assorted corner-case bugs in pg_dump's processing of extension member objects (Tom Lane)
Fix improper quoting of domain constraint names in pg_dump (Elvis Pranskevichus)
Make pg_dump mark a view's triggers as needing to be processed after its rule, to prevent possible failure during parallel pg_restore (Tom Lane)
Install guards in pgbench against corner-case overflow conditions during evaluation of script-specified division or modulo operators (Fabien Coelho, Michael Paquier)
Suppress useless warning message when pg_receivexlog connects to a pre-9.4 server (Marco Nenciarini)
Avoid dump/reload problems when using both plpython2 and plpython3 (Tom Lane)
In principle, both versions of PL/Python can be used in the same database, though not in the same session (because the two versions of libpython cannot safely be used concurrently). However, pg_restore and pg_upgrade both do things that can fall foul of the same-session restriction. Work around that by changing the timing of the check.
Fix PL/Python regression tests to pass with Python 3.5 (Peter Eisentraut)
Prevent certain PL/Java parameters from being set by non-superusers (Noah Misch)
This change mitigates a PL/Java security bug (CVE-2016-0766), which was fixed in PL/Java by marking these parameters as superuser-only. To fix the security hazard for sites that update PostgreSQL more frequently than PL/Java, make the core code aware of them also.
Fix ecpg-supplied header files to not contain comments continued from a preprocessor directive line onto the next line (Michael Meskes)
Such a comment is rejected by ecpg. It's not yet clear whether ecpg itself should be changed.
Fix hstore_to_json_loose()'s test for whether an hstore value can be converted to a JSON number (Tom Lane)
Previously this function could be fooled by non-alphanumeric trailing characters, leading to emitting syntactically-invalid JSON.
In contrib/postgres_fdw, fix bugs triggered by use of tableoid in data-modifying commands (Etsuro Fujita, Robert Haas)
Fix ill-advised restriction of NAMEDATALEN to be less than 256 (Robert Haas, Tom Lane)
Improve reproducibility of build output by ensuring filenames are given to the linker in a fixed order (Christoph Berg)
This avoids possible bitwise differences in the produced executable files from one build to the next.
Ensure that dynloader.h is included in the installed header files in MSVC builds (Bruce Momjian, Michael Paquier)
Update time zone data files to tzdata release 2016a for DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
⇑ Upgrade to 9.5.2 released on 2016-03-31 - docs
Disable abbreviated keys for string sorting in non-C locales (Robert Haas)
PostgreSQL 9.5 introduced logic for speeding up comparisons of string data types by using the standard C library function strxfrm() as a substitute for strcoll(). It now emerges that most versions of glibc (Linux's implementation of the C library) have buggy implementations of strxfrm() that, in some locales, can produce string comparison results that do not match strcoll(). Until this problem can be better characterized, disable the optimization in all non-C locales. (C locale is safe since it uses neither strcoll() nor strxfrm().)
Unfortunately, this problem affects not only sorting but also entry ordering in B-tree indexes, which means that B-tree indexes on text, varchar, or char columns may now be corrupt if they sort according to an affected locale and were built or modified under PostgreSQL 9.5.0 or 9.5.1. Users should REINDEX indexes that might be affected.
It is not possible at this time to give an exhaustive list of known-affected locales. C locale is known safe, and there is no evidence of trouble in English-based locales such as en_US, but some other popular locales such as de_DE are affected in most glibc versions.
Maintain row-security status properly in cached plans (Stephen Frost)
In a session that performs queries as more than one role, the plan cache might incorrectly re-use a plan that was generated for another role ID, thus possibly applying the wrong set of policies when row-level security (RLS) is in use. (CVE-2016-2193)
Add must-be-superuser checks to some new contrib/pageinspect functions (Andreas Seltenreich)
Most functions in the pageinspect extension that inspect bytea values disallow calls by non-superusers, but brin_page_type() and brin_metapage_info() failed to do so. Passing contrived bytea values to them might crash the server or disclose a few bytes of server memory. Add the missing permissions checks to prevent misuse. (CVE-2016-3065)
Fix incorrect handling of indexed ROW() comparisons (Simon Riggs)
Flaws in a minor optimization introduced in 9.5 caused incorrect results if the ROW() comparison matches the index ordering partially but not exactly (for example, differing column order, or the index contains both ASC and DESC columns). Pending a better solution, the optimization has been removed.
Fix incorrect handling of NULL index entries in indexed ROW() comparisons (Tom Lane)
An index search using a row comparison such as ROW(a, b) > ROW('x', 'y') would stop upon reaching a NULL entry in the b column, ignoring the fact that there might be non-NULL b values associated with later values of a.
Avoid unlikely data-loss scenarios due to renaming files without adequate fsync() calls before and after (Michael Paquier, Tomas Vondra, Andres Freund)
Fix incorrect behavior when rechecking a just-modified row in a query that does SELECT FOR UPDATE/SHARE and contains some relations that need not be locked (Tom Lane)
Rows from non-locked relations were incorrectly treated as containing all NULLs during the recheck, which could result in incorrectly deciding that the updated row no longer passes the WHERE condition, or in incorrectly outputting NULLs.
Fix bug in json_to_record() when a field of its input object contains a sub-object with a field name matching one of the requested output column names (Tom Lane)
Fix nonsense result from two-argument form of jsonb_object() when called with empty arrays (Michael Paquier, Andrew Dunstan)
Fix misbehavior in jsonb_set() when converting a path array element into an integer for use as an array subscript (Michael Paquier)
Fix misformatting of negative time zone offsets by to_char()'s OF format code (Thomas Munro, Tom Lane)
Fix possible incorrect logging of waits done by INSERT ... ON CONFLICT (Peter Geoghegan)
Log messages would sometimes claim that the wait was due to an exclusion constraint although no such constraint was responsible.
Ignore recovery_min_apply_delay parameter until recovery has reached a consistent state (Michael Paquier)
Previously, standby servers would delay application of WAL records in response to recovery_min_apply_delay even while replaying the initial portion of WAL needed to make their database state valid. Since the standby is useless until it's reached a consistent database state, this was deemed unhelpful.
Correctly handle cases where pg_subtrans is close to XID wraparound during server startup (Jeff Janes)
Fix assorted bugs in logical decoding (Andres Freund)
Trouble cases included tuples larger than one page when replica identity is FULL, UPDATEs that change a primary key within a transaction large enough to be spooled to disk, incorrect reports of "subxact logged without previous toplevel record", and incorrect reporting of a transaction's commit time.
Fix planner error with nested security barrier views when the outer view has a WHERE clause containing a correlated subquery (Dean Rasheed)
Fix memory leak in GIN index searches (Tom Lane)
Fix corner-case crash due to trying to free localeconv() output strings more than once (Tom Lane)
Fix parsing of affix files for ispell dictionaries (Tom Lane)
The code could go wrong if the affix file contained any characters whose byte length changes during case-folding, for example I in Turkish UTF8 locales.
Avoid use of sscanf() to parse ispell dictionary files (Artur Zakirov)
This dodges a portability problem on FreeBSD-derived platforms (including macOS).
Fix atomic-operations code used on PPC with IBM's xlc compiler (Noah Misch)
This error led to rare failures of concurrent operations on that platform.
Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an AVX2-capable CPU and a Postgres build done with Visual Studio 2013 (Christian Ullrich)
This is a workaround for a bug in Visual Studio 2013's runtime library, which Microsoft have stated they will not fix in that version.
Fix psql's tab completion logic to handle multibyte characters properly (Kyotaro Horiguchi, Robert Haas)
Fix psql's tab completion for SECURITY LABEL (Tom Lane)
Pressing TAB after SECURITY LABEL might cause a crash or offering of inappropriate keywords.
Make pg_ctl accept a wait timeout from the PGCTLTIMEOUT environment variable, if none is specified on the command line (Noah Misch)
This eases testing of slower buildfarm members by allowing them to globally specify a longer-than-normal timeout for postmaster startup and shutdown.
Fix incorrect test for Windows service status in pg_ctl (Manuel Mathar)
The previous set of minor releases attempted to fix pg_ctl to properly determine whether to send log messages to Window's Event Log, but got the test backwards.
Fix pgbench to correctly handle the combination of -C and -M prepared options (Tom Lane)
In pg_upgrade, skip creating a deletion script when the new data directory is inside the old data directory (Bruce Momjian)
Blind application of the script in such cases would result in loss of the new data directory.
In PL/Perl, properly translate empty Postgres arrays into empty Perl arrays (Alex Hunsaker)
Make PL/Python cope with function names that aren't valid Python identifiers (Jim Nasby)
Fix multiple mistakes in the statistics returned by contrib/pgstattuple's pgstatindex() function (Tom Lane)
Remove dependency on psed in MSVC builds, since it's no longer provided by core Perl (Michael Paquier, Andrew Dunstan)
Update time zone data files to tzdata release 2016c for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus historical corrections for Lithuania, Moldova, and Russia (Kaliningrad, Samara, Volgograd).
⇑ Upgrade to 9.5.3 released on 2016-05-12 - docs
Clear the OpenSSL error queue before OpenSSL calls, rather than assuming it's clear already; and make sure we leave it clear afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut)
This change prevents problems when there are multiple connections using OpenSSL within a single process and not all the code involved follows the same rules for when to clear the error queue. Failures have been reported specifically when a client application uses SSL connections in libpq concurrently with SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. It's possible for similar problems to arise within the server as well, if an extension module establishes an outgoing SSL connection.
Fix "failed to build any N-way joins" planner error with a full join enclosed in the right-hand side of a left join (Tom Lane)
Fix incorrect handling of equivalence-class tests in multilevel nestloop plans (Tom Lane)
Given a three-or-more-way equivalence class of variables, such as X.X = Y.Y = Z.Z, it was possible for the planner to omit some of the tests needed to enforce that all the variables are actually equal, leading to join rows being output that didn't satisfy the WHERE clauses. For various reasons, erroneous plans were seldom selected in practice, so that this bug has gone undetected for a long time.
Fix corner-case parser failures occurring when operator_precedence_warning is turned on (Tom Lane)
An example is that SELECT (ARRAY[])::text[] gave an error, though it worked without the parentheses.
Fix query-lifespan memory leak in GIN index scans (Julien Rouhaud)
Fix query-lifespan memory leak and potential index corruption hazard in GIN index insertion (Tom Lane)
The memory leak would typically not amount to much in simple queries, but it could be very substantial during a large GIN index build with high maintenance_work_mem.
Fix possible misbehavior of TH, th, and Y,YYY format codes in to_timestamp() (Tom Lane)
These could advance off the end of the input string, causing subsequent format codes to read garbage.
Fix dumping of rules and views in which the array argument of a value operator ANY (array) construct is a sub-SELECT (Tom Lane)
Disallow newlines in ALTER SYSTEM parameter values (Tom Lane)
The configuration-file parser doesn't support embedded newlines in string literals, so we mustn't allow them in values to be inserted by ALTER SYSTEM.
Fix ALTER TABLE ... REPLICA IDENTITY USING INDEX to work properly if an index on OID is selected (David Rowley)
Avoid possible misbehavior after failing to remove a tablespace symlink (Tom Lane)
Fix crash in logical decoding on alignment-picky platforms (Tom Lane, Andres Freund)
The failure occurred only with a transaction large enough to spill to disk and a primary-key change within that transaction.
Avoid repeated requests for feedback from receiver while shutting down walsender (Nick Cleaton)
Make pg_regress use a startup timeout from the PGCTLTIMEOUT environment variable, if that's set (Tom Lane)
This is for consistency with a behavior recently added to pg_ctl; it eases automated testing on slow machines.
Fix pg_upgrade to correctly restore extension membership for operator families containing only one operator class (Tom Lane)
In such a case, the operator family was restored into the new database, but it was no longer marked as part of the extension. This had no immediate ill effects, but would cause later pg_dump runs to emit output that would cause (harmless) errors on restore.
Fix pg_upgrade to not fail when new-cluster TOAST rules differ from old (Tom Lane)
pg_upgrade had special-case code to handle the situation where the new PostgreSQL version thinks that a table should have a TOAST table while the old version did not. That code was broken, so remove it, and instead do nothing in such cases; there seems no reason to believe that we can't get along fine without a TOAST table if that was okay according to the old version's rules.
Fix atomic operations for PPC when using IBM's XLC compiler (Noah Misch)
Reduce the number of SysV semaphores used by a build configured with --disable-spinlocks (Tom Lane)
Rename internal function strtoi() to strtoint() to avoid conflict with a NetBSD library function (Thomas Munro)
Fix reporting of errors from bind() and listen() system calls on Windows (Tom Lane)
Reduce verbosity of compiler output when building with Microsoft Visual Studio (Christian Ullrich)
Support building with Visual Studio 2015 (Michael Paquier, Petr Jelínek)
Note that builds made with VS2015 will not run on Windows versions before Windows Vista.
Fix putenv() to work properly with Visual Studio 2013 (Michael Paquier)
Avoid possibly-unsafe use of Windows' FormatMessage() function (Christian Ullrich)
Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where appropriate. No live bug is known to exist here, but it seems like a good idea to be careful.
Update time zone data files to tzdata release 2016d for DST law changes in Russia and Venezuela. There are new zone names Europe/Kirov and Asia/Tomsk to reflect the fact that these regions now have different time zone histories from adjacent regions.
⇑ Upgrade to 9.5.4 released on 2016-08-11 - docs
Fix possible mis-evaluation of nested CASE-WHEN expressions (Heikki Linnakangas, Michael Paquier, Tom Lane)
A CASE expression appearing within the test value subexpression of another CASE could become confused about whether its own test value was null or not. Also, inlining of a SQL function implementing the equality operator used by a CASE expression could result in passing the wrong test value to functions called within a CASE expression in the SQL function's body. If the test values were of different data types, a crash might result; moreover such situations could be abused to allow disclosure of portions of server memory. (CVE-2016-5423)
Fix client programs' handling of special characters in database and role names (Noah Misch, Nathan Bossart, Michael Paquier)
Numerous places in vacuumdb and other client programs could become confused by database and role names containing double quotes or backslashes. Tighten up quoting rules to make that safe. Also, ensure that when a conninfo string is used as a database name parameter to these programs, it is correctly treated as such throughout.
Fix handling of paired double quotes in psql's \connect and \password commands to match the documentation.
Introduce a new -reuse-previous option in psql's \connect command to allow explicit control of whether to re-use connection parameters from a previous connection. (Without this, the choice is based on whether the database name looks like a conninfo string, as before.) This allows secure handling of database names containing special characters in pg_dumpall scripts.
pg_dumpall now refuses to deal with database and role names containing carriage returns or newlines, as it seems impractical to quote those characters safely on Windows. In future we may reject such names on the server side, but that step has not been taken yet.
These are considered security fixes because crafted object names containing special characters could have been used to execute commands with superuser privileges the next time a superuser executes pg_dumpall or other routine maintenance operations. (CVE-2016-5424)
Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested composite values (Andrew Gierth, Tom Lane)
The SQL standard specifies that IS NULL should return TRUE for a row of all null values (thus ROW(NULL,NULL) IS NULL yields TRUE), but this is not meant to apply recursively (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). The core executor got this right, but certain planner optimizations treated the test as recursive (thus producing TRUE in both cases), and contrib/postgres_fdw could produce remote queries that misbehaved similarly.
Fix "unrecognized node type" error for INSERT ... ON CONFLICT within a recursive CTE (a WITH item) (Peter Geoghegan)
Fix INSERT ... ON CONFLICT to successfully match index expressions or index predicates that are simplified during the planner's expression preprocessing phase (Tom Lane)
Correctly handle violations of exclusion constraints that apply to the target table of an INSERT ... ON CONFLICT command, but are not one of the selected arbiter indexes (Tom Lane)
Such a case should raise a normal constraint-violation error, but it got into an infinite loop instead.
Fix INSERT ... ON CONFLICT to not fail if the target table has a unique index on OID (Tom Lane)
Make the inet and cidr data types properly reject IPv6 addresses with too many colon-separated fields (Tom Lane)
Prevent crash in close_ps() (the point ## lseg operator) for NaN input coordinates (Tom Lane)
Make it return NULL instead of crashing.
Avoid possible crash in pg_get_expr() when inconsistent values are passed to it (Michael Paquier, Thomas Munro)
Fix several one-byte buffer over-reads in to_number() (Peter Eisentraut)
In several cases the to_number() function would read one more character than it should from the input string. There is a small chance of a crash, if the input happens to be adjacent to the end of memory.
Do not run the planner on the query contained in CREATE MATERIALIZED VIEW or CREATE TABLE AS when WITH NO DATA is specified (Michael Paquier, Tom Lane)
This avoids some unnecessary failure conditions, for example if a stable function invoked by the materialized view depends on a table that doesn't exist yet.
Avoid unsafe intermediate state during expensive paths through heap_update() (Masahiko Sawada, Andres Freund)
Previously, these cases locked the target tuple (by setting its XMAX) but did not WAL-log that action, thus risking data integrity problems if the page were spilled to disk and then a database crash occurred before the tuple update could be completed.
Fix hint bit update during WAL replay of row locking operations (Andres Freund)
The only known consequence of this problem is that row locks held by a prepared, but uncommitted, transaction might fail to be enforced after a crash and restart.
Avoid unnecessary "could not serialize access" errors when acquiring FOR KEY SHARE row locks in serializable mode (Álvaro Herrera)
Make sure "expanded" datums returned by a plan node are read-only (Tom Lane)
This avoids failures in some cases where the result of a lower plan node is referenced in multiple places in upper nodes. So far as core PostgreSQL is concerned, only array values returned by PL/pgSQL functions are at risk; but extensions might use expanded datums for other things.
Avoid crash in postgres -C when the specified variable has a null string value (Michael Paquier)
Prevent unintended waits for the receiver in WAL sender processes (Kyotaro Horiguchi)
Fix possible loss of large subtransactions in logical decoding (Petru-Florin Mihancea)
Fix failure of logical decoding when a subtransaction contains no actual changes (Marko Tiikkaja, Andrew Gierth)
Ensure that backends see up-to-date statistics for shared catalogs (Tom Lane)
The statistics collector failed to update the statistics file for shared catalogs after a request from a regular backend. This problem was partially masked because the autovacuum launcher regularly makes requests that did cause such updates; however, it became obvious with autovacuum disabled.
Avoid redundant writes of the statistics files when multiple backends request updates close together (Tom Lane, Tomas Vondra)
Avoid consuming a transaction ID during VACUUM (Alexander Korotkov)
Some cases in VACUUM unnecessarily caused an XID to be assigned to the current transaction. Normally this is negligible, but if one is up against the XID wraparound limit, consuming more XIDs during anti-wraparound vacuums is a very bad thing.
Prevent possible failure when vacuuming multixact IDs in an installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, Álvaro Herrera)
The usual symptom of this bug is errors like "MultiXactId NNN has not been created yet -- apparent wraparound".
When a manual ANALYZE specifies a column list, don't reset the table's changes_since_analyze counter (Tom Lane)
If we're only analyzing some columns, we should not prevent routine auto-analyze from happening for the other columns.
Fix ANALYZE's overestimation of n_distinct for a unique or nearly-unique column with many null entries (Tom Lane)
The nulls could get counted as though they were themselves distinct values, leading to serious planner misestimates in some types of queries.
Prevent autovacuum from starting multiple workers for the same shared catalog (Álvaro Herrera)
Normally this isn't much of a problem because the vacuum doesn't take long anyway; but in the case of a severely bloated catalog, it could result in all but one worker uselessly waiting instead of doing useful work on other tables.
Fix bug in b-tree mark/restore processing (Kevin Grittner)
This error could lead to incorrect join results or assertion failures in a merge join whose inner source node is a b-tree indexscan.
Avoid duplicate buffer lock release when abandoning a b-tree index page deletion attempt (Tom Lane)
This mistake prevented VACUUM from completing in some cases involving corrupt b-tree indexes.
Fix building of large (bigger than shared_buffers) hash indexes (Tom Lane)
The code path used for large indexes contained a bug causing incorrect hash values to be inserted into the index, so that subsequent index searches always failed, except for tuples inserted into the index after the initial build.
Prevent infinite loop in GiST index build for geometric columns containing NaN component values (Tom Lane)
Fix possible crash during a nearest-neighbor (ORDER BY distance) indexscan on a contrib/btree_gist index on an interval column (Peter Geoghegan)
Fix "PANIC: failed to add BRIN tuple" error when attempting to update a BRIN index entry (Álvaro Herrera)
Fix possible crash during background worker shutdown (Dmitry Ivanov)
Fix PL/pgSQL's handling of the INTO clause within IMPORT FOREIGN SCHEMA commands (Tom Lane)
Fix contrib/btree_gin to handle the smallest possible bigint value correctly (Peter Eisentraut)
Teach libpq to correctly decode server version from future servers (Peter Eisentraut)
It's planned to switch to two-part instead of three-part server version numbers for releases after 9.6. Make sure that PQserverVersion() returns the correct value for such cases.
Fix ecpg's code for unsigned long long array elements (Michael Meskes)
In pg_dump with both -c and -C options, avoid emitting an unwanted CREATE SCHEMA public command (David Johnston, Tom Lane)
Improve handling of SIGTERM/control-C in parallel pg_dump and pg_restore (Tom Lane)
Make sure that the worker processes will exit promptly, and also arrange to send query-cancel requests to the connected backends, in case they are doing something long-running such as a CREATE INDEX.
Fix error reporting in parallel pg_dump and pg_restore (Tom Lane)
Previously, errors reported by pg_dump or pg_restore worker processes might never make it to the user's console, because the messages went through the master process, and there were various deadlock scenarios that would prevent the master process from passing on the messages. Instead, just print everything to stderr. In some cases this will result in duplicate messages (for instance, if all the workers report a server shutdown), but that seems better than no message.
Ensure that parallel pg_dump or pg_restore on Windows will shut down properly after an error (Kyotaro Horiguchi)
Previously, it would report the error, but then just sit until manually stopped by the user.
Make parallel pg_dump fail cleanly when run against a standby server (Magnus Hagander)
This usage is not supported unless --no-synchronized-snapshots is specified, but the error was not handled very well.
Make pg_dump behave better when built without zlib support (Kyotaro Horiguchi)
It didn't work right for parallel dumps, and emitted some rather pointless warnings in other cases.
Make pg_basebackup accept -Z 0 as specifying no compression (Fujii Masao)
Fix makefiles' rule for building AIX shared libraries to be safe for parallel make (Noah Misch)
Fix TAP tests and MSVC scripts to work when build directory's path name contains spaces (Michael Paquier, Kyotaro Horiguchi)
Be more predictable about reporting "statement timeout" versus "lock timeout" (Tom Lane)
On heavily loaded machines, the regression tests sometimes failed due to reporting "lock timeout" even though the statement timeout should have occurred first.
Make regression tests safe for Danish and Welsh locales (Jeff Janes, Tom Lane)
Change some test data that triggered the unusual sorting rules of these locales.
Update our copy of the timezone code to match IANA's tzcode release 2016c (Tom Lane)
This is needed to cope with anticipated future changes in the time zone data files. It also fixes some corner-case bugs in coping with unusual time zones.
Update time zone data files to tzdata release 2016f for DST law changes in Kemerovo and Novosibirsk, plus historical corrections for Azerbaijan, Belarus, and Morocco.
⇑ Upgrade to 9.6 released on 2016-09-29 - docs
Improve the pg_stat_activity view's information about what a process is waiting for (Amit Kapila, Ildus Kurbangaliev)
Historically a process has only been shown as waiting if it was waiting for a heavyweight lock. Now waits for lightweight locks and buffer pins are also shown in pg_stat_activity. Also, the type of lock being waited for is now visible. These changes replace the waiting column with wait_event_type and wait_event.
In to_char(), do not count a minus sign (when needed) as part of the field width for time-related fields (Bruce Momjian)
For example, to_char('-4 years'::interval, 'YY') now returns -04, rather than -4.
Make extract() behave more reasonably with infinite inputs (Vitaly Burovoy)
Historically the extract() function just returned zero given an infinite timestamp, regardless of the given field name. Make it return infinity or -infinity as appropriate when the requested field is one that is monotonically increasing (e.g, year, epoch), or NULL when it is not (e.g., day, hour). Also, throw the expected error for bad field names.
Remove PL/pgSQL's "feature" that suppressed the innermost line of CONTEXT for messages emitted by RAISE commands (Pavel Stehule)
This ancient backwards-compatibility hack was agreed to have outlived its usefulness.
Fix the default text search parser to allow leading digits in email and host tokens (Artur Zakirov)
In most cases this will result in few changes in the parsing of text. But if you have data where such addresses occur frequently, it may be worth rebuilding dependent tsvector columns and indexes so that addresses of this form will be found properly by text searches.
Extend contrib/unaccent's standard unaccent.rules file to handle all diacritics known to Unicode, and to expand ligatures correctly (Thomas Munro, Léonard Benedetti)
The previous version neglected to convert some less-common letters with diacritic marks. Also, ligatures are now expanded into separate letters. Installations that use this rules file may wish to rebuild tsvector columns and indexes that depend on the result.
Remove the long-deprecated CREATEUSER/NOCREATEUSER options from CREATE ROLE and allied commands (Tom Lane)
CREATEUSER actually meant SUPERUSER, for ancient backwards-compatibility reasons. This has been a constant source of confusion for people who (reasonably) expect it to mean CREATEROLE. It has been deprecated for ten years now, so fix the problem by removing it.
Treat role names beginning with pg_ as reserved (Stephen Frost)
User creation of such role names is now disallowed. This prevents conflicts with built-in roles created by initdb.
Change a column name in the information_schema.routines view from result_cast_character_set_name to result_cast_char_set_name (Clément Prévost)
The SQL:2011 standard specifies the longer name, but that appears to be a mistake, because adjacent column names use the shorter style, as do other information_schema views.
psql's -c option no longer implies --no-psqlrc (Pavel Stehule, Catalin Iacob)
Write --no-psqlrc (or its abbreviation -X) explicitly to obtain the old behavior. Scripts so modified will still work with old versions of psql.
Improve pg_restore's -t option to match all types of relations, not only plain tables (Craig Ringer)
Change the display format used for NextXID in pg_controldata and related places (Joe Conway, Bruce Momjian)
Display epoch-and-transaction-ID values in the format number:number. The previous format number/number was confusingly similar to that used for LSNs.
Update extension functions to be marked parallel-safe where appropriate (Andreas Karlsson)
Many of the standard extensions have been updated to allow their functions to be executed within parallel query worker processes. These changes will not take effect in databases pg_upgrade'd from prior versions unless you apply ALTER EXTENSION UPDATE to each such extension (in each database of a cluster).
Parallel queries (Robert Haas, Amit Kapila, David Rowley, many others)
With 9.6, PostgreSQL introduces initial support for parallel execution of large queries. Only strictly read-only queries where the driving table is accessed via a sequential scan can be parallelized. Hash joins and nested loops can be performed in parallel, as can aggregation (for supported aggregates). Much remains to be done, but this is already a useful set of features.
Parallel query execution is not (yet) enabled by default. To allow it, set the new configuration parameter max_parallel_workers_per_gather to a value larger than zero. Additional control over use of parallelism is available through other new configuration parameters force_parallel_mode, parallel_setup_cost, parallel_tuple_cost, and min_parallel_relation_size.
Provide infrastructure for marking the parallel-safety status of functions (Robert Haas, Amit Kapila)
Allow GIN index builds to make effective use of maintenance_work_mem settings larger than 1 GB (Robert Abraham, Teodor Sigaev)
Add pages deleted from a GIN index's pending list to the free space map immediately (Jeff Janes, Teodor Sigaev)
This reduces bloat if the table is not vacuumed often.
Add gin_clean_pending_list() function to allow manual invocation of pending-list cleanup for a GIN index (Jeff Janes)
Formerly, such cleanup happened only as a byproduct of vacuuming or analyzing the parent table.
Improve handling of dead index tuples in GiST indexes (Anastasia Lubennikova)
Dead index tuples are now marked as such when an index scan notices that the corresponding heap tuple is dead. When inserting tuples, marked-dead tuples will be removed if needed to make space on the page.
Add an SP-GiST operator class for type box (Alexander Lebedev)
Improve sorting performance by using quicksort, not replacement selection sort, when performing external sort steps (Peter Geoghegan)
The new approach makes better use of the CPU cache for typical cache sizes and data volumes. Where necessary, the behavior can be adjusted via the new configuration parameter replacement_sort_tuples.
Speed up text sorts where the same string occurs multiple times (Peter Geoghegan)
Speed up sorting of uuid, bytea, and char(n) fields by using "abbreviated" keys (Peter Geoghegan)
Support for abbreviated keys has also been added to the non-default operator classes text_pattern_ops, varchar_pattern_ops, and bpchar_pattern_ops. Processing of ordered-set aggregates can also now exploit abbreviated keys.
Speed up CREATE INDEX CONCURRENTLY by treating TIDs as 64-bit integers during sorting (Peter Geoghegan)
Reduce contention for the ProcArrayLock (Amit Kapila, Robert Haas)
Improve performance by moving buffer content locks into the buffer descriptors (Andres Freund, Simon Riggs)
Replace shared-buffer header spinlocks with atomic operations to improve scalability (Alexander Korotkov, Andres Freund)
Use atomic operations, rather than a spinlock, to protect an LWLock's wait queue (Andres Freund)
Partition the shared hash table freelist to reduce contention on multi-CPU-socket servers (Aleksander Alekseev)
Reduce interlocking on standby servers during the replay of btree index vacuuming operations (Simon Riggs)
This change avoids substantial replication delays that sometimes occurred while replaying such operations.
Improve ANALYZE's estimates for columns with many nulls (Tomas Vondra, Alex Shulgin)
Previously ANALYZE tended to underestimate the number of non-NULL distinct values in a column with many NULLs, and was also inaccurate in computing the most-common values.
Improve planner's estimate of the number of distinct values in a query result (Tomas Vondra)
Use foreign key relationships to infer selectivity for join predicates (Tomas Vondra, David Rowley)
If a table t has a foreign key restriction, say (a,b) REFERENCES r (x,y), then a WHERE condition such as t.a = r.x AND t.b = r.y cannot select more than one r row per t row. The planner formerly considered these AND conditions to be independent and would often drastically misestimate selectivity as a result. Now it compares the WHERE conditions to applicable foreign key constraints and produces better estimates.
Avoid re-vacuuming pages containing only frozen tuples (Masahiko Sawada, Robert Haas, Andres Freund)
Formerly, anti-wraparound vacuum had to visit every page of a table, even pages where there was nothing to do. Now, pages containing only already-frozen tuples are identified in the table's visibility map, and can be skipped by vacuum even when doing transaction wraparound prevention. This should greatly reduce the cost of maintaining large tables containing mostly-unchanging data.
If necessary, vacuum can be forced to process all-frozen pages using the new DISABLE_PAGE_SKIPPING option. Normally this should never be needed, but it might help in recovering from visibility-map corruption.
Avoid useless heap-truncation attempts during VACUUM (Jeff Janes, Tom Lane)
This change avoids taking an exclusive table lock in some cases where no truncation is possible. The main benefit comes from avoiding unnecessary query cancellations on standby servers.
Allow old MVCC snapshots to be invalidated after a configurable timeout (Kevin Grittner)
Normally, deleted tuples cannot be physically removed by vacuuming until the last transaction that could "see" them is gone. A transaction that stays open for a long time can thus cause considerable table bloat because space cannot be recycled. This feature allows setting a time-based limit, via the new configuration parameter old_snapshot_threshold, on how long an MVCC snapshot is guaranteed to be valid. After that, dead tuples are candidates for removal. A transaction using an outdated snapshot will get an error if it attempts to read a page that potentially could have contained such data.
Ignore GROUP BY columns that are functionally dependent on other columns (David Rowley)
If a GROUP BY clause includes all columns of a non-deferred primary key, as well as other columns of the same table, those other columns are redundant and can be dropped from the grouping. This saves computation in many common cases.
Allow use of an index-only scan on a partial index when the index's WHERE clause references columns that are not indexed (Tomas Vondra, Kyotaro Horiguchi)
For example, an index defined by CREATE INDEX tidx_partial ON t(b) WHERE a > 0 can now be used for an index-only scan by a query that specifies WHERE a > 0 and does not otherwise use a. Previously this was disallowed because a is not listed as an index column.
Perform checkpoint writes in sorted order (Fabien Coelho, Andres Freund)
Previously, checkpoints wrote out dirty pages in whatever order they happen to appear in shared buffers, which usually is nearly random. That performs poorly, especially on rotating media. This change causes checkpoint-driven writes to be done in order by file and block number, and to be balanced across tablespaces.
Where feasible, trigger kernel writeback after a configurable number of writes, to prevent accumulation of dirty data in kernel disk buffers (Fabien Coelho, Andres Freund)
PostgreSQL writes data to the kernel's disk cache, from where it will be flushed to physical storage in due time. Many operating systems are not smart about managing this and allow large amounts of dirty data to accumulate before deciding to flush it all at once, causing long delays for new I/O requests until the flushing finishes. This change attempts to alleviate this problem by explicitly requesting data flushes after a configurable interval.
On Linux, sync_file_range() is used for this purpose, and the feature is on by default on Linux because that function has few downsides. This flushing capability is also available on other platforms if they have msync() or posix_fadvise(), but those interfaces have some undesirable side-effects so the feature is disabled by default on non-Linux platforms.
The new configuration parameters backend_flush_after, bgwriter_flush_after, checkpoint_flush_after, and wal_writer_flush_after control this behavior.
Improve aggregate-function performance by sharing calculations across multiple aggregates if they have the same arguments and transition functions (David Rowley)
For example, SELECT AVG(x), VARIANCE(x) FROM tab can use a single per-row computation for both aggregates.
Speed up visibility tests for recently-created tuples by checking the current transaction's snapshot, not pg_clog, to decide if the source transaction should be considered committed (Jeff Janes, Tom Lane)
Allow tuple hint bits to be set sooner than before (Andres Freund)
Improve performance of short-lived prepared transactions (Stas Kelvich, Simon Riggs, Pavan Deolasee)
Two-phase commit information is now written only to WAL during PREPARE TRANSACTION, and will be read back from WAL during COMMIT PREPARED if that happens soon thereafter. A separate state file is created only if the pending transaction does not get committed or aborted by the time of the next checkpoint.
Improve performance of memory context destruction (Jan Wieck)
Improve performance of resource owners with many tracked objects (Aleksander Alekseev)
Improve speed of the output functions for timestamp, time, and date data types (David Rowley, Andres Freund)
Avoid some unnecessary cancellations of hot-standby queries during replay of actions that take AccessExclusive locks (Jeff Janes)
Extend relations multiple blocks at a time when there is contention for the relation's extension lock (Dilip Kumar)
This improves scalability by decreasing contention.
Increase the number of clog buffers for better scalability (Amit Kapila, Andres Freund)
Speed up expression evaluation in PL/pgSQL by keeping ParamListInfo entries for simple variables valid at all times (Tom Lane)
Avoid reducing the SO_SNDBUF setting below its default on recent Windows versions (Chen Huajun)
Disable update_process_title by default on Windows (Takayuki Tsunakawa)
The overhead of updating the process title is much larger on Windows than most other platforms, and it is also less useful to do it since most Windows users do not have tools that can display process titles.
Add pg_stat_progress_vacuum system view to provide progress reporting for VACUUM operations (Amit Langote, Robert Haas, Vinayak Pokale, Rahila Syed)
Add pg_control_system(), pg_control_checkpoint(), pg_control_recovery(), and pg_control_init() functions to expose fields of pg_control to SQL (Joe Conway, Michael Paquier)
Add pg_config system view (Joe Conway)
This view exposes the same information available from the pg_config command-line utility, namely assorted compile-time configuration information for PostgreSQL.
Add a confirmed_flush_lsn column to the pg_replication_slots system view (Marko Tiikkaja)
Add pg_stat_wal_receiver system view to provide information about the state of a hot-standby server's WAL receiver process (Michael Paquier)
Add pg_blocking_pids() function to reliably identify which sessions block which others (Tom Lane)
This function returns an array of the process IDs of any sessions that are blocking the session with the given process ID. Historically users have obtained such information using a self-join on the pg_locks view. However, it is unreasonably tedious to do it that way with any modicum of correctness, and the addition of parallel queries has made the old approach entirely impractical, since locks might be held or awaited by child worker processes rather than the session's main process.
Add function pg_current_xlog_flush_location() to expose the current transaction log flush location (Tomas Vondra)
Add function pg_notification_queue_usage() to report how full the NOTIFY queue is (Brendan Jurd)
Limit the verbosity of memory context statistics dumps (Tom Lane)
The memory usage dump that is output to the postmaster log during an out-of-memory failure now summarizes statistics when there are a large number of memory contexts, rather than possibly generating a very large report. There is also a "grand total" summary line now.
Add a BSD authentication method to allow use of the BSD Authentication service for PostgreSQL client authentication (Marisa Emerson)
BSD Authentication is currently only available on OpenBSD.
When using PAM authentication, provide the client IP address or host name to PAM modules via the PAM_RHOST item (Grzegorz Sampolski)
Provide detail in the postmaster log for more types of password authentication failure (Tom Lane)
All ordinarily-reachable password authentication failure cases should now provide specific DETAIL fields in the log.
Support RADIUS passwords up to 128 characters long (Marko Tiikkaja)
Add new SSPI authentication parameters compat_realm and upn_username to control whether NetBIOS or Kerberos realm names and user names are used during SSPI authentication (Christian Ullrich)
Allow sessions to be terminated automatically if they are in idle-in-transaction state for too long (Vik Fearing)
This behavior is controlled by the new configuration parameter idle_in_transaction_session_timeout. It can be useful to prevent forgotten transactions from holding locks or preventing vacuum cleanup for too long.
Raise the maximum allowed value of checkpoint_timeout to 24 hours (Simon Riggs)
Allow effective_io_concurrency to be set per-tablespace to support cases where different tablespaces have different I/O characteristics (Julien Rouhaud)
Add log_line_prefix option %n to print the current time in Unix epoch form, with milliseconds (Tomas Vondra, Jeff Davis)
Add syslog_sequence_numbers and syslog_split_messages configuration parameters to provide more control over the message format when logging to syslog (Peter Eisentraut)
Merge the archive and hot_standby values of the wal_level configuration parameter into a single new value replica (Peter Eisentraut)
Making a distinction between these settings is no longer useful, and merging them is a step towards a planned future simplification of replication setup. The old names are still accepted but are converted to replica internally.
Add configure option --with-systemd to enable calling sd_notify() at server start and stop (Peter Eisentraut)
This allows the use of systemd service units of type notify, which greatly simplifies the management of PostgreSQL under systemd.
Allow the server's SSL key file to have group read access if it is owned by root (Christoph Berg)
Formerly, we insisted the key file be owned by the user running the PostgreSQL server, but that is inconvenient on some systems (such as Debian) that are configured to manage certificates centrally. Therefore, allow the case where the key file is owned by root and has group read access. It is up to the operating system administrator to ensure that the group does not include any untrusted users.
Force backends to exit if the postmaster dies (Rajeev Rastogi, Robert Haas)
Under normal circumstances the postmaster should always outlive its child processes. If for some reason the postmaster dies, force backend sessions to exit with an error. Formerly, existing backends would continue to run until their clients disconnect, but that is unsafe and inefficient. It also prevents a new postmaster from being started until the last old backend has exited. Backends will detect postmaster death when waiting for client I/O, so the exit will not be instantaneous, but it should happen no later than the end of the current query.
Check for serializability conflicts before reporting constraint-violation failures (Thomas Munro)
When using serializable transaction isolation, it is desirable that any error due to concurrent transactions should manifest as a serialization failure, thereby cueing the application that a retry might succeed. Unfortunately, this does not reliably happen for duplicate-key failures caused by concurrent insertions. This change ensures that such an error will be reported as a serialization error if the application explicitly checked for the presence of a conflicting key (and did not find it) earlier in the transaction.
Ensure that invalidation messages are recorded in WAL even when issued by a transaction that has no XID assigned (Andres Freund)
This fixes some corner cases in which transactions on standby servers failed to notice changes, such as new indexes.
Prevent multiple processes from trying to clean a GIN index's pending list concurrently (Teodor Sigaev, Jeff Janes)
This had been intentionally allowed, but it causes race conditions that can result in vacuum missing index entries it needs to delete.
Allow synchronous replication to support multiple simultaneous synchronous standby servers, not just one (Masahiko Sawada, Beena Emerson, Michael Paquier, Fujii Masao, Kyotaro Horiguchi)
The number of standby servers that must acknowledge a commit before it is considered complete is now configurable as part of the synchronous_standby_names parameter.
Add new setting remote_apply for configuration parameter synchronous_commit (Thomas Munro)
In this mode, the master waits for the transaction to be applied on the standby server, not just written to disk. That means that you can count on a transaction started on the standby to see all commits previously acknowledged by the master.
Add a feature to the replication protocol, and a corresponding option to pg_create_physical_replication_slot(), to allow reserving WAL immediately when creating a replication slot (Gurjeet Singh, Michael Paquier)
This allows the creation of a replication slot to guarantee that all the WAL needed for a base backup will be available.
Add a --slot option to pg_basebackup (Peter Eisentraut)
This lets pg_basebackup use a replication slot defined for WAL streaming. After the base backup completes, selecting the same slot for regular streaming replication allows seamless startup of the new standby server.
Extend pg_start_backup() and pg_stop_backup() to support non-exclusive backups (Magnus Hagander)
Allow functions that return sets of tuples to return simple NULLs (Andrew Gierth, Tom Lane)
In the context of SELECT FROM function(...), a function that returned a set of composite values was previously not allowed to return a plain NULL value as part of the set. Now that is allowed and interpreted as a row of NULLs. This avoids corner-case errors with, for example, unnesting an array of composite values.
Fully support array subscripts and field selections in the target column list of an INSERT with multiple VALUES rows (Tom Lane)
Previously, such cases failed if the same target column was mentioned more than once, e.g., INSERT INTO tab (x[1], x[2]) VALUES (...).
When appropriate, postpone evaluation of SELECT output expressions until after an ORDER BY sort (Konstantin Knizhnik)
This change ensures that volatile or expensive functions in the output list are executed in the order suggested by ORDER BY, and that they are not evaluated more times than required when there is a LIMIT clause. Previously, these properties held if the ordering was performed by an index scan or pre-merge-join sort, but not if it was performed by a top-level sort.
Widen counters recording the number of tuples processed to 64 bits (Andreas Scherbaum)
This change allows command tags, e.g. SELECT, to correctly report tuple counts larger than 4 billion. This also applies to PL/pgSQL's GET DIAGNOSTICS ... ROW_COUNT command.
Avoid doing encoding conversions by converting through the MULE_INTERNAL encoding (Tom Lane)
Previously, many conversions for Cyrillic and Central European single-byte encodings were done by converting to a related MULE_INTERNAL coding scheme and then to the destination encoding. Aside from being inefficient, this meant that when the conversion encountered an untranslatable character, the error message would confusingly complain about failure to convert to or from MULE_INTERNAL, rather than the user-visible encoding.
Consider performing joins of foreign tables remotely only when the tables will be accessed under the same role ID (Shigeru Hanada, Ashutosh Bapat, Etsuro Fujita)
Previously, the foreign join pushdown infrastructure left the question of security entirely up to individual foreign data wrappers, but that made it too easy for an FDW to inadvertently create subtle security holes. So, make it the core code's job to determine which role ID will access each table, and do not attempt join pushdown unless the role is the same for all relevant relations.
Allow COPY to copy the output of an INSERT/UPDATE/DELETE ... RETURNING query (Marko Tiikkaja)
Previously, an intermediate CTE had to be written to get this result.
Introduce ALTER object DEPENDS ON EXTENSION (Abhijit Menon-Sen)
This command allows a database object to be marked as depending on an extension, so that it will be dropped automatically if the extension is dropped (without needing CASCADE). However, the object is not part of the extension, and thus will be dumped separately by pg_dump.
Make ALTER object SET SCHEMA do nothing when the object is already in the requested schema, rather than throwing an error as it historically has for most object types (Marti Raudsepp)
Add options to ALTER OPERATOR to allow changing the selectivity functions associated with an existing operator (Yury Zhuravlev)
Add an IF NOT EXISTS option to ALTER TABLE ADD COLUMN (Fabrízio de Royes Mello)
Reduce the lock strength needed by ALTER TABLE when setting fillfactor and autovacuum-related relation options (Fabrízio de Royes Mello, Simon Riggs)
Introduce CREATE ACCESS METHOD to allow extensions to create index access methods (Alexander Korotkov, Petr Jelínek)
Add a CASCADE option to CREATE EXTENSION to automatically create any extensions the requested one depends on (Petr Jelínek)
Make CREATE TABLE ... LIKE include an OID column if any source table has one (Bruce Momjian)
If a CHECK constraint is declared NOT VALID in a table creation command, automatically mark it as valid (Amit Langote, Amul Sul)
This is safe because the table has no existing rows. This matches the longstanding behavior of FOREIGN KEY constraints.
Fix DROP OPERATOR to clear pg_operator.oprcom and pg_operator.oprnegate links to the dropped operator (Roma Sokolov)
Formerly such links were left as-is, which could pose a problem in the somewhat unlikely event that the dropped operator's OID was reused for another operator.
Do not show the same subplan twice in EXPLAIN output (Tom Lane)
In certain cases, typically involving SubPlan nodes in index conditions, EXPLAIN would print data for the same subplan twice.
Disallow creation of indexes on system columns, except for OID columns (David Rowley)
Such indexes were never considered supported, and would very possibly misbehave since the system might change the system-column fields of a tuple without updating indexes. However, previously there were no error checks to prevent them from being created.
Use the privilege system to manage access to sensitive functions (Stephen Frost)
Formerly, many security-sensitive functions contained hard-wired checks that would throw an error if they were called by a non-superuser. This forced the use of superuser roles for some relatively pedestrian tasks. The hard-wired error checks are now gone in favor of making initdb revoke the default public EXECUTE privilege on these functions. This allows installations to choose to grant usage of such functions to trusted roles that do not need all superuser privileges.
Create some built-in roles that can be used to grant access to what were previously superuser-only functions (Stephen Frost)
Currently the only such role is pg_signal_backend, but more are expected to be added in future.
Improve full-text search to support searching for phrases, that is, lexemes appearing adjacent to each other in a specific order, or with a specified distance between them (Teodor Sigaev, Oleg Bartunov, Dmitry Ivanov)
A phrase-search query can be specified in tsquery input using the new operators <-> and <N>. The former means that the lexemes before and after it must appear adjacent to each other in that order. The latter means they must be exactly N lexemes apart.
Allow omitting one or both boundaries in an array slice specifier, e.g. array_col[3:] (Yury Zhuravlev)
Omitted boundaries are taken as the upper or lower limit of the corresponding array subscript. This allows simpler specification for many common use-cases.
Be more careful about out-of-range dates and timestamps (Vitaly Burovoy)
This change prevents unexpected out-of-range errors for timestamp with time zone values very close to the implementation limits. Previously, the "same" value might be accepted or not depending on the timezone setting, meaning that a dump and reload could fail on a value that had been accepted when presented. Now the limits are enforced according to the equivalent UTC time, not local time, so as to be independent of timezone.
Also, PostgreSQL is now more careful to detect overflow in operations that compute new date or timestamp values, such as date + integer.
For geometric data types, make sure infinity and NaN component values are treated consistently during input and output (Tom Lane)
Such values will now always print the same as they would in a simple float8 column, and be accepted the same way on input. Previously the behavior was platform-dependent.
Upgrade the ispell dictionary type to handle modern Hunspell files and support more languages (Artur Zakirov)
Implement look-behind constraints in regular expressions (Tom Lane)
A look-behind constraint is like a lookahead constraint in that it consumes no text; but it checks for existence (or nonexistence) of a match ending at the current point in the string, rather than one starting at the current point. Similar features exist in many other regular-expression engines.
In regular expressions, if an apparent three-digit octal escape \nnn would exceed 377 (255 decimal), assume it is a two-digit octal escape instead (Tom Lane)
This makes the behavior match current Tcl releases.
Add transaction ID operators xid <> xid and xid <> int4, for consistency with the corresponding equality operators (Michael Paquier)
Add jsonb_insert() function to insert a new element into a jsonb array, or a not-previously-existing key into a jsonb object (Dmitry Dolgov)
Improve the accuracy of the ln(), log(), exp(), and pow() functions for type numeric (Dean Rasheed)
Add a scale(numeric) function to extract the display scale of a numeric value (Marko Tiikkaja)
Add trigonometric functions that work in degrees (Dean Rasheed)
For example, sind() measures its argument in degrees, whereas sin() measures in radians. These functions go to some lengths to deliver exact results for values where an exact result can be expected, for instance sind(30) = 0.5.
Ensure that trigonometric functions handle infinity and NaN inputs per the POSIX standard (Dean Rasheed)
The POSIX standard says that these functions should return NaN for NaN input, and should throw an error for out-of-range inputs including infinity. Previously our behavior varied across platforms.
Make to_timestamp(float8) convert float infinity to timestamp infinity (Vitaly Burovoy)
Formerly it just failed on an infinite input.
Add new functions for tsvector data (Stas Kelvich)
The new functions are ts_delete(), ts_filter(), unnest(), tsvector_to_array(), array_to_tsvector(), and a variant of setweight() that sets the weight only for specified lexeme(s).
Allow ts_stat() and tsvector_update_trigger() to operate on values that are of types binary-compatible with the expected argument type, not just exactly that type; for example allow citext where text is expected (Teodor Sigaev)
Add variadic functions num_nulls() and num_nonnulls() that count the number of their arguments that are null or non-null (Marko Tiikkaja)
An example usage is CHECK(num_nonnulls(a,b,c) = 1) which asserts that exactly one of a,b,c is not NULL. These functions can also be used to count the number of null or nonnull elements in an array.
Add function parse_ident() to split a qualified, possibly quoted SQL identifier into its parts (Pavel Stehule)
In to_number(), interpret a V format code as dividing by 10 to the power of the number of digits following V (Bruce Momjian)
This makes it operate in an inverse fashion to to_char().
Make the to_reg*() functions accept type text not cstring (Petr Korobeinikov)
This avoids the need to write an explicit cast in most cases where the argument is not a simple literal constant.
Add pg_size_bytes() function to convert human-readable size strings to numbers (Pavel Stehule, Vitaly Burovoy, Dean Rasheed)
This function converts strings like those produced by pg_size_pretty() into bytes. An example usage is SELECT oid::regclass FROM pg_class WHERE pg_total_relation_size(oid) > pg_size_bytes('10 GB').
In pg_size_pretty(), format negative numbers similarly to positive ones (Adrian Vondendriesch)
Previously, negative numbers were never abbreviated, just printed in bytes.
Add an optional missing_ok argument to the current_setting() function (David Christensen)
This allows avoiding an error for an unrecognized parameter name, instead returning a NULL.
Change various catalog-inspection functions to return NULL for invalid input (Michael Paquier)
pg_get_viewdef() now returns NULL if given an invalid view OID, and several similar functions likewise return NULL for bad input. Previously, such cases usually led to "cache lookup failed" errors, which are not meant to occur in user-facing cases.
Fix pg_replication_origin_xact_reset() to not have any arguments (Fujii Masao)
The documentation said that it has no arguments, and the C code did not expect any arguments, but the entry in pg_proc mistakenly specified two arguments.
In PL/pgSQL, detect mismatched CONTINUE and EXIT statements while compiling a function, rather than at execution time (Jim Nasby)
Extend PL/Python's error-reporting and message-reporting functions to allow specifying additional message fields besides the primary error message (Pavel Stehule)
Allow PL/Python functions to call themselves recursively via SPI, and fix the behavior when multiple set-returning PL/Python functions are called within one query (Alexey Grishchenko, Tom Lane)
Fix session-lifespan memory leaks in PL/Python (Heikki Linnakangas, Haribabu Kommi, Tom Lane)
Modernize PL/Tcl to use Tcl's "object" APIs instead of simple strings (Jim Nasby, Karl Lehenbauer)
This can improve performance substantially in some cases. Note that PL/Tcl now requires Tcl 8.4 or later.
In PL/Tcl, make database-reported errors return additional information in Tcl's errorCode global variable (Jim Nasby, Tom Lane)
This feature follows the Tcl convention for returning auxiliary data about an error.
Fix PL/Tcl to perform encoding conversion between the database encoding and UTF-8, which is what Tcl expects (Tom Lane)
Previously, strings were passed through without conversion, leading to misbehavior with non-ASCII characters when the database encoding was not UTF-8.
Add a nonlocalized version of the severity field in error and notice messages (Tom Lane)
This change allows client code to determine severity of an error or notice without having to worry about localized variants of the severity strings.
Introduce a feature in libpq whereby the CONTEXT field of messages can be suppressed, either always or only for non-error messages (Pavel Stehule)
The default behavior of PQerrorMessage() is now to print CONTEXT only for errors. The new function PQsetErrorContextVisibility() can be used to adjust this.
Add support in libpq for regenerating an error message with a different verbosity level (Alex Shulgin)
This is done with the new function PQresultVerboseErrorMessage(). This supports psql's new \errverbose feature, and may be useful for other clients as well.
Improve libpq's PQhost() function to return useful data for default Unix-socket connections (Tom Lane)
Previously it would return NULL if no explicit host specification had been given; now it returns the default socket directory path.
Fix ecpg's lexer to handle line breaks within comments starting on preprocessor directive lines (Michael Meskes)
Add a --strict-names option to pg_dump and pg_restore (Pavel Stehule)
This option causes the program to complain if there is no match for a -t or -n option, rather than silently doing nothing.
In pg_dump, dump locally-made changes of privilege assignments for system objects (Stephen Frost)
While it has always been possible for a superuser to change the privilege assignments for built-in or extension-created objects, such changes were formerly lost in a dump and reload. Now, pg_dump recognizes and dumps such changes. (This works only when dumping from a 9.6 or later server, however.)
Allow pg_dump to dump non-extension-owned objects that are within an extension-owned schema (Martín Marqués)
Previously such objects were ignored because they were mistakenly assumed to belong to the extension owning their schema.
In pg_dump output, include the table name in object tags for object types that are only uniquely named per-table (for example, triggers) (Peter Eisentraut)
Support multiple -c and -f command-line options (Pavel Stehule, Catalin Iacob)
The specified operations are carried out in the order in which the options are given, and then psql terminates.
Add a \crosstabview command that prints the results of a query in a cross-tabulated display (Daniel Vérité)
In the crosstab display, data values from one query result column are placed in a grid whose column and row headers come from other query result columns.
Add an \errverbose command that shows the last server error at full verbosity (Alex Shulgin)
This is useful after getting an unexpected error — you no longer need to adjust the VERBOSITY variable and recreate the failure in order to see error fields that are not shown by default.
Add \ev and \sv commands for editing and showing view definitions (Petr Korobeinikov)
These are parallel to the existing \ef and \sf commands for functions.
Add a \gexec command that executes a query and re-submits the result(s) as new queries (Corey Huinker)
Allow \pset C string to set the table title, for consistency with \C string (Bruce Momjian)
In \pset expanded auto mode, do not use expanded format for query results with only one column (Andreas Karlsson, Robert Haas)
Improve the headers output by the \watch command (Michael Paquier, Tom Lane)
Include the \pset title string if one has been set, and shorten the prefabricated part of the header to be timestamp (every Ns). Also, the timestamp format now obeys psql's locale environment.
Improve tab-completion logic to consider the entire input query, not only the current line (Tom Lane)
Previously, breaking a command into multiple lines defeated any tab completion rules that needed to see words on earlier lines.
Numerous minor improvements in tab-completion behavior (Peter Eisentraut, Vik Fearing, Kevin Grittner, Kyotaro Horiguchi, Jeff Janes, Andreas Karlsson, Fujii Masao, Thomas Munro, Masahiko Sawada, Pavel Stehule)
Add a PROMPT option %p to insert the process ID of the connected backend (Julien Rouhaud)
Introduce a feature whereby the CONTEXT field of messages can be suppressed, either always or only for non-error messages (Pavel Stehule)
Printing CONTEXT only for errors is now the default behavior. This can be changed by setting the special variable SHOW_CONTEXT.
Make \df+ show function access privileges and parallel-safety attributes (Michael Paquier)
SQL commands in pgbench scripts are now ended by semicolons, not newlines (Kyotaro Horiguchi, Tom Lane)
This change allows SQL commands in scripts to span multiple lines. Existing custom scripts will need to be modified to add a semicolon at the end of each line that does not have one already. (Doing so does not break the script for use with older versions of pgbench.)
Support floating-point arithmetic, as well as some built-in functions, in expressions in backslash commands (Fabien Coelho)
Replace \setrandom with built-in functions (Fabien Coelho)
The new built-in functions include random(), random_exponential(), and random_gaussian(), which perform the same work as \setrandom, but are easier to use since they can be embedded in larger expressions. Since these additions have made \setrandom obsolete, remove it.
Allow invocation of multiple copies of the built-in scripts, not only custom scripts (Fabien Coelho)
This is done with the new -b switch, which works similarly to -f for custom scripts.
Allow changing the selection probabilities (weights) for scripts (Fabien Coelho)
When multiple scripts are specified, each pgbench transaction randomly chooses one to execute. Formerly this was always done with uniform probability, but now different selection probabilities can be specified for different scripts.
Collect statistics for each script in a multi-script run (Fabien Coelho)
This feature adds an intermediate level of detail to existing global and per-command statistics printouts.
Add a --progress-timestamp option to report progress with Unix epoch timestamps, instead of time since the run started (Fabien Coelho)
Allow the number of client connections (-c) to not be an exact multiple of the number of threads (-j) (Fabien Coelho)
When the -T option is used, stop promptly at the end of the specified time (Fabien Coelho)
Previously, specifying a low transaction rate could cause pgbench to wait significantly longer than specified.
Improve error reporting during initdb's post-bootstrap phase (Tom Lane)
Previously, an error here led to reporting the entire input file as the "failing query"; now just the current query is reported. To get the desired behavior, queries in initdb's input files must be separated by blank lines.
Speed up initdb by using just one standalone-backend session for all the post-bootstrap steps (Tom Lane)
Improve pg_rewind so that it can work when the target timeline changes (Alexander Korotkov)
This allows, for example, rewinding a promoted standby back to some state of the old master's timeline.
Remove obsolete heap_formtuple/heap_modifytuple/heap_deformtuple functions (Peter Geoghegan)
Add macros to make AllocSetContextCreate() calls simpler and safer (Tom Lane)
Writing out the individual sizing parameters for a memory context is now deprecated in favor of using one of the new macros ALLOCSET_DEFAULT_SIZES, ALLOCSET_SMALL_SIZES, or ALLOCSET_START_SMALL_SIZES. Existing code continues to work, however.
Unconditionally use static inline functions in header files (Andres Freund)
This may result in warnings and/or wasted code space with very old compilers, but the notational improvement seems worth it.
Improve TAP testing infrastructure (Michael Paquier, Craig Ringer, Álvaro Herrera, Stephen Frost)
Notably, it is now possible to test recovery scenarios using this infrastructure.
Make trace_lwlocks identify individual locks by name (Robert Haas)
Improve psql's tab-completion code infrastructure (Thomas Munro, Michael Paquier)
Tab-completion rules are now considerably easier to write, and more compact.
Nail the pg_shseclabel system catalog into cache, so that it is available for access during connection authentication (Adam Brightwell)
The core code does not use this catalog for authentication, but extensions might wish to consult it.
Restructure index access method API to hide most of it at the C level (Alexander Korotkov, Andrew Gierth)
This change modernizes the index AM API to look more like the designs we have adopted for foreign data wrappers and tablesample handlers. This simplifies the C code and makes it much more practical to define index access methods in installable extensions. A consequence is that most of the columns of the pg_am system catalog have disappeared. New inspection functions have been added to allow SQL queries to determine index AM properties that used to be discoverable from pg_am.
Add pg_init_privs system catalog to hold original privileges of initdb-created and extension-created objects (Stephen Frost)
This infrastructure allows pg_dump to dump changes that an installation may have made in privileges attached to system objects. Formerly, such changes would be lost in a dump and reload, but now they are preserved.
Change the way that extensions allocate custom LWLocks (Amit Kapila, Robert Haas)
The RequestAddinLWLocks() function is removed, and replaced by RequestNamedLWLockTranche(). This allows better identification of custom LWLocks, and is less error-prone.
Improve the isolation tester to allow multiple sessions to wait concurrently, allowing testing of deadlock scenarios (Robert Haas)
Introduce extensible node types (KaiGai Kohei)
This change allows FDWs or custom scan providers to store data in a plan tree in a more convenient format than was previously possible.
Make the planner deal with post-scan/join query steps by generating and comparing Paths, replacing a lot of ad-hoc logic (Tom Lane)
This change provides only marginal user-visible improvements today, but it enables future work on a lot of upper-planner improvements that were impractical to tackle using the old code structure.
Support partial aggregation (David Rowley, Simon Riggs)
This change allows the computation of an aggregate function to be split into separate parts, for example so that parallel worker processes can cooperate on computing an aggregate. In future it might allow aggregation across local and remote data to occur partially on the remote end.
Add a generic command progress reporting facility (Vinayak Pokale, Rahila Syed, Amit Langote, Robert Haas)
Separate out psql's flex lexer to make it usable by other client programs (Tom Lane, Kyotaro Horiguchi)
This eliminates code duplication for programs that need to be able to parse SQL commands well enough to identify command boundaries. Doing that in full generality is more painful than one could wish, and up to now only psql has really gotten it right among our supported client programs.
A new source-code subdirectory src/fe_utils/ has been created to hold this and other code that is shared across our client programs. Formerly such sharing was accomplished by symbolic linking or copying source files at build time, which was ugly and required duplicate compilation.
Introduce WaitEventSet API to allow efficient waiting for event sets that usually do not change from one wait to the next (Andres Freund, Amit Kapila)
Add a generic interface for writing WAL records (Alexander Korotkov, Petr Jelínek, Markus Nullmeier)
This change allows extensions to write WAL records for changes to pages using a standard layout. The problem of needing to replay WAL without access to the extension is solved by having generic replay code. This allows extensions to implement, for example, index access methods and have WAL support for them.
Support generic WAL messages for logical decoding (Petr Jelínek, Andres Freund)
This feature allows extensions to insert data into the WAL stream that can be read by logical-decoding plugins, but is not connected to physical data restoration.
Allow SP-GiST operator classes to store an arbitrary "traversal value" while descending the index (Alexander Lebedev, Teodor Sigaev)
This is somewhat like the "reconstructed value", but it could be any arbitrary chunk of data, not necessarily of the same data type as the indexed column.
Introduce a LOG_SERVER_ONLY message level for ereport() (David Steele)
This level acts like LOG except that the message is never sent to the client. It is meant for use in auditing and similar applications.
Provide a Makefile target to build all generated headers (Michael Paquier, Tom Lane)
submake-generated-headers can now be invoked to ensure that generated backend header files are up-to-date. This is useful in subdirectories that might be built "standalone".
Support OpenSSL 1.1.0 (Andreas Karlsson, Heikki Linnakangas)
Add configuration parameter auto_explain.sample_rate to allow contrib/auto_explain to capture just a configurable fraction of all queries (Craig Ringer, Julien Rouhaud)
This allows reduction of overhead for heavy query traffic, while still getting useful information on average.
Add contrib/bloom module that implements an index access method based on Bloom filtering (Teodor Sigaev, Alexander Korotkov)
This is primarily a proof-of-concept for non-core index access methods, but it could be useful in its own right for queries that search many columns.
In contrib/cube, introduce distance operators for cubes, and support kNN-style searches in GiST indexes on cube columns (Stas Kelvich)
Make contrib/hstore's hstore_to_jsonb_loose() and hstore_to_json_loose() functions agree on what is a number (Tom Lane)
Previously, hstore_to_jsonb_loose() would convert numeric-looking strings to JSON numbers, rather than strings, even if they did not exactly match the JSON syntax specification for numbers. This was inconsistent with hstore_to_json_loose(), so tighten the test to match the JSON syntax.
Add selectivity estimation functions for contrib/intarray operators to improve plans for queries using those operators (Yury Zhuravlev, Alexander Korotkov)
Make contrib/pageinspect's heap_page_items() function show the raw data in each tuple, and add new functions tuple_data_split() and heap_page_item_attrs() for inspection of individual tuple fields (Nikolay Shaplov)
Add an optional S2K iteration count parameter to contrib/pgcrypto's pgp_sym_encrypt() function (Jeff Janes)
Add support for "word similarity" to contrib/pg_trgm (Alexander Korotkov, Artur Zakirov)
These functions and operators measure the similarity between one string and the most similar single word of another string.
Add configuration parameter pg_trgm.similarity_threshold for contrib/pg_trgm's similarity threshold (Artur Zakirov)
This threshold has always been configurable, but formerly it was controlled by special-purpose functions set_limit() and show_limit(). Those are now deprecated.
Improve contrib/pg_trgm's GIN operator class to speed up index searches in which both common and rare keys appear (Jeff Janes)
Improve performance of similarity searches in contrib/pg_trgm GIN indexes (Christophe Fornaroli)
Add contrib/pg_visibility module to allow examining table visibility maps (Robert Haas)
Add ssl_extension_info() function to contrib/sslinfo, to print information about SSL extensions present in the X509 certificate used for the current connection (Dmitry Voronin)
Allow extension-provided operators and functions to be sent for remote execution, if the extension is whitelisted in the foreign server's options (Paul Ramsey)
Users can enable this feature when the extension is known to exist in a compatible version in the remote database. It allows more efficient execution of queries involving extension operators.
Consider performing sorts on the remote server (Ashutosh Bapat)
Consider performing joins on the remote server (Shigeru Hanada, Ashutosh Bapat)
When feasible, perform UPDATE or DELETE entirely on the remote server (Etsuro Fujita)
Formerly, remote updates involved sending a SELECT FOR UPDATE command and then updating or deleting the selected rows one-by-one. While that is still necessary if the operation requires any local processing, it can now be done remotely if all elements of the query are safe to send to the remote server.
Allow the fetch size to be set as a server or table option (Corey Huinker)
Formerly, postgres_fdw always fetched 100 rows at a time from remote queries; now that behavior is configurable.
Use a single foreign-server connection for local user IDs that all map to the same remote user (Ashutosh Bapat)
Transmit query cancellation requests to the remote server (Michael Paquier, Etsuro Fujita)
Previously, a local query cancellation request did not cause an already-sent remote query to terminate early.
⇑ Upgrade to 9.6.1 released on 2016-10-27 - docs
Fix WAL-logging of truncation of relation free space maps and visibility maps (Pavan Deolasee, Heikki Linnakangas)
It was possible for these files to not be correctly restored during crash recovery, or to be written incorrectly on a standby server. Bogus entries in a free space map could lead to attempts to access pages that have been truncated away from the relation itself, typically producing errors like "could not read block XXX: read only 0 of 8192 bytes". Checksum failures in the visibility map are also possible, if checksumming is enabled.
Procedures for determining whether there is a problem and repairing it if so are discussed at https://wiki.postgresql.org/wiki/Free_Space_Map_Problems.
Fix possible data corruption when pg_upgrade rewrites a relation visibility map into 9.6 format (Tom Lane)
On big-endian machines, bytes of the new visibility map were written in the wrong order, leading to a completely incorrect map. On Windows, the old map was read using text mode, leading to incorrect results if the map happened to contain consecutive bytes that matched a carriage return/line feed sequence. The latter error would almost always lead to a pg_upgrade failure due to the map file appearing to be the wrong length.
If you are using a big-endian machine (many non-Intel architectures are big-endian) and have used pg_upgrade to upgrade from a pre-9.6 release, you should assume that all visibility maps are incorrect and need to be regenerated. It is sufficient to truncate each relation's visibility map with contrib/pg_visibility's pg_truncate_visibility_map() function. For more information see https://wiki.postgresql.org/wiki/Visibility_Map_Problems.
Don't throw serialization errors for self-conflicting insertions in INSERT ... ON CONFLICT (Thomas Munro, Peter Geoghegan)
Fix use-after-free hazard in execution of aggregate functions using DISTINCT (Peter Geoghegan)
This could lead to a crash or incorrect query results.
Fix incorrect handling of polymorphic aggregates used as window functions (Tom Lane)
The aggregate's transition function was told that its first argument and result were of the aggregate's output type, rather than the state type. This led to errors or crashes with polymorphic transition functions.
Fix COPY with a column name list from a table that has row-level security enabled (Adam Brightwell)
Fix EXPLAIN to emit valid XML when track_io_timing is on (Markus Winand)
Previously the XML output-format option produced syntactically invalid tags such as <I/O-Read-Time>. That is now rendered as <I-O-Read-Time>.
Fix statistics update for TRUNCATE in a prepared transaction (Stas Kelvich)
Fix bugs in merging inherited CHECK constraints while creating or altering a table (Tom Lane, Amit Langote)
Allow identical CHECK constraints to be added to a parent and child table in either order. Prevent merging of a valid constraint from the parent table with a NOT VALID constraint on the child. Likewise, prevent merging of a NO INHERIT child constraint with an inherited constraint.
Show a sensible value in pg_settings.unit for min_wal_size and max_wal_size (Tom Lane)
Fix replacement of array elements in jsonb_set() (Tom Lane)
If the target is an existing JSON array element, it got deleted instead of being replaced with a new value.
Avoid very-low-probability data corruption due to testing tuple visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, Tom Lane)
Preserve commit timestamps across server restart (Julien Rouhaud, Craig Ringer)
With track_commit_timestamp turned on, old commit timestamps became inaccessible after a clean server restart.
Fix logical WAL decoding to work properly when a subtransaction's WAL output is large enough to spill to disk (Andres Freund)
Fix dangling-pointer problem in logical WAL decoding (Stas Kelvich)
Round shared-memory allocation request to a multiple of the actual huge page size when attempting to use huge pages on Linux (Tom Lane)
This avoids possible failures during munmap() on systems with atypical default huge page sizes. Except in crash-recovery cases, there were no ill effects other than a log message.
Don't try to share SSL contexts across multiple connections in libpq (Heikki Linnakangas)
This led to assorted corner-case bugs, particularly when trying to use different SSL parameters for different connections.
Avoid corner-case memory leak in libpq (Tom Lane)
The reported problem involved leaking an error report during PQreset(), but there might be related cases.
In pg_upgrade, check library loadability in name order (Tom Lane)
This is a workaround to deal with cross-extension dependencies from language transform modules to their base language and data type modules.
Fix pg_upgrade to work correctly for extensions containing index access methods (Tom Lane)
To allow this, the server has been extended to support ALTER EXTENSION ADD/DROP ACCESS METHOD. That functionality should have been included in the original patch to support dynamic creation of access methods, but it was overlooked.
Improve error reporting in pg_upgrade's file copying/linking/rewriting steps (Tom Lane, Álvaro Herrera)
Fix pg_dump to work against pre-7.4 servers (Amit Langote, Tom Lane)
Disallow specifying both --source-server and --source-target options to pg_rewind (Michael Banck)
Make pg_rewind turn off synchronous_commit in its session on the source server (Michael Banck, Michael Paquier)
This allows pg_rewind to work even when the source server is using synchronous replication that is not working for some reason.
In pg_xlogdump, retry opening new WAL segments when using --follow option (Magnus Hagander)
This allows for a possible delay in the server's creation of the next segment.
Fix contrib/pg_visibility to report the correct TID for a corrupt tuple that has been the subject of a rolled-back update (Tom Lane)
Fix makefile dependencies so that parallel make of PL/Python by itself will succeed reliably (Pavel Raiskup)
Update time zone data files to tzdata release 2016h for DST law changes in Palestine and Turkey, plus historical corrections for Turkey and some regions of Russia. Switch to numeric abbreviations for some time zones in Antarctica, the former Soviet Union, and Sri Lanka.
The IANA time zone database previously provided textual abbreviations for all time zones, sometimes making up abbreviations that have little or no currency among the local population. They are in process of reversing that policy in favor of using numeric UTC offsets in zones where there is no evidence of real-world use of an English abbreviation. At least for the time being, PostgreSQL will continue to accept such removed abbreviations for timestamp input. But they will not be shown in the pg_timezone_names view nor used for output.
In this update, AMT is no longer shown as being in use to mean Armenia Time. Therefore, we have changed the Default abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4.
⇑ Upgrade to 9.6.2 released on 2017-02-09 - docs
Fix a race condition that could cause indexes built with CREATE INDEX CONCURRENTLY to be corrupt (Pavan Deolasee, Tom Lane)
If CREATE INDEX CONCURRENTLY was used to build an index that depends on a column not previously indexed, then rows updated by transactions that ran concurrently with the CREATE INDEX command could have received incorrect index entries. If you suspect this may have happened, the most reliable solution is to rebuild affected indexes after installing this update.
Ensure that the special snapshot used for catalog scans is not invalidated by premature data pruning (Tom Lane)
Backends failed to account for this snapshot when advertising their oldest xmin, potentially allowing concurrent vacuuming operations to remove data that was still needed. This led to transient failures along the lines of "cache lookup failed for relation 1255".
Fix incorrect WAL logging for BRIN indexes (Kuntal Ghosh)
The WAL record emitted for a BRIN "revmap" page when moving an index tuple to a different page was incorrect. Replay would make the related portion of the index useless, forcing it to be recomputed.
Unconditionally WAL-log creation of the "init fork" for an unlogged table (Michael Paquier)
Previously, this was skipped when wal_level = minimal, but actually it's necessary even in that case to ensure that the unlogged table is properly reset to empty after a crash.
If the stats collector dies during hot standby, restart it (Takayuki Tsunakawa)
Ensure that hot standby feedback works correctly when it's enabled at standby server start (Ants Aasma, Craig Ringer)
Check for interrupts while hot standby is waiting for a conflicting query (Simon Riggs)
Avoid constantly respawning the autovacuum launcher in a corner case (Amit Khandekar)
This fix avoids problems when autovacuum is nominally off and there are some tables that require freezing, but all such tables are already being processed by autovacuum workers.
Disallow setting the num_sync field to zero in synchronous_standby_names (Fujii Masao)
The correct way to disable synchronous standby is to set the whole value to an empty string.
Don't count background worker processes against a user's connection limit (David Rowley)
Fix check for when an extension member object can be dropped (Tom Lane)
Extension upgrade scripts should be able to drop member objects, but this was disallowed for serial-column sequences, and possibly other cases.
Fix tracking of initial privileges for extension member objects so that it works correctly with ALTER EXTENSION ... ADD/DROP (Stephen Frost)
An object's current privileges at the time it is added to the extension will now be considered its default privileges; only later changes in its privileges will be dumped by subsequent pg_dump runs.
Make sure ALTER TABLE preserves index tablespace assignments when rebuilding indexes (Tom Lane, Michael Paquier)
Previously, non-default settings of default_tablespace could result in broken indexes.
Fix incorrect updating of trigger function properties when changing a foreign-key constraint's deferrability properties with ALTER TABLE ... ALTER CONSTRAINT (Tom Lane)
This led to odd failures during subsequent exercise of the foreign key, as the triggers were fired at the wrong times.
Prevent dropping a foreign-key constraint if there are pending trigger events for the referenced relation (Tom Lane)
This avoids "could not find trigger NNN" or "relation NNN has no triggers" errors.
Fix ALTER TABLE ... SET DATA TYPE ... USING when child table has different column ordering than the parent (Álvaro Herrera)
Failure to adjust the column numbering in the USING expression led to errors, typically "attribute N has wrong type".
Fix processing of OID column when a table with OIDs is associated to a parent with OIDs via ALTER TABLE ... INHERIT (Amit Langote)
The OID column should be treated the same as regular user columns in this case, but it wasn't, leading to odd behavior in later inheritance changes.
Ensure that CREATE TABLE ... LIKE ... WITH OIDS creates a table with OIDs, whether or not the LIKE-referenced table(s) have OIDs (Tom Lane)
Fix CREATE OR REPLACE VIEW to update the view query before attempting to apply the new view options (Dean Rasheed)
Previously the command would fail if the new options were inconsistent with the old view definition.
Report correct object identity during ALTER TEXT SEARCH CONFIGURATION (Artur Zakirov)
The wrong catalog OID was reported to extensions such as logical decoding.
Fix commit timestamp mechanism to not fail when queried about the special XIDs FrozenTransactionId and BootstrapTransactionId (Craig Ringer)
Fix incorrect use of view reloptions as regular table reloptions (Tom Lane)
The symptom was spurious "ON CONFLICT is not supported on table ... used as a catalog table" errors when the target of INSERT ... ON CONFLICT is a view with cascade option.
Fix incorrect "target lists can have at most N entries" complaint when using ON CONFLICT with wide tables (Tom Lane)
Fix spurious "query provides a value for a dropped column" errors during INSERT or UPDATE on a table with a dropped column (Tom Lane)
Prevent multicolumn expansion of foo.* in an UPDATE source expression (Tom Lane)
This led to "UPDATE target count mismatch --- internal error". Now the syntax is understood as a whole-row variable, as it would be in other contexts.
Ensure that column typmods are determined accurately for multi-row VALUES constructs (Tom Lane)
This fixes problems occurring when the first value in a column has a determinable typmod (e.g., length for a varchar value) but later values don't share the same limit.
Throw error for an unfinished Unicode surrogate pair at the end of a Unicode string (Tom Lane)
Normally, a Unicode surrogate leading character must be followed by a Unicode surrogate trailing character, but the check for this was missed if the leading character was the last character in a Unicode string literal (U&'...') or Unicode identifier (U&"...").
Fix execution of DISTINCT and ordered aggregates when multiple such aggregates are able to share the same transition state (Heikki Linnakangas)
Fix implementation of phrase search operators in tsquery (Tom Lane)
Remove incorrect, and inconsistently-applied, rewrite rules that tried to transform away AND/OR/NOT operators appearing below a PHRASE operator; instead upgrade the execution engine to handle such cases correctly. This fixes assorted strange behavior and possible crashes for text search queries containing such combinations. Also fix nested PHRASE operators to work sanely in combinations other than simple left-deep trees, correct the behavior when removing stopwords from a phrase search clause, and make sure that index searches behave consistently with simple sequential-scan application of such queries.
Ensure that a purely negative text search query, such as !foo, matches empty tsvectors (Tom Dunstan)
Such matches were found by GIN index searches, but not by sequential scans or GiST index searches.
Prevent crash when ts_rewrite() replaces a non-top-level subtree with an empty query (Artur Zakirov)
Fix performance problems in ts_rewrite() (Tom Lane)
Fix ts_rewrite()'s handling of nested NOT operators (Tom Lane)
Improve speed of user-defined aggregates that use array_append() as transition function (Tom Lane)
Fix array_fill() to handle empty arrays properly (Tom Lane)
Fix possible crash in array_position() or array_positions() when processing arrays of records (Junseok Yang)
Fix one-byte buffer overrun in quote_literal_cstr() (Heikki Linnakangas)
The overrun occurred only if the input consisted entirely of single quotes and/or backslashes.
Prevent multiple calls of pg_start_backup() and pg_stop_backup() from running concurrently (Michael Paquier)
This avoids an assertion failure, and possibly worse things, if someone tries to run these functions in parallel.
Disable transform that attempted to remove no-op AT TIME ZONE conversions (Tom Lane)
This resulted in wrong answers when the simplified expression was used in an index condition.
Avoid discarding interval-to-interval casts that aren't really no-ops (Tom Lane)
In some cases, a cast that should result in zeroing out low-order interval fields was mistakenly deemed to be a no-op and discarded. An example is that casting from INTERVAL MONTH to INTERVAL YEAR failed to clear the months field.
Fix crash if the number of workers available to a parallel query decreases during a rescan (Andreas Seltenreich)
Fix bugs in transmitting GUC parameter values to parallel workers (Michael Paquier, Tom Lane)
Allow statements prepared with PREPARE to be given parallel plans (Amit Kapila, Tobias Bussmann)
Fix incorrect generation of parallel plans for semi-joins (Tom Lane)
Fix planner's cardinality estimates for parallel joins (Robert Haas)
Ensure that these estimates reflect the number of rows predicted to be seen by each worker, rather than the total.
Fix planner to avoid trying to parallelize plan nodes containing initplans or subplans (Tom Lane, Amit Kapila)
Ensure that cached plans are invalidated by changes in foreign-table options (Amit Langote, Etsuro Fujita, Ashutosh Bapat)
Fix the plan generated for sorted partial aggregation with a constant GROUP BY clause (Tom Lane)
Fix "could not find plan for CTE" planner error when dealing with a UNION ALL containing CTE references (Tom Lane)
Fix mishandling of initplans when forcibly adding a Material node to a subplan (Tom Lane)
The typical consequence of this mistake was a "plan should not reference subplan's variable" error.
Fix foreign-key-based join selectivity estimation for semi-joins and anti-joins, as well as inheritance cases (Tom Lane)
The new code for taking the existence of a foreign key relationship into account did the wrong thing in these cases, making the estimates worse not better than the pre-9.6 code.
Fix pg_dump to emit the data of a sequence that is marked as an extension configuration table (Michael Paquier)
Fix mishandling of ALTER DEFAULT PRIVILEGES ... REVOKE in pg_dump (Stephen Frost)
pg_dump missed issuing the required REVOKE commands in cases where ALTER DEFAULT PRIVILEGES had been used to reduce privileges to less than they would normally be.
Fix pg_dump to dump user-defined casts and transforms that use built-in functions (Stephen Frost)
Fix pg_restore with --create --if-exists to behave more sanely if an archive contains unrecognized DROP commands (Tom Lane)
This doesn't fix any live bug, but it may improve the behavior in future if pg_restore is used with an archive generated by a later pg_dump version.
Fix pg_basebackup's rate limiting in the presence of slow I/O (Antonin Houska)
If disk I/O was transiently much slower than the specified rate limit, the calculation overflowed, effectively disabling the rate limit for the rest of the run.
Fix pg_basebackup's handling of symlinked pg_stat_tmp and pg_replslot subdirectories (Magnus Hagander, Michael Paquier)
Fix possible pg_basebackup failure on standby server when including WAL files (Amit Kapila, Robert Haas)
Improve initdb to insert the correct platform-specific default values for the xxx_flush_after parameters into postgresql.conf (Fabien Coelho, Tom Lane)
This is a cleaner way of documenting the default values than was used previously.
Fix possible mishandling of expanded arrays in domain check constraints and CASE execution (Tom Lane)
It was possible for a PL/pgSQL function invoked in these contexts to modify or even delete an array value that needs to be preserved for additional operations.
Fix nested uses of PL/pgSQL functions in contexts such as domain check constraints evaluated during assignment to a PL/pgSQL variable (Tom Lane)
Ensure that the Python exception objects we create for PL/Python are properly reference-counted (Rafa de la Torre, Tom Lane)
This avoids failures if the objects are used after a Python garbage collection cycle has occurred.
Fix PL/Tcl to support triggers on tables that have .tupno as a column name (Tom Lane)
This matches the (previously undocumented) behavior of PL/Tcl's spi_exec and spi_execp commands, namely that a magic .tupno column is inserted only if there isn't a real column named that.
Allow DOS-style line endings in ~/.pgpass files, even on Unix (Vik Fearing)
This change simplifies use of the same password file across Unix and Windows machines.
Fix one-byte buffer overrun if ecpg is given a file name that ends with a dot (Takayuki Tsunakawa)
Fix incorrect error reporting for duplicate data in psql's \crosstabview (Tom Lane)
psql sometimes quoted the wrong row and/or column values when complaining about multiple entries for the same crosstab cell.
Fix psql's tab completion for ALTER DEFAULT PRIVILEGES (Gilles Darold, Stephen Frost)
Fix psql's tab completion for ALTER TABLE t ALTER c DROP ... (Kyotaro Horiguchi)
In psql, treat an empty or all-blank setting of the PAGER environment variable as meaning "no pager" (Tom Lane)
Previously, such a setting caused output intended for the pager to vanish entirely.
Improve contrib/dblink's reporting of low-level libpq errors, such as out-of-memory (Joe Conway)
Teach contrib/dblink to ignore irrelevant server options when it uses a contrib/postgres_fdw foreign server as the source of connection options (Corey Huinker)
Previously, if the foreign server object had options that were not also libpq connection options, an error occurred.
Fix portability problems in contrib/pageinspect's functions for GIN indexes (Peter Eisentraut, Tom Lane)
Fix possible miss of socket read events while waiting on Windows (Amit Kapila)
This error was harmless for most uses, but it is known to cause hangs when trying to use the pldebugger extension.
On Windows, ensure that environment variable changes are propagated to DLLs built with debug options (Christian Ullrich)
Sync our copy of the timezone library with IANA release tzcode2016j (Tom Lane)
This fixes various issues, most notably that timezone data installation failed if the target directory didn't support hard links.
Update time zone data files to tzdata release 2016j for DST law changes in northern Cyprus (adding a new zone Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, and Antarctica/Casey. Historical corrections for Italy, Kazakhstan, Malta, and Palestine. Switch to preferring numeric zone abbreviations for Tonga.
⇑ Upgrade to 9.6.3 released on 2017-05-11 - docs
Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options (Michael Paquier, Feike Steenbergen)
The previous coding allowed the owner of a foreign server object, or anyone he has granted server USAGE permission to, to see the options for all user mappings associated with that server. This might well include passwords for other users. Adjust the view definition to match the behavior of information_schema.user_mapping_options, namely that these options are visible to the user being mapped, or if the mapping is for PUBLIC and the current user is the server owner, or if the current user is a superuser. (CVE-2017-7486)
By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, follow the corrected procedure shown in the changelog entry for CVE-2017-7547, in Section E.13.
Prevent exposure of statistical information via leaky operators (Peter Eisentraut)
Some selectivity estimation functions in the planner will apply user-defined operators to values obtained from pg_statistic, such as most common values and histogram entries. This occurs before table permissions are checked, so a nefarious user could exploit the behavior to obtain these values for table columns he does not have permission to read. To fix, fall back to a default estimate if the operator's implementation function is not certified leak-proof and the calling user does not have permission to read the table column whose statistics are needed. At least one of these criteria is satisfied in most cases in practice. (CVE-2017-7484)
Restore libpq's recognition of the PGREQUIRESSL environment variable (Daniel Gustafsson)
Processing of this environment variable was unintentionally dropped in PostgreSQL 9.3, but its documentation remained. This creates a security hazard, since users might be relying on the environment variable to force SSL-encrypted connections, but that would no longer be guaranteed. Restore handling of the variable, but give it lower priority than PGSSLMODE, to avoid breaking configurations that work correctly with post-9.3 code. (CVE-2017-7485)
Fix possibly-invalid initial snapshot during logical decoding (Petr Jelinek, Andres Freund)
The initial snapshot created for a logical decoding replication slot was potentially incorrect. This could cause third-party tools that use logical decoding to copy incomplete/inconsistent initial data. This was more likely to happen if the source server was busy at the time of slot creation, or if another logical slot already existed.
If you are using a replication tool that depends on logical decoding, and it should have copied a nonempty data set at the start of replication, it is advisable to recreate the replica after installing this update, or to verify its contents against the source server.
Fix possible corruption of "init forks" of unlogged indexes (Robert Haas, Michael Paquier)
This could result in an unlogged index being set to an invalid state after a crash and restart. Such a problem would persist until the index was dropped and rebuilt.
Fix incorrect reconstruction of pg_subtrans entries when a standby server replays a prepared but uncommitted two-phase transaction (Tom Lane)
In most cases this turned out to have no visible ill effects, but in corner cases it could result in circular references in pg_subtrans, potentially causing infinite loops in queries that examine rows modified by the two-phase transaction.
Avoid possible crash in walsender due to failure to initialize a string buffer (Stas Kelvich, Fujii Masao)
Fix possible crash when rescanning a nearest-neighbor index-only scan on a GiST index (Tom Lane)
Prevent delays in postmaster's launching of multiple parallel worker processes (Tom Lane)
There could be a significant delay (up to tens of seconds) before satisfying a query's request for more than one worker process, or when multiple queries requested workers simultaneously. On most platforms this required unlucky timing, but on some it was the typical case.
Fix postmaster's handling of fork() failure for a background worker process (Tom Lane)
Previously, the postmaster updated portions of its state as though the process had been launched successfully, resulting in subsequent confusion.
Fix possible "no relation entry for relid 0" error when planning nested set operations (Tom Lane)
Fix assorted minor issues in planning of parallel queries (Robert Haas)
Avoid applying "physical targetlist" optimization to custom scans (Dmitry Ivanov, Tom Lane)
This optimization supposed that retrieving all columns of a tuple is inexpensive, which is true for ordinary Postgres tuples; but it might not be the case for a custom scan provider.
Use the correct sub-expression when applying a FOR ALL row-level-security policy (Stephen Frost)
In some cases the WITH CHECK restriction would be applied when the USING restriction is more appropriate.
Ensure parsing of queries in extension scripts sees the results of immediately-preceding DDL (Julien Rouhaud, Tom Lane)
Due to lack of a cache flush step between commands in an extension script file, non-utility queries might not see the effects of an immediately preceding catalog change, such as ALTER TABLE ... RENAME.
Skip tablespace privilege checks when ALTER TABLE ... ALTER COLUMN TYPE rebuilds an existing index (Noah Misch)
The command failed if the calling user did not currently have CREATE privilege for the tablespace containing the index. That behavior seems unhelpful, so skip the check, allowing the index to be rebuilt where it is.
Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse to child tables when the constraint is marked NO INHERIT (Amit Langote)
This fix prevents unwanted "constraint does not exist" failures when no matching constraint is present in the child tables.
Avoid dangling pointer in COPY ... TO when row-level security is active for the source table (Tom Lane)
Usually this had no ill effects, but sometimes it would cause unexpected errors or crashes.
Avoid accessing an already-closed relcache entry in CLUSTER and VACUUM FULL (Tom Lane)
With some bad luck, this could lead to indexes on the target relation getting rebuilt with the wrong persistence setting.
Fix VACUUM to account properly for pages that could not be scanned due to conflicting page pins (Andrew Gierth)
This tended to lead to underestimation of the number of tuples in the table. In the worst case of a small heavily-contended table, VACUUM could incorrectly report that the table contained no tuples, leading to very bad planning choices.
Ensure that bulk-tuple-transfer loops within a hash join are interruptible by query cancel requests (Tom Lane, Thomas Munro)
Fix incorrect support for certain box operators in SP-GiST (Nikita Glukhov)
SP-GiST index scans using the operators &< &> &<| and |&> would yield incorrect answers.
Fix integer-overflow problems in interval comparison (Kyotaro Horiguchi, Tom Lane)
The comparison operators for type interval could yield wrong answers for intervals larger than about 296000 years. Indexes on columns containing such large values should be reindexed, since they may be corrupt.
Fix cursor_to_xml() to produce valid output with tableforest = false (Thomas Munro, Peter Eisentraut)
Previously it failed to produce a wrapping <table> element.
Fix roundoff problems in float8_timestamptz() and make_interval() (Tom Lane)
These functions truncated, rather than rounded, when converting a floating-point value to integer microseconds; that could cause unexpectedly off-by-one results.
Fix pg_get_object_address() to handle members of operator families correctly (Álvaro Herrera)
Fix cancelling of pg_stop_backup() when attempting to stop a non-exclusive backup (Michael Paquier, David Steele)
If pg_stop_backup() was cancelled while waiting for a non-exclusive backup to end, related state was left inconsistent; a new exclusive backup could not be started, and there were other minor problems.
Improve performance of pg_timezone_names view (Tom Lane, David Rowley)
Reduce memory management overhead for contexts containing many large blocks (Tom Lane)
Fix sloppy handling of corner-case errors from lseek() and close() (Tom Lane)
Neither of these system calls are likely to fail in typical situations, but if they did, fd.c could get quite confused.
Fix incorrect check for whether postmaster is running as a Windows service (Michael Paquier)
This could result in attempting to write to the event log when that isn't accessible, so that no logging happens at all.
Fix ecpg to support COMMIT PREPARED and ROLLBACK PREPARED (Masahiko Sawada)
Fix a double-free error when processing dollar-quoted string literals in ecpg (Michael Meskes)
Fix pgbench to handle the combination of --connect and --rate options correctly (Fabien Coelho)
Fix pgbench to honor the long-form option spelling --builtin, as per its documentation (Tom Lane)
Fix pg_dump/pg_restore to correctly handle privileges for the public schema when using --clean option (Stephen Frost)
Other schemas start out with no privileges granted, but public does not; this requires special-case treatment when it is dropped and restored due to the --clean option.
In pg_dump, fix incorrect schema and owner marking for comments and security labels of some types of database objects (Giuseppe Broccolo, Tom Lane)
In simple cases this caused no ill effects; but for example, a schema-selective restore might omit comments it should include, because they were not marked as belonging to the schema of their associated object.
Fix typo in pg_dump's query for initial privileges of a procedural language (Peter Eisentraut)
This resulted in pg_dump always believing that the language had no initial privileges. Since that's true for most procedural languages, ill effects from this bug are probably rare.
Avoid emitting an invalid list file in pg_restore -l when SQL object names contain newlines (Tom Lane)
Replace newlines by spaces, which is sufficient to make the output valid for pg_restore -L's purposes.
Fix pg_upgrade to transfer comments and security labels attached to "large objects" (blobs) (Stephen Frost)
Previously, blobs were correctly transferred to the new database, but any comments or security labels attached to them were lost.
Improve error handling in contrib/adminpack's pg_file_write() function (Noah Misch)
Notably, it failed to detect errors reported by fclose().
In contrib/dblink, avoid leaking the previous unnamed connection when establishing a new unnamed connection (Joe Conway)
Fix contrib/pg_trgm's extraction of trigrams from regular expressions (Tom Lane)
In some cases it would produce a broken data structure that could never match anything, leading to GIN or GiST indexscans that use a trigram index not finding any matches to the regular expression.
In contrib/postgres_fdw, allow join conditions that contain shippable extension-provided functions to be pushed to the remote server (David Rowley, Ashutosh Bapat)
Support Tcl 8.6 in MSVC builds (Álvaro Herrera)
Sync our copy of the timezone library with IANA release tzcode2017b (Tom Lane)
This fixes a bug affecting some DST transitions in January 2038.
Update time zone data files to tzdata release 2017b for DST law changes in Chile, Haiti, and Mongolia, plus historical corrections for Ecuador, Kazakhstan, Liberia, and Spain. Switch to numeric abbreviations for numerous time zones in South America, the Pacific and Indian oceans, and some Asian and Middle Eastern countries.
The IANA time zone database previously provided textual abbreviations for all time zones, sometimes making up abbreviations that have little or no currency among the local population. They are in process of reversing that policy in favor of using numeric UTC offsets in zones where there is no evidence of real-world use of an English abbreviation. At least for the time being, PostgreSQL will continue to accept such removed abbreviations for timestamp input. But they will not be shown in the pg_timezone_names view nor used for output.
Use correct daylight-savings rules for POSIX-style time zone names in MSVC builds (David Rowley)
The Microsoft MSVC build scripts neglected to install the posixrules file in the timezone directory tree. This resulted in the timezone code falling back to its built-in rule about what DST behavior to assume for a POSIX-style time zone name. For historical reasons that still corresponds to the DST rules the USA was using before 2007 (i.e., change on first Sunday in April and last Sunday in October). With this fix, a POSIX-style zone name will use the current and historical DST transition dates of the US/Eastern zone. If you don't want that, remove the posixrules file, or replace it with a copy of some other zone file (see Section 8.5.3). Note that due to caching, you may need to restart the server to get such changes to take effect.
⇑ Upgrade to 9.6.4 released on 2017-08-10 - docs
Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options (Noah Misch)
The fix for CVE-2017-7486 was incorrect: it allowed a user to see the options in her own user mapping, even if she did not have USAGE permission on the associated foreign server. Such options might include a password that had been provided by the server owner rather than the user herself. Since information_schema.user_mapping_options does not show the options in such cases, pg_user_mappings should not either. (CVE-2017-7547)
By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, you will need to do the following:
Restart the postmaster after adding allow_system_table_mods = true to postgresql.conf. (In versions supporting ALTER SYSTEM, you can use that to make the configuration change, but you'll still need a restart.)
In each database of the cluster, run the following commands as superuser:
SET search_path = pg_catalog;
CREATE OR REPLACE VIEW pg_user_mappings AS
SELECT
U.oid AS umid,
S.oid AS srvid,
S.srvname AS srvname,
U.umuser AS umuser,
CASE WHEN U.umuser = 0 THEN
'public'
ELSE
A.rolname
END AS usename,
CASE WHEN (U.umuser <> 0 AND A.rolname = current_user
AND (pg_has_role(S.srvowner, 'USAGE')
OR has_server_privilege(S.oid, 'USAGE')))
OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
THEN U.umoptions
ELSE NULL END AS umoptions
FROM pg_user_mapping U
LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN
pg_foreign_server S ON (U.umserver = S.oid);Do not forget to include the template0 and template1 databases, or the vulnerability will still exist in databases you create later. To fix template0, you'll need to temporarily make it accept connections. In PostgreSQL 9.5 and later, you can use
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
and then after fixing template0, undo that with
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
In prior versions, instead use
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
Finally, remove the allow_system_table_mods configuration setting, and again restart the postmaster.
Disallow empty passwords in all password-based authentication methods (Heikki Linnakangas)
libpq ignores empty password specifications, and does not transmit them to the server. So, if a user's password has been set to the empty string, it's impossible to log in with that password via psql or other libpq-based clients. An administrator might therefore believe that setting the password to empty is equivalent to disabling password login. However, with a modified or non-libpq-based client, logging in could be possible, depending on which authentication method is configured. In particular the most common method, md5, accepted empty passwords. Change the server to reject empty passwords in all cases. (CVE-2017-7546)
Make lo_put() check for UPDATE privilege on the target large object (Tom Lane, Michael Paquier)
lo_put() should surely require the same permissions as lowrite(), but the check was missing, allowing any user to change the data in a large object. (CVE-2017-7548)
Correct the documentation about the process for upgrading standby servers with pg_upgrade (Bruce Momjian)
The previous documentation instructed users to start/stop the primary server after running pg_upgrade but before syncing the standby servers. This sequence is unsafe.
Fix concurrent locking of tuple update chains (Álvaro Herrera)
If several sessions concurrently lock a tuple update chain with nonconflicting lock modes using an old snapshot, and they all succeed, it was possible for some of them to nonetheless fail (and conclude there is no live tuple version) due to a race condition. This had consequences such as foreign-key checks failing to see a tuple that definitely exists but is being updated concurrently.
Fix potential data corruption when freezing a tuple whose XMAX is a multixact with exactly one still-interesting member (Teodor Sigaev)
Avoid integer overflow and ensuing crash when sorting more than one billion tuples in-memory (Sergey Koposov)
On Windows, retry process creation if we fail to reserve the address range for our shared memory in the new process (Tom Lane, Amit Kapila)
This is expected to fix infrequent child-process-launch failures that are probably due to interference from antivirus products.
Fix low-probability corruption of shared predicate-lock hash table in Windows builds (Thomas Munro, Tom Lane)
Avoid logging clean closure of an SSL connection as though it were a connection reset (Michael Paquier)
Prevent sending SSL session tickets to clients (Tom Lane)
This fix prevents reconnection failures with ticket-aware client-side SSL code.
Fix code for setting tcp_keepalives_idle on Solaris (Tom Lane)
Fix statistics collector to honor inquiry messages issued just after a postmaster shutdown and immediate restart (Tom Lane)
Statistics inquiries issued within half a second of the previous postmaster shutdown were effectively ignored.
Ensure that the statistics collector's receive buffer size is at least 100KB (Tom Lane)
This reduces the risk of dropped statistics data on older platforms whose default receive buffer size is less than that.
Fix possible creation of an invalid WAL segment when a standby is promoted just after it processes an XLOG_SWITCH WAL record (Andres Freund)
Fix walsender to exit promptly when client requests shutdown (Tom Lane)
Fix SIGHUP and SIGUSR1 handling in walsender processes (Petr Jelinek, Andres Freund)
Prevent walsender-triggered panics during shutdown checkpoints (Andres Freund, Michael Paquier)
Fix unnecessarily slow restarts of walreceiver processes due to race condition in postmaster (Tom Lane)
Fix leakage of small subtransactions spilled to disk during logical decoding (Andres Freund)
This resulted in temporary files consuming excessive disk space.
Reduce the work needed to build snapshots during creation of logical-decoding slots (Andres Freund, Petr Jelinek)
The previous algorithm was infeasibly expensive on a server with a lot of open transactions.
Fix race condition that could indefinitely delay creation of logical-decoding slots (Andres Freund, Petr Jelinek)
Reduce overhead in processing syscache invalidation events (Tom Lane)
This is particularly helpful for logical decoding, which triggers frequent cache invalidation.
Remove incorrect heuristic used in some cases to estimate join selectivity based on the presence of foreign-key constraints (David Rowley)
In some cases where a multi-column foreign key constraint existed but did not exactly match a query's join structure, the planner used an estimation heuristic that turns out not to work well at all. Revert such cases to the way they were estimated before 9.6.
Fix cases where an INSERT or UPDATE assigns to more than one element of a column that is of domain-over-array type (Tom Lane)
Allow window functions to be used in sub-SELECTs that are within the arguments of an aggregate function (Tom Lane)
Ensure that a view's CHECK OPTIONS clause is enforced properly when the underlying table is a foreign table (Etsuro Fujita)
Previously, the update might get pushed entirely to the foreign server, but the need to verify the view conditions was missed if so.
Move autogenerated array types out of the way during ALTER ... RENAME (Vik Fearing)
Previously, we would rename a conflicting autogenerated array type out of the way during CREATE; this fix extends that behavior to renaming operations.
Fix dangling pointer in ALTER TABLE when there is a comment on a constraint belonging to the table (David Rowley)
Re-applying the comment to the reconstructed constraint could fail with a weird error message, or even crash.
Ensure that ALTER USER ... SET accepts all the syntax variants that ALTER ROLE ... SET does (Peter Eisentraut)
Allow a foreign table's CHECK constraints to be initially NOT VALID (Amit Langote)
CREATE TABLE silently drops NOT VALID specifiers for CHECK constraints, reasoning that the table must be empty so the constraint can be validated immediately. But this is wrong for CREATE FOREIGN TABLE, where there's no reason to suppose that the underlying table is empty, and even if it is it's no business of ours to decide that the constraint can be treated as valid going forward. Skip this "optimization" for foreign tables.
Properly update dependency info when changing a datatype I/O function's argument or return type from opaque to the correct type (Heikki Linnakangas)
CREATE TYPE updates I/O functions declared in this long-obsolete style, but it forgot to record a dependency on the type, allowing a subsequent DROP TYPE to leave broken function definitions behind.
Allow parallelism in the query plan when COPY copies from a query's result (Andres Freund)
Reduce memory usage when ANALYZE processes a tsvector column (Heikki Linnakangas)
Fix unnecessary precision loss and sloppy rounding when multiplying or dividing money values by integers or floats (Tom Lane)
Tighten checks for whitespace in functions that parse identifiers, such as regprocedurein() (Tom Lane)
Depending on the prevailing locale, these functions could misinterpret fragments of multibyte characters as whitespace.
Use relevant #define symbols from Perl while compiling PL/Perl (Ashutosh Sharma, Tom Lane)
This avoids portability problems, typically manifesting as a "handshake" mismatch during library load, when working with recent Perl versions.
In libpq, reset GSS/SASL and SSPI authentication state properly after a failed connection attempt (Michael Paquier)
Failure to do this meant that when falling back from SSL to non-SSL connections, a GSS/SASL failure in the SSL attempt would always cause the non-SSL attempt to fail. SSPI did not fail, but it leaked memory.
In psql, fix failure when COPY FROM STDIN is ended with a keyboard EOF signal and then another COPY FROM STDIN is attempted (Thomas Munro)
This misbehavior was observed on BSD-derived platforms (including macOS), but not on most others.
Fix pg_dump and pg_restore to emit REFRESH MATERIALIZED VIEW commands last (Tom Lane)
This prevents errors during dump/restore when a materialized view refers to tables owned by a different user.
Improve pg_dump/pg_restore's reporting of error conditions originating in zlib (Vladimir Kunschikov, Álvaro Herrera)
Fix pg_dump with the --clean option to drop event triggers as expected (Tom Lane)
It also now correctly assigns ownership of event triggers; before, they were restored as being owned by the superuser running the restore script.
Fix pg_dump with the --clean option to not fail when the public schema doesn't exist (Stephen Frost)
Fix pg_dump to not emit invalid SQL for an empty operator class (Daniel Gustafsson)
Fix pg_dump output to stdout on Windows (Kuntal Ghosh)
A compressed plain-text dump written to stdout would contain corrupt data due to failure to put the file descriptor into binary mode.
Fix pg_get_ruledef() to print correct output for the ON SELECT rule of a view whose columns have been renamed (Tom Lane)
In some corner cases, pg_dump relies on pg_get_ruledef() to dump views, so that this error could result in dump/reload failures.
Fix dumping of outer joins with empty constraints, such as the result of a NATURAL LEFT JOIN with no common columns (Tom Lane)
Fix dumping of function expressions in the FROM clause in cases where the expression does not deparse into something that looks like a function call (Tom Lane)
Fix pg_basebackup output to stdout on Windows (Haribabu Kommi)
A backup written to stdout would contain corrupt data due to failure to put the file descriptor into binary mode.
Fix pg_rewind to correctly handle files exceeding 2GB (Kuntal Ghosh, Michael Paquier)
Ordinarily such files won't appear in PostgreSQL data directories, but they could be present in some cases.
Fix pg_upgrade to ensure that the ending WAL record does not have wal_level = minimum (Bruce Momjian)
This condition could prevent upgraded standby servers from reconnecting.
Fix pg_xlogdump's computation of WAL record length (Andres Freund)
In postgres_fdw, re-establish connections to remote servers after ALTER SERVER or ALTER USER MAPPING commands (Kyotaro Horiguchi)
This ensures that option changes affecting connection parameters will be applied promptly.
In postgres_fdw, allow cancellation of remote transaction control commands (Robert Haas, Rafia Sabih)
This change allows us to quickly escape a wait for an unresponsive remote server in many more cases than previously.
Increase MAX_SYSCACHE_CALLBACKS to provide more room for extensions (Tom Lane)
Always use -fPIC, not -fpic, when building shared libraries with gcc (Tom Lane)
This supports larger extension libraries on platforms where it makes a difference.
In MSVC builds, handle the case where the openssl library is not within a VC subdirectory (Andrew Dunstan)
In MSVC builds, add proper include path for libxml2 header files (Andrew Dunstan)
This fixes a former need to move things around in standard Windows installations of libxml2.
In MSVC builds, recognize a Tcl library that is named tcl86.lib (Noah Misch)
In MSVC builds, honor PROVE_FLAGS settings on vcregress.pl's command line (Andrew Dunstan)
⇑ Upgrade to 9.6.5 released on 2017-08-31 - docs
Show foreign tables in information_schema.table_privileges view (Peter Eisentraut)
All other relevant information_schema views include foreign tables, but this one ignored them.
Since this view definition is installed by initdb, merely upgrading will not fix the problem. If you need to fix this in an existing installation, you can, as a superuser, do this in psql:
SET search_path TO information_schema;
CREATE OR REPLACE VIEW table_privileges AS
SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor,
CAST(grantee.rolname AS sql_identifier) AS grantee,
CAST(current_database() AS sql_identifier) AS table_catalog,
CAST(nc.nspname AS sql_identifier) AS table_schema,
CAST(c.relname AS sql_identifier) AS table_name,
CAST(c.prtype AS character_data) AS privilege_type,
CAST(
CASE WHEN
-- object owner always has grant options
pg_has_role(grantee.oid, c.relowner, 'USAGE')
OR c.grantable
THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable,
CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy
FROM (
SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class
) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable),
pg_namespace nc,
pg_authid u_grantor,
(
SELECT oid, rolname FROM pg_authid
UNION ALL
SELECT 0::oid, 'PUBLIC'
) AS grantee (oid, rolname)
WHERE c.relnamespace = nc.oid
AND c.relkind IN ('r', 'v', 'f')
AND c.grantee = grantee.oid
AND c.grantor = u_grantor.oid
AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER')
AND (pg_has_role(u_grantor.oid, 'USAGE')
OR pg_has_role(grantee.oid, 'USAGE')
OR grantee.rolname = 'PUBLIC');This must be repeated in each database to be fixed, including template0.
Clean up handling of a fatal exit (e.g., due to receipt of SIGTERM) that occurs while trying to execute a ROLLBACK of a failed transaction (Tom Lane)
This situation could result in an assertion failure. In production builds, the exit would still occur, but it would log an unexpected message about "cannot drop active portal".
Remove assertion that could trigger during a fatal exit (Tom Lane)
Correctly identify columns that are of a range type or domain type over a composite type or domain type being searched for (Tom Lane)
Certain ALTER commands that change the definition of a composite type or domain type are supposed to fail if there are any stored values of that type in the database, because they lack the infrastructure needed to update or check such values. Previously, these checks could miss relevant values that are wrapped inside range types or sub-domains, possibly allowing the database to become inconsistent.
Prevent crash when passing fixed-length pass-by-reference data types to parallel worker processes (Tom Lane)
Fix crash in pg_restore when using parallel mode and using a list file to select a subset of items to restore (Fabrízio de Royes Mello)
Change ecpg's parser to allow RETURNING clauses without attached C variables (Michael Meskes)
This allows ecpg programs to contain SQL constructs that use RETURNING internally (for example, inside a CTE) rather than using it to define values to be returned to the client.
Change ecpg's parser to recognize backslash continuation of C preprocessor command lines (Michael Meskes)
Improve selection of compiler flags for PL/Perl on Windows (Tom Lane)
This fix avoids possible crashes of PL/Perl due to inconsistent assumptions about the width of time_t values. A side-effect that may be visible to extension developers is that _USE_32BIT_TIME_T is no longer defined globally in PostgreSQL Windows builds. This is not expected to cause problems, because type time_t is not used in any PostgreSQL API definitions.
Fix make check to behave correctly when invoked via a non-GNU make program (Thomas Munro)
⇑ Upgrade to 10 released on 2017-10-05 - docs
Hash indexes must be rebuilt after pg_upgrade-ing from any previous major PostgreSQL version (Mithun Cy, Robert Haas, Amit Kapila)
Major hash index improvements necessitated this requirement. pg_upgrade will create a script to assist with this.
Rename write-ahead log directory pg_xlog to pg_wal, and rename transaction status directory pg_clog to pg_xact (Michael Paquier)
Users have occasionally thought that these directories contained only inessential log files, and proceeded to remove write-ahead log files or transaction status files manually, causing irrecoverable data loss. These name changes are intended to discourage such errors in future.
Rename SQL functions, tools, and options that reference “xlog” to “wal” (Robert Haas)
For example, pg_switch_xlog() becomes pg_switch_wal(), pg_receivexlog becomes pg_receivewal, and --xlogdir becomes --waldir. This is for consistency with the change of the pg_xlog directory name; in general, the “xlog” terminology is no longer used in any user-facing places.
Rename WAL-related functions and views to use lsn instead of location (David Rowley)
There was previously an inconsistent mixture of the two terminologies.
Change the implementation of set-returning functions appearing in a query's SELECT list (Andres Freund)
Set-returning functions are now evaluated before evaluation of scalar expressions in the SELECT list, much as though they had been placed in a LATERAL FROM-clause item. This allows saner semantics for cases where multiple set-returning functions are present. If they return different numbers of rows, the shorter results are extended to match the longest result by adding nulls. Previously the results were cycled until they all terminated at the same time, producing a number of rows equal to the least common multiple of the functions' periods. In addition, set-returning functions are now disallowed within CASE and COALESCE constructs. For more information see Section 37.4.8.
Use standard row constructor syntax in UPDATE ... SET ( (Tom Lane)column_list) = row_constructor
The row_constructor can now begin with the keyword ROW; previously that had to be omitted. If just one column name appears in the column_list, then the row_constructor now must use the ROW keyword, since otherwise it is not a valid row constructor but just a parenthesized expression. Also, an occurrence of table_name.*row_constructor is now expanded into multiple columns, as occurs in other uses of row_constructors.
When ALTER TABLE ... ADD PRIMARY KEY marks columns NOT NULL, that change now propagates to inheritance child tables as well (Michael Paquier)
Prevent statement-level triggers from firing more than once per statement (Tom Lane)
Cases involving writable CTEs updating the same table updated by the containing statement, or by another writable CTE, fired BEFORE STATEMENT or AFTER STATEMENT triggers more than once. Also, if there were statement-level triggers on a table affected by a foreign key enforcement action (such as ON DELETE CASCADE), they could fire more than once per outer SQL statement. This is contrary to the SQL standard, so change it.
Move sequences' metadata fields into a new pg_sequence system catalog (Peter Eisentraut)
A sequence relation now stores only the fields that can be modified by nextval(), that is last_value, log_cnt, and is_called. Other sequence properties, such as the starting value and increment, are kept in a corresponding row of the pg_sequence catalog. ALTER SEQUENCE updates are now fully transactional, implying that the sequence is locked until commit. The nextval() and setval() functions remain nontransactional.
The main incompatibility introduced by this change is that selecting from a sequence relation now returns only the three fields named above. To obtain the sequence's other properties, applications must look into pg_sequence. The new system view pg_sequences can also be used for this purpose; it provides column names that are more compatible with existing code.
Also, sequences created for SERIAL columns now generate positive 32-bit wide values, whereas previous versions generated 64-bit wide values. This has no visible effect if the values are only stored in a column.
The output of psql's \d command for a sequence has been redesigned, too.
Make pg_basebackup stream the WAL needed to restore the backup by default (Magnus Hagander)
This changes pg_basebackup's -X/--wal-method default to stream. An option value none has been added to reproduce the old behavior. The pg_basebackup option -x has been removed (instead, use -X fetch).
Change how logical replication uses pg_hba.conf (Peter Eisentraut)
In previous releases, a logical replication connection required the replication keyword in the database column. As of this release, logical replication matches a normal entry with a database name or keywords such as all. Physical replication continues to use the replication keyword. Since built-in logical replication is new in this release, this change only affects users of third-party logical replication plugins.
Make all pg_ctl actions wait for completion by default (Peter Eisentraut)
Previously some pg_ctl actions didn't wait for completion, and required the use of -w to do so.
Change the default value of the log_directory server parameter from pg_log to log (Andreas Karlsson)
Add configuration option ssl_dh_params_file to specify file name for custom OpenSSL DH parameters (Heikki Linnakangas)
This replaces the hardcoded, undocumented file name dh1024.pem. Note that dh1024.pem is no longer examined by default; you must set this option if you want to use custom DH parameters.
Increase the size of the default DH parameters used for OpenSSL ephemeral DH ciphers to 2048 bits (Heikki Linnakangas)
The size of the compiled-in DH parameters has been increased from 1024 to 2048 bits, making DH key exchange more resistant to brute-force attacks. However, some old SSL implementations, notably some revisions of Java Runtime Environment version 6, will not accept DH parameters longer than 1024 bits, and hence will not be able to connect over SSL. If it's necessary to support such old clients, you can use custom 1024-bit DH parameters instead of the compiled-in defaults. See ssl_dh_params_file.
Remove the ability to store unencrypted passwords on the server (Heikki Linnakangas)
The password_encryption server parameter no longer supports off or plain. The UNENCRYPTED option is no longer supported in CREATE/ALTER USER ... PASSWORD. Similarly, the --unencrypted option has been removed from createuser. Unencrypted passwords migrated from older versions will be stored encrypted in this release. The default setting for password_encryption is still md5.
Add min_parallel_table_scan_size and min_parallel_index_scan_size server parameters to control parallel queries (Amit Kapila, Robert Haas)
These replace min_parallel_relation_size, which was found to be too generic.
Don't downcase unquoted text within shared_preload_libraries and related server parameters (QL Zhuo)
These settings are really lists of file names, but they were previously treated as lists of SQL identifiers, which have different parsing rules.
Remove sql_inheritance server parameter (Robert Haas)
Changing this setting from the default value caused queries referencing parent tables to not include child tables. The SQL standard requires them to be included, however, and this has been the default since PostgreSQL 7.1.
Allow multi-dimensional arrays to be passed into PL/Python functions, and returned as nested Python lists (Alexey Grishchenko, Dave Cramer, Heikki Linnakangas)
This feature requires a backwards-incompatible change to the handling of arrays of composite types in PL/Python. Previously, you could return an array of composite values by writing, e.g., [[col1, col2], [col1, col2]]; but now that is interpreted as a two-dimensional array. Composite types in arrays must now be written as Python tuples, not lists, to resolve the ambiguity; that is, write [(col1, col2), (col1, col2)] instead.
Remove PL/Tcl's “module” auto-loading facility (Tom Lane)
This functionality has been replaced by new server parameters pltcl.start_proc and pltclu.start_proc, which are easier to use and more similar to features available in other PLs.
Remove pg_dump/pg_dumpall support for dumping from pre-8.0 servers (Tom Lane)
Users needing to dump from pre-8.0 servers will need to use dump programs from PostgreSQL 9.6 or earlier. The resulting output should still load successfully into newer servers.
Remove support for floating-point timestamps and intervals (Tom Lane)
This removes configure's --disable-integer-datetimes option. Floating-point timestamps have few advantages and have not been the default since PostgreSQL 8.3.
Remove server support for client/server protocol version 1.0 (Tom Lane)
This protocol hasn't had client support since PostgreSQL 6.3.
Remove contrib/tsearch2 module (Robert Haas)
This module provided compatibility with the version of full text search that shipped in pre-8.3 PostgreSQL releases.
Remove createlang and droplang command-line applications (Peter Eisentraut)
These had been deprecated since PostgreSQL 9.1. Instead, use CREATE EXTENSION and DROP EXTENSION directly.
Remove support for version-0 function calling conventions (Andres Freund)
Extensions providing C-coded functions must now conform to version 1 calling conventions. Version 0 has been deprecated since 2001.
Support parallel B-tree index scans (Rahila Syed, Amit Kapila, Robert Haas, Rafia Sabih)
This change allows B-tree index pages to be searched by separate parallel workers.
Support parallel bitmap heap scans (Dilip Kumar)
This allows a single index scan to dispatch parallel workers to process different areas of the heap.
Allow merge joins to be performed in parallel (Dilip Kumar)
Allow non-correlated subqueries to be run in parallel (Amit Kapila)
Improve ability of parallel workers to return pre-sorted data (Rushabh Lathia)
Increase parallel query usage in procedural language functions (Robert Haas, Rafia Sabih)
Add max_parallel_workers server parameter to limit the number of worker processes that can be used for query parallelism (Julien Rouhaud)
This parameter can be set lower than max_worker_processes to reserve worker processes for purposes other than parallel queries.
Enable parallelism by default by changing the default setting of max_parallel_workers_per_gather to 2.
Add write-ahead logging support to hash indexes (Amit Kapila)
This makes hash indexes crash-safe and replicatable. The former warning message about their use is removed.
Improve hash index performance (Amit Kapila, Mithun Cy, Ashutosh Sharma)
Add SP-GiST index support for INET and CIDR data types (Emre Hasegeli)
Add option to allow BRIN index summarization to happen more aggressively (Álvaro Herrera)
A new CREATE INDEX option enables auto-summarization of the previous BRIN page range when a new page range is created.
Add functions to remove and re-add BRIN summarization for BRIN index ranges (Álvaro Herrera)
The new SQL function brin_summarize_range() updates BRIN index summarization for a specified range and brin_desummarize_range() removes it. This is helpful to update summarization of a range that is now smaller due to UPDATEs and DELETEs.
Improve accuracy in determining if a BRIN index scan is beneficial (David Rowley, Emre Hasegeli)
Allow faster GiST inserts and updates by reusing index space more efficiently (Andrey Borodin)
Reduce page locking during vacuuming of GIN indexes (Andrey Borodin)
Reduce locking required to change table parameters (Simon Riggs, Fabrízio Mello)
For example, changing a table's effective_io_concurrency setting can now be done with a more lightweight lock.
Allow tuning of predicate lock promotion thresholds (Dagfinn Ilmari Mannsåker)
Lock promotion can now be controlled through two new server parameters, max_pred_locks_per_relation and max_pred_locks_per_page.
Add multi-column optimizer statistics to compute the correlation ratio and number of distinct values (Tomas Vondra, David Rowley, Álvaro Herrera)
New commands are CREATE STATISTICS, ALTER STATISTICS, and DROP STATISTICS. This feature is helpful in estimating query memory usage and when combining the statistics from individual columns.
Improve performance of queries affected by row-level security restrictions (Tom Lane)
The optimizer now has more knowledge about where it can place RLS filter conditions, allowing better plans to be generated while still enforcing the RLS conditions safely.
Speed up aggregate functions that calculate a running sum using numeric-type arithmetic, including some variants of SUM(), AVG(), and STDDEV() (Heikki Linnakangas)
Improve performance of character encoding conversions by using radix trees (Kyotaro Horiguchi, Heikki Linnakangas)
Reduce expression evaluation overhead during query execution, as well as plan node calling overhead (Andres Freund)
This is particularly helpful for queries that process many rows.
Allow hashed aggregation to be used with grouping sets (Andrew Gierth)
Use uniqueness guarantees to optimize certain join types (David Rowley)
Improve sort performance of the macaddr data type (Brandur Leach)
Reduce statistics tracking overhead in sessions that reference many thousands of relations (Aleksander Alekseev)
Allow explicit control over EXPLAIN's display of planning and execution time (Ashutosh Bapat)
By default planning and execution time are displayed by EXPLAIN ANALYZE and are not displayed in other cases. The new EXPLAIN option SUMMARY allows explicit control of this.
Add default monitoring roles (Dave Page)
New roles pg_monitor, pg_read_all_settings, pg_read_all_stats, and pg_stat_scan_tables allow simplified permission configuration.
Properly update the statistics collector during REFRESH MATERIALIZED VIEW (Jim Mlodgenski)
Change the default value of log_line_prefix to include current timestamp (with milliseconds) and the process ID in each line of postmaster log output (Christoph Berg)
The previous default was an empty prefix.
Add functions to return the log and WAL directory contents (Dave Page)
The new functions are pg_ls_logdir() and pg_ls_waldir() and can be executed by non-superusers with the proper permissions.
Add function pg_current_logfile() to read logging collector's current stderr and csvlog output file names (Gilles Darold)
Report the address and port number of each listening socket in the server log during postmaster startup (Tom Lane)
Also, when logging failure to bind a listening socket, include the specific address we attempted to bind to.
Reduce log chatter about the starting and stopping of launcher subprocesses (Tom Lane)
These are now DEBUG1-level messages.
Reduce message verbosity of lower-numbered debug levels controlled by log_min_messages (Robert Haas)
This also changes the verbosity of client_min_messages debug levels.
Add pg_stat_activity reporting of low-level wait states (Michael Paquier, Robert Haas, Rushabh Lathia)
This change enables reporting of numerous low-level wait conditions, including latch waits, file reads/writes/fsyncs, client reads/writes, and synchronous replication.
Show auxiliary processes, background workers, and walsender processes in pg_stat_activity (Kuntal Ghosh, Michael Paquier)
This simplifies monitoring. A new column backend_type identifies the process type.
Allow pg_stat_activity to show the SQL query being executed by parallel workers (Rafia Sabih)
Rename pg_stat_activity.wait_event_type values LWLockTranche and LWLockNamed to LWLock (Robert Haas)
This makes the output more consistent.
Add SCRAM-SHA-256 support for password negotiation and storage (Michael Paquier, Heikki Linnakangas)
This provides better security than the existing md5 negotiation and storage method.
Change the password_encryption server parameter from boolean to enum (Michael Paquier)
This was necessary to support additional password hashing options.
Add view pg_hba_file_rules to display the contents of pg_hba.conf (Haribabu Kommi)
This shows the file contents, not the currently active settings.
Support multiple RADIUS servers (Magnus Hagander)
All the RADIUS related parameters are now plural and support a comma-separated list of servers.
Allow SSL configuration to be updated during configuration reload (Andreas Karlsson, Tom Lane)
This allows SSL to be reconfigured without a server restart, by using pg_ctl reload, SELECT pg_reload_conf(), or sending a SIGHUP signal. However, reloading the SSL configuration does not work if the server's SSL key requires a passphrase, as there is no way to re-prompt for the passphrase. The original configuration will apply for the life of the postmaster in that case.
Make the maximum value of bgwriter_lru_maxpages effectively unlimited (Jim Nasby)
After creating or unlinking files, perform an fsync on their parent directory (Michael Paquier)
This reduces the risk of data loss after a power failure.
Prevent unnecessary checkpoints and WAL archiving on otherwise-idle systems (Michael Paquier)
Add wal_consistency_checking server parameter to add details to WAL that can be sanity-checked on the standby (Kuntal Ghosh, Robert Haas)
Any sanity-check failure generates a fatal error on the standby.
Increase the maximum configurable WAL segment size to one gigabyte (Beena Emerson)
A larger WAL segment size allows for fewer archive_command invocations and fewer WAL files to manage.
Add the ability to logically replicate tables to standby servers (Petr Jelinek)
Logical replication allows more flexibility than physical replication does, including replication between different major versions of PostgreSQL and selective replication.
Allow waiting for commit acknowledgment from standby servers irrespective of the order they appear in synchronous_standby_names (Masahiko Sawada)
Previously the server always waited for the active standbys that appeared first in synchronous_standby_names. The new synchronous_standby_names keyword ANY allows waiting for any number of standbys irrespective of their ordering. This is known as quorum commit.
Reduce configuration changes necessary to perform streaming backup and replication (Magnus Hagander, Dang Minh Huong)
Specifically, the defaults were changed for wal_level, max_wal_senders, max_replication_slots, and hot_standby to make them suitable for these usages out-of-the-box.
Enable replication from localhost connections by default in pg_hba.conf (Michael Paquier)
Previously pg_hba.conf's replication connection lines were commented out by default. This is particularly useful for pg_basebackup.
Add columns to pg_stat_replication to report replication delay times (Thomas Munro)
The new columns are write_lag, flush_lag, and replay_lag.
Allow specification of the recovery stopping point by Log Sequence Number (LSN) in recovery.conf (Michael Paquier)
Previously the stopping point could only be selected by timestamp or XID.
Allow users to disable pg_stop_backup()'s waiting for all WAL to be archived (David Steele)
An optional second argument to pg_stop_backup() controls that behavior.
Allow creation of temporary replication slots (Petr Jelinek)
Temporary slots are automatically removed on session exit or error.
Improve performance of hot standby replay with better tracking of Access Exclusive locks (Simon Riggs, David Rowley)
Speed up two-phase commit recovery performance (Stas Kelvich, Nikhil Sontakke, Michael Paquier)
Add XMLTABLE function that converts XML-formatted data into a row set (Pavel Stehule, Álvaro Herrera)
Fix regular expressions' character class handling for large character codes, particularly Unicode characters above U+7FF (Tom Lane)
Previously, such characters were never recognized as belonging to locale-dependent character classes such as [[:alpha:]].
Add table partitioning syntax that automatically creates partition constraints and handles routing of tuple insertions and updates (Amit Langote)
The syntax supports range and list partitioning.
Add AFTER trigger transition tables to record changed rows (Kevin Grittner, Thomas Munro)
Transition tables are accessible from triggers written in server-side languages.
Allow restrictive row-level security policies (Stephen Frost)
Previously all security policies were permissive, meaning that any matching policy allowed access. A restrictive policy must match for access to be granted. These policy types can be combined.
When creating a foreign-key constraint, check for REFERENCES permission on only the referenced table (Tom Lane)
Previously REFERENCES permission on the referencing table was also required. This appears to have stemmed from a misreading of the SQL standard. Since creating a foreign key (or any other type of) constraint requires ownership privilege on the constrained table, additionally requiring REFERENCES permission seems rather pointless.
Allow default permissions on schemas (Matheus Oliveira)
This is done using the ALTER DEFAULT PRIVILEGES command.
Add CREATE SEQUENCE AS command to create a sequence matching an integer data type (Peter Eisentraut)
This simplifies the creation of sequences matching the range of base columns.
Allow COPY on views with view FROM sourceINSTEAD INSERT triggers (Haribabu Kommi)
The triggers are fed the data rows read by COPY.
Allow the specification of a function name without arguments in DDL commands, if it is unique (Peter Eisentraut)
For example, allow DROP FUNCTION on a function name without arguments if there is only one function with that name. This behavior is required by the SQL standard.
Allow multiple functions, operators, and aggregates to be dropped with a single DROP command (Peter Eisentraut)
Support IF NOT EXISTS in CREATE SERVER, CREATE USER MAPPING, and CREATE COLLATION (Anastasia Lubennikova, Peter Eisentraut)
Make VACUUM VERBOSE report the number of skipped frozen pages and oldest xmin (Masahiko Sawada, Simon Riggs)
This information is also included in log_autovacuum_min_duration output.
Improve speed of VACUUM's removal of trailing empty heap pages (Claudio Freire, Álvaro Herrera)
Add full text search support for JSON and JSONB (Dmitry Dolgov)
The functions ts_headline() and to_tsvector() can now be used on these data types.
Add support for EUI-64 MAC addresses, as a new data type macaddr8 (Haribabu Kommi)
This complements the existing support for EUI-48 MAC addresses (type macaddr).
Add identity columns for assigning a numeric value to columns on insert (Peter Eisentraut)
These are similar to SERIAL columns, but are SQL standard compliant.
Allow ENUM values to be renamed (Dagfinn Ilmari Mannsåker)
This uses the syntax ALTER TYPE ... RENAME VALUE.
Properly treat array pseudotypes (anyarray) as arrays in to_json() and to_jsonb() (Andrew Dunstan)
Previously columns declared as anyarray (particularly those in the pg_stats view) were converted to JSON strings rather than arrays.
Add operators for multiplication and division of money values with int8 values (Peter Eisentraut)
Previously such cases would result in converting the int8 values to float8 and then using the money-and-float8 operators. The new behavior avoids possible precision loss. But note that division of money by int8 now truncates the quotient, like other integer-division cases, while the previous behavior would have rounded.
Check for overflow in the money type's input function (Peter Eisentraut)
Add simplified regexp_match() function (Emre Hasegeli)
This is similar to regexp_matches(), but it only returns results from the first match so it does not need to return a set, making it easier to use for simple cases.
Add a version of jsonb's delete operator that takes an array of keys to delete (Magnus Hagander)
Make json_populate_record() and related functions process JSON arrays and objects recursively (Nikita Glukhov)
With this change, array-type fields in the destination SQL type are properly converted from JSON arrays, and composite-type fields are properly converted from JSON objects. Previously, such cases would fail because the text representation of the JSON value would be fed to array_in() or record_in(), and its syntax would not match what those input functions expect.
Add function txid_current_if_assigned() to return the current transaction ID or NULL if no transaction ID has been assigned (Craig Ringer)
This is different from txid_current(), which always returns a transaction ID, assigning one if necessary. Unlike that function, this function can be run on standby servers.
Add function txid_status() to check if a transaction was committed (Craig Ringer)
This is useful for checking after an abrupt disconnection whether your previous transaction committed and you just didn't receive the acknowledgment.
Allow make_date() to interpret negative years as BC years (Álvaro Herrera)
Make to_timestamp() and to_date() reject out-of-range input fields (Artur Zakirov)
For example, previously to_date('2009-06-40','YYYY-MM-DD') was accepted and returned 2009-07-10. It will now generate an error.
Allow PL/Python's cursor() and execute() functions to be called as methods of their plan-object arguments (Peter Eisentraut)
This allows a more object-oriented programming style.
Allow PL/pgSQL's GET DIAGNOSTICS statement to retrieve values into array elements (Tom Lane)
Previously, a syntactic restriction prevented the target variable from being an array element.
Allow PL/Tcl functions to return composite types and sets (Karl Lehenbauer)
Add a subtransaction command to PL/Tcl (Victor Wagner)
This allows PL/Tcl queries to fail without aborting the entire function.
Add server parameters pltcl.start_proc and pltclu.start_proc, to allow initialization functions to be called on PL/Tcl startup (Tom Lane)
Allow specification of multiple host names or addresses in libpq connection strings and URIs (Robert Haas, Heikki Linnakangas)
libpq will connect to the first responsive server in the list.
Allow libpq connection strings and URIs to request a read/write host, that is a master server rather than a standby server (Victor Wagner, Mithun Cy)
This is useful when multiple host names are specified. It is controlled by libpq connection parameter target_session_attrs.
Allow the password file name to be specified as a libpq connection parameter (Julian Markwort)
Previously this could only be specified via an environment variable.
Add function PQencryptPasswordConn() to allow creation of more types of encrypted passwords on the client side (Michael Paquier, Heikki Linnakangas)
Previously only MD5-encrypted passwords could be created using PQencryptPassword(). This new function can also create SCRAM-SHA-256-encrypted passwords.
Change ecpg preprocessor version from 4.12 to 10 (Tom Lane)
Henceforth the ecpg version will match the PostgreSQL distribution version number.
Add conditional branch support to psql (Corey Huinker)
This feature adds psql meta-commands \if, \elif, \else, and \endif. This is primarily helpful for scripting.
Add psql \gx meta-command to execute (\g) a query in expanded mode (\x) (Christoph Berg)
Expand psql variable references in backtick-executed strings (Tom Lane)
This is particularly useful in the new psql conditional branch commands.
Prevent psql's special variables from being set to invalid values (Daniel Vérité, Tom Lane)
Previously, setting one of psql's special variables to an invalid value silently resulted in the default behavior. \set on a special variable now fails if the proposed new value is invalid. As a special exception, \set with an empty or omitted new value, on a boolean-valued special variable, still has the effect of setting the variable to on; but now it actually acquires that value rather than an empty string. \unset on a special variable now explicitly sets the variable to its default value, which is also the value it acquires at startup. In sum, a control variable now always has a displayable value that reflects what psql is actually doing.
Add variables showing server version and psql version (Fabien Coelho)
Improve psql's \d (display relation) and \dD (display domain) commands to show collation, nullable, and default properties in separate columns (Peter Eisentraut)
Previously they were shown in a single “Modifiers” column.
Make the various \d commands handle no-matching-object cases more consistently (Daniel Gustafsson)
They now all print the message about that to stderr, not stdout, and the message wording is more consistent.
Improve psql's tab completion (Jeff Janes, Ian Barwick, Andreas Karlsson, Sehrope Sarkuni, Thomas Munro, Kevin Grittner, Dagfinn Ilmari Mannsåker)
Add pgbench option --log-prefix to control the log file prefix (Masahiko Sawada)
Allow pgbench's meta-commands to span multiple lines (Fabien Coelho)
A meta-command can now be continued onto the next line by writing backslash-return.
Remove restriction on placement of -M option relative to other command line options (Tom Lane)
Add pg_receivewal option -Z/--compress to specify compression (Michael Paquier)
Add pg_recvlogical option --endpos to specify the ending position (Craig Ringer)
This complements the existing --startpos option.
Rename initdb options --noclean and --nosync to be spelled --no-clean and --no-sync (Vik Fearing, Peter Eisentraut)
The old spellings are still supported.
Allow pg_restore to exclude schemas (Michael Banck)
This adds a new -N/--exclude-schema option.
Add --no-blobs option to pg_dump (Guillaume Lelarge)
This suppresses dumping of large objects.
Add pg_dumpall option --no-role-passwords to omit role passwords (Robins Tharakan, Simon Riggs)
This allows use of pg_dumpall by non-superusers; without this option, it fails due to inability to read passwords.
Support using synchronized snapshots when dumping from a standby server (Petr Jelinek)
Issue fsync() on the output files generated by pg_dump and pg_dumpall (Michael Paquier)
This provides more security that the output is safely stored on disk before the program exits. This can be disabled with the new --no-sync option.
Allow pg_basebackup to stream write-ahead log in tar mode (Magnus Hagander)
The WAL will be stored in a separate tar file from the base backup.
Make pg_basebackup use temporary replication slots (Magnus Hagander)
Temporary replication slots will be used by default when pg_basebackup uses WAL streaming with default options.
Be more careful about fsync'ing in all required places in pg_basebackup and pg_receivewal (Michael Paquier)
Add pg_basebackup option --no-sync to disable fsync (Michael Paquier)
Improve pg_basebackup's handling of which directories to skip (David Steele)
Add wait option for pg_ctl's promote operation (Peter Eisentraut)
Add long options for pg_ctl wait (--wait) and no-wait (--no-wait) (Vik Fearing)
Add long option for pg_ctl server options (--options) (Peter Eisentraut)
Make pg_ctl start --wait detect server-ready by watching postmaster.pid, not by attempting connections (Tom Lane)
The postmaster has been changed to report its ready-for-connections status in postmaster.pid, and pg_ctl now examines that file to detect whether startup is complete. This is more efficient and reliable than the old method, and it eliminates postmaster log entries about rejected connection attempts during startup.
Reduce pg_ctl's reaction time when waiting for postmaster start/stop (Tom Lane)
pg_ctl now probes ten times per second when waiting for a postmaster state change, rather than once per second.
Ensure that pg_ctl exits with nonzero status if an operation being waited for does not complete within the timeout (Peter Eisentraut)
The start and promote operations now return exit status 1, not 0, in such cases. The stop operation has always done that.
Change to two-part release version numbering (Peter Eisentraut, Tom Lane)
Release numbers will now have two parts (e.g., 10.1) rather than three (e.g., 9.6.3). Major versions will now increase just the first number, and minor releases will increase just the second number. Release branches will be referred to by single numbers (e.g., 10 rather than 9.6). This change is intended to reduce user confusion about what is a major or minor release of PostgreSQL.
Improve behavior of pgindent (Piotr Stefaniak, Tom Lane)
We have switched to a new version of pg_bsd_indent based on recent improvements made by the FreeBSD project. This fixes numerous small bugs that led to odd C code formatting decisions. Most notably, lines within parentheses (such as in a multi-line function call) are now uniformly indented to match the opening paren, even if that would result in code extending past the right margin.
Allow the ICU library to optionally be used for collation support (Peter Eisentraut)
The ICU library has versioning that allows detection of collation changes between versions. It is enabled via configure option --with-icu. The default still uses the operating system's native collation library.
Automatically mark all PG_FUNCTION_INFO_V1 functions as DLLEXPORT-ed on Windows (Laurenz Albe)
If third-party code is using extern function declarations, they should also add DLLEXPORT markers to those declarations.
Remove SPI functions SPI_push(), SPI_pop(), SPI_push_conditional(), SPI_pop_conditional(), and SPI_restore_connection() as unnecessary (Tom Lane)
Their functionality now happens automatically. There are now no-op macros by these names so that external modules don't need to be updated immediately, but eventually such calls should be removed.
A side effect of this change is that SPI_palloc() and allied functions now require an active SPI connection; they do not degenerate to simple palloc() if there is none. That previous behavior was not very useful and posed risks of unexpected memory leaks.
Allow shared memory to be dynamically allocated (Thomas Munro, Robert Haas)
Add slab-like memory allocator for efficient fixed-size allocations (Tomas Vondra)
Use POSIX semaphores rather than SysV semaphores on Linux and FreeBSD (Tom Lane)
This avoids platform-specific limits on SysV semaphore usage.
Improve support for 64-bit atomics (Andres Freund)
Enable 64-bit atomic operations on ARM64 (Roman Shaposhnik)
Switch to using clock_gettime(), if available, for duration measurements (Tom Lane)
gettimeofday() is still used if clock_gettime() is not available.
Add more robust random number generators to be used for cryptographically secure uses (Magnus Hagander, Michael Paquier, Heikki Linnakangas)
If no strong random number generator can be found, configure will fail unless the --disable-strong-random option is used. However, with this option, pgcrypto functions requiring a strong random number generator will be disabled.
Allow WaitLatchOrSocket() to wait for socket connection on Windows (Andres Freund)
tupconvert.c functions no longer convert tuples just to embed a different composite-type OID in them (Ashutosh Bapat, Tom Lane)
The majority of callers don't care about the composite-type OID; but if the result tuple is to be used as a composite Datum, steps should be taken to make sure the correct OID is inserted in it.
Remove SCO and Unixware ports (Tom Lane)
Overhaul documentation build process (Alexander Lakhin)
Use XSLT to build the PostgreSQL documentation (Peter Eisentraut)
Previously Jade, DSSSL, and JadeTex were used.
Build HTML documentation using XSLT stylesheets by default (Peter Eisentraut)
Allow file_fdw to read from program output as well as files (Corey Huinker, Adam Gomaa)
In postgres_fdw, push aggregate functions to the remote server, when possible (Jeevan Chalke, Ashutosh Bapat)
This reduces the amount of data that must be passed from the remote server, and offloads aggregate computation from the requesting server.
In postgres_fdw, push joins to the remote server in more cases (David Rowley, Ashutosh Bapat, Etsuro Fujita)
Properly support OID columns in postgres_fdw tables (Etsuro Fujita)
Previously OID columns always returned zeros.
Allow btree_gist and btree_gin to index enum types (Andrew Dunstan)
This allows enums to be used in exclusion constraints.
Add indexing support to btree_gist for the UUID data type (Paul Jungwirth)
Add amcheck which can check the validity of B-tree indexes (Peter Geoghegan)
Show ignored constants as $N rather than ? in pg_stat_statements (Lukas Fittl)
Improve cube's handling of zero-dimensional cubes (Tom Lane)
This also improves handling of infinite and NaN values.
Allow pg_buffercache to run with fewer locks (Ivan Kartyshov)
This makes it less disruptive when run on production systems.
Add pgstattuple function pgstathashindex() to view hash index statistics (Ashutosh Sharma)
Use GRANT permissions to control pgstattuple function usage (Stephen Frost)
This allows DBAs to allow non-superusers to run these functions.
Reduce locking when pgstattuple examines hash indexes (Amit Kapila)
Add pageinspect function page_checksum() to show a page's checksum (Tomas Vondra)
Add pageinspect function bt_page_items() to print page items from a page image (Tomas Vondra)
Add hash index support to pageinspect (Jesper Pedersen, Ashutosh Sharma)
⇑ Upgrade to 10.1 released on 2017-11-09 - docs
Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (Dean Rasheed)
The update path of INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies (regardless of how the arbiter index was specified). (CVE-2017-15099)
Fix crash due to rowtype mismatch in json{b}_populate_recordset() (Michael Paquier, Tom Lane)
These functions used the result rowtype specified in the FROM ... AS clause without checking that it matched the actual rowtype of the supplied tuple value. If it didn't, that would usually result in a crash, though disclosure of server memory contents seems possible as well. (CVE-2017-15098)
Fix sample server-start scripts to become $PGUSER before opening $PGLOG (Noah Misch)
Previously, the postmaster log file was opened while still running as root. The database owner could therefore mount an attack against another system user by making $PGLOG be a symbolic link to some other file, which would then become corrupted by appending log messages.
By default, these scripts are not installed anywhere. Users who have made use of them will need to manually recopy them, or apply the same changes to their modified versions. If the existing $PGLOG file is root-owned, it will need to be removed or renamed out of the way before restarting the server with the corrected script. (CVE-2017-12172)
Fix BRIN index summarization to handle concurrent table extension correctly (Álvaro Herrera)
Previously, a race condition allowed some table rows to be omitted from the index. It may be necessary to reindex existing BRIN indexes to recover from past occurrences of this problem.
Fix possible failures during concurrent updates of a BRIN index (Tom Lane)
These race conditions could result in errors like “invalid index offnum” or “inconsistent range map”.
Prevent logical replication from setting non-replicated columns to nulls when replicating an UPDATE (Petr Jelinek)
Fix logical replication to fire BEFORE ROW DELETE triggers when expected (Masahiko Sawada)
Previously, that failed to happen unless the table also had a BEFORE ROW UPDATE trigger.
Fix crash when logical decoding is invoked from a SPI-using function, in particular any function written in a PL language (Tom Lane)
Ignore CTEs when looking up the target table for INSERT/UPDATE/DELETE, and prevent matching schema-qualified target table names to trigger transition table names (Thomas Munro)
This restores the pre-v10 behavior for CTEs attached to DML commands.
Avoid evaluating an aggregate function's argument expression(s) at rows where its FILTER test fails (Tom Lane)
This restores the pre-v10 (and SQL-standard) behavior.
Fix incorrect query results when multiple GROUPING SETS columns contain the same simple variable (Tom Lane)
Fix query-lifespan memory leakage while evaluating a set-returning function in a SELECT's target list (Tom Lane)
Allow parallel execution of prepared statements with generic plans (Amit Kapila, Kuntal Ghosh)
Fix incorrect parallelization decisions for nested queries (Amit Kapila, Kuntal Ghosh)
Fix parallel query handling to not fail when a recently-used role is dropped (Amit Kapila)
Fix crash in parallel execution of a bitmap scan having a BitmapAnd plan node below a BitmapOr node (Dilip Kumar)
Fix json_build_array(), json_build_object(), and their jsonb equivalents to handle explicit VARIADIC arguments correctly (Michael Paquier)
Fix autovacuum's “work item” logic to prevent possible crashes and silent loss of work items (Álvaro Herrera)
Fix corner-case crashes when columns have been added to the end of a view (Tom Lane)
Record proper dependencies when a view or rule contains FieldSelect or FieldStore expression nodes (Tom Lane)
Lack of these dependencies could allow a column or data type DROP to go through when it ought to fail, thereby causing later uses of the view or rule to get errors. This patch does not do anything to protect existing views/rules, only ones created in the future.
Correctly detect hashability of range data types (Tom Lane)
The planner mistakenly assumed that any range type could be hashed for use in hash joins or hash aggregation, but actually it must check whether the range's subtype has hash support. This does not affect any of the built-in range types, since they're all hashable anyway.
Correctly ignore RelabelType expression nodes when examining functional-dependency statistics (David Rowley)
This allows, e.g., extended statistics on varchar columns to be used properly.
Prevent sharing transition states between ordered-set aggregates (David Rowley)
This causes a crash with the built-in ordered-set aggregates, and probably with user-written ones as well. v11 and later will include provisions for dealing with such cases safely, but in released branches, just disable the optimization.
Prevent idle_in_transaction_session_timeout from being ignored when a statement_timeout occurred earlier (Lukas Fittl)
Fix low-probability loss of NOTIFY messages due to XID wraparound (Marko Tiikkaja, Tom Lane)
If a session executed no queries, but merely listened for notifications, for more than 2 billion transactions, it started to miss some notifications from concurrently-committing transactions.
Reduce the frequency of data flush requests during bulk file copies to avoid performance problems on macOS, particularly with its new APFS file system (Tom Lane)
Allow COPY's FREEZE option to work when the transaction isolation level is REPEATABLE READ or higher (Noah Misch)
This case was unintentionally broken by a previous bug fix.
Fix AggGetAggref() to return the correct Aggref nodes to aggregate final functions whose transition calculations have been merged (Tom Lane)
Fix insufficient schema-qualification in some new queries in pg_dump and psql (Vitaly Burovoy, Tom Lane, Noah Misch)
Avoid use of @> operator in psql's queries for \d (Tom Lane)
This prevents problems when the parray_gin extension is installed, since that defines a conflicting operator.
Fix pg_basebackup's matching of tablespace paths to canonicalize both paths before comparing (Michael Paquier)
This is particularly helpful on Windows.
Fix libpq to not require user's home directory to exist (Tom Lane)
In v10, failure to find the home directory while trying to read ~/.pgpass was treated as a hard error, but it should just cause that file to not be found. Both v10 and previous release branches made the same mistake when reading ~/.pg_service.conf, though this was less obvious since that file is not sought unless a service name is specified.
In ecpglib, correctly handle backslashes in string literals depending on whether standard_conforming_strings is set (Tsunakawa Takayuki)
Make ecpglib's Informix-compatibility mode ignore fractional digits in integer input strings, as expected (Gao Zengqi, Michael Meskes)
Fix missing temp-install prerequisites for check-like Make targets (Noah Misch)
Some non-default test procedures that are meant to work like make check failed to ensure that the temporary installation was up to date.
Update time zone data files to tzdata release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, Sudan, Tonga, and Turks & Caicos Islands, plus historical corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, Namibia, and Pago Pago.
In the documentation, restore HTML anchors to being upper-case strings (Peter Eisentraut)
Due to a toolchain change, the 10.0 user manual had lower-case strings for intrapage anchors, thus breaking some external links into our website documentation. Return to our previous convention of using upper-case strings.
⇑ Upgrade to 10.2 released on 2018-02-08 - docs
Fix processing of partition keys containing multiple expressions (Álvaro Herrera, David Rowley)
This error led to crashes or, with carefully crafted input, disclosure of arbitrary backend memory. (CVE-2018-1052)
Ensure that all temporary files made by pg_upgrade are non-world-readable (Tom Lane, Noah Misch)
pg_upgrade normally restricts its temporary files to be readable and writable only by the calling user. But the temporary file containing pg_dumpall -g output would be group- or world-readable, or even writable, if the user's umask setting allows. In typical usage on multi-user machines, the umask and/or the working directory's permissions would be tight enough to prevent problems; but there may be people using pg_upgrade in scenarios where this oversight would permit disclosure of database passwords to unfriendly eyes. (CVE-2018-1053)
Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera)
In some cases VACUUM would fail to remove such tuples even though they are now dead, leading to assorted data corruption scenarios.
Fix failure to mark a hash index's metapage dirty after adding a new overflow page, potentially leading to index corruption (Lixian Zou, Amit Kapila)
Ensure that vacuum will always clean up the pending-insertions list of a GIN index (Masahiko Sawada)
This is necessary to ensure that dead index entries get removed. The old code got it backwards, allowing vacuum to skip the cleanup if some other process were running cleanup concurrently, thus risking invalid entries being left behind in the index.
Fix inadequate buffer locking in some LSN fetches (Jacob Champion, Asim Praveen, Ashwin Agrawal)
These errors could result in misbehavior under concurrent load. The potential consequences have not been characterized fully.
Fix incorrect query results from cases involving flattening of subqueries whose outputs are used in GROUPING SETS (Heikki Linnakangas)
Fix handling of list partitioning constraints for partition keys of boolean or array types (Amit Langote)
Avoid unnecessary failure in a query on an inheritance tree that occurs concurrently with some child table being removed from the tree by ALTER TABLE NO INHERIT (Tom Lane)
Fix spurious deadlock failures when multiple sessions are running CREATE INDEX CONCURRENTLY (Jeff Janes)
During VACUUM FULL, update the table's size fields in pg_class sooner (Amit Kapila)
This prevents poor behavior when rebuilding hash indexes on the table, since those use the pg_class statistics to govern the initial hash size.
Fix UNION/INTERSECT/EXCEPT over zero columns (Tom Lane)
Disallow identity columns on typed tables and partitions (Michael Paquier)
These cases will be treated as unsupported features for now.
Fix assorted failures to apply the correct default value when inserting into an identity column (Michael Paquier, Peter Eisentraut)
In several contexts, notably COPY and ALTER TABLE ADD COLUMN, the expected default value was not applied and instead a null value was inserted.
Fix failures when an inheritance tree contains foreign child tables (Etsuro Fujita)
A mix of regular and foreign tables in an inheritance tree resulted in creation of incorrect plans for UPDATE and DELETE queries. This led to visible failures in some cases, notably when there are row-level triggers on a foreign child table.
Repair failure with correlated sub-SELECT inside VALUES inside a LATERAL subquery (Tom Lane)
Fix “could not devise a query plan for the given query” planner failure for some cases involving nested UNION ALL inside a lateral subquery (Tom Lane)
Allow functional dependency statistics to be used for boolean columns (Tom Lane)
Previously, although extended statistics could be declared and collected on boolean columns, the planner failed to apply them.
Avoid underestimating the number of groups emitted by subqueries containing set-returning functions in their grouping columns (Tom Lane)
Cases similar to SELECT DISTINCT unnest(foo) got a lower output rowcount estimate in 10.0 than they did in earlier releases, possibly resulting in unfavorable plan choices. Restore the prior estimation behavior.
Fix use of triggers in logical replication workers (Petr Jelinek)
Fix logical decoding to correctly clean up disk files for crashed transactions (Atsushi Torikoshi)
Logical decoding may spill WAL records to disk for transactions generating many WAL records. Normally these files are cleaned up after the transaction's commit or abort record arrives; but if no such record is ever seen, the removal code misbehaved.
Fix walsender timeout failure and failure to respond to interrupts when processing a large transaction (Petr Jelinek)
Fix race condition during replication origin drop that could allow the dropping process to wait indefinitely (Tom Lane)
Allow members of the pg_read_all_stats role to see walsender statistics in the pg_stat_replication view (Feike Steenbergen)
Show walsenders that are sending base backups as active in the pg_stat_activity view (Magnus Hagander)
Fix reporting of scram-sha-256 authentication method in the pg_hba_file_rules view (Michael Paquier)
Previously this was printed as scram-sha256, possibly confusing users as to the correct spelling.
Fix has_sequence_privilege() to support WITH GRANT OPTION tests, as other privilege-testing functions do (Joe Conway)
In databases using UTF8 encoding, ignore any XML declaration that asserts a different encoding (Pavel Stehule, Noah Misch)
We always store XML strings in the database encoding, so allowing libxml to act on a declaration of another encoding gave wrong results. In encodings other than UTF8, we don't promise to support non-ASCII XML data anyway, so retain the previous behavior for bug compatibility. This change affects only xpath() and related functions; other XML code paths already acted this way.
Provide for forward compatibility with future minor protocol versions (Robert Haas, Badrul Chowdhury)
Up to now, PostgreSQL servers simply rejected requests to use protocol versions newer than 3.0, so that there was no functional difference between the major and minor parts of the protocol version number. Allow clients to request versions 3.x without failing, sending back a message showing that the server only understands 3.0. This makes no difference at the moment, but back-patching this change should allow speedier introduction of future minor protocol upgrades.
Allow a client that supports SCRAM channel binding (such as v11 or later libpq) to connect to a v10 server (Michael Paquier)
v10 does not have this feature, and the connection-time negotiation about whether to use it was done incorrectly.
Avoid live-lock in ConditionVariableBroadcast() (Tom Lane, Thomas Munro)
Given repeatedly-unlucky timing, a process attempting to awaken all waiters for a condition variable could loop indefinitely. Due to the limited usage of condition variables in v10, this affects only parallel index scans and some operations on replication slots.
Clean up waits for condition variables correctly during subtransaction abort (Robert Haas)
Ensure that child processes that are waiting for a condition variable will exit promptly if the postmaster process dies (Tom Lane)
Fix crashes in parallel queries using more than one Gather node (Thomas Munro)
Fix hang in parallel index scan when processing a deleted or half-dead index page (Amit Kapila)
Avoid crash if parallel bitmap heap scan is unable to allocate a shared memory segment (Robert Haas)
Cope with failure to start a parallel worker process (Amit Kapila, Robert Haas)
Parallel query previously tended to hang indefinitely if a worker could not be started, as the result of fork() failure or other low-probability problems.
Avoid unnecessary failure when no parallel workers can be obtained during parallel query startup (Robert Haas)
Fix collection of EXPLAIN statistics from parallel workers (Amit Kapila, Thomas Munro)
Ensure that query strings passed to parallel workers are correctly null-terminated (Thomas Munro)
This prevents emitting garbage in postmaster log output from such workers.
Avoid unsafe alignment assumptions when working with __int128 (Tom Lane)
Typically, compilers assume that __int128 variables are aligned on 16-byte boundaries, but our memory allocation infrastructure isn't prepared to guarantee that, and increasing the setting of MAXALIGN seems infeasible for multiple reasons. Adjust the code to allow use of __int128 only when we can tell the compiler to assume lesser alignment. The only known symptom of this problem so far is crashes in some parallel aggregation queries.
Prevent stack-overflow crashes when planning extremely deeply nested set operations (UNION/INTERSECT/EXCEPT) (Tom Lane)
Avoid crash during an EvalPlanQual recheck of an indexscan that is the inner child of a merge join (Tom Lane)
This could only happen during an update or SELECT FOR UPDATE of a join, when there is a concurrent update of some selected row.
Fix crash in autovacuum when extended statistics are defined for a table but can't be computed (Álvaro Herrera)
Fix null-pointer crashes for some types of LDAP URLs appearing in pg_hba.conf (Thomas Munro)
Prevent out-of-memory failures due to excessive growth of simple hash tables (Tomas Vondra, Andres Freund)
Fix sample INSTR() functions in the PL/pgSQL documentation (Yugo Nagata, Tom Lane)
These functions are stated to be Oracle® compatible, but they weren't exactly. In particular, there was a discrepancy in the interpretation of a negative third parameter: Oracle thinks that a negative value indicates the last place where the target substring can begin, whereas our functions took it as the last place where the target can end. Also, Oracle throws an error for a zero or negative fourth parameter, whereas our functions returned zero.
The sample code has been adjusted to match Oracle's behavior more precisely. Users who have copied this code into their applications may wish to update their copies.
Fix pg_dump to make ACL (permissions), comment, and security label entries reliably identifiable in archive output formats (Tom Lane)
The “tag” portion of an ACL archive entry was usually just the name of the associated object. Make it start with the object type instead, bringing ACLs into line with the convention already used for comment and security label archive entries. Also, fix the comment and security label entries for the whole database, if present, to make their tags start with DATABASE so that they also follow this convention. This prevents false matches in code that tries to identify large-object-related entries by seeing if the tag starts with LARGE OBJECT. That could have resulted in misclassifying entries as data rather than schema, with undesirable results in a schema-only or data-only dump.
Note that this change has user-visible results in the output of pg_restore --list.
Rename pg_rewind's copy_file_range function to avoid conflict with new Linux system call of that name (Andres Freund)
This change prevents build failures with newer glibc versions.
In ecpg, detect indicator arrays that do not have the correct length and report an error (David Rader)
Change the behavior of contrib/cube's cube ~> int operator to make it compatible with KNN search (Alexander Korotkov)
The meaning of the second argument (the dimension selector) has been changed to make it predictable which value is selected even when dealing with cubes of varying dimensionalities.
This is an incompatible change, but since the point of the operator was to be used in KNN searches, it seems rather useless as-is. After installing this update, any expression indexes or materialized views using this operator will need to be reindexed/refreshed.
Avoid triggering a libc assertion in contrib/hstore, due to use of memcpy() with equal source and destination pointers (Tomas Vondra)
Fix incorrect display of tuples' null bitmaps in contrib/pageinspect (Maksim Milyutin)
Fix incorrect output from contrib/pageinspect's hash_page_items() function (Masahiko Sawada)
In contrib/postgres_fdw, avoid “outer pathkeys do not match mergeclauses” planner error when constructing a plan involving a remote join (Robert Haas)
In contrib/postgres_fdw, avoid planner failure when there are duplicate GROUP BY entries (Jeevan Chalke)
Provide modern examples of how to auto-start Postgres on macOS (Tom Lane)
The scripts in contrib/start-scripts/osx use infrastructure that's been deprecated for over a decade, and which no longer works at all in macOS releases of the last couple of years. Add a new subdirectory contrib/start-scripts/macos containing scripts that use the newer launchd infrastructure.
Fix incorrect selection of configuration-specific libraries for OpenSSL on Windows (Andrew Dunstan)
Support linking to MinGW-built versions of libperl (Noah Misch)
This allows building PL/Perl with some common Perl distributions for Windows.
Fix MSVC build to test whether 32-bit libperl needs -D_USE_32BIT_TIME_T (Noah Misch)
Available Perl distributions are inconsistent about what they expect, and lack any reliable means of reporting it, so resort to a build-time test on what the library being used actually does.
On Windows, install the crash dump handler earlier in postmaster startup (Takayuki Tsunakawa)
This may allow collection of a core dump for some early-startup failures that did not produce a dump before.
On Windows, avoid encoding-conversion-related crashes when emitting messages very early in postmaster startup (Takayuki Tsunakawa)
Use our existing Motorola 68K spinlock code on OpenBSD as well as NetBSD (David Carlier)
Add support for spinlocks on Motorola 88K (David Carlier)
Update time zone data files to tzdata release 2018c for DST law changes in Brazil, Sao Tome and Principe, plus historical corrections for Bolivia, Japan, and South Sudan. The US/Pacific-New zone has been removed (it was only an alias for America/Los_Angeles anyway).
⇑ Upgrade to 10.3 released on 2018-03-01 - docs
Document how to configure installations and applications to guard against search-path-dependent trojan-horse attacks from other users (Noah Misch)
Using a search_path setting that includes any schemas writable by a hostile user enables that user to capture control of queries and then run arbitrary SQL code with the permissions of the attacked user. While it is possible to write queries that are proof against such hijacking, it is notationally tedious, and it's very easy to overlook holes. Therefore, we now recommend configurations in which no untrusted schemas appear in one's search path. Relevant documentation appears in Section 5.8.6 (for database administrators and users), Section 33.1 (for application authors), Section 37.15.1 (for extension authors), and CREATE FUNCTION (for authors of SECURITY DEFINER functions). (CVE-2018-1058)
Avoid use of insecure search_path settings in pg_dump and other client programs (Noah Misch, Tom Lane)
pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications were themselves vulnerable to the type of hijacking described in the previous changelog entry; since these applications are commonly run by superusers, they present particularly attractive targets. To make them secure whether or not the installation as a whole has been secured, modify them to include only the pg_catalog schema in their search_path settings. Autovacuum worker processes now do the same, as well.
In cases where user-provided functions are indirectly executed by these programs — for example, user-provided functions in index expressions — the tighter search_path may result in errors, which will need to be corrected by adjusting those user-provided functions to not assume anything about what search path they are invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058)
Prevent logical replication from trying to ship changes for unpublishable relations (Peter Eisentraut)
A publication marked FOR ALL TABLES would incorrectly ship changes in materialized views and information_schema tables, which are supposed to be omitted from the change stream.
Fix misbehavior of concurrent-update rechecks with CTE references appearing in subplans (Tom Lane)
If a CTE (WITH clause reference) is used in an InitPlan or SubPlan, and the query requires a recheck due to trying to update or lock a concurrently-updated row, incorrect results could be obtained.
Fix planner failures with overlapping mergejoin clauses in an outer join (Tom Lane)
These mistakes led to “left and right pathkeys do not match in mergejoin” or “outer pathkeys do not match mergeclauses” planner errors in corner cases.
Repair pg_upgrade's failure to preserve relfrozenxid for materialized views (Tom Lane, Andres Freund)
This oversight could lead to data corruption in materialized views after an upgrade, manifesting as “could not access status of transaction” or “found xmin from before relfrozenxid” errors. The problem would be more likely to occur in seldom-refreshed materialized views, or ones that were maintained only with REFRESH MATERIALIZED VIEW CONCURRENTLY.
If such corruption is observed, it can be repaired by refreshing the materialized view (without CONCURRENTLY).
Fix incorrect pg_dump output for some non-default sequence limit values (Alexey Bashtanov)
Fix pg_dump's mishandling of STATISTICS objects (Tom Lane)
An extended statistics object's schema was mislabeled in the dump's table of contents, possibly leading to the wrong results in a schema-selective restore. Its ownership was not correctly restored, either. Also, change the logic so that statistics objects are dumped/restored, or not, as independent objects rather than tying them to the dump/restore decision for the table they are on. The original definition could not scale to the planned future extension to cross-table statistics.
Fix incorrect reporting of PL/Python function names in error CONTEXT stacks (Tom Lane)
An error occurring within a nested PL/Python function call (that is, one reached via a SPI query from another PL/Python function) would result in a stack trace showing the inner function's name twice, rather than the expected results. Also, an error in a nested PL/Python DO block could result in a null pointer dereference crash on some platforms.
Allow contrib/auto_explain's log_min_duration setting to range up to INT_MAX, or about 24 days instead of 35 minutes (Tom Lane)
Mark assorted GUC variables as PGDLLIMPORT, to ease porting extension modules to Windows (Metin Doslu)
⇑ Upgrade to 10.4 released on 2018-05-10 - docs
Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function (Stephen Frost)
pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue.
After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed. (CVE-2018-1115)
Fix incorrect volatility markings on a few built-in functions (Thomas Munro, Tom Lane)
The functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema should be marked volatile because they execute user-supplied queries that might contain volatile operations. They were not, leading to a risk of incorrect query optimization. This has been repaired for new installations by correcting the initial catalog data, but existing installations will continue to contain the incorrect markings. Practical use of these functions seems to pose little hazard, but in case of trouble, it can be fixed by manually updating these functions' pg_proc entries, for example ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, boolean, text) VOLATILE. (Note that that will need to be done in each database of the installation.) Another option is to pg_upgrade the database to a version containing the corrected initial data.
Fix incorrect parallel-safety markings on a few built-in functions (Thomas Munro, Tom Lane)
The functions brin_summarize_new_values, brin_summarize_range, brin_desummarize_range, gin_clean_pending_list, cursor_to_xml, cursor_to_xmlschema, ts_rewrite, ts_stat, binary_upgrade_create_empty_extension, and pg_import_system_collations should be marked parallel-unsafe; some because they perform database modifications directly, and others because they execute user-supplied queries that might do so. They were marked parallel-restricted instead, leading to a risk of unexpected query errors. This has been repaired for new installations by correcting the initial catalog data, but existing installations will continue to contain the incorrect markings. Practical use of these functions seems to pose little hazard unless force_parallel_mode is turned on. In case of trouble, it can be fixed by manually updating these functions' pg_proc entries, for example ALTER FUNCTION pg_catalog.brin_summarize_new_values(regclass) PARALLEL UNSAFE. (Note that that will need to be done in each database of the installation.) Another option is to pg_upgrade the database to a version containing the corrected initial data.
Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed TOAST entries (Pavan Deolasee)
Once the OID counter has wrapped around, it's possible to assign a TOAST value whose OID matches a previously deleted entry in the same TOAST table. If that entry were not yet vacuumed away, this resulted in “unexpected chunk number 0 (expected 1) for toast value nnnnn” errors, which would persist until the dead entry was removed by VACUUM. Fix by not selecting such OIDs when creating a new TOAST entry.
Correctly enforce any CHECK constraints on individual partitions during COPY to a partitioned table (Etsuro Fujita)
Previously, only constraints declared for the partitioned table as a whole were checked.
Accept TRUE and FALSE as partition bound values (Amit Langote)
Previously, only string-literal values were accepted for a boolean partitioning column. But then pg_dump would print such values as TRUE or FALSE, leading to dump/reload failures.
Fix memory management for partition key comparison functions (Álvaro Herrera, Amit Langote)
This error could lead to crashes when using user-defined operator classes for partition keys.
Fix possible crash when a query inserts tuples in several partitions of a partitioned table, and those partitions don't have identical row types (Etsuro Fujita, Amit Langote)
Change ANALYZE's algorithm for updating pg_class.reltuples (David Gould)
Previously, pages not actually scanned by ANALYZE were assumed to retain their old tuple density. In a large table where ANALYZE samples only a small fraction of the pages, this meant that the overall tuple density estimate could not change very much, so that reltuples would change nearly proportionally to changes in the table's physical size (relpages) regardless of what was actually happening in the table. This has been observed to result in reltuples becoming so much larger than reality as to effectively shut off autovacuuming. To fix, assume that ANALYZE's sample is a statistically unbiased sample of the table (as it should be), and just extrapolate the density observed within those pages to the whole table.
Include extended-statistics objects in the set of table properties duplicated by CREATE TABLE ... LIKE ... INCLUDING ALL (David Rowley)
Also add an INCLUDING STATISTICS option, to allow finer-grained control over whether this happens.
Fix CREATE TABLE ... LIKE with bigint identity columns (Peter Eisentraut)
On platforms where long is 32 bits (which includes 64-bit Windows as well as most 32-bit machines), copied sequence parameters would be truncated to 32 bits.
Avoid deadlocks in concurrent CREATE INDEX CONCURRENTLY commands that are run under SERIALIZABLE or REPEATABLE READ transaction isolation (Tom Lane)
Fix possible slow execution of REFRESH MATERIALIZED VIEW CONCURRENTLY (Thomas Munro)
Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail when the referenced cursor uses an index-only-scan plan (Yugo Nagata, Tom Lane)
Fix incorrect planning of join clauses pushed into parameterized paths (Andrew Gierth, Tom Lane)
This error could result in misclassifying a condition as a “join filter” for an outer join when it should be a plain “filter” condition, leading to incorrect join output.
Fix possibly incorrect generation of an index-only-scan plan when the same table column appears in multiple index columns, and only some of those index columns use operator classes that can return the column value (Kyotaro Horiguchi)
Fix misoptimization of CHECK constraints having provably-NULL subclauses of top-level AND/OR conditions (Tom Lane, Dean Rasheed)
This could, for example, allow constraint exclusion to exclude a child table that should not be excluded from a query.
Prevent planner crash when a query has multiple GROUPING SETS, none of which can be implemented by sorting (Andrew Gierth)
Fix executor crash due to double free in some GROUPING SETS usages (Peter Geoghegan)
Fix misexecution of self-joins on transition tables (Thomas Munro)
Avoid crash if a table rewrite event trigger is added concurrently with a command that could call such a trigger (Álvaro Herrera, Andrew Gierth, Tom Lane)
Avoid failure if a query-cancel or session-termination interrupt occurs while committing a prepared transaction (Stas Kelvich)
Fix query-lifespan memory leakage in repeatedly executed hash joins (Tom Lane)
Fix possible leak or double free of visibility map buffer pins (Amit Kapila)
Avoid spuriously marking pages as all-visible (Dan Wood, Pavan Deolasee, Álvaro Herrera)
This could happen if some tuples were locked (but not deleted). While queries would still function correctly, vacuum would normally ignore such pages, with the long-term effect that the tuples were never frozen. In recent releases this would eventually result in errors such as “found multixact nnnnn from before relminmxid nnnnn”.
Fix overly strict sanity check in heap_prepare_freeze_tuple (Álvaro Herrera)
This could result in incorrect “cannot freeze committed xmax” failures in databases that have been pg_upgrade'd from 9.2 or earlier.
Prevent dangling-pointer dereference when a C-coded before-update row trigger returns the “old” tuple (Rushabh Lathia)
Reduce locking during autovacuum worker scheduling (Jeff Janes)
The previous behavior caused drastic loss of potential worker concurrency in databases with many tables.
Ensure client hostname is copied while copying pg_stat_activity data to local memory (Edmund Horner)
Previously the supposedly-local snapshot contained a pointer into shared memory, allowing the client hostname column to change unexpectedly if any existing session disconnected.
Handle pg_stat_activity information for auxiliary processes correctly (Edmund Horner)
The application_name, client_hostname, and query fields might show incorrect data for such processes.
Fix incorrect processing of multiple compound affixes in ispell dictionaries (Arthur Zakirov)
Fix collation-aware searches (that is, indexscans using inequality operators) in SP-GiST indexes on text columns (Tom Lane)
Such searches would return the wrong set of rows in most non-C locales.
Prevent query-lifespan memory leakage with SP-GiST operator classes that use traversal values (Anton Dignös)
Count the number of index tuples correctly during initial build of an SP-GiST index (Tomas Vondra)
Previously, the tuple count was reported to be the same as that of the underlying table, which is wrong if the index is partial.
Count the number of index tuples correctly during vacuuming of a GiST index (Andrey Borodin)
Previously it reported the estimated number of heap tuples, which might be inaccurate, and is certainly wrong if the index is partial.
Fix a corner case where a streaming standby gets stuck at a WAL continuation record (Kyotaro Horiguchi)
In logical decoding, avoid possible double processing of WAL data when a walsender restarts (Craig Ringer)
Fix logical replication to not assume that type OIDs match between the local and remote servers (Masahiko Sawada)
Allow scalarltsel and scalargtsel to be used on non-core datatypes (Tomas Vondra)
Reduce libpq's memory consumption when a server error is reported after a large amount of query output has been collected (Tom Lane)
Discard the previous output before, not after, processing the error message. On some platforms, notably Linux, this can make a difference in the application's subsequent memory footprint.
Fix double-free crashes in ecpg (Patrick Krecker, Jeevan Ladhe)
Fix ecpg to handle long long int variables correctly in MSVC builds (Michael Meskes, Andrew Gierth)
Fix mis-quoting of values for list-valued GUC variables in dumps (Michael Paquier, Tom Lane)
The local_preload_libraries, session_preload_libraries, shared_preload_libraries, and temp_tablespaces variables were not correctly quoted in pg_dump output. This would cause problems if settings for these variables appeared in CREATE FUNCTION ... SET or ALTER DATABASE/ROLE ... SET clauses.
Fix pg_recvlogical to not fail against pre-v10 PostgreSQL servers (Michael Paquier)
A previous fix caused pg_recvlogical to issue a command regardless of server version, but it should only be issued to v10 and later servers.
Ensure that pg_rewind deletes files on the target server if they are deleted from the source server during the run (Takayuki Tsunakawa)
Failure to do this could result in data inconsistency on the target, particularly if the file in question is a WAL segment.
Fix pg_rewind to handle tables in non-default tablespaces correctly (Takayuki Tsunakawa)
Fix overflow handling in PL/pgSQL integer FOR loops (Tom Lane)
The previous coding failed to detect overflow of the loop variable on some non-gcc compilers, leading to an infinite loop.
Adjust PL/Python regression tests to pass under Python 3.7 (Peter Eisentraut)
Support testing PL/Python and related modules when building with Python 3 and MSVC (Andrew Dunstan)
Fix errors in initial build of contrib/bloom indexes (Tomas Vondra, Tom Lane)
Fix possible omission of the table's last tuple from the index. Count the number of index tuples correctly, in case it is a partial index.
Rename internal b64_encode and b64_decode functions to avoid conflict with Solaris 11.4 built-in functions (Rainer Orth)
Sync our copy of the timezone library with IANA tzcode release 2018e (Tom Lane)
This fixes the zic timezone data compiler to cope with negative daylight-savings offsets. While the PostgreSQL project will not immediately ship such timezone data, zic might be used with timezone data obtained directly from IANA, so it seems prudent to update zic now.
Update time zone data files to tzdata release 2018d for DST law changes in Palestine and Antarctica (Casey Station), plus historical corrections for Portugal and its colonies, as well as Enderbury, Jamaica, Turks & Caicos Islands, and Uruguay.
⇑ Upgrade to 10.5 released on 2018-08-09 - docs
Fix failure to reset libpq's state fully between connection attempts (Tom Lane)
An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915)
Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT * FROM ... (Dean Rasheed, Amit Langote)
Erroneous expansion of an updatable view could lead to crashes or “attribute ... has the wrong type” errors, if the view's SELECT list doesn't match one-to-one with the underlying table's columns. Furthermore, this bug could be leveraged to allow updates of columns that an attacking user lacks UPDATE privilege for, if that user has INSERT and UPDATE privileges for some other column(s) of the table. Any user could also use it for disclosure of server memory. (CVE-2018-10925)
Ensure that updates to the relfrozenxid and relminmxid values for “nailed” system catalogs are processed in a timely fashion (Andres Freund)
Overoptimistic caching rules could prevent these updates from being seen by other sessions, leading to spurious errors and/or data corruption. The problem was significantly worse for shared catalogs, such as pg_authid, because the stale cache data could persist into new sessions as well as existing ones.
Fix case where a freshly-promoted standby crashes before having completed its first post-recovery checkpoint (Michael Paquier, Kyotaro Horiguchi, Pavan Deolasee, Álvaro Herrera)
This led to a situation where the server did not think it had reached a consistent database state during subsequent WAL replay, preventing restart.
Avoid emitting a bogus WAL record when recycling an all-zero btree page (Amit Kapila)
This mistake has been seen to cause assertion failures, and potentially it could result in unnecessary query cancellations on hot standby servers.
During WAL replay, guard against corrupted record lengths exceeding 1GB (Michael Paquier)
Treat such a case as corrupt data. Previously, the code would try to allocate space and get a hard error, making recovery impossible.
When ending recovery, delay writing the timeline history file as long as possible (Heikki Linnakangas)
This avoids some situations where a failure during recovery cleanup (such as a problem with a two-phase state file) led to inconsistent timeline state on-disk.
Improve performance of WAL replay for transactions that drop many relations (Fujii Masao)
This change reduces the number of times that shared buffers are scanned, so that it is of most benefit when that setting is large.
Improve performance of lock releasing in standby server WAL replay (Thomas Munro)
Make logical WAL senders report streaming state correctly (Simon Riggs, Sawada Masahiko)
The code previously mis-detected whether or not it had caught up with the upstream server.
Ensure that a snapshot is provided when executing data type input functions in logical replication subscribers (Minh-Quan Tran, Álvaro Herrera)
This omission led to failures in some cases, such as domains with constraints using SQL-language functions.
Fix bugs in snapshot handling during logical decoding, allowing wrong decoding results in rare cases (Arseny Sher, Álvaro Herrera)
Add subtransaction handling in logical-replication table synchronization workers (Amit Khandekar, Robert Haas)
Previously, table synchronization could misbehave if any subtransactions were aborted after modifying a table being synchronized.
Ensure a table's cached index list is correctly rebuilt after an index creation fails partway through (Peter Geoghegan)
Previously, the failed index's OID could remain in the list, causing problems later in the same session.
Fix mishandling of empty uncompressed posting list pages in GIN indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov)
This could result in an assertion failure after pg_upgrade of a pre-9.4 GIN index (9.4 and later will not create such pages).
Pad arrays of unnamed POSIX semaphores to reduce cache line sharing (Thomas Munro)
This reduces contention on many-CPU systems, fixing a performance regression (compared to previous releases) on Linux and FreeBSD.
Ensure that a process doing a parallel index scan will respond to signals (Amit Kapila)
Previously, parallel workers could get stuck waiting for a lock on an index page, and not notice requests to abort the query.
Ensure that VACUUM will respond to signals within btree page deletion loops (Andres Freund)
Corrupted btree indexes could result in an infinite loop here, and that previously wasn't interruptible without forcing a crash.
Fix hash-join costing mistake introduced with inner_unique optimization (David Rowley)
This could lead to bad plan choices in situations where that optimization was applicable.
Fix misoptimization of equivalence classes involving composite-type columns (Tom Lane)
This resulted in failure to recognize that an index on a composite column could provide the sort order needed for a mergejoin on that column.
Fix planner to avoid “ORDER/GROUP BY expression not found in targetlist” errors in some queries with set-returning functions (Tom Lane)
Fix handling of partition keys whose data type uses a polymorphic btree operator class, such as arrays (Amit Langote, Álvaro Herrera)
Fix SQL-standard FETCH FIRST syntax to allow parameters ($), as the standard expects (Andrew Gierth)n
Remove undocumented restriction against duplicate partition key columns (Yugo Nagata)
Disallow temporary tables from being partitions of non-temporary tables (Amit Langote, Michael Paquier)
While previously allowed, this case didn't work reliably.
Fix EXPLAIN's accounting for resource usage, particularly buffer accesses, in parallel workers (Amit Kapila, Robert Haas)
Fix SHOW ALL to show all settings to roles that are members of pg_read_all_settings, and also allow such roles to see source filename and line number in the pg_settings view (Laurenz Albe, Álvaro Herrera)
Fix failure to schema-qualify some object names in getObjectDescription and getObjectIdentity output (Kyotaro Horiguchi, Tom Lane)
Names of collations, conversions, text search objects, publication relations, and extended statistics objects were not schema-qualified when they should be.
Fix CREATE AGGREGATE type checking so that parallelism support functions can be attached to variadic aggregates (Alexey Bashtanov)
Widen COPY FROM's current-line-number counter from 32 to 64 bits (David Rowley)
This avoids two problems with input exceeding 4G lines: COPY FROM WITH HEADER would drop a line every 4G lines, not only the first line, and error reports could show a wrong line number.
Allow replication slots to be dropped in single-user mode (Álvaro Herrera)
This use-case was accidentally broken in release 10.0.
Fix incorrect results from variance(int4) and related aggregates when run in parallel aggregation mode (David Rowley)
Process TEXT and CDATA nodes correctly in xmltable() column expressions (Markus Winand)
Cope with possible failure of OpenSSL's RAND_bytes() function (Dean Rasheed, Michael Paquier)
Under rare circumstances, this oversight could result in “could not generate random cancel key” failures that could only be resolved by restarting the postmaster.
Fix libpq's handling of some cases where hostaddr is specified (Hari Babu, Tom Lane, Robert Haas)
PQhost() gave misleading or incorrect results in some cases. Now, it uniformly returns the host name if specified, or the host address if only that is specified, or the default host name (typically /tmp or localhost) if both parameters are omitted.
Also, the wrong value might be compared to the server name when verifying an SSL certificate.
Also, the wrong value might be compared to the host name field in ~/.pgpass. Now, that field is compared to the host name if specified, or the host address if only that is specified, or localhost if both parameters are omitted.
Also, an incorrect error message was reported for an unparseable hostaddr value.
Also, when the host, hostaddr, or port parameters contain comma-separated lists, libpq is now more careful to treat empty elements of a list as selecting the default behavior.
Add a string freeing function to ecpg's pgtypes library, so that cross-module memory management problems can be avoided on Windows (Takayuki Tsunakawa)
On Windows, crashes can ensue if the free call for a given chunk of memory is not made from the same DLL that malloc'ed the memory. The pgtypes library sometimes returns strings that it expects the caller to free, making it impossible to follow this rule. Add a PGTYPESchar_free() function that just wraps free, allowing applications to follow this rule.
Fix ecpg's support for long long variables on Windows, as well as other platforms that declare strtoll/strtoull nonstandardly or not at all (Dang Minh Huong, Tom Lane)
Fix misidentification of SQL statement type in PL/pgSQL, when a rule change causes a change in the semantics of a statement intra-session (Tom Lane)
This error led to assertion failures, or in rare cases, failure to enforce the INTO STRICT option as expected.
Fix password prompting in client programs so that echo is properly disabled on Windows when stdin is not the terminal (Matthew Stickney)
Further fix mis-quoting of values for list-valued GUC variables in dumps (Tom Lane)
The previous fix for quoting of search_path and other list-valued variables in pg_dump output turned out to misbehave for empty-string list elements, and it risked truncation of long file paths.
Fix pg_dump's failure to dump REPLICA IDENTITY properties for constraint indexes (Tom Lane)
Manually created unique indexes were properly marked, but not those created by declaring UNIQUE or PRIMARY KEY constraints.
Make pg_upgrade check that the old server was shut down cleanly (Bruce Momjian)
The previous check could be fooled by an immediate-mode shutdown.
Fix contrib/hstore_plperl to look through Perl scalar references, and to not crash if it doesn't find a hash reference where it expects one (Tom Lane)
Fix crash in contrib/ltree's lca() function when the input array is empty (Pierre Ducroquet)
Fix various error-handling code paths in which an incorrect error code might be reported (Michael Paquier, Tom Lane, Magnus Hagander)
Rearrange makefiles to ensure that programs link to freshly-built libraries (such as libpq.so) rather than ones that might exist in the system library directories (Tom Lane)
This avoids problems when building on platforms that supply old copies of PostgreSQL libraries.
Update time zone data files to tzdata release 2018e for DST law changes in North Korea, plus historical corrections for Czechoslovakia.
This update includes a redefinition of “daylight savings” in Ireland, as well as for some past years in Namibia and Czechoslovakia. In those jurisdictions, legally standard time is observed in summer, and daylight savings time in winter, so that the daylight savings offset is one hour behind standard time not one hour ahead. This does not affect either the actual UTC offset or the timezone abbreviations in use; the only known effect is that the is_dst column in the pg_timezone_names view will now be true in winter and false in summer in these cases.
⇑ Upgrade to 11 released on 2018-10-18 - docs
Make pg_dump dump the properties of a database, not just its contents (Haribabu Kommi)
Previously, attributes of the database itself, such as database-level GRANT/REVOKE permissions and ALTER DATABASE SET variable settings, were only dumped by pg_dumpall. Now pg_dump --create and pg_restore --create will restore these database properties in addition to the objects within the database. pg_dumpall -g now only dumps role- and tablespace-related attributes. pg_dumpall's complete output (without -g) is unchanged.
pg_dump and pg_restore, without --create, no longer dump/restore database-level comments and security labels; those are now treated as properties of the database.
pg_dumpall's output script will now always create databases with their original locale and encoding, and hence will fail if the locale or encoding name is unknown to the destination system. Previously, CREATE DATABASE would be emitted without these specifications if the database locale and encoding matched the old cluster's defaults.
pg_dumpall --clean now restores the original locale and encoding settings of the postgres and template1 databases, as well as those of user-created databases.
Consider syntactic form when disambiguating function versus column references (Tom Lane)
When x is a table name or composite column, PostgreSQL has traditionally considered the syntactic forms f(x)x.f
Fully enforce uniqueness of table and domain constraint names (Tom Lane)
PostgreSQL expects the names of a table's constraints to be distinct, and likewise for the names of a domain's constraints. However, there was not rigid enforcement of this, and previously there were corner cases where duplicate names could be created.
Make power(numeric, numeric) and power(float8, float8) handle NaN inputs according to the POSIX standard (Tom Lane, Dang Minh Huong)
POSIX says that NaN ^ 0 = 1 and 1 ^ NaN = 1, but all other cases with NaN input(s) should return NaN. power(numeric, numeric) just returned NaN in all such cases; now it honors the two exceptions. power(float8, float8) followed the standard if the C library does; but on some old Unix platforms the library doesn't, and there were also problems on some versions of Windows.
Prevent to_number() from consuming characters when the template separator does not match (Oliver Ford)
Specifically, SELECT to_number('1234', '9,999') used to return 134. It will now return 1234. L and TH now only consume characters that are not digits, positive/negative signs, decimal points, or commas.
Fix to_date(), to_number(), and to_timestamp() to skip a character for each template character (Tom Lane)
Previously, they skipped one byte for each byte of template character, resulting in strange behavior if either string contained multibyte characters.
Adjust the handling of backslashes inside double-quotes in template strings for to_char(), to_number(), and to_timestamp().
Such a backslash now escapes the character after it, particularly a double-quote or another backslash.
Correctly handle relative path expressions in xmltable(), xpath(), and other XML-handling functions (Markus Winand)
Per the SQL standard, relative paths start from the document node of the XML input document, not the root node as these functions previously did.
In the extended query protocol, make statement_timeout apply to each Execute message separately, not to all commands before Sync (Tatsuo Ishii, Andres Freund)
Remove the relhaspkey column from system catalog pg_class (Peter Eisentraut)
Applications needing to check for a primary key should consult pg_index.
Replace system catalog pg_proc's proisagg and proiswindow columns with prokind (Peter Eisentraut)
This new column more clearly distinguishes functions, procedures, aggregates, and window functions.
Correct information schema column tables.table_type to return FOREIGN instead of FOREIGN TABLE (Peter Eisentraut)
This new output matches the SQL standard.
Change the ps process display labels for background workers to match the pg_stat_activity.backend_type labels (Peter Eisentraut)
Cause large object permission checks to happen during large object open, lo_open(), not when a read or write is attempted (Tom Lane, Michael Paquier)
If write access is requested and not available, an error will now be thrown even if the large object is never written to.
Prevent non-superusers from reindexing shared catalogs (Michael Paquier, Robert Haas)
Previously, database owners were also allowed to do this, but now it is considered outside the bounds of their privileges.
Remove deprecated adminpack functions pg_file_read(), pg_file_length(), and pg_logfile_rotate() (Stephen Frost)
Equivalent functionality is now present in the core backend. Existing adminpack installs will continue to have access to these functions until they are updated via ALTER EXTENSION ... UPDATE.
Honor the capitalization of double-quoted command options (Daniel Gustafsson)
Previously, option names in certain SQL commands were forcibly lower-cased even if entered with double quotes; thus for example "FillFactor" would be accepted as an index storage option, though properly its name is lower-case. Such cases will now generate an error.
Remove server parameter replacement_sort_tuples (Peter Geoghegan)
Replacement sorts were determined to be no longer useful.
Remove WITH clause in CREATE FUNCTION (Michael Paquier)
PostgreSQL has long supported a more standard-compliant syntax for this capability.
In PL/pgSQL trigger functions, the OLD and NEW variables now read as NULL when not assigned (Tom Lane)
Previously, references to these variables could be parsed but not executed.
Allow the creation of partitions based on hashing a key column (Amul Sul)
Support indexes on partitioned tables (Álvaro Herrera, Amit Langote)
An “index” on a partitioned table is not a physical index across the whole partitioned table, but rather a template for automatically creating similar indexes on each partition of the table.
If the partition key is part of the index's column set, a partitioned index may be declared UNIQUE. It will represent a valid uniqueness constraint across the whole partitioned table, even though each physical index only enforces uniqueness within its own partition.
The new command ALTER INDEX ATTACH PARTITION causes an existing index on a partition to be associated with a matching index template for its partitioned table. This provides flexibility in setting up a new partitioned index for an existing partitioned table.
Allow foreign keys on partitioned tables (Álvaro Herrera)
Allow FOR EACH ROW triggers on partitioned tables (Álvaro Herrera)
Creation of a trigger on a partitioned table automatically creates triggers on all existing and future partitions. This also allows deferred unique constraints on partitioned tables.
Allow partitioned tables to have a default partition (Jeevan Ladhe, Beena Emerson, Ashutosh Bapat, Rahila Syed, Robert Haas)
The default partition will store rows that don't match any of the other defined partitions, and is searched accordingly.
UPDATE statements that change a partition key column now cause affected rows to be moved to the appropriate partitions (Amit Khandekar)
Allow INSERT, UPDATE, and COPY on partitioned tables to properly route rows to foreign partitions (Etsuro Fujita, Amit Langote)
This is supported by postgres_fdw foreign tables. Since the ExecForeignInsert callback function is called for this in a different way than it used to be, foreign data wrappers must be modified to cope with this change.
Allow faster partition elimination during query processing (Amit Langote, David Rowley, Dilip Kumar)
This speeds access to partitioned tables with many partitions.
Allow partition elimination during query execution (David Rowley, Beena Emerson)
Previously, partition elimination only happened at planning time, meaning many joins and prepared queries could not use partition elimination.
In an equality join between partitioned tables, allow matching partitions to be joined directly (Ashutosh Bapat)
This feature is disabled by default but can be enabled by changing enable_partitionwise_join.
Allow aggregate functions on partitioned tables to be evaluated separately for each partition, subsequently merging the results (Jeevan Chalke, Ashutosh Bapat, Robert Haas)
This feature is disabled by default but can be enabled by changing enable_partitionwise_aggregate.
Allow postgres_fdw to push down aggregates to foreign tables that are partitions (Jeevan Chalke)
Allow parallel building of a btree index (Peter Geoghegan, Rushabh Lathia, Heikki Linnakangas)
Allow hash joins to be performed in parallel using a shared hash table (Thomas Munro)
Allow UNION to run each SELECT in parallel if the individual SELECTs cannot be parallelized (Amit Khandekar, Robert Haas, Amul Sul)
Allow partition scans to more efficiently use parallel workers (Amit Khandekar, Robert Haas, Amul Sul)
Allow LIMIT to be passed to parallel workers (Robert Haas, Tom Lane)
This allows workers to reduce returned results and use targeted index scans.
Allow single-evaluation queries, e.g. WHERE clause aggregate queries, and functions in the target list to be parallelized (Amit Kapila, Robert Haas)
Add server parameter parallel_leader_participation to control whether the leader also executes subplans (Thomas Munro)
The default is enabled, meaning the leader will execute subplans.
Allow parallelization of commands CREATE TABLE ... AS, SELECT INTO, and CREATE MATERIALIZED VIEW (Haribabu Kommi)
Improve performance of sequential scans with many parallel workers (David Rowley)
Add reporting of parallel workers' sort activity in EXPLAIN (Robert Haas, Tom Lane)
Allow B-tree indexes to include columns that are not part of the search key or unique constraint, but are available to be read by index-only scans (Anastasia Lubennikova, Alexander Korotkov, Teodor Sigaev)
This is enabled by the new INCLUDE clause of CREATE INDEX. It facilitates building “covering indexes” that optimize specific types of queries. Columns can be included even if their data types don't have B-tree support.
Improve performance of monotonically increasing index additions (Pavan Deolasee, Peter Geoghegan)
Improve performance of hash index scans (Ashutosh Sharma)
Add predicate locking for hash, GiST and GIN indexes (Shubham Barai)
This reduces the likelihood of serialization conflicts in serializable-mode transactions.
Add prefix-match operator text ^@ text, which is supported by SP-GiST (Ildus Kurbangaliev)
This is similar to using var LIKE 'word%' with a btree index, but it is more efficient.
Allow polygons to be indexed with SP-GiST (Nikita Glukhov, Alexander Korotkov)
Allow SP-GiST to use lossy representation of leaf keys (Teodor Sigaev, Heikki Linnakangas, Alexander Korotkov, Nikita Glukhov)
Improve selection of the most common values for statistics (Jeff Janes, Dean Rasheed)
Previously, the most common values (MCVs) were identified based on their frequency compared to all column values. Now, MCVs are chosen based on their frequency compared to the non-MCV values. This improves the robustness of the algorithm for both uniform and non-uniform distributions.
Improve selectivity estimates for >= and <= (Tom Lane)
Previously, such cases used the same selectivity estimates as > and <, respectively, unless the comparison constants are MCVs. This change is particularly helpful for queries involving BETWEEN with small ranges.
Reduce var = var to var IS NOT NULL where equivalent (Tom Lane)
This leads to better selectivity estimates.
Improve optimizer's row count estimates for EXISTS and NOT EXISTS queries (Tom Lane)
Make the optimizer account for evaluation costs and selectivity of HAVING clauses (Tom Lane)
Add Just-in-Time (JIT) compilation of some parts of query plans to improve execution speed (Andres Freund)
This feature requires LLVM to be available. It is not currently enabled by default, even in builds that support it.
Allow bitmap scans to perform index-only scans when possible (Alexander Kuzmenkov)
Update the free space map during VACUUM (Claudio Freire)
This allows free space to be reused more quickly.
Allow VACUUM to avoid unnecessary index scans (Masahiko Sawada, Alexander Korotkov)
Improve performance of committing multiple concurrent transactions (Amit Kapila)
Reduce memory usage for queries using set-returning functions in their target lists (Andres Freund)
Improve the speed of aggregate computations (Andres Freund)
Allow postgres_fdw to push UPDATEs and DELETEs using joins to foreign servers (Etsuro Fujita)
Previously, only non-join UPDATEs and DELETEs were pushed.
Add support for large pages on Windows (Takayuki Tsunakawa, Thomas Munro)
This is controlled by the huge_pages configuration parameter.
Show memory usage in output from log_statement_stats, log_parser_stats, log_planner_stats, and log_executor_stats (Justin Pryzby, Peter Eisentraut)
Add column pg_stat_activity.backend_type to show the type of a background worker (Peter Eisentraut)
The type is also visible in ps output.
Make log_autovacuum_min_duration log skipped tables that are concurrently being dropped (Nathan Bossart)
Add information_schema columns related to table constraints and triggers (Peter Eisentraut)
Specifically, triggers.action_order, triggers.action_reference_old_table, and triggers.action_reference_new_table are now populated, where before they were always null. Also, table_constraints.enforced now exists but is not yet usefully populated.
Allow the server to specify more complex LDAP specifications in search+bind mode (Thomas Munro)
Specifically, ldapsearchfilter allows pattern matching using combinations of LDAP attributes.
Allow LDAP authentication to use encrypted LDAP (Thomas Munro)
We already supported LDAP over TLS by using ldaptls=1. This new TLS LDAP method for encrypted LDAP is enabled with ldapscheme=ldaps or ldapurl=ldaps://.
Improve logging of LDAP errors (Thomas Munro)
Add default roles that enable file system access (Stephen Frost)
Specifically, the new roles are: pg_read_server_files, pg_write_server_files, and pg_execute_server_program. These roles now also control who can use server-side COPY and the file_fdw extension. Previously, only superusers could use these functions, and that is still the default behavior.
Allow access to file system functions to be controlled by GRANT/REVOKE permissions, rather than superuser checks (Stephen Frost)
Specifically, these functions were modified: pg_ls_dir(), pg_read_file(), pg_read_binary_file(), pg_stat_file().
Use GRANT/REVOKE to control access to lo_import() and lo_export() (Michael Paquier, Tom Lane)
Previously, only superusers were granted access to these functions.
The compile-time option ALLOW_DANGEROUS_LO_FUNCTIONS has been removed.
Use view owner not session owner when preventing non-password access to postgres_fdw tables (Robert Haas)
PostgreSQL only allows superusers to access postgres_fdw tables without passwords, e.g. via peer. Previously, the session owner had to be a superuser to allow such access; now the view owner is checked instead.
Fix invalid locking permission check in SELECT FOR UPDATE on views (Tom Lane)
Add server setting ssl_passphrase_command to allow supplying of the passphrase for SSL key files (Peter Eisentraut)
Also add ssl_passphrase_command_supports_reload to specify whether the SSL configuration should be reloaded and ssl_passphrase_command called during a server configuration reload.
Add storage parameter toast_tuple_target to control the minimum tuple length before TOAST storage will be considered (Simon Riggs)
The default TOAST threshold has not been changed.
Allow server options related to memory and file sizes to be specified in units of bytes (Beena Emerson)
The new unit suffix is “B”. This is in addition to the existing units “kB”, “MB”, “GB” and “TB”.
Allow the WAL file size to be set during initdb (Beena Emerson)
Previously, the 16MB default could only be changed at compile time.
Retain WAL data for only a single checkpoint (Simon Riggs)
Previously, WAL was retained for two checkpoints.
Fill the unused portion of force-switched WAL segment files with zeros for improved compressibility (Chapman Flack)
Replicate TRUNCATE activity when using logical replication (Simon Riggs, Marco Nenciarini, Peter Eisentraut)
Pass prepared transaction information to logical replication subscribers (Nikhil Sontakke, Stas Kelvich)
Exclude unlogged tables, temporary tables, and pg_internal.init files from streaming base backups (David Steele)
There is no need to copy such files.
Allow checksums of heap pages to be verified during streaming base backup (Michael Banck)
Allow replication slots to be advanced programmatically, rather than be consumed by subscribers (Petr Jelinek)
This allows efficient advancement of replication slots when the contents do not need to be consumed. This is performed by pg_replication_slot_advance().
Add timeline information to the backup_label file (Michael Paquier)
Also add a check that the WAL timeline matches the backup_label file's timeline.
Add host and port connection information to the pg_stat_wal_receiver system view (Haribabu Kommi)
Allow ALTER TABLE to add a column with a non-null default without doing a table rewrite (Andrew Dunstan, Serge Rielau)
This is enabled when the default value is a constant.
Allow views to be locked by locking the underlying tables (Yugo Nagata)
Allow ALTER INDEX to set statistics-gathering targets for expression indexes (Alexander Korotkov, Adrien Nayrat)
In psql, \d+ now shows the statistics target for indexes.
Allow multiple tables to be specified in one VACUUM or ANALYZE command (Nathan Bossart)
Also, if any table mentioned in VACUUM uses a column list, then the ANALYZE keyword must be supplied; previously, ANALYZE was implied in such cases.
Add parenthesized options syntax to ANALYZE (Nathan Bossart)
This is similar to the syntax supported by VACUUM.
Add CREATE AGGREGATE option to specify the behavior of the aggregate's finalization function (Tom Lane)
This is helpful for allowing user-defined aggregate functions to be optimized and to work as window functions.
Allow the creation of arrays of domains (Tom Lane)
This also allows array_agg() to be used on domains.
Support domains over composite types (Tom Lane)
Also allow PL/Perl, PL/Python, and PL/Tcl to handle composite-domain function arguments and results. Also improve PL/Python domain handling.
Add casts from JSONB scalars to numeric and boolean data types (Anastasia Lubennikova)
Add all window function framing options specified by SQL:2011 (Oliver Ford, Tom Lane)
Specifically, allow RANGE mode to use PRECEDING and FOLLOWING to select rows having grouping values within plus or minus the specified offset. Add GROUPS mode to include plus or minus the number of peer groups. Frame exclusion syntax was also added.
Add SHA-2 family of hash functions (Peter Eisentraut)
Specifically, sha224(), sha256(), sha384(), sha512() were added.
Add support for 64-bit non-cryptographic hash functions (Robert Haas, Amul Sul)
Allow to_char() and to_timestamp() to specify the time zone's offset from UTC in hours and minutes (Nikita Glukhov, Andrew Dunstan)
This is done with format specifications TZH and TZM.
Add text search function websearch_to_tsquery() that supports a query syntax similar to that used by web search engines (Victor Drobny, Dmitry Ivanov)
Add functions json(b)_to_tsvector() to create a text search query for matching JSON/JSONB values (Dmitry Dolgov)
Add SQL-level procedures, which can start and commit their own transactions (Peter Eisentraut)
They are created with the new CREATE PROCEDURE command and invoked via CALL.
The new ALTER/DROP ROUTINE commands allow altering/dropping of all routine-like objects, including procedures, functions, and aggregates.
Also, writing FUNCTION is now preferred over writing PROCEDURE in CREATE OPERATOR and CREATE TRIGGER, because the referenced object must be a function not a procedure. However, the old syntax is still accepted for compatibility.
Add transaction control to PL/pgSQL, PL/Perl, PL/Python, PL/Tcl, and SPI server-side languages (Peter Eisentraut)
Transaction control is only available within top-transaction-level procedures and nested DO and CALL blocks that only contain other DO and CALL blocks.
Add the ability to define PL/pgSQL composite-type variables as not null, constant, or with initial values (Tom Lane)
Allow PL/pgSQL to handle changes to composite types (e.g. record, row) that happen between the first and later function executions in the same session (Tom Lane)
Previously, such circumstances generated errors.
Add extension jsonb_plpython to transform JSONB to/from PL/Python types (Anthony Bykov)
Add extension jsonb_plperl to transform JSONB to/from PL/Perl types (Anthony Bykov)
Change libpq to disable compression by default (Peter Eisentraut)
Compression is already disabled in modern OpenSSL versions, so that the libpq setting had no effect with such libraries.
Add DO CONTINUE option to ecpg's WHENEVER statement (Vinayak Pokale)
This generates a C continue statement, causing a return to the top of the contained loop when the specified condition occurs.
Add an ecpg mode to enable Oracle Pro*C-style handling of char arrays.
This mode is enabled with -C.
Add psql command \gdesc to display the names and types of the columns in a query result (Pavel Stehule)
Add psql variables to report query activity and errors (Fabien Coelho)
Specifically, the new variables are ERROR, SQLSTATE, ROW_COUNT, LAST_ERROR_MESSAGE, and LAST_ERROR_SQLSTATE.
Allow psql to test for the existence of a variable (Fabien Coelho)
Specifically, the syntax :{?variable_name} allows a variable's existence to be tested in an \if statement.
Allow environment variable PSQL_PAGER to control psql's pager (Pavel Stehule)
This allows psql's default pager to be specified as a separate environment variable from the pager for other applications. PAGER is still honored if PSQL_PAGER is not set.
Make psql's \d+ command always show the table's partitioning information (Amit Langote, Ashutosh Bapat)
Previously, partition information would not be displayed for a partitioned table if it had no partitions. Also indicate which partitions are themselves partitioned.
Ensure that psql reports the proper user name when prompting for a password (Tom Lane)
Previously, combinations of -U and a user name embedded in a URI caused incorrect reporting. Also suppress the user name before the password prompt when --password is specified.
Allow quit and exit to exit psql when given with no prior input (Bruce Momjian)
Also print hints about how to exit when quit and exit are used alone on a line while the input buffer is not empty. Add a similar hint for help.
Make psql hint at using control-D when \q is entered alone on a line but ignored (Bruce Momjian)
For example, \q does not exit when supplied in character strings.
Improve tab completion for ALTER INDEX RESET/SET (Masahiko Sawada)
Add infrastructure to allow psql to adapt its tab completion queries based on the server version (Tom Lane)
Previously, tab completion queries could fail against older servers.
Add pgbench expression support for NULLs, booleans, and some functions and operators (Fabien Coelho)
Add \if conditional support to pgbench (Fabien Coelho)
Allow the use of non-ASCII characters in pgbench variable names (Fabien Coelho)
Add pgbench option --init-steps to control the initialization steps performed (Masahiko Sawada)
Add an approximately Zipfian-distributed random generator to pgbench (Alik Khilazhev)
Allow the random seed to be set in pgbench (Fabien Coelho)
Allow pgbench to do exponentiation with pow() and power() (Raúl Marín Rodríguez)
Add hashing functions to pgbench (Ildar Musin)
Make pgbench statistics more accurate when using --latency-limit and --rate (Fabien Coelho)
Add an option to pg_basebackup that creates a named replication slot (Michael Banck)
The option --create-slot creates the named replication slot (--slot) when the WAL streaming method (--wal-method=stream) is used.
Allow initdb to set group read access to the data directory (David Steele)
This is accomplished with the new initdb option --allow-group-access. Administrators can also set group permissions on the empty data directory before running initdb. Server variable data_directory_mode allows reading of data directory group permissions.
Add pg_verify_checksums tool to verify database checksums while offline (Magnus Hagander)
Allow pg_resetwal to change the WAL segment size via --wal-segsize (Nathan Bossart)
Add long options to pg_resetwal and pg_controldata (Nathan Bossart, Peter Eisentraut)
Add pg_receivewal option --no-sync to prevent synchronous WAL writes, for testing (Michael Paquier)
Add pg_receivewal option --endpos to specify when WAL receiving should stop (Michael Paquier)
Allow pg_ctl to send the SIGKILL signal to processes (Andres Freund)
This was previously unsupported due to concerns over possible misuse.
Reduce the number of files copied by pg_rewind (Michael Paquier)
Prevent pg_rewind from running as root (Michael Paquier)
Add pg_dumpall option --encoding to control output encoding (Michael Paquier)
pg_dump already had this option.
Add pg_dump option --load-via-partition-root to force loading of data into the partition's root table, rather than the original partition (Rushabh Lathia)
This is useful if the system to be loaded to has different collation definitions or endianness, possibly requiring rows to be stored in different partitions than previously.
Add an option to suppress dumping and restoring database object comments (Robins Tharakan)
The new pg_dump, pg_dumpall, and pg_restore option is --no-comments.
Add PGXS support for installing include files (Andrew Gierth)
This supports creating extension modules that depend on other modules. Formerly there was no easy way for the dependent module to find the referenced one's include files. Several existing contrib modules that define data types have been adjusted to install relevant files. Also, PL/Perl and PL/Python now install their include files, to support creation of transform modules for those languages.
Install errcodes.txt to allow extensions to access the list of error codes known to PostgreSQL (Thomas Munro)
Convert documentation to DocBook XML (Peter Eisentraut, Alexander Lakhin, Jürgen Purtz)
The file names still use an sgml extension for compatibility with back branches.
Use stdbool.h to define type bool on platforms where it's suitable, which is most (Peter Eisentraut)
This eliminates a coding hazard for extension modules that need to include stdbool.h.
Overhaul the way that initial system catalog contents are defined (John Naylor)
The initial data is now represented in Perl data structures, making it much easier to manipulate mechanically.
Prevent extensions from creating custom server parameters that take a quoted list of values (Tom Lane)
This cannot be supported at present because knowledge of the parameter's property would be required even before the extension is loaded.
Add ability to use channel binding when using SCRAM authentication (Michael Paquier)
Channel binding is intended to prevent man-in-the-middle attacks, but SCRAM cannot prevent them unless it can be forced to be active. Unfortunately, there is no way to do that in libpq. Support for it is expected in future versions of libpq and in interfaces not built using libpq, e.g. JDBC.
Allow background workers to attach to databases that normally disallow connections (Magnus Hagander)
Add support for hardware CRC calculations on ARMv8 (Yuqi Gu, Heikki Linnakangas, Thomas Munro)
Speed up lookups of built-in functions by OID (Andres Freund)
The previous binary search has been replaced by a lookup array.
Speed up construction of query results (Andres Freund)
Improve speed of access to system caches (Andres Freund)
Add a generational memory allocator which is optimized for serial allocation/deallocation (Tomas Vondra)
This reduces memory usage for logical decoding.
Make the computation of pg_class.reltuples by VACUUM consistent with its computation by ANALYZE (Tomas Vondra)
Update to use perltidy version 20170521 (Tom Lane, Peter Eisentraut)
Allow extension pg_prewarm to restore the previous shared buffer contents on startup (Mithun Cy, Robert Haas)
This is accomplished by having pg_prewarm store the shared buffers' relation and block number data to disk occasionally during server operation, and at shutdown.
Add pg_trgm function strict_word_similarity() to compute the similarity of whole words (Alexander Korotkov)
The function word_similarity() already existed for this purpose, but it was designed to find similar parts of words, while strict_word_similarity() computes the similarity to whole words.
Allow btree_gin to index bool, bpchar, name and uuid data types (Matheus Oliveira)
Allow cube and seg extensions to perform index-only scans using GiST indexes (Andrey Borodin)
Allow retrieval of negative cube coordinates using the ~> operator (Alexander Korotkov)
This is useful for KNN-GiST searches when looking for coordinates in descending order.
Add Vietnamese letter handling to the unaccent extension (Dang Minh Huong, Michael Paquier)
Enhance amcheck to check that each heap tuple has an index entry (Peter Geoghegan)
Have adminpack use the new default file system access roles (Stephen Frost)
Previously, only superusers could call adminpack functions; now role permissions are checked.
Widen pg_stat_statement's query ID to 64 bits (Robert Haas)
This greatly reduces the chance of query ID hash collisions. The query ID can now potentially display as a negative value.
Remove the contrib/start-scripts/osx scripts since they are no longer recommended (use contrib/start-scripts/macos instead) (Tom Lane)
Remove the chkpass extension (Peter Eisentraut)
This extension is no longer considered to be a usable security tool or example of how to write an extension.
⇑ Upgrade to 11.1 released on 2018-11-08 - docs
Ensure proper quoting of transition table names when pg_dump emits CREATE TRIGGER ... REFERENCING commands (Tom Lane)
This oversight could be exploited by an unprivileged user to gain superuser privileges during the next dump/reload or pg_upgrade run. (CVE-2018-16850)
Apply the tablespace specified for a partitioned index when creating a child index (Álvaro Herrera)
Previously, child indexes were always created in the default tablespace.
Fix NULL handling in parallel hashed multi-batch left joins (Andrew Gierth, Thomas Munro)
Outer-relation rows with null values of the hash key were omitted from the join result.
Fix incorrect processing of an array-type coercion expression appearing within a CASE clause that has a constant test expression (Tom Lane)
Fix incorrect expansion of tuples lacking recently-added columns (Andrew Dunstan, Amit Langote)
This is known to lead to crashes in triggers on tables with recently-added columns, and could have other symptoms as well.
Fix bugs with named or defaulted arguments in CALL argument lists (Tom Lane, Pavel Stehule)
Fix strictness check for strict aggregates with ORDER BY columns (Andrew Gierth, Andres Freund)
The strictness logic incorrectly ignored rows for which the ORDER BY value(s) were null.
Disable recheck_on_update optimization (Tom Lane)
This new-in-v11 feature turns out not to have been ready for prime time. Disable it until something can be done about it.
Prevent creation of a partition in a trigger attached to its parent table (Amit Langote)
Ideally we'd allow that, but for the moment it has to be blocked to avoid crashes.
Fix problems with applying ON COMMIT DELETE ROWS to a partitioned temporary table (Amit Langote)
Fix character-class checks to not fail on Windows for Unicode characters above U+FFFF (Tom Lane, Kenji Uno)
This bug affected full-text-search operations, as well as contrib/ltree and contrib/pg_trgm.
Ensure that the server will process already-received NOTIFY and SIGTERM interrupts before waiting for client input (Jeff Janes, Tom Lane)
Fix memory leak in repeated SP-GiST index scans (Tom Lane)
This is only known to amount to anything significant in cases where an exclusion constraint using SP-GiST receives many new index entries in a single command.
Prevent starting the server with wal_level set to too low a value to support an existing replication slot (Andres Freund)
Fix psql, as well as documentation examples, to call PQconsumeInput() before each PQnotifies() call (Tom Lane)
This fixes cases in which psql would not report receipt of a NOTIFY message until after the next command.
Fix pg_verify_checksums's determination of which files to check the checksums of (Michael Paquier)
In some cases it complained about files that are not expected to have checksums.
In contrib/pg_stat_statements, disallow the pg_read_all_stats role from executing pg_stat_statements_reset() (Haribabu Kommi)
pg_read_all_stats is only meant to grant permission to read statistics, not to change them, so this grant was incorrect.
To cause this change to take effect, run ALTER EXTENSION pg_stat_statements UPDATE in each database where pg_stat_statements has been installed. (A database freshly created in 11.0 should not need this, but a database upgraded from a previous release probably still contains the old version of pg_stat_statements. The UPDATE command is harmless if the module was already updated.)
Rename red-black tree support functions to use rbt prefix not rb prefix (Tom Lane)
This avoids name collisions with Ruby functions, which broke PL/Ruby. It's hoped that there are no other affected extensions.
Fix build problems on macOS 10.14 (Mojave) (Tom Lane)
Adjust configure to add an -isysroot switch to CPPFLAGS; without this, PL/Perl and PL/Tcl fail to configure or build on macOS 10.14. The specific sysroot used can be overridden at configure time or build time by setting the PG_SYSROOT variable in the arguments of configure or make.
It is now recommended that Perl-related extensions write $(perl_includespec) rather than -I$(perl_archlibexp)/CORE in their compiler flags. The latter continues to work on most platforms, but not recent macOS.
Also, it should no longer be necessary to specify --with-tclconfig manually to get PL/Tcl to build on recent macOS releases.
Fix MSVC build and regression-test scripts to work on recent Perl versions (Andrew Dunstan)
Perl no longer includes the current directory in its search path by default; work around that.
On Windows, allow the regression tests to be run by an Administrator account (Andrew Dunstan)
To do this safely, pg_regress now gives up any such privileges at startup.
Update time zone data files to tzdata release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia (Volgograd), plus historical corrections for China, Hawaii, Japan, Macau, and North Korea.
⇑ Upgrade to 11.2 released on 2019-02-14 - docs
By default, panic instead of retrying after fsync() failure, to avoid possible data corruption (Craig Ringer, Thomas Munro)
Some popular operating systems discard kernel data buffers when unable to write them out, reporting this as fsync() failure. If we reissue the fsync() request it will succeed, but in fact the data has been lost, so continuing risks database corruption. By raising a panic condition instead, we can replay from WAL, which may contain the only remaining copy of the data in such a situation. While this is surely ugly and inefficient, there are few alternatives, and fortunately the case happens very rarely.
A new server parameter data_sync_retry has been added to control this; if you are certain that your kernel does not discard dirty data buffers in such scenarios, you can set data_sync_retry to on to restore the old behavior.
Include each major release branch's release notes in the documentation for only that branch, rather than that branch and all later ones (Tom Lane)
The duplication induced by the previous policy was getting out of hand. Our plan is to provide a full archive of release notes on the project's web site, but not duplicate it within each release.
Fix handling of unique indexes with INCLUDE columns on partitioned tables (Álvaro Herrera)
The uniqueness condition was not checked properly in such cases.
Ensure that NOT NULL constraints of a partitioned table are honored within its partitions (Álvaro Herrera, Amit Langote)
Update catalog state correctly for partition table constraints when detaching their partition (Amit Langote, Álvaro Herrera)
Previously, the pg_constraint.conislocal field for such a constraint might improperly be left as false, rendering it undroppable. A dump/restore or pg_upgrade would cure the problem, but if necessary, the catalog field can be adjusted manually.
Create or delete foreign key enforcement triggers correctly when attaching or detaching a partition in a partitioned table that has a foreign-key constraint (Amit Langote, Álvaro Herrera)
Avoid useless creation of duplicate foreign key constraints in partitioned tables (Álvaro Herrera)
When an index is created on a partitioned table using ONLY, and there are no partitions yet, mark it valid immediately (Álvaro Herrera)
Otherwise there is no way to make it become valid.
Use a safe table lock level when detaching a partition (Álvaro Herrera)
The previous locking level was too weak and might allow concurrent DDL on the table, with bad results.
Fix problems with applying ON COMMIT DROP and ON COMMIT DELETE ROWS to partitioned tables and tables with inheritance children (Michael Paquier)
Disallow COPY FREEZE on partitioned tables (David Rowley)
This should eventually be made to work, but it may require a patch that's too complicated to risk back-patching.
Fix possible index corruption when the indexed column has a “fast default” (that is, it was added by ALTER TABLE ADD COLUMN with a constant non-NULL default value specified, after the table already contained some rows) (Andres Freund)
Correctly adjust “fast default” values during ALTER TABLE ... ALTER COLUMN TYPE (Andrew Dunstan)
Avoid possible deadlock when acquiring multiple buffer locks (Nishant Fnu)
Avoid deadlock between GIN vacuuming and concurrent index insertions (Alexander Korotkov, Andrey Borodin, Peter Geoghegan)
This change partially reverts a performance improvement, introduced in version 10.0, that attempted to reduce the number of index pages locked during deletion of a GIN posting tree page. That's now been found to lead to deadlocks, so we've removed it pending closer analysis.
Avoid deadlock between hot-standby queries and replay of GIN index page deletion (Alexander Korotkov)
Fix possible crashes in logical replication when index expressions or predicates are in use (Peter Eisentraut)
Avoid useless and expensive logical decoding of TOAST data during a table rewrite (Tomas Vondra)
Fix logic for stopping a subset of WAL senders when synchronous replication is enabled (Paul Guo, Michael Paquier)
Avoid possibly writing an incorrect replica identity field in a tuple deletion WAL record (Stas Kelvich)
Prevent incorrect use of WAL-skipping optimization during COPY to a view or foreign table (Amit Langote, Michael Paquier)
Make the archiver prioritize WAL history files over WAL data files while choosing which file to archive next (David Steele)
Fix possible crash in UPDATE with a multiple SET clause using a sub-SELECT as source (Tom Lane)
Fix crash when zero rows are fed to json[b]_populate_recordset() or json[b]_to_recordset() (Tom Lane)
Avoid crash if libxml2 returns a null error message (Sergio Conde Gómez)
Fix incorrect JIT tuple deforming code for tables with many columns (more than approximately 800) (Andres Freund)
Fix performance and memory leakage issues in hash-based grouping (Andres Freund)
Fix spurious grouping-related parser errors caused by inconsistent handling of collation assignment (Andrew Gierth)
In some cases, expressions that should be considered to match were not seen as matching, if they included operations on collatable data types.
Fix parsing of collation-sensitive expressions in the arguments of a CALL statement (Peter Eisentraut)
Ensure proper cleanup after detecting an error in the argument list of a CALL statement (Tom Lane)
Check whether the comparison function underlying LEAST() or GREATEST() is leakproof, rather than just assuming it is (Tom Lane)
Actual information leaks from btree comparison functions are typically hard to provoke, but in principle they could happen.
Fix incorrect planning of queries involving nested loops both above and below a Gather plan node (Tom Lane)
If both levels of nestloop needed to pass the same variable into their right-hand sides, an incorrect plan would be generated.
Fix incorrect planning of queries in which a lateral reference must be evaluated at a foreign table scan (Tom Lane)
Fix planner failure when the first column of a row comparison matches an index column, but later column(s) do not, and the index has included (non-key) columns (Tom Lane)
Fix corner-case underestimation of the cost of a merge join (Tom Lane)
The planner could prefer a merge join when the outer key range is much smaller than the inner key range, even if there are so many duplicate keys on the inner side that this is a poor choice.
Avoid O(N^2) planning time growth when a query contains many thousand indexable clauses (Tom Lane)
Improve planning speed for large inheritance or partitioning table groups (Amit Langote, Etsuro Fujita)
Improve ANALYZE's handling of concurrently-updated rows (Jeff Janes, Tom Lane)
Previously, rows deleted by an in-progress transaction were omitted from ANALYZE's sample, but this has been found to lead to more inconsistency than including them would do. In effect, the sample now corresponds to an MVCC snapshot as of ANALYZE's start time.
Make TRUNCATE ignore inheritance child tables that are temporary tables of other sessions (Amit Langote, Michael Paquier)
This brings TRUNCATE into line with the behavior of other commands. Previously, such cases usually ended in failure.
Fix TRUNCATE to update the statistics counters for the right table (Tom Lane)
If the truncated table had a TOAST table, that table's counters were reset instead.
Process ALTER TABLE ONLY ADD COLUMN IF NOT EXISTS correctly (Greg Stark)
Allow UNLISTEN in hot-standby mode (Shay Rojansky)
This is necessarily a no-op, because LISTEN isn't allowed in hot-standby mode; but allowing the dummy operation simplifies session-state-reset logic in clients.
Fix missing role dependencies in some schema and data type permissions lists (Tom Lane)
In some cases it was possible to drop a role to which permissions had been granted. This caused no immediate problem, but a subsequent dump/reload or upgrade would fail, with symptoms involving attempts to grant privileges to all-numeric role names.
Prevent use of a session's temporary schema within a two-phase transaction (Michael Paquier)
Accessing a temporary table within such a transaction has been forbidden for a long time, but it was still possible to cause problems with other operations on temporary objects.
Ensure relation caches are updated properly after adding or removing foreign key constraints (Álvaro Herrera)
This oversight could result in existing sessions failing to enforce a newly-created constraint, or continuing to enforce a dropped one.
Ensure relation caches are updated properly after renaming constraints (Amit Langote)
Fix replay of GiST index micro-vacuum operations so that concurrent hot-standby queries do not see inconsistent state (Alexander Korotkov)
Prevent empty GIN index pages from being reclaimed too quickly, causing failures of concurrent searches (Andrey Borodin, Alexander Korotkov)
Fix edge-case failures in float-to-integer coercions (Andrew Gierth, Tom Lane)
Values very slightly above the maximum valid integer value might not be rejected, and then would overflow, producing the minimum valid integer instead. Also, values that should round to the minimum or maximum integer value might be incorrectly rejected.
Fix parsing of space-separated lists of host names in the ldapserver parameter of LDAP authentication entries in pg_hba.conf (Thomas Munro)
When making a PAM authentication request, don't set the PAM_RHOST variable if the connection is via a Unix socket (Thomas Munro)
Previously that variable would be set to [local], which is at best unhelpful, since it's supposed to be a host name.
Disallow setting client_min_messages higher than ERROR (Jonah Harris, Tom Lane)
Previously, it was possible to set this variable to FATAL or PANIC, which had the effect of suppressing transmission of ordinary error messages to the client. However, that's contrary to guarantees that are given in the PostgreSQL wire protocol specification, and it caused some clients to become very confused. In released branches, fix this by silently treating such settings as meaning ERROR instead. Version 12 and later will reject those alternatives altogether.
Fix ecpglib to use uselocale() or _configthreadlocale() in preference to setlocale() (Michael Meskes, Tom Lane)
Since setlocale() is not thread-local, and might not even be thread-safe, the previous coding caused problems in multi-threaded ecpg applications.
Fix incorrect results for numeric data passed through an ecpg SQLDA (SQL Descriptor Area) (Daisuke Higuchi)
Values with leading zeroes were not copied correctly.
Fix psql's \g target meta-command to work with COPY TO STDOUT (Daniel Vérité)
Previously, the target option was ignored, so that the copy data always went to the current query output target.
Make psql's LaTeX output formats render special characters properly (Tom Lane)
Backslash and some other ASCII punctuation characters were not rendered correctly, leading to document syntax errors or wrong characters in the output.
Make pgbench's random number generation fully deterministic and platform-independent when --random-seed= is specified (Fabien Coelho, Tom Lane)N
On any specific platform, the sequence obtained with a particular value of N will probably be different from what it was before this patch.
Fix pg_basebackup and pg_verify_checksums to ignore temporary files appropriately (Michael Banck, Michael Paquier)
Fix pg_dump's handling of materialized views with indirect dependencies on primary keys (Tom Lane)
This led to mis-labeling of such views' dump archive entries, causing harmless warnings about “archive items not in correct section order”; less harmlessly, selective-restore options depending on those labels, such as --section, might misbehave.
Make pg_dump include ALTER INDEX SET STATISTICS commands (Michael Paquier)
When the ability to attach statistics targets to index expressions was added, we forgot to teach pg_dump about it, so that such settings were lost in dump/reload.
Fix pg_dump's dumping of tables that have OIDs (Peter Eisentraut)
The WITH OIDS clause was omitted if it needed to be applied to the first table to be dumped.
Avoid null-pointer-dereference crash on some platforms when pg_dump or pg_restore tries to report an error (Tom Lane)
Prevent false index-corruption reports from contrib/amcheck caused by inline-compressed data (Peter Geoghegan)
Properly disregard SIGPIPE errors if COPY FROM PROGRAM stops reading the program's output early (Tom Lane)
This case isn't actually reachable directly with COPY, but it can happen when using contrib/file_fdw.
Fix contrib/hstore to calculate correct hash values for empty hstore values that were created in version 8.4 or before (Andrew Gierth)
The previous coding did not give the same result as for an empty hstore value created by a newer version, thus potentially causing wrong results in hash joins or hash aggregation. It is advisable to reindex any hash indexes built on hstore columns, if the table might contain data that was originally stored as far back as 8.4 and was never dumped/reloaded since then.
Avoid crashes and excessive runtime with large inputs to contrib/intarray's gist__int_ops index support (Andrew Gierth)
In configure, look for python3 and then python2 if python isn't found (Peter Eisentraut)
This allows PL/Python to be configured without explicitly specifying PYTHON on platforms that no longer provide an unversioned python executable.
Include JIT-related headers in the installed set of header files (Donald Dong)
Support new Makefile variables PG_CFLAGS, PG_CXXFLAGS, and PG_LDFLAGS in pgxs builds (Christoph Berg)
This simplifies customization of extension build processes.
Fix Perl-coded build scripts to not assume “.” is in the search path, since recent Perl versions don't include that (Andrew Dunstan)
Fix server command-line option parsing problems on OpenBSD (Tom Lane)
Relocate call of set_rel_pathlist_hook so that extensions can use it to supply partial paths for parallel queries (KaiGai Kohei)
This is not expected to affect existing use-cases.
Update time zone data files to tzdata release 2018i for DST law changes in Kazakhstan, Metlakatla, and Sao Tome and Principe. Kazakhstan's Qyzylorda zone is split in two, creating a new zone Asia/Qostanay, as some areas did not change UTC offset. Historical corrections for Hong Kong and numerous Pacific islands.
⇑ Upgrade to 11.3 released on 2019-05-09 - docs
Prevent row-level security policies from being bypassed via selectivity estimators (Dean Rasheed)
Some of the planner's selectivity estimators apply user-defined operators to values found in pg_statistic (e.g., most-common values). A leaky operator therefore can disclose some of the entries in a data column, even if the calling user lacks permission to read that column. In CVE-2017-7484 we added restrictions to forestall that, but we failed to consider the effects of row-level security. A user who has SQL permission to read a column, but who is forbidden to see certain rows due to RLS policy, might still learn something about those rows' contents via a leaky operator. This patch further tightens the rules, allowing leaky operators to be applied to statistics data only when there is no relevant RLS policy. (CVE-2019-10130)
Avoid access to already-freed memory during partition routing error reports (Michael Paquier)
This mistake could lead to a crash, and in principle it might be possible to use it to disclose server memory contents. (CVE-2019-10129)
Avoid catalog corruption when an ALTER TABLE on a partitioned table finds that a partitioned index is reusable (Amit Langote, Tom Lane)
This occurs, for example, when ALTER COLUMN TYPE finds that no physical table rewrite is required.
Avoid catalog corruption when a temporary table with ON COMMIT DROP and an identity column is created in a single-statement transaction (Peter Eisentraut)
This hazard was overlooked because the case is not actually useful, since the temporary table would be dropped immediately after creation.
Fix failure in ALTER INDEX ... ATTACH PARTITION if the partitioned table contains more dropped columns than its partition does (Álvaro Herrera)
Fix failure to attach a partition's existing index to a newly-created partitioned index in some cases (Amit Langote, Álvaro Herrera)
This would lead to errors such as “index ... not found in partition” in subsequent DDL that uses the partitioned index.
Avoid crash when an EPQ recheck is performed for a partitioned query result relation (Amit Langote)
This occurs when using READ COMMITTED isolation level and another session has concurrently updated some of the target row(s).
Fix tuple routing in multi-level partitioned tables that have dropped attributes (Amit Langote, Michael Paquier)
Fix failure when the slow path of foreign key constraint initial validation is applied to partitioned tables (Hadi Moshayedi, Tom Lane, Andres Freund)
This didn't manifest except in the uncommon cases where the fast path can't be used (such as permissions problems).
Fix behavior for an UPDATE or DELETE on an inheritance tree or partitioned table in which every table can be excluded (Amit Langote, Tom Lane)
In such cases, the query did not report the correct set of output columns when a RETURNING clause was present, and if there were any statement-level triggers that should be fired, it didn't fire them.
When accessing a partition directly, and constraint_exclusion is set to on, use the partition's partition constraint as well as any CHECK constraints for exclusion checking (Amit Langote, Tom Lane)
This change restores the behavior to what it was in v10.
Avoid server crash when an error occurs while trying to persist a cursor query across a transaction commit (Tom Lane)
If a procedure attempts to commit while it has an open explicit or implicit cursor (for example, a PL/pgSQL FOR-loop query), the cursor must be executed to completion and its results saved before the transaction commit can be performed. An error occurring during such execution led to a crash.
Avoid throwing incorrect errors for updates of temporary tables and unlogged tables when a FOR ALL TABLES publication exists (Peter Eisentraut)
Such tables should be ignored for publication purposes, but some parts of the code failed to do so.
Fix handling of explicit DEFAULT items in an INSERT ... VALUES command with multiple VALUES rows, if the target relation is an updatable view (Amit Langote, Dean Rasheed)
When the updatable view has no default for the column but its underlying table has one, a single-row INSERT ... VALUES will use the underlying table's default. In the multi-row case, however, NULL was always used. Correct it to act like the single-row case.
Fix CREATE VIEW to allow zero-column views (Ashutosh Sharma)
We should allow this for consistency with allowing zero-column tables. Since a table can be converted to a view, zero-column views could be created even with the restriction in place, leading to dump/reload failures.
Add missing support for CREATE TABLE IF NOT EXISTS ... AS EXECUTE ... (Andreas Karlsson)
The combination of IF NOT EXISTS and EXECUTE should work, but the grammar omitted it.
Ensure that sub-SELECTs appearing in row-level-security policy expressions are executed with the correct user's permissions (Dean Rasheed)
Previously, if the table having the RLS policy was accessed via a view, such checks might be executed as the user calling the view, not as the view owner as they should be.
Accept XML documents as valid values of type xml when xmloption is set to content, as required by SQL:2006 and later (Chapman Flack)
Previously PostgreSQL followed the SQL:2003 definition, which doesn't allow this. But that creates a serious problem for dump/restore: there is no setting of xmloption that will accept all valid XML data. Hence, switch to the 2006 definition.
pg_dump is also modified to emit SET xmloption = content while restoring data, ensuring that dump/restore works even if the prevailing setting is document.
Improve server's startup-time checks for whether a pre-existing shared memory segment is still in use (Noah Misch)
The postmaster is now more likely to detect that there are still active processes from a previous postmaster incarnation, even if the postmaster.pid file has been removed.
Avoid possible division-by-zero in btree index vacuum logic (Piotr Stefaniak, Alexander Korotkov)
This could lead to incorrect decisions about whether index cleanup is needed.
Avoid counting parallel workers' transactions as separate transactions (Haribabu Kommi)
Fix incompatibility of GIN-index WAL records (Alexander Korotkov)
A fix applied in February's minor releases was not sufficiently careful about backwards compatibility, leading to problems if a standby server of that vintage reads GIN page-deletion WAL records generated by a primary server of a previous minor release.
Fix possible crash while executing a SHOW command in a replication connection (Michael Paquier)
Avoid server memory leak when fetching rows from a portal one at a time (Tom Lane)
Avoid memory leak when a partition's relation cache entry is rebuilt (Amit Langote, Tom Lane)
Tolerate EINVAL and ENOSYS error results, where appropriate, for fsync and sync_file_range calls (Thomas Munro, James Sewell)
The previous change to panic on file synchronization failures turns out to have been excessively paranoid for certain cases where a failure is predictable and essentially means “operation not supported”.
Report correct relation name in autovacuum's pg_stat_activity display during BRIN summarize operations (Álvaro Herrera)
Avoid crash when trying to plan a partition-wise join when GEQO is active (Tom Lane)
Fix “failed to build any N-way joins” planner failures with lateral references leading out of FULL outer joins (Tom Lane)
Fix misplanning of queries in which a set-returning function is applied to a relation that is provably empty (Tom Lane, Julien Rouhaud)
In v10, this oversight only led to slightly inefficient plans, but in v11 it could cause “set-valued function called in context that cannot accept a set” errors.
Check the appropriate user's permissions when enforcing rules about letting a leaky operator see pg_statistic data (Dean Rasheed)
When an underlying table is being accessed via a view, consider the privileges of the view owner while deciding whether leaky operators may be applied to the table's statistics data, rather than the privileges of the user making the query. This makes the planner's rules about what data is visible match up with the executor's, avoiding unnecessarily-poor plans.
Fix planner's parallel-safety assessment for grouped queries (Etsuro Fujita)
Previously, target-list evaluation work that could have been parallelized might not be.
Fix mishandling of “included” index columns in planner's unique-index logic (Tom Lane)
This could result in failing to recognize that a unique index with included columns proves uniqueness of a query result, leading to a poor plan.
Fix incorrect strictness check for array coercion expressions (Tom Lane)
This might allow, for example, incorrect inlining of a strict SQL function, leading to non-enforcement of the strictness condition.
Speed up planning when there are many equality conditions and many potentially-relevant foreign key constraints (David Rowley)
Avoid O(N^2) performance issue when rolling back a transaction that created many tables (Tomas Vondra)
Fix corner-case server crashes in dynamic shared memory allocation (Thomas Munro, Robert Haas)
Fix race conditions in management of dynamic shared memory (Thomas Munro)
These could lead to “dsa_area could not attach to segment” or “cannot unpin a segment that is not pinned” errors.
Fix race condition in which a hot-standby postmaster could fail to shut down after receiving a smart-shutdown request (Tom Lane)
Fix possible crash when pg_identify_object_as_address() is given invalid input (Álvaro Herrera)
Fix possible “could not access status of transaction” failures in txid_status() (Thomas Munro)
Fix authentication failure when attempting to use SCRAM authentication with mixed OpenSSL library versions (Michael Paquier, Peter Eisentraut)
If libpq is using OpenSSL 1.0.1 or older while the server is using OpenSSL 1.0.2 or newer, the negotiation of which SASL mechanism to use went wrong, leading to a confusing “channel binding not supported by this build” error message.
Tighten validation of encoded SCRAM-SHA-256 and MD5 passwords (Jonathan Katz)
A password string that had the right initial characters could be mistaken for one that is correctly hashed into SCRAM-SHA-256 or MD5 format. The password would be accepted but would be unusable later.
Fix handling of lc_time settings that imply an encoding different from the database's encoding (Juan José Santamaría Flecha, Tom Lane)
Localized month or day names that include non-ASCII characters previously caused unexpected errors or wrong output in such locales.
Create the current_logfiles file with the same permissions as other files in the server's data directory (Haribabu Kommi)
Previously it used the permissions specified by log_file_mode, but that can cause problems for backup utilities.
Fix incorrect operator_precedence_warning checks involving unary minus operators (Rikard Falkeborn)
Disallow NaN as a value for floating-point server parameters (Tom Lane)
Rearrange REINDEX processing to avoid assertion failures when reindexing individual indexes of pg_class (Andres Freund, Tom Lane)
Fix planner assertion failure for parameterized dummy paths (Tom Lane)
Insert correct test function in the result of SnapBuildInitialSnapshot() (Antonin Houska)
No core code cares about this, but some extensions do.
Fix intermittent “could not reattach to shared memory” session startup failures on Windows (Noah Misch)
A previously unrecognized source of these failures is creation of thread stacks for a process's default thread pool. Arrange for such stacks to be allocated in a different memory region.
Fix error detection in directory scanning on Windows (Konstantin Knizhnik)
Errors, such as lack of permissions to read the directory, were not detected or reported correctly; instead the code silently acted as though the directory were empty.
Fix grammar problems in ecpg (Tom Lane)
A missing semicolon led to mistranslation of SET (but not variable = DEFAULTSET ) in ecpg programs, producing syntactically invalid output that the server would reject. Additionally, in a variable TO DEFAULTDROP TYPE or DROP DOMAIN command that listed multiple type names, only the first type name was actually processed.
Sync ecpg's syntax for CREATE TABLE AS with the server's (Daisuke Higuchi)
Fix possible buffer overruns in ecpg's processing of include filenames (Liu Huailing, Fei Wu)
Fix pg_rewind failures due to failure to remove some transient files in the target data directory (Michael Paquier)
Make pg_verify_checksums verify that the data directory it's pointed at is of the right PostgreSQL version (Michael Paquier)
Avoid crash in contrib/postgres_fdw when a query using remote grouping or aggregation has a SELECT-list item that is an uncorrelated sub-select, outer reference, or parameter symbol (Tom Lane)
Change contrib/postgres_fdw to report an error when a remote partition chosen to insert a routed row into is also an UPDATE subplan target that will be updated later in the same command (Amit Langote, Etsuro Fujita)
Previously, such situations led to server crashes or incorrect results of the UPDATE. Allowing such cases to work correctly is a matter for future work.
In contrib/pg_prewarm, avoid indefinitely respawning background worker processes if prewarming fails for some reason (Mithun Cy)
Avoid crash in contrib/vacuumlo if an lo_unlink() call failed (Tom Lane)
Sync our copy of the timezone library with IANA tzcode release 2019a (Tom Lane)
This corrects a small bug in zic that caused it to output an incorrect year-2440 transition in the Africa/Casablanca zone, and adds support for zic's new -r option.
Update time zone data files to tzdata release 2019a for DST law changes in Palestine and Metlakatla, plus historical corrections for Israel.
Etc/UCT is now a backward-compatibility link to Etc/UTC, instead of being a separate zone that generates the abbreviation UCT, which nowadays is typically a typo. PostgreSQL will still accept UCT as an input zone abbreviation, but it won't output it.
⇑ Upgrade to 11.4 released on 2019-06-20 - docs
Fix buffer-overflow hazards in SCRAM verifier parsing (Jonathan Katz, Heikki Linnakangas, Michael Paquier)
Any authenticated user could cause a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could suffice for executing arbitrary code as the PostgreSQL operating system account.
A similar overflow hazard existed in libpq, which could allow a rogue server to crash a client or perhaps execute arbitrary code as the client's operating system account.
The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2019-10164)
Fix assorted errors in run-time partition pruning logic (Tom Lane, Amit Langote, David Rowley)
These mistakes could lead to wrong answers in queries on partitioned tables, if the comparison value used for pruning is dynamically determined, or if multiple range-partitioned columns are involved in pruning decisions, or if stable (not immutable) comparison operators are involved.
Fix possible crash while trying to copy trigger definitions to a new partition (Tom Lane)
Fix failure of ALTER TABLE ... ALTER COLUMN TYPE when the table has a partial exclusion constraint (Tom Lane)
Fix failure of COMMENT command for comments on domain constraints (Daniel Gustafsson, Michael Paquier)
Prevent possible memory clobber when there are duplicate columns in a hash aggregate's hash key list (Andrew Gierth)
Fix incorrect argument null-ness checking during partial aggregation of aggregates with zero or multiple arguments (David Rowley, Kyotaro Horiguchi, Andres Freund)
Fix faulty generation of merge-append plans (Tom Lane)
This mistake could lead to “could not find pathkey item to sort” errors.
Fix incorrect printing of queries with duplicate join names (Philip Dubé)
This oversight caused a dump/restore failure for views containing such queries.
Fix conversion of JSON string literals to JSON-type output columns in json_to_record() and json_populate_record() (Tom Lane)
Such cases should produce the literal as a standalone JSON value, but the code misbehaved if the literal contained any characters requiring escaping.
Fix misoptimization of {1,1} quantifiers in regular expressions (Tom Lane)
Such quantifiers were treated as no-ops and optimized away; but the documentation specifies that they impose greediness, or non-greediness in the case of the non-greedy variant {1,1}?, on the subexpression they're attached to, and this did not happen. The misbehavior occurred only if the subexpression contained capturing parentheses or a back-reference.
Avoid writing an invalid empty btree index page in the unlikely case that a failure occurs while processing INCLUDEd columns during a page split (Peter Geoghegan)
The invalid page would not affect normal index operations, but it might cause failures in subsequent VACUUMs. If that has happened to one of your indexes, recover by reindexing the index.
Avoid possible failures while initializing a new process's pg_stat_activity data (Tom Lane)
Certain operations that could fail, such as converting strings extracted from an SSL certificate into the database encoding, were being performed inside a critical section. Failure there would result in database-wide lockup due to violating the access protocol for shared pg_stat_activity data.
Fix race condition in check to see whether a pre-existing shared memory segment is still in use by a conflicting postmaster (Tom Lane)
Fix unsafe coding in walreceiver's signal handler (Tom Lane)
This avoids rare problems in which the walreceiver process would crash or deadlock when commanded to shut down.
Avoid attempting to do database accesses for parameter checking in processes that are not connected to a specific database (Vignesh C, Andres Freund)
This error could result in failures like “cannot read pg_class without having selected a database”.
Avoid possible hang in libpq if using SSL and OpenSSL's pending-data buffer contains an exact multiple of 256 bytes (David Binderman)
Improve initdb's handling of multiple equivalent names for the system time zone (Tom Lane, Andrew Gierth)
Make initdb examine the /etc/localtime symbolic link, if that exists, to break ties between equivalent names for the system time zone. This makes initdb more likely to select the time zone name that the user would expect when multiple identical time zones exist. It will not change the behavior if /etc/localtime is not a symlink to a zone data file, nor if the time zone is determined from the TZ environment variable.
Separately, prefer UTC over other spellings of that time zone, when neither TZ nor /etc/localtime provide a hint. This fixes an annoyance introduced by tzdata 2019a's change to make the UCT and UTC zone names equivalent: initdb was then preferring UCT, which almost nobody wants.
Fix ordering of GRANT commands emitted by pg_dump and pg_dumpall for databases and tablespaces (Nathan Bossart, Michael Paquier)
If cascading grants had been issued, restore might fail due to the GRANT commands being given in an order that didn't respect their interdependencies.
Make pg_dump recreate table partitions using CREATE TABLE then ATTACH PARTITION, rather than including PARTITION OF in the creation command (Álvaro Herrera, David Rowley)
This avoids problems with the partition's column order possibly being changed to match the parent's. Also, a partition is now restorable from the dump (as a standalone table) even if its parent table isn't restored; the ATTACH will fail, but that can just be ignored.
Fix misleading error reports from reindexdb (Julien Rouhaud)
Ensure that vacuumdb returns correct status if an error occurs while using parallel jobs (Julien Rouhaud)
Fix contrib/auto_explain to not cause problems in parallel queries (Tom Lane)
Previously, a parallel worker might try to log its query even if the parent query were not being logged by auto_explain. This would work sometimes, but it's confusing, and in some cases it resulted in failures like “could not find key N in shm TOC”.
Also, fix an off-by-one error that resulted in not necessarily logging every query even when the sampling rate is set to 1.0.
In contrib/postgres_fdw, account for possible data modifications by local BEFORE ROW UPDATE triggers (Shohei Mochizuki)
If a trigger modified a column that was otherwise not changed by the UPDATE, the new value was not transmitted to the remote server.
On Windows, avoid failure when the database encoding is set to SQL_ASCII and we attempt to log a non-ASCII string (Noah Misch)
The code had been assuming that such strings must be in UTF-8, and would throw an error if they didn't appear to be validly encoded. Now, just transmit the untranslated bytes to the log.
Make PL/pgSQL's header files C++-safe (George Tarasov)
⇑ Upgrade to 11.5 released on 2019-08-08 - docs
Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch)
We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.. Require this as well for casting to temporary types using functional notation, for example func_name(args)pg_temp.. Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)type_name(arg)
Fix execution of hashed subplans that require cross-type comparison (Tom Lane, Andreas Seltenreich)
Hashed subplans used the outer query's original comparison operator to compare entries of the hash table. This is the wrong thing if that operator is cross-type, since all the hash table entries will be of the subquery's output type. For the set of hashable cross-type operators in core PostgreSQL, this mistake seems nearly harmless on 64-bit machines, but it can result in crashes or perhaps unauthorized disclosure of server memory on 32-bit machines. Extensions might provide hashable cross-type operators that create larger risks. (CVE-2019-10209)
Fix failure of ALTER TABLE ... ALTER COLUMN TYPE when altering multiple columns' types in one command (Tom Lane)
This fixes a regression introduced in the most recent minor releases: indexes using the altered columns were not processed correctly, leading to strange failures during ALTER TABLE.
Prevent dropping a partitioned table's trigger if there are pending trigger events in child partitions (Álvaro Herrera)
This notably applies to foreign key constraints, since those are implemented by triggers.
Include user-specified trigger arguments when copying a trigger definition from a partitioned table to one of its partitions (Patrick McHardy)
Install dependencies to prevent dropping partition key columns (Tom Lane)
ALTER TABLE ... DROP COLUMN will refuse to drop a column that is a partition key column. However, indirect drops (such as a cascade from dropping a key column's data type) had no such check, allowing the deletion of a key column. This resulted in a badly broken partitioned table that could neither be accessed nor dropped.
This fix adds pg_depend entries that enforce that the whole partitioned table, not just the key column, will be dropped if a cascaded drop forces removal of the key column. However, such entries will only be created when a partitioned table is created; so this fix does not remove the risk for pre-existing partitioned tables. The issue can only arise for partition key columns of non-built-in data types, so it seems not to be a hazard for most users.
Ensure that column numbers are correctly mapped between a partitioned table and its default partition (Amit Langote)
Some operations misbehaved if the mapping wasn't exactly one-to-one, for example if there were dropped columns in one table and not the other.
Ignore partitions that are foreign tables when creating indexes on partitioned tables (Álvaro Herrera)
Previously an error was thrown on encountering a foreign-table partition, but that's unhelpful and doesn't protect against any actual problem.
Prune a partitioned table's default partition (that is, avoid uselessly scanning it) in more cases (Yuzuko Hosoya)
Fix possible failure to prune partitions when there are multiple partition key columns of boolean type (David Rowley)
Don't optimize away GROUP BY columns when the table involved is an inheritance parent (David Rowley)
Normally, if a table's primary key column(s) are included in GROUP BY, it's safe to drop any other grouping columns, since the primary key columns are enough to make the groups unique. This rule does not work if the query is also reading inheritance child tables, though; the parent's uniqueness does not extend to the children.
Avoid incorrect use of parallel hash join for semi-join queries (Thomas Munro)
This error resulted in duplicate result rows from some EXISTS queries.
Avoid using unnecessary sort steps for some queries with GROUPING SETS (Andrew Gierth, Richard Guo)
Fix possible failure of planner's index endpoint probes (Tom Lane)
When using a recently-created index to determine the minimum or maximum value of a column, the planner could select a recently-dead tuple that does not actually contain the endpoint value. In the worst case the tuple might contain a null, resulting in a visible error “found unexpected null value in index”; more likely we would just end up using the wrong value, degrading the quality of planning estimates.
Fix failure to access trigger transition tables during EvalPlanQual rechecks (Alex Aktsipetrov)
Triggers that rely on transition tables sometimes failed in the presence of concurrent updates.
Fix mishandling of multi-column foreign keys when rebuilding a foreign key constraint (Tom Lane)
ALTER TABLE could make an incorrect decision about whether revalidation of a foreign key is necessary, if not all columns of the key are of the same type. It seems likely that the error would always have been in the conservative direction, that is revalidating unnecessarily.
Don't build extended statistics for inheritance trees (Tomas Vondra)
This avoids a “tuple already updated by self” error during ANALYZE.
Avoid spurious deadlock errors when upgrading a tuple lock (Oleksii Kliukin)
When two or more transactions are waiting for a transaction T1 to release a tuple-level lock, and T1 upgrades its lock to a higher level, a spurious deadlock among the waiting transactions could be reported when T1 finishes.
Fix failure to resolve deadlocks involving multiple parallel worker processes (Rui Hai Jiang)
It is not clear whether this bug is reachable with non-artificial queries, but if it did happen, the queries involved in an otherwise-resolvable deadlock would block until canceled.
Prevent incorrect canonicalization of date ranges with infinity endpoints (Laurenz Albe)
It's incorrect to try to convert an open range to a closed one or vice versa by incrementing or decrementing the endpoint value, if the endpoint is infinite; so leave the range alone in such cases.
Fix loss of fractional digits when converting very large money values to numeric (Tom Lane)
Fix printing of BTREE_META_CLEANUP WAL records (Michael Paquier)
Prevent assertion failures due to mishandling of version-2 btree metapages (Peter Geoghegan)
Fix spinlock assembly code for MIPS CPUs so that it works on MIPS r6 (YunQiang Su)
Ensure that a record or row value returned from a PL/pgSQL function is marked with the function's declared composite type (Tom Lane)
This avoids problems if the result is stored directly into a table.
Make libpq ignore carriage return (\r) in connection service files (Tom Lane, Michael Paquier)
In some corner cases, service files containing Windows-style newlines could be mis-parsed, resulting in connection failures.
In psql, avoid offering incorrect tab completion options after SET (Tom Lane)variable =
Fix a small memory leak in psql's \d command (Tom Lane)
Fix pg_dump to ensure that custom operator classes are dumped in the right order (Tom Lane)
If a user-defined opclass is the subtype opclass of a user-defined range type, related objects were dumped in the wrong order, producing an unrestorable dump. (The underlying failure to handle opclass dependencies might manifest in other cases too, but this is the only known case.)
Fix possible lockup in pgbench when using -R option (Fabien Coelho)
Improve reliability of contrib/amcheck's index verification (Peter Geoghegan)
Fix handling of Perl undef values in contrib/jsonb_plperl (Ivan Panchenko)
Fix contrib/passwordcheck to coexist with other users of check_password_hook (Michael Paquier)
Fix contrib/sepgsql tests to work under recent SELinux releases (Mike Palmiotto)
Improve stability of src/test/kerberos and src/test/ldap regression tests (Thomas Munro, Tom Lane)
Improve stability of src/test/recovery regression tests (Michael Paquier)
Reduce stderr output from pg_upgrade's test script (Tom Lane)
Fix pgbench regression tests to work on Windows (Fabien Coelho)
Fix TAP tests to work with msys Perl, in cases where the build directory is on a non-root msys mount point (Noah Misch)
Support building Postgres with Microsoft Visual Studio 2019 (Haribabu Kommi)
In Visual Studio builds, honor WindowsSDKVersion environment variable, if that's set (Peifeng Qiu)
This fixes build failures in some configurations.
Support OpenSSL 1.1.0 and newer in Visual Studio builds (Juan José Santamaría Flecha, Michael Paquier)
Allow make options to be passed down to gmake when non-GNU make is invoked at the top level (Thomas Munro)
Avoid choosing localtime or posixrules as TimeZone during initdb (Tom Lane)
In some cases initdb would choose one of these artificial zone names over the “real” zone name. Prefer any other match to the C library's timezone behavior over these two.
Adjust pg_timezone_names view to show the Factory time zone if and only if it has a short abbreviation (Tom Lane)
Historically, IANA set up this artificial zone with an “abbreviation” like Local time zone must be set--see zic manual page. Modern versions of the tzdb database show -00 instead, but some platforms alter the data to show one or another of the historical phrases. Show this zone only if it uses the modern abbreviation.
Sync our copy of the timezone library with IANA tzcode release 2019b (Tom Lane)
This adds support for zic's new -b slim option to reduce the size of the installed zone files. We are not currently using that, but may enable it in future.
Update time zone data files to tzdata release 2019b for DST law changes in Brazil, plus historical corrections for Hong Kong, Italy, and Palestine.
⇑ Upgrade to 12 released on 2019-10-03 - docs
Remove the special behavior of oid columns (Andres Freund, John Naylor)
Previously, a normally-invisible oid column could be specified during table creation using WITH OIDS; that ability has been removed. Columns can still be explicitly declared as type oid. Operations on tables that have columns created using WITH OIDS will need adjustment.
The system catalogs that previously had hidden oid columns now have ordinary oid columns. Hence, SELECT * will now output those columns, whereas previously they would be displayed only if selected explicitly.
Remove data types abstime, reltime, and tinterval (Andres Freund)
These are obsoleted by SQL-standard types such as timestamp.
Remove the timetravel extension (Andres Freund)
Move recovery.conf settings into postgresql.conf (Masao Fujii, Simon Riggs, Abhijit Menon-Sen, Sergei Kornilov)
recovery.conf is no longer used, and the server will not start if that file exists. recovery.signal and standby.signal files are now used to switch into non-primary mode. The trigger_file setting has been renamed to promote_trigger_file. The standby_mode setting has been removed.
Do not allow multiple conflicting recovery_target* specifications (Peter Eisentraut)
Specifically, only allow one of recovery_target, recovery_target_lsn, recovery_target_name, recovery_target_time, and recovery_target_xid. Previously, multiple different instances of these parameters could be specified, and the last one was honored. Now, only one can be specified, though the same one can be specified multiple times and the last specification is honored.
Cause recovery to advance to the latest timeline by default (Peter Eisentraut)
Specifically, recovery_target_timeline now defaults to latest. Previously, it defaulted to current.
Refactor code for geometric functions and operators (Emre Hasegeli)
This could lead to more accurate, but slightly different, results compared to previous releases. Notably, cases involving NaN, underflow, overflow, and division by zero are handled more consistently than before.
Improve performance by using a new algorithm for output of real and double precision values (Andrew Gierth)
Previously, displayed floating-point values were rounded to 6 (for real) or 15 (for double precision) digits by default, adjusted by the value of extra_float_digits. Now, whenever extra_float_digits is more than zero (as it now is by default), only the minimum number of digits required to preserve the exact binary value are output. The behavior is the same as before when extra_float_digits is set to zero or less.
Also, formatting of floating-point exponents is now uniform across platforms: two digits are used unless three are necessary. In previous releases, Windows builds always printed three digits.
random() and setseed() now behave uniformly across platforms (Tom Lane)
The sequence of random() values generated following a setseed() call with a particular seed value is likely to be different now than before. However, it will also be repeatable, which was not previously guaranteed because of interference from other uses of random numbers inside the server. The SQL random() function now has its own private per-session state to forestall that.
Change SQL-style substring() to have standard-compliant greediness behavior (Tom Lane)
In cases where the pattern can be matched in more than one way, the initial sub-pattern is now treated as matching the least possible amount of text rather than the greatest; for example, a pattern such as %#"aa*#"% now selects the first group of a's from the input, not the last group.
Do not pretty-print the result of xpath() or the XMLTABLE construct (Tom Lane)
In some cases, these functions would insert extra whitespace (newlines and/or spaces) in nodeset values. This is undesirable since depending on usage, the whitespace might be considered semantically significant.
Rename command-line tool pg_verify_checksums to pg_checksums (Michaël Paquier)
In pg_restore, require specification of -f - to send the dump contents to standard output (Euler Taveira)
Previously, this happened by default if no destination was specified, but that was deemed to be unfriendly.
Disallow non-unique abbreviations in psql's \pset format command (Daniel Vérité)
Previously, for example, \pset format a chose aligned; it will now fail since that could equally well mean asciidoc.
In new btree indexes, the maximum index entry length is reduced by eight bytes, to improve handling of duplicate entries (Peter Geoghegan)
This means that a REINDEX operation on an index pg_upgrade'd from a previous release could potentially fail.
Cause DROP IF EXISTS FUNCTION/PROCEDURE/AGGREGATE/ROUTINE to generate an error if no argument list is supplied and there are multiple matching objects (David Rowley)
Also improve the error message in such cases.
Split the pg_statistic_ext catalog into two catalogs, and add the pg_stats_ext view of it (Dean Rasheed, Tomas Vondra)
This change supports hiding potentially-sensitive statistics data from unprivileged users.
Remove obsolete pg_constraint.consrc column (Peter Eisentraut)
Remove obsolete pg_attrdef.adsrc column (Peter Eisentraut)
Mark table columns of type name as having “C” collation by default (Tom Lane, Daniel Vérité)
The comparison operators for data type name can now use any collation, rather than always using “C” collation. To preserve the previous semantics of queries, columns of type name are now explicitly marked as having “C” collation. A side effect of this is that regular-expression operators on name columns will now use the “C” collation by default, not the database collation, to determine the behavior of locale-dependent regular expression patterns (such as \w). If you want non-C behavior for a regular expression on a name column, attach an explicit COLLATE clause. (For user-defined name columns, another possibility is to specify a different collation at table creation time; but that just moves the non-backwards-compatibility to the comparison operators.)
Treat object-name columns in the information_schema views as being of type name, not varchar (Tom Lane)
Per the SQL standard, object-name columns in the information_schema views are declared as being of domain type sql_identifier. In PostgreSQL, the underlying catalog columns are really of type name. This change makes sql_identifier be a domain over name, rather than varchar as before. This eliminates a semantic mismatch in comparison and sorting behavior, which can greatly improve the performance of queries on information_schema views that restrict an object-name column. Note however that inequality restrictions, for example
SELECT ... FROM information_schema.tables WHERE table_name < 'foo';
will now use “C”-locale comparison semantics by default, rather than the database's default collation as before. Sorting on these columns will also follow “C” ordering rules. The previous behavior (and inefficiency) can be enforced by adding a COLLATE "default" clause.
Remove the ability to disable dynamic shared memory (Kyotaro Horiguchi)
Specifically, dynamic_shared_memory_type can no longer be set to none.
Parse libpq integer connection parameters more strictly (Fabien Coelho)
In previous releases, using an incorrect integer value for connection parameters connect_timeout, keepalives, keepalives_count, keepalives_idle, keepalives_interval and port resulted in libpq either ignoring those values or failing with incorrect error messages.
Improve performance of many operations on partitioned tables (Amit Langote, David Rowley, Tom Lane, Álvaro Herrera)
Allow tables with thousands of child partitions to be processed efficiently by operations that only affect a small number of partitions.
Allow foreign keys to reference partitioned tables (Álvaro Herrera)
Improve speed of COPY into partitioned tables (David Rowley)
Allow partition bounds to be any expression (Kyotaro Horiguchi, Tom Lane, Amit Langote)
Such expressions are evaluated at partitioned-table creation time. Previously, only simple constants were allowed as partition bounds.
Allow CREATE TABLE's tablespace specification for a partitioned table to affect the tablespace of its children (David Rowley, Álvaro Herrera)
Avoid sorting when partitions are already being scanned in the necessary order (David Rowley)
ALTER TABLE ATTACH PARTITION is now performed with reduced locking requirements (Robert Haas)
Add partition introspection functions (Michaël Paquier, Álvaro Herrera, Amit Langote)
The new function pg_partition_root() returns the top-most parent of a partition tree, pg_partition_ancestors() reports all ancestors of a partition, and pg_partition_tree() displays information about partitions.
Include partitioned indexes in the system view pg_indexes (Suraj Kharage)
Add psql command \dP to list partitioned tables and indexes (Pavel Stehule)
Improve psql \d and \z display of partitioned tables (Pavel Stehule, Michaël Paquier, Álvaro Herrera)
Fix bugs that could cause ALTER TABLE DETACH PARTITION to leave behind incorrect dependency state, allowing subsequent operations to misbehave, for example by not dropping a former partition child index when its table is dropped (Tom Lane)
Improve performance and space utilization of btree indexes with many duplicates (Peter Geoghegan, Heikki Linnakangas)
Previously, duplicate index entries were stored unordered within their duplicate groups. This caused overhead during index inserts, wasted space due to excessive page splits, and it reduced VACUUM's ability to recycle entire pages. Duplicate index entries are now sorted in heap-storage order.
Indexes pg_upgrade'd from previous releases will not have these benefits.
Allow multi-column btree indexes to be smaller (Peter Geoghegan, Heikki Linnakangas)
Internal pages and min/max leaf page indicators now only store index keys until the change key, rather than all indexed keys. This also improves the locality of index access.
Indexes pg_upgrade'd from previous releases will not have these benefits.
Improve speed of btree index insertions by reducing locking overhead (Alexander Korotkov)
Add support for nearest-neighbor (KNN) searches of SP-GiST indexes (Nikita Glukhov, Alexander Korotkov, Vlad Sterzhanov)
Reduce the WAL write overhead of GiST, GIN, and SP-GiST index creation (Anastasia Lubennikova, Andrey V. Lepikhov)
Allow index-only scans to be more efficient on indexes with many columns (Konstantin Knizhnik)
Improve the performance of vacuum scans of GiST indexes (Andrey Borodin, Konstantin Kuznetsov, Heikki Linnakangas)
Delete empty leaf pages during GiST VACUUM (Andrey Borodin)
Reduce locking requirements for index renaming (Peter Eisentraut)
Allow CREATE STATISTICS to create most-common-value statistics for multiple columns (Tomas Vondra)
This improves optimization for queries that test several columns, requiring an estimate of the combined effect of several WHERE clauses. If the columns are correlated and have non-uniform distributions then multi-column statistics will allow much better estimates.
Allow common table expressions (CTEs) to be inlined into the outer query (Andreas Karlsson, Andrew Gierth, David Fetter, Tom Lane)
Specifically, CTEs are automatically inlined if they have no side-effects, are not recursive, and are referenced only once in the query. Inlining can be prevented by specifying MATERIALIZED, or forced for multiply-referenced CTEs by specifying NOT MATERIALIZED. Previously, CTEs were never inlined and were always evaluated before the rest of the query.
Allow control over when generic plans are used for prepared statements (Pavel Stehule)
This is controlled by the plan_cache_mode server parameter.
Improve optimization of partition and UNION ALL queries that have only a single child (David Rowley)
Improve processing of domains that have no check constraints (Tom Lane)
Domains that are being used purely as type aliases no longer cause optimization difficulties.
Pre-evaluate calls of LEAST and GREATEST when their arguments are constants (Vik Fearing)
Improve optimizer's ability to verify that partial indexes with IS NOT NULL conditions are usable in queries (Tom Lane, James Coleman)
Usability can now be recognized in more cases where the calling query involves casts or large x IN (array)
Compute ANALYZE statistics using the collation defined for each column (Tom Lane)
Previously, the database's default collation was used for all statistics. This potentially gives better optimizer behavior for columns with non-default collations.
Improve selectivity estimates for inequality comparisons on ctid columns (Edmund Horner)
Improve optimization of joins on columns of type tid (Tom Lane)
These changes primarily improve the efficiency of self-joins on ctid columns.
Fix the leakproofness designations of some btree comparison operators and support functions (Tom Lane)
This allows some optimizations that previously would not have been applied in the presence of security barrier views or row-level security.
Enable Just-in-Time (JIT) compilation by default, if the server has been built with support for it (Andres Freund)
Note that this support is not built by default, but has to be selected explicitly while configuring the build.
Speed up keyword lookup (John Naylor, Joerg Sonnenberger, Tom Lane)
Improve search performance for multi-byte characters in position() and related functions (Heikki Linnakangas)
Allow toasted values to be minimally decompressed (Paul Ramsey)
This is useful for routines that only need to examine the initial portion of a toasted field.
Allow ALTER TABLE ... SET NOT NULL to avoid unnecessary table scans (Sergei Kornilov)
This can be optimized when the table's column constraints can be recognized as disallowing nulls.
Allow ALTER TABLE ... SET DATA TYPE changing between timestamp and timestamptz to avoid a table rewrite when the session time zone is UTC (Noah Misch)
In the UTC time zone, these two data types are binary compatible.
Improve speed in converting strings to int2 or int4 integers (Andres Freund)
Allow parallelized queries when in SERIALIZABLE isolation mode (Thomas Munro)
Previously, parallelism was disabled when in this mode.
Use pread() and pwrite() for random I/O (Oskari Saarenmaa, Thomas Munro)
This reduces the number of system calls required for I/O.
Improve the speed of setting the process title on FreeBSD (Thomas Munro)
Allow logging of statements from only a percentage of transactions (Adrien Nayrat)
The parameter log_transaction_sample_rate controls this.
Add progress reporting to CREATE INDEX and REINDEX operations (Álvaro Herrera, Peter Eisentraut)
Progress is reported in the pg_stat_progress_create_index system view.
Add progress reporting to CLUSTER and VACUUM FULL (Tatsuro Yamada)
Progress is reported in the pg_stat_progress_cluster system view.
Add progress reporting to pg_checksums (Michael Banck, Bernd Helmle)
This is enabled with the option --progress.
Add counter of checksum failures to pg_stat_database (Magnus Hagander)
Add tracking of global objects in system view pg_stat_database (Julien Rouhaud)
Global objects are shown with a pg_stat_database.datid value of zero.
Add the ability to list the contents of the archive directory (Christoph Moench-Tegeder)
The function is pg_ls_archive_statusdir().
Add the ability to list the contents of temporary directories (Nathan Bossart)
The function, pg_ls_tmpdir(), optionally allows specification of a tablespace.
Add information about the client certificate to the system view pg_stat_ssl (Peter Eisentraut)
The new columns are client_serial and issuer_dn. Column clientdn has been renamed to client_dn for clarity.
Restrict visibility of rows in pg_stat_ssl for unprivileged users (Peter Eisentraut)
At server start, emit a log message including the server version number (Christoph Berg)
Prevent logging “incomplete startup packet” if a new connection is immediately closed (Tom Lane)
This avoids log spam from certain forms of monitoring.
Include the application_name, if set, in log_connections log messages (Don Seiler)
Make the walreceiver set its application name to the cluster name, if set (Peter Eisentraut)
Add the timestamp of the last received standby message to pg_stat_replication (Lim Myungkyu)
Add a wait event for fsync of WAL segments (Konstantin Knizhnik)
Add GSSAPI encryption support (Robbie Harwood, Stephen Frost)
This feature allows TCP/IP connections to be encrypted when using GSSAPI authentication, without having to set up a separate encryption facility such as SSL. In support of this, add hostgssenc and hostnogssenc record types in pg_hba.conf for selecting connections that do or do not use GSSAPI encryption, corresponding to the existing hostssl and hostnossl record types. There is also a new gssencmode libpq option, and a pg_stat_gssapi system view.
Allow the clientcert pg_hba.conf option to check that the database user name matches the client certificate's common name (Julian Markwort, Marius Timmer)
This new check is enabled with clientcert=verify-full.
Allow discovery of an LDAP server using DNS SRV records (Thomas Munro)
This avoids the requirement of specifying ldapserver. It is only supported if PostgreSQL is compiled with OpenLDAP.
Add ability to enable/disable cluster checksums using pg_checksums (Michael Banck, Michaël Paquier)
The cluster must be shut down for these operations.
Reduce the default value of autovacuum_vacuum_cost_delay to 2ms (Tom Lane)
This allows autovacuum operations to proceed faster by default.
Allow vacuum_cost_delay to specify sub-millisecond delays, by accepting fractional values (Tom Lane)
Allow time-based server parameters to use units of microseconds (us) (Tom Lane)
Allow fractional input for integer server parameters (Tom Lane)
For example, SET work_mem = '30.1GB' is now allowed, even though work_mem is an integer parameter. The value will be rounded to an integer after any required units conversion.
Allow units to be defined for floating-point server parameters (Tom Lane)
Add wal_recycle and wal_init_zero server parameters to control WAL file recycling (Jerry Jelinek)
Avoiding file recycling can be beneficial on copy-on-write file systems like ZFS.
Add server parameter tcp_user_timeout to control the server's TCP timeout (Ryohei Nagaura)
Allow control of the minimum and maximum SSL protocol versions (Peter Eisentraut)
The server parameters are ssl_min_protocol_version and ssl_max_protocol_version.
Add server parameter ssl_library to report the SSL library version used by the server (Peter Eisentraut)
Add server parameter shared_memory_type to control the type of shared memory to use (Andres Freund)
This allows selection of System V shared memory, if desired.
Allow some recovery parameters to be changed with reload (Peter Eisentraut)
These parameters are archive_cleanup_command, promote_trigger_file, recovery_end_command, and recovery_min_apply_delay.
Allow the streaming replication timeout (wal_sender_timeout) to be set per connection (Takayuki Tsunakawa)
Previously, this could only be set cluster-wide.
Add function pg_promote() to promote standbys to primaries (Laurenz Albe, Michaël Paquier)
Previously, this operation was only possible by using pg_ctl or creating a trigger file.
Allow replication slots to be copied (Masahiko Sawada)
The functions for this are pg_copy_physical_replication_slot() and pg_copy_logical_replication_slot().
Make max_wal_senders not count as part of max_connections (Alexander Kukushkin)
Add an explicit value of current for recovery_target_timeline (Peter Eisentraut)
Make recovery fail if a two-phase transaction status file is corrupt (Michaël Paquier)
Previously, a warning was logged and recovery continued, allowing the transaction to be lost.
Add REINDEX CONCURRENTLY option to allow reindexing without locking out writes (Michaël Paquier, Andreas Karlsson, Peter Eisentraut)
This is also controlled by the reindexdb application's --concurrently option.
Add support for generated columns (Peter Eisentraut)
The content of generated columns are computed from expressions (including references to other columns in the same table) rather than being specified by INSERT or UPDATE commands.
Add a WHERE clause to COPY FROM to control which rows are accepted (Surafel Temesgen)
This provides a simple way to filter incoming data.
Allow enumerated values to be added more flexibly (Andrew Dunstan, Tom Lane, Thomas Munro)
Previously, ALTER TYPE ... ADD VALUE could not be called in a transaction block, unless it was part of the same transaction that created the enumerated type. Now it can be called in a later transaction, so long as the new enumerated value is not referenced until after it is committed.
Add commands to end a transaction and start a new one (Peter Eisentraut)
The commands are COMMIT AND CHAIN and ROLLBACK AND CHAIN.
Add VACUUM and CREATE TABLE options to prevent VACUUM from truncating trailing empty pages (Takayuki Tsunakawa)
These options are vacuum_truncate and toast.vacuum_truncate. Use of these options reduces VACUUM's locking requirements, but prevents returning disk space to the operating system.
Allow VACUUM to skip index cleanup (Masahiko Sawada)
This change adds a VACUUM command option INDEX_CLEANUP as well as a table storage option vacuum_index_cleanup. Use of this option reduces the ability to reclaim space and can lead to index bloat, but it is helpful when the main goal is to freeze old tuples.
Add the ability to skip VACUUM and ANALYZE operations on tables that cannot be locked immediately (Nathan Bossart)
This option is called SKIP_LOCKED.
Allow VACUUM and ANALYZE to take optional Boolean argument specifications (Masahiko Sawada)
Prevent TRUNCATE, VACUUM and ANALYZE from requesting a lock on tables for which the user lacks permission (Michaël Paquier)
This prevents unauthorized locking, which could interfere with user queries.
Add EXPLAIN option SETTINGS to output non-default optimizer settings (Tomas Vondra)
This output can also be obtained when using auto_explain by setting auto_explain.log_settings.
Add OR REPLACE option to CREATE AGGREGATE (Andrew Gierth)
Allow modifications of system catalogs' options using ALTER TABLE (Peter Eisentraut)
Modifications of catalogs' reloptions and autovacuum settings are now supported. (Setting allow_system_table_mods is still required.)
Use all key columns' names when selecting default constraint names for foreign keys (Peter Eisentraut)
Previously, only the first column name was included in the constraint name, resulting in ambiguity for multi-column foreign keys.
Update assorted knowledge about Unicode to match Unicode 12.1.0 (Peter Eisentraut)
This fixes, for example, cases where psql would misformat output involving combining characters.
Update Snowball stemmer dictionaries with support for new languages (Arthur Zakirov)
This adds word stemming support for Arabic, Indonesian, Irish, Lithuanian, Nepali, and Tamil to full text search.
Allow creation of collations that report string equality for strings that are not bit-wise equal (Peter Eisentraut)
This feature supports “nondeterministic” collations that can define case- and accent-agnostic equality comparisons. Thus, for example, a case-insensitive uniqueness constraint on a text column can be made more easily than before. This is only supported for ICU collations.
Add support for ICU collation attributes on older ICU versions (Peter Eisentraut)
This allows customization of the collation rules in a consistent way across all ICU versions.
Allow data type name to more seamlessly be compared to other text types (Tom Lane)
Type name now behaves much like a domain over type text that has default collation “C”. This allows cross-type comparisons to be processed more efficiently.
Add support for the SQL/JSON path language (Nikita Glukhov, Teodor Sigaev, Alexander Korotkov, Oleg Bartunov, Liudmila Mantrova)
This allows execution of complex queries on JSON values using an SQL-standard language.
Add support for hyperbolic functions (Lætitia Avrot)
Also add log10() as an alias for log(), for standards compliance.
Improve the accuracy of statistical aggregates like variance() by using more precise algorithms (Dean Rasheed)
Allow date_trunc() to have an additional argument to control the time zone (Vik Fearing, Tom Lane)
This is faster and simpler than using the AT TIME ZONE clause.
Adjust to_timestamp()/to_date() functions to be more forgiving of template mismatches (Artur Zakirov, Alexander Korotkov, Liudmila Mantrova)
This new behavior more closely matches the Oracle functions of the same name.
Fix assorted bugs in XML functions (Pavel Stehule, Markus Winand, Chapman Flack)
Specifically, in XMLTABLE, xpath(), and xmlexists(), fix some cases where nothing was output for a node, or an unexpected error was thrown, or necessary escaping of XML special characters was omitted.
Allow the BY VALUE clause in XMLEXISTS and XMLTABLE (Chapman Flack)
This SQL-standard clause has no effect in PostgreSQL's implementation, but it was unnecessarily being rejected.
Prevent current_schema() and current_schemas() from being run by parallel workers, as they are not parallel-safe (Michaël Paquier)
Allow RECORD and RECORD[] to be used as column types in a query's column definition list for a table function that is declared to return RECORD (Elvis Pranskevichus)
Allow SQL commands and variables with the same names as those commands to be used in the same PL/pgSQL function (Tom Lane)
For example, allow a variable called comment to exist in a function that calls the COMMENT SQL command. Previously this combination caused a parse error.
Add new optional warning and error checks to PL/pgSQL (Pavel Stehule)
The new checks allow for run-time validation of INTO column counts and single-row results.
Add connection parameter tcp_user_timeout to control libpq's TCP timeout (Ryohei Nagaura)
Allow libpq (and thus psql) to report only the SQLSTATE value in error messages (Didier Gautheron)
Add libpq function PQresultMemorySize() to report the memory used by a query result (Lars Kanis, Tom Lane)
Remove the no-display/debug flag from libpq's options connection parameter (Peter Eisentraut)
This allows this parameter to be set by postgres_fdw.
Allow ecpg to create variables of data type bytea (Ryo Matsumura)
This allows ECPG clients to interact with bytea data directly, rather than using an encoded form.
Add PREPARE AS support to ECPG (Ryo Matsumura)
Allow vacuumdb to select tables for vacuum based on their wraparound horizon (Nathan Bossart)
The options are --min-xid-age and --min-mxid-age.
Allow vacuumdb to disable waiting for locks or skipping all-visible pages (Nathan Bossart)
The options are --skip-locked and --disable-page-skipping.
Add colorization to the output of command-line utilities (Peter Eisentraut)
This is enabled by setting the environment variable PG_COLOR to always or auto. The specific colors used can be adjusted by setting the environment variable PG_COLORS, using ANSI escape codes for colors. For example, the default behavior is equivalent to PG_COLORS="error=01;31:warning=01;35:locus=01".
Add CSV table output mode in psql (Daniel Vérité)
This is controlled by \pset format csv or the command-line --csv option.
Show the manual page URL in psql's \help output for a SQL command (Peter Eisentraut)
Display the IP address in psql's \conninfo (Fabien Coelho)
Improve tab completion of CREATE TABLE, CREATE TRIGGER, CREATE EVENT TRIGGER, ANALYZE, EXPLAIN, VACUUM, ALTER TABLE, ALTER INDEX, ALTER DATABASE, and ALTER INDEX ALTER COLUMN (Dagfinn Ilmari Mannsåker, Tatsuro Yamada, Michaël Paquier, Tom Lane, Justin Pryzby)
Allow values produced by queries to be assigned to pgbench variables (Fabien Coelho, Álvaro Herrera)
The command for this is \gset.
Improve precision of pgbench's --rate option (Tom Lane)
Improve pgbench's error reporting with clearer messages and return codes (Peter Eisentraut)
Allow control of log file rotation via pg_ctl (Kyotaro Horiguchi, Alexander Kuzmenkov, Alexander Korotkov)
Previously, this was only possible via an SQL function or a process signal.
Properly detach the new server process during pg_ctl start (Paul Guo)
This prevents the server from being shut down if the shell script that invoked pg_ctl is interrupted later.
Allow pg_upgrade to use the file system's cloning feature, if there is one (Peter Eisentraut)
The --clone option has the advantages of --link, while preventing the old cluster from being changed after the new cluster has started.
Allow specification of the socket directory to use in pg_upgrade (Daniel Gustafsson)
This is controlled by --socketdir; the default is the current directory.
Allow pg_checksums to disable fsync operations (Michaël Paquier)
This is controlled by the --no-sync option.
Allow pg_rewind to disable fsync operations (Michaël Paquier)
Fix pg_test_fsync to report accurate open_datasync durations on Windows (Laurenz Albe)
When pg_dump emits data with INSERT commands rather than COPY, allow more than one data row to be included in each INSERT (Surafel Temesgen, David Rowley)
The option controlling this is --rows-per-insert.
Allow pg_dump to emit INSERT ... ON CONFLICT DO NOTHING (Surafel Temesgen)
This avoids conflict failures during restore. The option is --on-conflict-do-nothing.
Decouple the order of operations in a parallel pg_dump from the order used by a subsequent parallel pg_restore (Tom Lane)
This allows pg_restore to perform more-fully-parallelized parallel restores, especially in cases where the original dump was not done in parallel. Scheduling of a parallel pg_dump is also somewhat improved.
Allow the extra_float_digits setting to be specified for pg_dump and pg_dumpall (Andrew Dunstan)
This is primarily useful for making dumps that are exactly comparable across different source server versions. It is not recommended for normal use, as it may result in loss of precision when the dump is restored.
Add --exclude-database option to pg_dumpall (Andrew Dunstan)
Add CREATE ACCESS METHOD command to create new table types (Andres Freund, Haribabu Kommi, Álvaro Herrera, Alexander Korotkov, Dmitry Dolgov)
This enables the development of new table access methods, which can optimize storage for different use cases. The existing heap access method remains the default.
Add planner support function interfaces to improve optimizer estimates, inlining, and indexing for functions (Tom Lane)
This allows extensions to create planner support functions that can provide function-specific selectivity, cost, and row-count estimates that can depend on the function's arguments. Support functions can also supply simplified representations and index conditions, greatly expanding optimization possibilities.
Simplify renumbering manually-assigned OIDs, and establish a new project policy for management of such OIDs (John Naylor, Tom Lane)
Patches that manually assign OIDs for new built-in objects (such as new functions) should now randomly choose OIDs in the range 8000—9999. At the end of a development cycle, the OIDs used by committed patches will be renumbered down to lower numbers, currently somewhere in the 4xxx range, using the new renumber_oids.pl script. This approach should greatly reduce the odds of OID collisions between different in-process patches.
While there is no specific policy reserving any OIDs for external use, it is recommended that forks and other projects needing private manually-assigned OIDs use numbers in the high 7xxx range. This will avoid conflicts with recently-merged patches, and it should be a long time before the core project reaches that range.
Build Cygwin binaries using dynamic instead of static libraries (Marco Atzeri)
Remove configure switch --disable-strong-random (Michaël Paquier)
A strong random-number source is now required.
printf-family functions, as well as strerror and strerror_r, now behave uniformly across platforms within Postgres code (Tom Lane)
Notably, printf understands %m everywhere; on Windows, strerror copes with Winsock error codes (it used to do so in backend but not frontend code); and strerror_r always follows the GNU return convention.
Require a C99-compliant compiler, and MSVC 2013 or later on Windows (Andres Freund)
Use pandoc, not lynx, for generating plain-text documentation output files (Peter Eisentraut)
This affects only the INSTALL file generated during make dist and the seldom-used plain-text postgres.txt output file. Pandoc produces better output than lynx and avoids some locale/encoding issues. Pandoc version 1.13 or later is required.
Support use of images in the PostgreSQL documentation (Jürgen Purtz)
Allow ORDER BY sorts and LIMIT clauses to be pushed to postgres_fdw foreign servers in more cases (Etsuro Fujita)
Improve optimizer cost accounting for postgres_fdw queries (Etsuro Fujita)
Properly honor WITH CHECK OPTION on views that reference postgres_fdw tables (Etsuro Fujita)
While CHECK OPTIONs on postgres_fdw tables are ignored (because the reference is foreign), views on such tables are considered local, so this change enforces CHECK OPTIONs on them. Previously, only INSERTs and UPDATEs with RETURNING clauses that returned CHECK OPTION values were validated.
Allow pg_stat_statements_reset() to be more granular (Haribabu Kommi, Amit Kapila)
The function now allows reset of statistics for specific databases, users, and queries.
Allow control of the auto_explain log level (Tom Dunstan, Andrew Dunstan)
The default is LOG.
Update unaccent rules with new punctuation and symbols (Hugh Ranalli, Michaël Paquier)
Allow unaccent to handle some accents encoded as combining characters (Hugh Ranalli)
Allow unaccent to remove accents from Greek characters (Tasos Maschalidis)
Add a parameter to amcheck's bt_index_parent_check() function to check each index tuple from the root of the tree (Peter Geoghegan)
Improve oid2name and vacuumlo option handling to match other commands (Tatsuro Yamada)
⇑ Upgrade to 12.1 released on 2019-11-14 - docs
Fix crash when ALTER TABLE adds a column without a default value along with making other changes that require a table rewrite (Andres Freund)
Fix lock handling in REINDEX CONCURRENTLY (Michael Paquier)
REINDEX CONCURRENTLY neglected to take a session-level lock on the new index version, potentially allowing other sessions to manipulate it too soon. Also, a query-cancel or session-termination interrupt arriving at the wrong time could result in failure to release the session-level locks that REINDEX CONCURRENTLY does hold.
Avoid crash due to race condition when reporting the progress of a CREATE INDEX CONCURRENTLY or REINDEX CONCURRENTLY command (Álvaro Herrera)
Avoid creating duplicate dependency entries during REINDEX CONCURRENTLY (Michael Paquier)
This bug resulted in bloat in pg_depend, but no worse consequences than that.
Prevent VACUUM from trying to freeze an old multixact ID involving a still-running transaction (Nathan Bossart, Jeremy Schneider)
This case would lead to VACUUM failing until the old transaction terminates.
Fix “wrong type of slot” error when trying to CLUSTER on an expression index (Andres Freund)
SET CONSTRAINTS ... DEFERRED failed on partitioned tables, incorrectly complaining about lack of triggers (Álvaro Herrera)
Fix failure when creating indexes for a partition, if the parent partitioned table contains any dropped columns (Michael Paquier)
Fix dropping of indexed columns in partitioned tables (Amit Langote, Michael Paquier)
Previously this might fail with an error message complaining about the dependencies of the indexes. It should automatically drop the indexes, instead.
Ensure that a partition index can be dropped after a failure to reindex it concurrently (Michael Paquier)
The index's pg_class.relispartition flag was left in the wrong state in such a case, causing DROP INDEX to fail.
Fix handling of equivalence class members for partition-wise joins (Amit Langote)
This oversight could lead either to failure to use a feasible partition-wise join plan, or to a “could not find pathkey item to sort” planner failure.
Ensure that offset expressions in WINDOW clauses are processed when a query's expressions are manipulated (Andrew Gierth)
This oversight could result in assorted failures when the offsets are nontrivial expressions. One example is that a function parameter reference in such an expression would fail if the function was inlined.
Avoid postmaster failure if a parallel query requests a background worker when no postmaster child process array slots remain free (Tom Lane)
Fix crash triggered by an EvalPlanQual recheck on a table with a BEFORE UPDATE trigger (Andres Freund)
Fix “unexpected relkind” error when a query tries to access a TOAST table (John Hsu, Michael Paquier, Tom Lane)
The error should say that permission is denied, but this case got broken during code refactoring.
Provide a relevant error context line when an error occurs while setting GUC parameters during parallel worker startup (Thomas Munro)
Ensure that fsync() is applied only to files that are opened read/write (Andres Freund, Michael Paquier)
Some code paths tried to do this after opening a file read-only, but on some platforms that causes “bad file descriptor” or similar errors.
Allow encoding conversion to succeed on longer strings than before (Álvaro Herrera, Tom Lane)
Previously, there was a hard limit of 0.25GB on the input string, but now it will work as long as the converted output is not over 1GB.
Avoid creating unnecessarily-bulky tuple stores for window functions (Andrew Gierth)
In some cases the tuple storage would include all columns of the source table(s), not just the ones that are needed by the query.
Allow repalloc() to give back space when a large chunk is reduced in size (Tom Lane)
Ensure that temporary WAL and history files are removed at the end of archive recovery (Sawada Masahiko)
Avoid failure in archive recovery if recovery_min_apply_delay is enabled (Fujii Masao)
recovery_min_apply_delay is not typically used in this configuration, but it should work.
Ignore restore_command, recovery_end_command, and recovery_min_apply_delay settings during crash recovery (Fujii Masao)
Now that these settings can be specified in postgresql.conf, they could be turned on during crash recovery, but honoring them then is undesirable. Ignore these settings until crash recovery is complete.
Fix logical replication failure when publisher and subscriber have different ideas about a table's replica identity columns (Jehan-Guillaume de Rorthais, Peter Eisentraut)
Declaring a column as part of the replica identity on the subscriber, when it does not exist at all on the publisher, led to “negative bitmapset member not allowed” errors.
Avoid unwanted delay during shutdown of a logical replication walsender (Craig Ringer, Álvaro Herrera)
Fix timeout handling in logical replication walreceiver processes (Julien Rouhaud)
Erroneous logic prevented wal_receiver_timeout from working in logical replication deployments.
Correctly time-stamp replication messages for logical decoding (Jeff Janes)
This oversight resulted, for example, in pg_stat_subscription.last_msg_send_time usually reading as NULL.
Fix race condition during backend exit, when the backend process has previously waited for synchronous replication to occur (Dongming Liu)
Avoid logging complaints about abandoned connections when using PAM authentication (Tom Lane)
libpq-based clients will typically make two connection attempts when a password is required, since they don't prompt their user for a password until their first connection attempt fails. Therefore the server is coded not to generate useless log spam when a client closes the connection upon being asked for a password. However, the PAM authentication code hadn't gotten that memo, and would generate several messages about a phantom authentication failure.
Fix misbehavior of bitshiftright() (Tom Lane)
The bitstring right shift operator failed to zero out padding space that exists in the last byte of the result when the bitstring length is not a multiple of 8. While invisible to most operations, any nonzero bits there would result in unexpected comparison behavior, since bitstring comparisons don't bother to ignore the extra bits, expecting them to always be zero.
If you have inconsistent data as a result of saving the output of bitshiftright() in a table, it's possible to fix it with something like
UPDATE mytab SET bitcol = ~(~bitcol) WHERE bitcol != ~(~bitcol);
Fix result of text position() function (also known as strpos()) for an empty search string (Tom Lane)
Historically, and per the SQL standard, the result should be one in such cases, but 12.0 returned zero.
Fix detection of edge-case integer overflow in interval multiplication (Yuya Watari)
Avoid crashes if ispell text search dictionaries contain wrong affix data (Arthur Zakirov)
Avoid memory leak while vacuuming a GiST index (Dilip Kumar)
On Windows, recognize additional spellings of the “Norwegian (Bokmål)” locale name (Tom Lane)
Fix libpq to allow trailing whitespace in the string values of integer parameters (Michael Paquier)
Version 12 tightened libpq's validation of integer parameters, but disallowing trailing whitespace seems undesirable.
In libpq, correctly report CONNECTION_BAD connection status after a failure caused by a syntactically invalid connect_timeout parameter value (Lars Kanis)
Avoid compile failure if an ECPG client includes ecpglib.h while having ENABLE_NLS defined (Tom Lane)
This risk was created by a misplaced declaration: ecpg_gettext() should not be visible to client code.
Fix scheduling of parallel restore of a foreign key constraint on a partitioned table (Álvaro Herrera)
pg_dump failed to emit full dependency information for partitioned tables' foreign keys. This could allow parallel pg_restore to try to recreate a foreign key constraint too soon.
In pg_dump, ensure stable output order for similarly-named triggers and row-level-security policy objects (Benjie Gillam)
Previously, if two triggers on different tables had the same names, they would be sorted in OID-based order, which is less desirable than sorting them by table name. Likewise for RLS policies.
In pg_upgrade, reject tables with columns of type sql_identifier, as that has changed representation in version 12 (Tomas Vondra)
Improve pg_upgrade's checks for the use of a data type that has changed representation, such as line (Tomas Vondra)
The previous coding could be fooled by cases where the data type of interest underlies a stored column of a domain or composite type.
In pg_rewind with the --dry-run option, avoid updating pg_control (Alexey Kondratov)
This could lead to failures in subsequent pg_rewind attempts.
Fix failure in pg_waldump with the -s option, when a continuation WAL record ends exactly at a page boundary (Andrey Lepikhov)
In pg_waldump with the --bkp-details option, avoid emitting extra newlines for WAL records involving full-page writes (Andres Freund)
Fix small memory leak in pg_waldump (Andres Freund)
Put back pqsignal() as an exported libpq symbol (Tom Lane)
This function was removed on the grounds that no clients should be using it, but that turns out to break usage of current libpq with very old versions of psql, and perhaps other applications.
Fix configure's test for presence of libperl so that it works on recent Red Hat releases (Tom Lane)
Previously, it could fail if the user sets CFLAGS to -O0.
Ensure correct code generation for spinlocks on PowerPC (Noah Misch)
The previous spinlock coding allowed the compiler to select register zero for use with an assembly instruction that does not accept that register, causing a build failure. We have seen only one long-ago report that matches this bug, but it could cause problems for people trying to build modified PostgreSQL code or use atypical compiler options.
On AIX, don't use the compiler option -qsrcmsg (Noah Misch)
This avoids an internal compiler error with xlc v16.1.0, with little consequence other than changing the format of compiler error messages.
Fix MSVC build process to cope with spaces in the file path of OpenSSL (Andrew Dunstan)