2010-10-04 This release contains a variety of fixes from 7.4.29. For information about new features in the 7.4 major release, see . This is expected to be the last PostgreSQL release in the 7.4.X series. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.26, see . Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane) This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner. The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already. It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes. Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with (Heikki Linnakangas, Tom Lane) Fix cannot handle unplanned sub-select error (Tom Lane) This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select. Take care to fsync the contents of lockfiles (both postmaster.pid and the socket lockfile) while writing them (Tom Lane) This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed. Improve contrib/dblink's handling of tables containing dropped columns (Tom Lane) Fix connection leak after duplicate connection name errors in contrib/dblink (Itagaki Takahiro) Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git (Magnus Hagander and others) 2010-05-17 This release contains a variety of fixes from 7.4.28. For information about new features in the 7.4 major release, see . The PostgreSQL community will stop releasing updates for the 7.4.X release series in July 2010. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.26, see . Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using Safe.pm (Tim Bunce, Andrew Dunstan) Recent developments have convinced us that Safe.pm is too insecure to rely on for making plperl trustable. This change removes use of Safe.pm altogether, in favor of using a separate interpreter with an opcode mask that is always applied. Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. (CVE-2010-1169) Prevent PL/Tcl from executing untrustworthy code from pltcl_modules (Tom) PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted normal Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170) Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) Previously, if an unprivileged user ran ALTER USER ... RESET ALL for himself, or ALTER DATABASE ... RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. Now, the ALTER will only remove the parameters that the user has permission to change. Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries (Tom) In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message. Update pl/perl's ppport.h for modern Perl versions (Andrew) Fix assorted memory leaks in pl/python (Andreas Freund, Tom) Ensure that contrib/pgstattuple functions respond to cancel interrupts promptly (Tatsuhito Kasahara) Make server startup deal properly with the case that shmget() returns EINVAL for an existing shared memory segment (Tom) This behavior has been observed on BSD-derived kernels including OS X. It resulted in an entirely-misleading startup failure complaining that the shared memory request size was too large. 2010-03-15 This release contains a variety of fixes from 7.4.27. For information about new features in the 7.4 major release, see . The PostgreSQL community will stop releasing updates for the 7.4.X release series in July 2010. Users are encouraged to update to a newer release branch soon. A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.26, see . Add new configuration parameter ssl_renegotiation_limit to control how often we do session key renegotiation for an SSL connection (Magnus) This can be set to zero to disable renegotiation completely, which may be required if a broken SSL library is used. In particular, some vendors are shipping stopgap patches for CVE-2009-3555 that cause renegotiation attempts to fail. Make substring() for bit types treat any negative length as meaning all the rest of the string (Tom) The previous coding treated only -1 that way, and would produce an invalid result value for other negative values, possibly leading to a crash (CVE-2010-0442). Fix some cases of pathologically slow regular expression matching (Tom) When reading pg_hba.conf and related files, do not treat @something as a file inclusion request if the @ appears inside quote marks; also, never treat @ by itself as a file inclusion request (Tom) This prevents erratic behavior if a role or database name starts with @. If you need to include a file whose path name contains spaces, you can still do so, but you must write @"/path to/file" rather than putting the quotes around the whole construct. Prevent infinite loop on some platforms if a directory is named as an inclusion target in pg_hba.conf and related files (Tom) Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) The only known symptom of this oversight is that the Tcl clock command misbehaves if using Tcl 8.5 or later. Prevent crash in contrib/dblink when too many key columns are specified to a dblink_build_sql_* function (Rushabh Lathia, Joe Conway) 2009-12-14 This release contains a variety of fixes from 7.4.26. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.26, see . Protect against indirect security threats caused by index functions changing session-local state (Gurjeet Singh, Tom) This change prevents allegedly-immutable index functions from possibly subverting a superuser's session (CVE-2009-4136). Reject SSL certificates containing an embedded null byte in the common name (CN) field (Magnus) This prevents unintended matching of a certificate to a server or client name during SSL validation (CVE-2009-4034). Fix possible crash during backend-startup-time cache initialization (Tom) Prevent signals from interrupting VACUUM at unsafe times (Alvaro) This fix prevents a PANIC if a VACUUM FULL is canceled after it's already committed its tuple movements, as well as transient errors if a plain VACUUM is interrupted after having truncated the table. Fix possible crash due to integer overflow in hash table size calculation (Tom) This could occur with extremely large planner estimates for the size of a hashjoin's result. Fix very rare crash in inet/cidr comparisons (Chris Mikkelson) Fix PAM password processing to be more robust (Tom) The previous code is known to fail with the combination of the Linux pam_krb5 PAM module with Microsoft Active Directory as the domain controller. It might have problems elsewhere too, since it was making unjustified assumptions about what arguments the PAM stack would pass to it. Make the postmaster ignore any application_name parameter in connection request packets, to improve compatibility with future libpq versions (Tom) 2009-09-09 This release contains a variety of fixes from 7.4.25. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you have any hash indexes on interval columns, you must REINDEX them after updating to 7.4.26. Also, if you are upgrading from a version earlier than 7.4.11, see . Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer functions (Tom, Heikki) This covers a case that was missed in the previous patch that disallowed SET ROLE and SET SESSION AUTHORIZATION inside security-definer functions. (See CVE-2007-6600) Fix handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function (Tom) Fix hash calculation for data type interval (Tom) This corrects wrong results for hash joins on interval values. It also changes the contents of hash indexes on interval columns. If you have any such indexes, you must REINDEX them after updating. Fix overflow for INTERVAL 'x ms' when x is more than 2 million and integer datetimes are in use (Alex Hunsaker) Fix calculation of distance between a point and a line segment (Tom) This led to incorrect results from a number of geometric operators. Fix money data type to work in locales where currency amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) Properly round datetime input like 00:12:57.9999999999999999999999999999 (Tom) Fix poor choice of page split point in GiST R-tree operator classes (Teodor) Fix portability issues in plperl initialization (Andrew Dunstan) Improve robustness of libpq's code to recover from errors during COPY FROM STDIN (Tom) Avoid including conflicting readline and editline header files when both libraries are installed (Zdenek Kotala) 2009-03-16 This release contains a variety of fixes from 7.4.24. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Prevent error recursion crashes when encoding conversion fails (Tom) This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that any error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (CVE-2009-0922) Disallow CREATE CONVERSION with the wrong encodings for the specified conversion function (Heikki) This prevents one possible scenario for encoding conversion failure. The previous change is a backstop to guard against other kinds of failures in the same area. Fix core dump when to_char() is given format codes that are inappropriate for the type of the data argument (Tom) Add MUST (Mauritius Island Summer Time) to the default list of known timezone abbreviations (Xavier Bugaud) 2009-02-02 This release contains a variety of fixes from 7.4.23. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Improve handling of URLs in headline() function (Teodor) Improve handling of overlength headlines in headline() function (Teodor) Prevent possible Assert failure or misconversion if an encoding conversion is created with the wrong conversion function for the specified pair of encodings (Tom, Heikki) Avoid unnecessary locking of small tables in VACUUM (Heikki) Fix uninitialized variables in contrib/tsearch2's get_covers() function (Teodor) Fix bug in to_char()'s handling of TH format codes (Andreas Scherbaum) Make all documentation reference pgsql-bugs and/or pgsql-hackers as appropriate, instead of the now-decommissioned pgsql-ports and pgsql-patches mailing lists (Tom) 2008-11-03 This release contains a variety of fixes from 7.4.22. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Fix backend crash when the client encoding cannot represent a localized error message (Tom) We have addressed similar issues before, but it would still fail if the character has no equivalent message itself couldn't be converted. The fix is to disable localization and send the plain ASCII error message when we detect such a situation. Fix incorrect tsearch2 headline generation when single query item matches first word of text (Sushant Sinha) Fix improper display of fractional seconds in interval values when using a non-ISO datestyle in an --enable-integer-datetimes build (Ron Mayer) Ensure SPI_getvalue and SPI_getbinval behave correctly when the passed tuple and tuple descriptor have different numbers of columns (Tom) This situation is normal when a table has had columns added or removed, but these two functions didn't handle it properly. The only likely consequence is an incorrect error indication. Fix ecpg's parsing of CREATE USER (Michael) 2008-09-22 This release contains a variety of fixes from 7.4.21. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform (Tom) Improve performance of writing very long log messages to syslog (Tom) Fix bug in backwards scanning of a cursor on a SELECT DISTINCT ON query (Tom) Fix planner to estimate that GROUP BY expressions yielding boolean results always result in two groups, regardless of the expressions' contents (Tom) This is very substantially more accurate than the regular GROUP BY estimate for certain boolean tests like col IS NULL. Improve pg_dump and pg_restore's error reporting after failure to send a SQL command (Tom) 2008-06-12 This release contains one serious bug fix over 7.4.20. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Make pg_get_ruledef() parenthesize negative constants (Tom) Before this fix, a negative constant in a view or rule might be dumped as, say, -42::integer, which is subtly incorrect: it should be (-42)::integer due to operator precedence rules. Usually this would make little difference, but it could interact with another recent patch to cause PostgreSQL to reject what had been a valid SELECT DISTINCT view query. Since this could result in pg_dump output failing to reload, it is being treated as a high-priority fix. The only released versions in which dump output is actually incorrect are 8.3.1 and 8.2.7. never released This release contains a variety of fixes from 7.4.19. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Fix conversions between ISO-8859-5 and other encodings to handle Cyrillic Yo characters (e and E with two dots) (Sergey Burladyan) Fix a few datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values (Tom) This could lead to failures in which two apparently identical literal values were not seen as equal, resulting in the parser complaining about unmatched ORDER BY and DISTINCT expressions. Fix a corner case in regular-expression substring matching (substring(string from pattern)) (Tom) The problem occurs when there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, foo). Fix incorrect result from ecpg's PGTYPEStimestamp_sub() function (Michael) Fix DatumGetBool macro to not fail with gcc 4.3 (Tom) This problem affects old style (V0) C functions that return boolean. The fix is already in 8.3, but the need to back-patch it was not realized at the time. Fix longstanding LISTEN/NOTIFY race condition (Tom) In rare cases a session that had just executed a LISTEN might not get a notification, even though one would be expected because the concurrent transaction executing NOTIFY was observed to commit later. A side effect of the fix is that a transaction that has executed a not-yet-committed LISTEN command will not see any row in pg_listener for the LISTEN, should it choose to look; formerly it would have. This behavior was never documented one way or the other, but it is possible that some applications depend on the old behavior. Fix display of constant expressions in ORDER BY and GROUP BY (Tom) An explicitly casted constant would be shown incorrectly. This could for example lead to corruption of a view definition during dump and reload. Fix libpq to handle NOTICE messages correctly during COPY OUT (Tom) This failure has only been observed to occur when a user-defined datatype's output routine issues a NOTICE, but there is no guarantee it couldn't happen due to other causes. 2008-01-07 This release contains a variety of fixes from 7.4.18, including fixes for significant security issues. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Prevent functions in indexes from executing with the privileges of the user running VACUUM, ANALYZE, etc (Tom) Functions used in index expressions and partial-index predicates are evaluated whenever a new table entry is made. It has long been understood that this poses a risk of trojan-horse code execution if one modifies a table owned by an untrustworthy user. (Note that triggers, defaults, check constraints, etc. pose the same type of risk.) But functions in indexes pose extra danger because they will be executed by routine maintenance operations such as VACUUM FULL, which are commonly performed automatically under a superuser account. For example, a nefarious user can execute code with superuser privileges by setting up a trojan-horse index definition and waiting for the next routine vacuum. The fix arranges for standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) to execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. (CVE-2007-6600) Repair assorted bugs in the regular-expression package (Tom, Will Drewry) Suitably crafted regular-expression patterns could cause crashes, infinite or near-infinite looping, and/or massive memory consumption, all of which pose denial-of-service hazards for applications that accept regex search patterns from untrustworthy sources. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) The fix that appeared for this in 7.4.18 was incomplete, as it plugged the hole for only some dblink functions. (CVE-2007-6601, CVE-2007-3278) Fix planner failure in some cases of WHERE false AND var IN (SELECT ...) (Tom) Fix potential crash in translate() when using a multibyte database encoding (Tom) Fix PL/Python to not crash on long exception messages (Alvaro) ecpg parser fixes (Michael) Make contrib/tablefunc's crosstab() handle NULL rowid as a category in its own right, rather than crashing (Joe) Fix tsvector and tsquery output routines to escape backslashes correctly (Teodor, Bruce) Fix crash of to_tsvector() on huge input strings (Teodor) Require a specific version of Autoconf to be used when re-generating the configure script (Peter) This affects developers and packagers only. The change was made to prevent accidental use of untested combinations of Autoconf and PostgreSQL versions. You can remove the version check if you really want to use a different Autoconf version, but it's your responsibility whether the result works or not. 2007-09-17 This release contains fixes from 7.4.17. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Prevent index corruption when a transaction inserts rows and then aborts close to the end of a concurrent VACUUM on the same table (Tom) Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) Fix excessive logging of SSL error messages (Tom) Fix crash when log_min_error_statement logging runs out of memory (Tom) Prevent CLUSTER from failing due to attempting to process temporary tables of other sessions (Alvaro) Require non-superusers who use /contrib/dblink to use only password authentication, as a security measure (Joe) 2007-04-23 This release contains fixes from 7.4.16, including a security fix. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Support explicit placement of the temporary-table schema within search_path, and disable searching it for functions and operators (Tom) This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, an unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function (CVE-2007-2138). See CREATE FUNCTION for more information. /contrib/tsearch2 crash fixes (Teodor) Fix potential-data-corruption bug in how VACUUM FULL handles UPDATE chains (Tom, Pavan Deolasee) Fix PANIC during enlargement of a hash index (bug introduced in 7.4.15) (Tom) 2007-02-05 This release contains a variety of fixes from 7.4.15, including a security fix. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Remove security vulnerability that allowed connected users to read backend memory (Tom) The vulnerability involves suppressing the normal check that a SQL function returns the data type it's declared to, or changing the data type of a table column used in a SQL function (CVE-2007-0555). This error can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access. Fix rare bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas) Fix for rare Assert() crash triggered by UNION (Tom) Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom) 2007-01-08 This release contains a variety of fixes from 7.4.14. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Improve handling of getaddrinfo() on AIX (Tom) This fixes a problem with starting the statistics collector, among other things. Fix failed to re-find parent key errors in VACUUM (Tom) Fix bugs affecting multi-gigabyte hash indexes (Tom) Fix error when constructing an ARRAY[] made up of multiple empty elements (Tom) to_number() and to_char(numeric) are now STABLE, not IMMUTABLE, for new initdb installs (Tom) This is because lc_numeric can potentially change the output of these functions. Improve index usage of regular expressions that use parentheses (Tom) This improves psql \d performance also. 2006-10-16 This release contains a variety of fixes from 7.4.13. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Fix core dump when an untyped literal is taken as ANYARRAY Fix string_to_array() to handle overlapping matches for the separator string For example, string_to_array('123xx456xxx789', 'xx'). Fix corner cases in pattern matching for psql's \d commands Fix index-corrupting bugs in /contrib/ltree (Teodor) Fix backslash escaping in /contrib/dbmirror Adjust regression tests for recent changes in US DST laws 2006-05-23 This release contains a variety of fixes from 7.4.12, including patches for extremely serious security issues. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Full security against the SQL-injection attacks described in CVE-2006-2313 and CVE-2006-2314 might require changes in application code. If you have applications that embed untrustworthy strings into SQL commands, you should examine them as soon as possible to ensure that they are using recommended escaping techniques. In most cases, applications should be using subroutines provided by libraries or drivers (such as libpq's PQescapeStringConn()) to perform string escaping, rather than relying on ad hoc code to do it. Change the server to reject invalidly-encoded multibyte characters in all cases (Tatsuo, Tom) While PostgreSQL has been moving in this direction for some time, the checks are now applied uniformly to all encodings and all textual input, and are now always errors not merely warnings. This change defends against SQL-injection attacks of the type described in CVE-2006-2313. Reject unsafe uses of \' in string literals As a server-side defense against SQL-injection attacks of the type described in CVE-2006-2314, the server now only accepts '' and not \' as a representation of ASCII single quote in SQL string literals. By default, \' is rejected only when client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC), which is the scenario in which SQL injection is possible. A new configuration parameter backslash_quote is available to adjust this behavior when needed. Note that full security against CVE-2006-2314 might require client-side changes; the purpose of backslash_quote is in part to make it obvious that insecure clients are insecure. Modify libpq's string-escaping routines to be aware of encoding considerations and standard_conforming_strings This fixes libpq-using applications for the security issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs them against the planned changeover to SQL-standard string literal syntax. Applications that use multiple PostgreSQL connections concurrently should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that escaping is done correctly for the settings in use in each database connection. Applications that do string escaping by hand should be modified to rely on library routines instead. Fix some incorrect encoding conversion functions win1251_to_iso, alt_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all broken to varying extents. Clean up stray remaining uses of \' in strings (Bruce, Jan) Fix bug that sometimes caused OR'd index scans to miss rows they should have returned Fix WAL replay for case where a btree index has been truncated Fix SIMILAR TO for patterns involving | (Tom) Fix server to use custom DH SSL parameters correctly (Michael Fuhr) Fix for Bonjour on Intel Macs (Ashley Clark) Fix various minor memory leaks 2006-02-14 This release contains a variety of fixes from 7.4.11. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.11, see . Fix potential crash in SET SESSION AUTHORIZATION (CVE-2006-0553) An unprivileged user could crash the server process, resulting in momentary denial of service to other users, if the server has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem. Fix bug with row visibility logic in self-inserted rows (Tom) Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 7.4.9 and 7.3.11 releases. Fix race condition that could lead to file already exists errors during pg_clog file creation (Tom) Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil) Fix to allow restoring dumps that have cross-schema references to custom operators (Tom) Portability fix for testing presence of finite and isinf during configure (Tom) 2006-01-09 This release contains a variety of fixes from 7.4.10. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.8, see . Also, you might need to REINDEX indexes on textual columns after updating, if you are affected by the locale or plperl issues described below. Fix for protocol-level Describe messages issued outside a transaction or in a failed transaction (Tom) Fix character string comparison for locales that consider different character combinations as equal, such as Hungarian (Tom) This might require REINDEX to fix existing indexes on textual columns. Set locale environment variables during postmaster startup to ensure that plperl won't change the locale later This fixes a problem that occurred if the postmaster was started with environment variables specifying a different locale than what initdb had been told. Under these conditions, any use of plperl was likely to lead to corrupt indexes. You might need REINDEX to fix existing indexes on textual columns if this has happened to you. Fix longstanding bug in strpos() and regular expression handling in certain rarely used Asian multi-byte character sets (Tatsuo) Fix bug in /contrib/pgcrypto gen_salt, which caused it not to use all available salt space for MD5 and XDES algorithms (Marko Kreen, Solar Designer) Salts for Blowfish and standard DES are unaffected. Fix /contrib/dblink to throw an error, rather than crashing, when the number of columns specified is different from what's actually returned by the query (Joe) 2005-12-12 This release contains a variety of fixes from 7.4.9. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.8, see . Fix race condition in transaction log management There was a narrow window in which an I/O operation could be initiated for the wrong page, leading to an Assert failure or data corruption. Prevent failure if client sends Bind protocol message when current transaction is already aborted /contrib/ltree fixes (Teodor) AIX and HPUX compile fixes (Tom) Fix longstanding planning error for outer joins This bug sometimes caused a bogus error RIGHT JOIN is only supported with merge-joinable join conditions. Prevent core dump in pg_autovacuum when a table has been dropped 2005-10-04 This release contains a variety of fixes from 7.4.8. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, if you are upgrading from a version earlier than 7.4.8, see . Fix error that allowed VACUUM to remove ctid chains too soon, and add more checking in code that follows ctid links This fixes a long-standing problem that could cause crashes in very rare circumstances. Fix CHAR() to properly pad spaces to the specified length when using a multiple-byte character set (Yoshiyuki Asaba) In prior releases, the padding of CHAR() was incorrect because it only padded to the specified number of bytes without considering how many characters were stored. Fix the sense of the test for read-only transaction in COPY The code formerly prohibited COPY TO, where it should prohibit COPY FROM. Fix planning problem with outer-join ON clauses that reference only the inner-side relation Further fixes for x FULL JOIN y ON true corner cases Make array_in and array_recv more paranoid about validating their OID parameter Fix missing rows in queries like UPDATE a=... WHERE a... with GiST index on column a Improve robustness of datetime parsing Improve checking for partially-written WAL pages Improve robustness of signal handling when SSL is enabled Don't try to open more than max_files_per_process files during postmaster startup Various memory leakage fixes Various portability improvements Fix PL/pgSQL to handle var := var correctly when the variable is of pass-by-reference type Update contrib/tsearch2 to use current Snowball code 2005-05-09 This release contains a variety of fixes from 7.4.7, including several security-related issues. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, it is one possible way of handling two significant security problems that have been found in the initial contents of 7.4.X system catalogs. A dump/initdb/reload sequence using 7.4.8's initdb will automatically correct these problems. The larger security problem is that the built-in character set encoding conversion functions can be invoked from SQL commands by unprivileged users, but the functions were not designed for such use and are not secure against malicious choices of arguments. The fix involves changing the declared parameter list of these functions so that they can no longer be invoked from SQL commands. (This does not affect their normal use by the encoding conversion machinery.) The lesser problem is that the contrib/tsearch2 module creates several functions that are misdeclared to return internal when they do not accept internal arguments. This breaks type safety for all functions using internal arguments. It is strongly recommended that all installations repair these errors, either by initdb or by following the manual repair procedures given below. The errors at least allow unprivileged database users to crash their server process, and might allow unprivileged users to gain the privileges of a database superuser. If you wish not to do an initdb, perform the following procedures instead. As the database superuser, do: BEGIN; UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype WHERE pronamespace = 11 AND pronargs = 5 AND proargtypes[2] = 'cstring'::regtype; -- The command should report having updated 90 rows; -- if not, rollback and investigate instead of committing! COMMIT; Next, if you have installed contrib/tsearch2, do: BEGIN; UPDATE pg_proc SET proargtypes[0] = 'internal'::regtype WHERE oid IN ( 'dex_init(text)'::regprocedure, 'snb_en_init(text)'::regprocedure, 'snb_ru_init(text)'::regprocedure, 'spell_init(text)'::regprocedure, 'syn_init(text)'::regprocedure ); -- The command should report having updated 5 rows; -- if not, rollback and investigate instead of committing! COMMIT; If this command fails with a message like function "dex_init(text)" does not exist, then either tsearch2 is not installed in this database, or you already did the update. The above procedures must be carried out in each database of an installation, including template1, and ideally including template0 as well. If you do not fix the template databases then any subsequently created databases will contain the same errors. template1 can be fixed in the same way as any other database, but fixing template0 requires additional steps. First, from any database issue: UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; Next connect to template0 and perform the above repair procedures. Finally, do: -- re-freeze template0: VACUUM FREEZE; -- and protect it against future alterations: UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; Change encoding function signature to prevent misuse Change contrib/tsearch2 to avoid unsafe use of INTERNAL function results Repair ancient race condition that allowed a transaction to be seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner than for other purposes This is an extremely serious bug since it could lead to apparent data inconsistencies being briefly visible to applications. Repair race condition between relation extension and VACUUM This could theoretically have caused loss of a page's worth of freshly-inserted data, although the scenario seems of very low probability. There are no known cases of it having caused more than an Assert failure. Fix comparisons of TIME WITH TIME ZONE values The comparison code was wrong in the case where the --enable-integer-datetimes configuration switch had been used. NOTE: if you have an index on a TIME WITH TIME ZONE column, it will need to be REINDEXed after installing this update, because the fix corrects the sort order of column values. Fix EXTRACT(EPOCH) for TIME WITH TIME ZONE values Fix mis-display of negative fractional seconds in INTERVAL values This error only occurred when the --enable-integer-datetimes configuration switch had been used. Ensure operations done during backend shutdown are counted by statistics collector This is expected to resolve reports of pg_autovacuum not vacuuming the system catalogs often enough — it was not being told about catalog deletions caused by temporary table removal during backend exit. Additional buffer overrun checks in plpgsql (Neil) Fix pg_dump to dump trigger names containing % correctly (Neil) Fix contrib/pgcrypto for newer OpenSSL builds (Marko Kreen) Still more 64-bit fixes for contrib/intagg Prevent incorrect optimization of functions returning RECORD Prevent to_char(interval) from dumping core for month-related formats Prevent crash on COALESCE(NULL,NULL) Fix array_map to call PL functions correctly Fix permission checking in ALTER DATABASE RENAME Fix ALTER LANGUAGE RENAME Make RemoveFromWaitQueue clean up after itself This fixes a lock management error that would only be visible if a transaction was kicked out of a wait for a lock (typically by query cancel) and then the holder of the lock released it within a very narrow window. Fix problem with untyped parameter appearing in INSERT ... SELECT Fix CLUSTER failure after ALTER TABLE SET WITHOUT OIDS 2005-01-31 This release contains a variety of fixes from 7.4.6, including several security-related issues. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. Disallow LOAD to non-superusers On platforms that will automatically execute initialization functions of a shared library (this includes at least Windows and ELF-based Unixen), LOAD can be used to make the server execute arbitrary code. Thanks to NGS Software for reporting this. Check that creator of an aggregate function has the right to execute the specified transition functions This oversight made it possible to bypass denial of EXECUTE permission on a function. Fix security and 64-bit issues in contrib/intagg Add needed STRICT marking to some contrib functions (Kris Jurka) Avoid buffer overrun when plpgsql cursor declaration has too many parameters (Neil) Fix planning error for FULL and RIGHT outer joins The result of the join was mistakenly supposed to be sorted the same as the left input. This could not only deliver mis-sorted output to the user, but in case of nested merge joins could give outright wrong answers. Fix plperl for quote marks in tuple fields Fix display of negative intervals in SQL and GERMAN datestyles Make age(timestamptz) do calculation in local timezone not GMT 2004-10-22 This release contains a variety of fixes from 7.4.5. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. Repair possible failure to update hint bits on disk Under rare circumstances this oversight could lead to could not access transaction status failures, which qualifies it as a potential-data-loss bug. Ensure that hashed outer join does not miss tuples Very large left joins using a hash join plan could fail to output unmatched left-side rows given just the right data distribution. Disallow running pg_ctl as root This is to guard against any possible security issues. Avoid using temp files in /tmp in make_oidjoins_check This has been reported as a security issue, though it's hardly worthy of concern since there is no reason for non-developers to use this script anyway. Prevent forced backend shutdown from re-emitting prior command result In rare cases, a client might think that its last command had succeeded when it really had been aborted by forced database shutdown. Repair bug in pg_stat_get_backend_idset This could lead to misbehavior in some of the system-statistics views. Fix small memory leak in postmaster Fix expected both swapped tables to have TOAST tables bug This could arise in cases such as CLUSTER after ALTER TABLE DROP COLUMN. Prevent pg_ctl restart from adding -D multiple times Fix problem with NULL values in GiST indexes :: is no longer interpreted as a variable in an ECPG prepare statement 2004-08-18 This release contains one serious bug fix over 7.4.4. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. Repair possible crash during concurrent B-tree index insertions This patch fixes a rare case in which concurrent insertions into a B-tree index could result in a server panic. No permanent damage would result, but it's still worth a re-release. The bug does not exist in pre-7.4 releases. 2004-08-16 This release contains a variety of fixes from 7.4.3. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. Prevent possible loss of committed transactions during crash Due to insufficient interlocking between transaction commit and checkpointing, it was possible for transactions committed just before the most recent checkpoint to be lost, in whole or in part, following a database crash and restart. This is a serious bug that has existed since PostgreSQL 7.1. Check HAVING restriction before evaluating result list of an aggregate plan Avoid crash when session's current user ID is deleted Fix hashed crosstab for zero-rows case (Joe) Force cache update after renaming a column in a foreign key Pretty-print UNION queries correctly Make psql handle \r\n newlines properly in COPY IN pg_dump handled ACLs with grant options incorrectly Fix thread support for OS X and Solaris Updated JDBC driver (build 215) with various fixes ECPG fixes Translation updates (various contributors) 2004-06-14 This release contains a variety of fixes from 7.4.2. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. Fix temporary memory leak when using non-hashed aggregates (Tom) ECPG fixes, including some for Informix compatibility (Michael) Fixes for compiling with thread-safety, particularly Solaris (Bruce) Fix error in COPY IN termination when using the old network protocol (ljb) Several important fixes in pg_autovacuum, including fixes for large tables, unsigned oids, stability, temp tables, and debug mode (Matthew T. O'Connor) Fix problem with reading tar-format dumps on NetBSD and BSD/OS (Bruce) Several JDBC fixes Fix ALTER SEQUENCE RESTART where last_value equals the restart value (Tom) Repair failure to recalculate nested sub-selects (Tom) Fix problems with non-constant expressions in LIMIT/OFFSET Support FULL JOIN with no join clause, such as X FULL JOIN Y ON TRUE (Tom) Fix another zero-column table bug (Tom) Improve handling of non-qualified identifiers in GROUP BY clauses in sub-selects (Tom) Select-list aliases within the sub-select will now take precedence over names from outer query levels. Do not generate NATURAL CROSS JOIN when decompiling rules (Tom) Add checks for invalid field length in binary COPY (Tom) This fixes a difficult-to-exploit security hole. Avoid locking conflict between ANALYZE and LISTEN/NOTIFY Numerous translation updates (various contributors) 2004-03-08 This release contains a variety of fixes from 7.4.1. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4.X. However, it might be advisable as the easiest method of incorporating fixes for two errors that have been found in the initial contents of 7.4.X system catalogs. A dump/initdb/reload sequence using 7.4.2's initdb will automatically correct these problems. The more severe of the two errors is that data type anyarray has the wrong alignment label; this is a problem because the pg_statistic system catalog uses anyarray columns. The mislabeling can cause planner misestimations and even crashes when planning queries that involve WHERE clauses on double-aligned columns (such as float8 and timestamp). It is strongly recommended that all installations repair this error, either by initdb or by following the manual repair procedure given below. The lesser error is that the system view pg_settings ought to be marked as having public update access, to allow UPDATE pg_settings to be used as a substitute for SET. This can also be fixed either by initdb or manually, but it is not necessary to fix unless you want to use UPDATE pg_settings. If you wish not to do an initdb, the following procedure will work for fixing pg_statistic. As the database superuser, do: -- clear out old data in pg_statistic: DELETE FROM pg_statistic; VACUUM pg_statistic; -- this should update 1 row: UPDATE pg_type SET typalign = 'd' WHERE oid = 2277; -- this should update 6 rows: UPDATE pg_attribute SET attalign = 'd' WHERE atttypid = 2277; -- -- At this point you MUST start a fresh backend to avoid a crash! -- -- repopulate pg_statistic: ANALYZE; This can be done in a live database, but beware that all backends running in the altered database must be restarted before it is safe to repopulate pg_statistic. To repair the pg_settings error, simply do: GRANT SELECT, UPDATE ON pg_settings TO PUBLIC; The above procedures must be carried out in each database of an installation, including template1, and ideally including template0 as well. If you do not fix the template databases then any subsequently created databases will contain the same errors. template1 can be fixed in the same way as any other database, but fixing template0 requires additional steps. First, from any database issue: UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; Next connect to template0 and perform the above repair procedures. Finally, do: -- re-freeze template0: VACUUM FREEZE; -- and protect it against future alterations: UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; Release 7.4.2 incorporates all the fixes included in release 7.3.6, plus the following fixes: Fix pg_statistics alignment bug that could crash optimizer See above for details about this problem. Allow non-super users to update pg_settings Fix several optimizer bugs, most of which led to variable not found in subplan target lists errors Avoid out-of-memory failure during startup of large multiple index scan Fix multibyte problem that could lead to out of memory error during COPY IN Fix problems with SELECT INTO / CREATE TABLE AS from tables without OIDs Fix problems with alter_table regression test during parallel testing Fix problems with hitting open file limit, especially on OS X (Tom) Partial fix for Turkish-locale issues initdb will succeed now in Turkish locale, but there are still some inconveniences associated with the i/I problem. Make pg_dump set client encoding on restore Other minor pg_dump fixes Allow ecpg to again use C keywords as column names (Michael) Added ecpg WHENEVER NOT_FOUND to SELECT/INSERT/UPDATE/DELETE (Michael) Fix ecpg crash for queries calling set-returning functions (Michael) Various other ecpg fixes (Michael) Fixes for Borland compiler Thread build improvements (Bruce) Various other build fixes Various JDBC fixes 2003-12-22 This release contains a variety of fixes from 7.4. For information about new features in the 7.4 major release, see . A dump/restore is not required for those running 7.4. If you want to install the fixes in the information schema you need to reload it into the database. This is either accomplished by initializing a new cluster by running initdb, or by running the following sequence of SQL commands in each database (ideally including template1) as a superuser in psql, after installing the new release: DROP SCHEMA information_schema CASCADE; \i /usr/local/pgsql/share/information_schema.sql Substitute your installation path in the second command. Fixed bug in CREATE SCHEMA parsing in ECPG (Michael) Fix compile error when --enable-thread-safety and --with-perl are used together (Peter) Fix for subqueries that used hash joins (Tom) Certain subqueries that used hash joins would crash because of improperly shared structures. Fix free space map compaction bug (Tom) This fixes a bug where compaction of the free space map could lead to a database server shutdown. Fix for Borland compiler build of libpq (Bruce) Fix netmask() and hostmask() to return the maximum-length masklen (Tom) Fix these functions to return values consistent with pre-7.4 releases. Several contrib/pg_autovacuum fixes Fixes include improper variable initialization, missing vacuum after TRUNCATE, and duration computation overflow for long vacuums. Allow compile of contrib/cube under Cygwin (Jason Tishler) Fix Solaris use of password file when no passwords are defined (Tom) Fix crash on Solaris caused by use of any type of password authentication when no passwords were defined. JDBC fix for thread problems, other fixes Fix for bytea index lookups (Joe) Fix information schema for bit data types (Peter) Force zero_damaged_pages to be on during recovery from WAL Prevent some obscure cases of variable not in subplan target lists Make PQescapeBytea and byteaout consistent with each other (Joe) Escape bytea output for bytes > 0x7e(Joe) If different client encodings are used for bytea output and input, it is possible for bytea values to be corrupted by the differing encodings. This fix escapes all bytes that might be affected. Added missing SPI_finish() calls to dblink's get_tuple_of_interest() (Joe) New Czech FAQ Fix information schema view constraint_column_usage for foreign keys (Peter) ECPG fixes (Michael) Fix bug with multiple IN subqueries and joins in the subqueries (Tom) Allow COUNT('x') to work (Tom) Install ECPG include files for Informix compatibility into separate directory (Peter) Some names of ECPG include files for Informix compatibility conflicted with operating system include files. By installing them in their own directory, name conflicts have been reduced. Fix SSL memory leak (Neil) This release fixes a bug in 7.4 where SSL didn't free all memory it allocated. Prevent pg_service.conf from using service name as default dbname (Bruce) Fix local ident authentication on FreeBSD (Tom) 2003-11-17 Major changes in this release: IN / NOT IN subqueries are now much more efficient In previous releases, IN/NOT IN subqueries were joined to the upper query by sequentially scanning the subquery looking for a match. The 7.4 code uses the same sophisticated techniques used by ordinary joins and so is much faster. An IN will now usually be as fast as or faster than an equivalent EXISTS subquery; this reverses the conventional wisdom that applied to previous releases. Improved GROUP BY processing by using hash buckets In previous releases, rows to be grouped had to be sorted first. The 7.4 code can do GROUP BY without sorting, by accumulating results into a hash table with one entry per group. It will still use the sort technique, however, if the hash table is estimated to be too large to fit in sort_mem. New multikey hash join capability In previous releases, hash joins could only occur on single keys. This release allows multicolumn hash joins. Queries using the explicit JOIN syntax are now better optimized Prior releases evaluated queries using the explicit JOIN syntax only in the order implied by the syntax. 7.4 allows full optimization of these queries, meaning the optimizer considers all possible join orderings and chooses the most efficient. Outer joins, however, must still follow the declared ordering. Faster and more powerful regular expression code The entire regular expression module has been replaced with a new version by Henry Spencer, originally written for Tcl. The code greatly improves performance and supports several flavors of regular expressions. Function-inlining for simple SQL functions Simple SQL functions can now be inlined by including their SQL in the main query. This improves performance by eliminating per-call overhead. That means simple SQL functions now behave like macros. Full support for IPv6 connections and IPv6 address data types Previous releases allowed only IPv4 connections, and the IP data types only supported IPv4 addresses. This release adds full IPv6 support in both of these areas. Major improvements in SSL performance and reliability Several people very familiar with the SSL API have overhauled our SSL code to improve SSL key negotiation and error recovery. Make free space map efficiently reuse empty index pages, and other free space management improvements In previous releases, B-tree index pages that were left empty because of deleted rows could only be reused by rows with index values similar to the rows originally indexed on that page. In 7.4, VACUUM records empty index pages and allows them to be reused for any future index rows. SQL-standard information schema The information schema provides a standardized and stable way to access information about the schema objects defined in a database. Cursors conform more closely to the SQL standard The commands FETCH and MOVE have been overhauled to conform more closely to the SQL standard. Cursors can exist outside transactions These cursors are also called holdable cursors. New client-to-server protocol The new protocol adds error codes, more status information, faster startup, better support for binary data transmission, parameter values separated from SQL commands, prepared statements available at the protocol level, and cleaner recovery from COPY failures. The older protocol is still supported by both server and clients. libpq and ECPG applications are now fully thread-safe While previous libpq releases already supported threads, this release improves thread safety by fixing some non-thread-safe code that was used during database connection startup. The configure option --enable-thread-safety must be used to enable this feature. New version of full-text indexing A new full-text indexing suite is available in contrib/tsearch2. New autovacuum tool The new autovacuum tool in contrib/autovacuum monitors the database statistics tables for INSERT/UPDATE/DELETE activity and automatically vacuums tables when needed. Array handling has been improved and moved into the server core Many array limitations have been removed, and arrays behave more like fully-supported data types. A dump/restore using pg_dump is required for those wishing to migrate data from any previous release. Observe the following incompatibilities: The server-side autocommit setting was removed and reimplemented in client applications and languages. Server-side autocommit was causing too many problems with languages and applications that wanted to control their own autocommit behavior, so autocommit was removed from the server and added to individual client APIs as appropriate. Error message wording has changed substantially in this release. Significant effort was invested to make the messages more consistent and user-oriented. If your applications try to detect different error conditions by parsing the error message, you are strongly encouraged to use the new error code facility instead. Inner joins using the explicit JOIN syntax might behave differently because they are now better optimized. A number of server configuration parameters have been renamed for clarity, primarily those related to logging. FETCH 0 or MOVE 0 now does nothing. In prior releases, FETCH 0 would fetch all remaining rows, and MOVE 0 would move to the end of the cursor. FETCH and MOVE now return the actual number of rows fetched/moved, or zero if at the beginning/end of the cursor. Prior releases would return the row count passed to the command, not the number of rows actually fetched or moved. COPY now can process files that use carriage-return or carriage-return/line-feed end-of-line sequences. Literal carriage-returns and line-feeds are no longer accepted in data values; use \r and \n instead. Trailing spaces are now trimmed when converting from type char(n) to varchar(n) or text. This is what most people always expected to happen anyway. The data type float(p) now measures p in binary digits, not decimal digits. The new behavior follows the SQL standard. Ambiguous date values now must match the ordering specified by the datestyle setting. In prior releases, a date specification of 10/20/03 was interpreted as a date in October even if datestyle specified that the day should be first. 7.4 will throw an error if a date specification is invalid for the current setting of datestyle. The functions oidrand, oidsrand, and userfntest have been removed. These functions were determined to be no longer useful. String literals specifying time-varying date/time values, such as 'now' or 'today' will no longer work as expected in column default expressions; they now cause the time of the table creation to be the default, not the time of the insertion. Functions such as now(), current_timestamp, or current_date should be used instead. In previous releases, there was special code so that strings such as 'now' were interpreted at INSERT time and not at table creation time, but this work around didn't cover all cases. Release 7.4 now requires that defaults be defined properly using functions such as now() or current_timestamp. These will work in all situations. The dollar sign ($) is no longer allowed in operator names. It can instead be a non-first character in identifiers. This was done to improve compatibility with other database systems, and to avoid syntax problems when parameter placeholders ($n) are written adjacent to operators. Below you will find a detailed account of the changes between release 7.4 and the previous major release. Allow IPv6 server connections (Nigel Kukard, Johan Jordaan, Bruce, Tom, Kurt Roeckx, Andrew Dunstan) Fix SSL to handle errors cleanly (Nathan Mueller) In prior releases, certain SSL API error reports were not handled correctly. This release fixes those problems. SSL protocol security and performance improvements (Sean Chittenden) SSL key renegotiation was happening too frequently, causing poor SSL performance. Also, initial key handling was improved. Print lock information when a deadlock is detected (Tom) This allows easier debugging of deadlock situations. Update /tmp socket modification times regularly to avoid their removal (Tom) This should help prevent /tmp directory cleaner administration scripts from removing server socket files. Enable PAM for Mac OS X (Aaron Hillegass) Make B-tree indexes fully WAL-safe (Tom) In prior releases, under certain rare cases, a server crash could cause B-tree indexes to become corrupt. This release removes those last few rare cases. Allow B-tree index compaction and empty page reuse (Tom) Fix inconsistent index lookups during split of first root page (Tom) In prior releases, when a single-page index split into two pages, there was a brief period when another database session could miss seeing an index entry. This release fixes that rare failure case. Improve free space map allocation logic (Tom) Preserve free space information between server restarts (Tom) In prior releases, the free space map was not saved when the postmaster was stopped, so newly started servers had no free space information. This release saves the free space map, and reloads it when the server is restarted. Add start time to pg_stat_activity (Neil) New code to detect corrupt disk pages; erase with zero_damaged_pages (Tom) New client/server protocol: faster, no username length limit, allow clean exit from COPY (Tom) Add transaction status, table ID, column ID to client/server protocol (Tom) Add binary I/O to client/server protocol (Tom) Remove autocommit server setting; move to client applications (Tom) New error message wording, error codes, and three levels of error detail (Tom, Joe, Peter) Add hashing for GROUP BY aggregates (Tom) Make nested-loop joins be smarter about multicolumn indexes (Tom) Allow multikey hash joins (Tom) Improve constant folding (Tom) Add ability to inline simple SQL functions (Tom) Reduce memory usage for queries using complex functions (Tom) In prior releases, functions returning allocated memory would not free it until the query completed. This release allows the freeing of function-allocated memory when the function call completes, reducing the total memory used by functions. Improve GEQO optimizer performance (Tom) This release fixes several inefficiencies in the way the GEQO optimizer manages potential query paths. Allow IN/NOT IN to be handled via hash tables (Tom) Improve NOT IN (subquery) performance (Tom) Allow most IN subqueries to be processed as joins (Tom) Pattern matching operations can use indexes regardless of locale (Peter) There is no way for non-ASCII locales to use the standard indexes for LIKE comparisons. This release adds a way to create a special index for LIKE. Allow the postmaster to preload libraries using preload_libraries (Joe) For shared libraries that require a long time to load, this option is available so the library can be preloaded in the postmaster and inherited by all database sessions. Improve optimizer cost computations, particularly for subqueries (Tom) Avoid sort when subquery ORDER BY matches upper query (Tom) Deduce that WHERE a.x = b.y AND b.y = 42 also means a.x = 42 (Tom) Allow hash/merge joins on complex joins (Tom) Allow hash joins for more data types (Tom) Allow join optimization of explicit inner joins, disable with join_collapse_limit (Tom) Add parameter from_collapse_limit to control conversion of subqueries to joins (Tom) Use faster and more powerful regular expression code from Tcl (Henry Spencer, Tom) Use bit-mapped relation sets in the optimizer (Tom) Improve connection startup time (Tom) The new client/server protocol requires fewer network packets to start a database session. Improve trigger/constraint performance (Stephan) Improve speed of col IN (const, const, const, ...) (Tom) Fix hash indexes which were broken in rare cases (Tom) Improve hash index concurrency and speed (Tom) Prior releases suffered from poor hash index performance, particularly for high concurrency situations. This release fixes that, and the development group is interested in reports comparing B-tree and hash index performance. Align shared buffers on 32-byte boundary for copy speed improvement (Manfred Spraul) Certain CPU's perform faster data copies when addresses are 32-byte aligned. Data type numeric reimplemented for better performance (Tom) numeric used to be stored in base 100. The new code uses base 10000, for significantly better performance. Rename server parameter server_min_messages to log_min_messages (Bruce) This was done so most parameters that control the server logs begin with log_. Rename show_*_stats to log_*_stats (Bruce) Rename show_source_port to log_source_port (Bruce) Rename hostname_lookup to log_hostname (Bruce) Add checkpoint_warning to warn of excessive checkpointing (Bruce) In prior releases, it was difficult to determine if checkpoint was happening too frequently. This feature adds a warning to the server logs when excessive checkpointing happens. New read-only server parameters for localization (Tom) Change debug server log messages to output as DEBUG rather than LOG (Bruce) Prevent server log variables from being turned off by non-superusers (Bruce) This is a security feature so non-superusers cannot disable logging that was enabled by the administrator. log_min_messages/client_min_messages now controls debug_* output (Bruce) This centralizes client debug information so all debug output can be sent to either the client or server logs. Add Mac OS X Rendezvous server support (Chris Campbell) This allows Mac OS X hosts to query the network for available PostgreSQL servers. Add ability to print only slow statements using log_min_duration_statement (Christopher) This is an often requested debugging feature that allows administrators to see only slow queries in their server logs. Allow pg_hba.conf to accept netmasks in CIDR format (Andrew Dunstan) This allows administrators to merge the host IP address and netmask fields into a single CIDR field in pg_hba.conf. New read-only parameter is_superuser (Tom) New parameter log_error_verbosity to control error detail (Tom) This works with the new error reporting feature to supply additional error information like hints, file names and line numbers. postgres --describe-config now dumps server config variables (Aizaz Ahmed, Peter) This option is useful for administration tools that need to know the configuration variable names and their minimums, maximums, defaults, and descriptions. Add new columns in pg_settings: context, type, source, min_val, max_val (Joe) Make default shared_buffers 1000 and max_connections 100, if possible (Tom) Prior versions defaulted to 64 shared buffers so PostgreSQL would start on even very old systems. This release tests the amount of shared memory allowed by the platform and selects more reasonable default values if possible. Of course, users are still encouraged to evaluate their resource load and size shared_buffers accordingly. New pg_hba.conf record type hostnossl to prevent SSL connections (Jon Jensen) In prior releases, there was no way to prevent SSL connections if both the client and server supported SSL. This option allows that capability. Remove parameter geqo_random_seed (Tom) Add server parameter regex_flavor to control regular expression processing (Tom) Make pg_ctl better handle nonstandard ports (Greg) New SQL-standard information schema (Peter) Add read-only transactions (Peter) Print key name and value in foreign-key violation messages (Dmitry Tkach) Allow users to see their own queries in pg_stat_activity (Kevin Brown) In prior releases, only the superuser could see query strings using pg_stat_activity. Now ordinary users can see their own query strings. Fix aggregates in subqueries to match SQL standard (Tom) The SQL standard says that an aggregate function appearing within a nested subquery belongs to the outer query if its argument contains only outer-query variables. Prior PostgreSQL releases did not handle this fine point correctly. Add option to prevent auto-addition of tables referenced in query (Nigel J. Andrews) By default, tables mentioned in the query are automatically added to the FROM clause if they are not already there. This is compatible with historic POSTGRES behavior but is contrary to the SQL standard. This option allows selecting standard-compatible behavior. Allow UPDATE ... SET col = DEFAULT (Rod) This allows UPDATE to set a column to its declared default value. Allow expressions to be used in LIMIT/OFFSET (Tom) In prior releases, LIMIT/OFFSET could only use constants, not expressions. Implement CREATE TABLE AS EXECUTE (Neil, Peter) Make CREATE SEQUENCE grammar more conforming to SQL:2003 (Neil) Add statement-level triggers (Neil) While this allows a trigger to fire at the end of a statement, it does not allow the trigger to access all rows modified by the statement. This capability is planned for a future release. Add check constraints for domains (Rod) This greatly increases the usefulness of domains by allowing them to use check constraints. Add ALTER DOMAIN (Rod) This allows manipulation of existing domains. Fix several zero-column table bugs (Tom) PostgreSQL supports zero-column tables. This fixes various bugs that occur when using such tables. Have ALTER TABLE ... ADD PRIMARY KEY add not-null constraint (Rod) In prior releases, ALTER TABLE ... ADD PRIMARY would add a unique index, but not a not-null constraint. That is fixed in this release. Add ALTER TABLE ... WITHOUT OIDS (Rod) This allows control over whether new and updated rows will have an OID column. This is most useful for saving storage space. Add ALTER SEQUENCE to modify minimum, maximum, increment, cache, cycle values (Rod) Add ALTER TABLE ... CLUSTER ON (Alvaro Herrera) This command is used by pg_dump to record the cluster column for each table previously clustered. This information is used by database-wide cluster to cluster all previously clustered tables. Improve automatic type casting for domains (Rod, Tom) Allow dollar signs in identifiers, except as first character (Tom) Disallow dollar signs in operator names, so x=$1 works (Tom) Allow copying table schema using LIKE subtable, also SQL:2003 feature INCLUDING DEFAULTS (Rod) Add WITH GRANT OPTION clause to GRANT (Peter) This enabled GRANT to give other users the ability to grant privileges on a object. Add ON COMMIT clause to CREATE TABLE for temporary tables (Gavin) This adds the ability for a table to be dropped or all rows deleted on transaction commit. Allow cursors outside transactions using WITH HOLD (Neil) In previous releases, cursors were removed at the end of the transaction that created them. Cursors can now be created with the WITH HOLD option, which allows them to continue to be accessed after the creating transaction has committed. FETCH 0 and MOVE 0 now do nothing (Bruce) In previous releases, FETCH 0 fetched all remaining rows, and MOVE 0 moved to the end of the cursor. Cause FETCH and MOVE to return the number of rows fetched/moved, or zero if at the beginning/end of cursor, per SQL standard (Bruce) In prior releases, the row count returned by FETCH and MOVE did not accurately reflect the number of rows processed. Properly handle SCROLL with cursors, or report an error (Neil) Allowing random access (both forward and backward scrolling) to some kinds of queries cannot be done without some additional work. If SCROLL is specified when the cursor is created, this additional work will be performed. Furthermore, if the cursor has been created with NO SCROLL, no random access is allowed. Implement SQL-compatible options FIRST, LAST, ABSOLUTE n, RELATIVE n for FETCH and MOVE (Tom) Allow EXPLAIN on DECLARE CURSOR (Tom) Allow CLUSTER to use index marked as pre-clustered by default (Alvaro Herrera) Allow CLUSTER to cluster all tables (Alvaro Herrera) This allows all previously clustered tables in a database to be reclustered with a single command. Prevent CLUSTER on partial indexes (Tom) Allow DOS and Mac line-endings in COPY files (Bruce) Disallow literal carriage return as a data value, backslash-carriage-return and \r are still allowed (Bruce) COPY changes (binary, \.) (Tom) Recover from COPY failure cleanly (Tom) Prevent possible memory leaks in COPY (Tom) Make TRUNCATE transaction-safe (Rod) TRUNCATE can now be used inside a transaction. If the transaction aborts, the changes made by the TRUNCATE are automatically rolled back. Allow prepare/bind of utility commands like FETCH and EXPLAIN (Tom) Add EXPLAIN EXECUTE (Neil) Improve VACUUM performance on indexes by reducing WAL traffic (Tom) Functional indexes have been generalized into indexes on expressions (Tom) In prior releases, functional indexes only supported a simple function applied to one or more column names. This release allows any type of scalar expression. Have SHOW TRANSACTION ISOLATION match input to SET TRANSACTION ISOLATION (Tom) Have COMMENT ON DATABASE on nonlocal database generate a warning, rather than an error (Rod) Database comments are stored in database-local tables so comments on a database have to be stored in each database. Improve reliability of LISTEN/NOTIFY (Tom) Allow REINDEX to reliably reindex nonshared system catalog indexes (Tom) This allows system tables to be reindexed without the requirement of a standalone session, which was necessary in previous releases. The only tables that now require a standalone session for reindexing are the global system tables pg_database, pg_shadow, and pg_group. New server parameter extra_float_digits to control precision display of floating-point numbers (Pedro Ferreira, Tom) This controls output precision which was causing regression testing problems. Allow +1300 as a numeric time-zone specifier, for FJST (Tom) Remove rarely used functions oidrand, oidsrand, and userfntest functions (Neil) Add md5() function to main server, already in contrib/pgcrypto (Joe) An MD5 function was frequently requested. For more complex encryption capabilities, use contrib/pgcrypto. Increase date range of timestamp (John Cochran) Change EXTRACT(EPOCH FROM timestamp) so timestamp without time zone is assumed to be in local time, not GMT (Tom) Trap division by zero in case the operating system doesn't prevent it (Tom) Change the numeric data type internally to base 10000 (Tom) New hostmask() function (Greg Wickham) Fixes for to_char() and to_timestamp() (Karel) Allow functions that can take any argument data type and return any data type, using anyelement and anyarray (Joe) This allows the creation of functions that can work with any data type. Arrays can now be specified as ARRAY[1,2,3], ARRAY[['a','b'],['c','d']], or ARRAY[ARRAY[ARRAY[2]]] (Joe) Allow proper comparisons for arrays, including ORDER BY and DISTINCT support (Joe) Allow indexes on array columns (Joe) Allow array concatenation with || (Joe) Allow WHERE qualification expr op ANY/SOME/ALL (array_expr) (Joe) This allows arrays to behave like a list of values, for purposes like SELECT * FROM tab WHERE col IN (array_val). New array functions array_append, array_cat, array_lower, array_prepend, array_to_string, array_upper, string_to_array (Joe) Allow user defined aggregates to use polymorphic functions (Joe) Allow assignments to empty arrays (Joe) Allow 60 in seconds fields of time, timestamp, and interval input values (Tom) Sixty-second values are needed for leap seconds. Allow cidr data type to be cast to text (Tom) Disallow invalid time zone names in SET TIMEZONE Trim trailing spaces when char is cast to varchar or text (Tom) Make float(p) measure the precision p in binary digits, not decimal digits (Tom) Add IPv6 support to the inet and cidr data types (Michael Graff) Add family() function to report whether address is IPv4 or IPv6 (Michael Graff) Have SHOW datestyle generate output similar to that used by SET datestyle (Tom) Make EXTRACT(TIMEZONE) and SET/SHOW TIME ZONE follow the SQL convention for the sign of time zone offsets, i.e., positive is east from UTC (Tom) Fix date_trunc('quarter', ...) (Böjthe Zoltán) Prior releases returned an incorrect value for this function call. Make initcap() more compatible with Oracle (Mike Nolan) initcap() now uppercases a letter appearing after any non-alphanumeric character, rather than only after whitespace. Allow only datestyle field order for date values not in ISO-8601 format (Greg) Add new datestyle values MDY, DMY, and YMD to set input field order; honor US and European for backward compatibility (Tom) String literals like 'now' or 'today' will no longer work as a column default. Use functions such as now(), current_timestamp instead. (change required for prepared statements) (Tom) Treat NaN as larger than any other value in min()/max() (Tom) NaN was already sorted after ordinary numeric values for most purposes, but min() and max() didn't get this right. Prevent interval from suppressing :00 seconds display New functions pg_get_triggerdef(prettyprint) and pg_conversion_is_visible() (Christopher) Allow time to be specified as 040506 or 0405 (Tom) Input date order must now be YYYY-MM-DD (with 4-digit year) or match datestyle Make pg_get_constraintdef support unique, primary-key, and check constraints (Christopher) Prevent PL/pgSQL crash when RETURN NEXT is used on a zero-row record variable (Tom) Make PL/Python's spi_execute interface handle null values properly (Andrew Bosma) Allow PL/pgSQL to declare variables of composite types without %ROWTYPE (Tom) Fix PL/Python's _quote() function to handle big integers Make PL/Python an untrusted language, now called plpythonu (Kevin Jacobs, Tom) The Python language no longer supports a restricted execution environment, so the trusted version of PL/Python was removed. If this situation changes, a version of PL/Python that can be used by non-superusers will be readded. Allow polymorphic PL/pgSQL functions (Joe, Tom) Allow polymorphic SQL functions (Joe) Improved compiled function caching mechanism in PL/pgSQL with full support for polymorphism (Joe) Add new parameter $0 in PL/pgSQL representing the function's actual return type (Joe) Allow PL/Tcl and PL/Python to use the same trigger on multiple tables (Tom) Fixed PL/Tcl's spi_prepare to accept fully qualified type names in the parameter type list (Jan) Add \pset pager always to always use pager (Greg) This forces the pager to be used even if the number of rows is less than the screen height. This is valuable for rows that wrap across several screen rows. Improve tab completion (Rod, Ross Reedstrom, Ian Barwick) Reorder \? help into groupings (Harald Armin Massa, Bruce) Add backslash commands for listing schemas, casts, and conversions (Christopher) \encoding now changes based on the server parameter client_encoding (Tom) In previous versions, \encoding was not aware of encoding changes made using SET client_encoding. Save editor buffer into readline history (Ross) When \e is used to edit a query, the result is saved in the readline history for retrieval using the up arrow. Improve \d display (Christopher) Enhance HTML mode to be more standards-conforming (Greg) New \set AUTOCOMMIT off capability (Tom) This takes the place of the removed server parameter autocommit. New \set VERBOSITY to control error detail (Tom) This controls the new error reporting details. New prompt escape sequence %x to show transaction status (Tom) Long options for psql are now available on all platforms Multiple pg_dump fixes, including tar format and large objects Allow pg_dump to dump specific schemas (Neil) Make pg_dump preserve column storage characteristics (Christopher) This preserves ALTER TABLE ... SET STORAGE information. Make pg_dump preserve CLUSTER characteristics (Christopher) Have pg_dumpall use GRANT/REVOKE to dump database-level privileges (Tom) Allow pg_dumpall to support the options -a, -s, -x of pg_dump (Tom) Prevent pg_dump from lowercasing identifiers specified on the command line (Tom) pg_dump options --use-set-session-authorization and --no-reconnect now do nothing, all dumps use SET SESSION AUTHORIZATION pg_dump no longer reconnects to switch users, but instead always uses SET SESSION AUTHORIZATION. This will reduce password prompting during restores. Long options for pg_dump are now available on all platforms PostgreSQL now includes its own long-option processing routines. Add function PQfreemem for freeing memory on Windows, suggested for NOTIFY (Bruce) Windows requires that memory allocated in a library be freed by a function in the same library, hence free() doesn't work for freeing memory allocated by libpq. PQfreemem is the proper way to free libpq memory, especially on Windows, and is recommended for other platforms as well. Document service capability, and add sample file (Bruce) This allows clients to look up connection information in a central file on the client machine. Make PQsetdbLogin have the same defaults as PQconnectdb (Tom) Allow libpq to cleanly fail when result sets are too large (Tom) Improve performance of function PQunescapeBytea (Ben Lamb) Allow thread-safe libpq with configure option --enable-thread-safety (Lee Kindness, Philip Yarra) Allow function pqInternalNotice to accept a format string and arguments instead of just a preformatted message (Tom, Sean Chittenden) Control SSL negotiation with sslmode values disable, allow, prefer, and require (Jon Jensen) Allow new error codes and levels of text (Tom) Allow access to the underlying table and column of a query result (Tom) This is helpful for query-builder applications that want to know the underlying table and column names associated with a specific result set. Allow access to the current transaction status (Tom) Add ability to pass binary data directly to the server (Tom) Add function PQexecPrepared and PQsendQueryPrepared functions which perform bind/execute of previously prepared statements (Tom) Allow setNull on updateable result sets Allow executeBatch on a prepared statement (Barry) Support SSL connections (Barry) Handle schema names in result sets (Paul Sorenson) Add refcursor support (Nic Ferrier) Prevent possible memory leak or core dump during libpgtcl shutdown (Tom) Add Informix compatibility to ECPG (Michael) This allows ECPG to process embedded C programs that were written using certain Informix extensions. Add type decimal to ECPG that is fixed length, for Informix (Michael) Allow thread-safe embedded SQL programs with configure option --enable-thread-safety (Lee Kindness, Bruce) This allows multiple threads to access the database at the same time. Moved Python client PyGreSQL to (Marc) Prevent need for separate platform geometry regression result files (Tom) Improved PPC locking primitive (Reinhard Max) New function palloc0 to allocate and clear memory (Bruce) Fix locking code for s390x CPU (64-bit) (Tom) Allow OpenBSD to use local ident credentials (William Ahern) Make query plan trees read-only to executor (Tom) Add Darwin startup scripts (David Wheeler) Allow libpq to compile with Borland C++ compiler (Lester Godwin, Karl Waclawek) Use our own version of getopt_long() if needed (Peter) Convert administration scripts to C (Peter) Bison >= 1.85 is now required to build the PostgreSQL grammar, if building from CVS Merge documentation into one book (Peter) Add Windows compatibility functions (Bruce) Allow client interfaces to compile under MinGW (Bruce) New ereport() function for error reporting (Tom) Support Intel compiler on Linux (Peter) Improve Linux startup scripts (Slawomir Sudnik, Darko Prenosil) Add support for AMD Opteron and Itanium (Jeffrey W. Baker, Bruce) Remove --enable-recode option from configure This was no longer needed now that we have CREATE CONVERSION. Generate a compile error if spinlock code is not found (Bruce) Platforms without spinlock code will now fail to compile, rather than silently using semaphores. This failure can be disabled with a new configure option. Change dbmirror license to BSD Improve earthdistance (Bruno Wolff III) Portability improvements to pgcrypto (Marko Kreen) Prevent crash in xml (John Gray, Michael Richards) Update oracle Update mysql Update cube (Bruno Wolff III) Update earthdistance to use cube (Bruno Wolff III) Update btree_gist (Oleg) New tsearch2 full-text search module (Oleg, Teodor) Add hash-based crosstab function to tablefuncs (Joe) Add serial column to order connectby() siblings in tablefuncs (Nabil Sayegh,Joe) Add named persistent connections to dblink (Shridhar Daithanka) New pg_autovacuum allows automatic VACUUM (Matthew T. O'Connor) Make pgbench honor environment variables PGHOST, PGPORT, PGUSER (Tatsuo) Improve intarray (Teodor Sigaev) Improve pgstattuple (Rod) Fix bug in metaphone() in fuzzystrmatch Improve adddepend (Rod) Update spi/timetravel (Böjthe Zoltán) Fix dbase -s option and improve non-ASCII handling (Thomas Behr, Márcio Smiderle) Remove array module because features now included by default (Joe)