* CVE-2012-3488: PostgreSQL insecure use of libxslt
* CVE-2012-3489: PostgreSQL insecure use of libxml2
* Updates and corrections to time zone data
* Multiple documentation updates and corrections
* Add limit on max_wal_senders
* Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
* Correct behavior of unicode conversions for PL/Python
* Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
* Fix syslogger so that log_truncate_on_rotation works in the first rotation.
* Only allow autovacuum to be auto-canceled by a directly blocked process.
* Improve fsync request queue operation
* Prevent corner-case core dump in rfree().
* Fix Walsender so that it responds correctly to timeouts and deadlocks
* Several PL/Perl fixes for encoding-related issues
* Make selectivity operators use the correct collation
* Prevent unsuitable slaves from being selected for synchronous replication
* Make REASSIGN OWNED work on extensions as well
* Fix race condition with ENUM comparisons
* Make NOTIFY cope with out-of-disk-space
* Fix memory leak in ARRAY subselect queries
* Reduce data loss at replication failover
* Fix behavior of subtransactions with Hot Standby
Due to updated PKG_DEVELOPER checks, postgresql83-server started failing
with the following message:
ERROR: lib/postgresql/plpgsql.so: missing libintl.so.8
The plpgsql.so library had no rpath set other than what the base compiler
adds by default. On DragonFly, the libintl.so library would likely have
been found anyway as /usr/pkg/lib is part of the LD_CONFIG hint file
search path, but that isn't a guarantee.
The new patch adds ${libdir} to the plpgsql.so rpath so it passes
PKG_DEVELOPER checks now.
Changes:
* Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer)
* If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. (CVE-2012-2143)
* Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane)
* Applying such attributes to a call handler could crash the server. (CVE-2012-2655)
* Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC (Tom Lane)
* Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload.
* Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone (Tom Lane)
* This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions.
* Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings (Karl Schnaitter)
* Fix memory copying bug in to_tsquery() (Heikki Linnakangas)
* Fix slow session startup when pg_attribute is very large (Tom Lane)
* If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once.
* Ensure sequential scans check for query cancel reasonably often (Merlin Moncure)
* A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile.
* Ensure the Windows implementation of PGSemaphoreLock() clears ImmediateInterruptOK before returning (Tom Lane)
* This oversight meant that a query-cancel interrupt received later in the same query could be accepted at an unsafe time, with unpredictable but not good consequences.
* Show whole-row variables safely when printing views or rules (Abbas Butt, Tom Lane)
* Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast.
* Ensure autovacuum worker processes perform stack depth checking properly (Heikki Linnakangas)
* Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes.
* Fix logging collector to not lose log coherency under high load (Andrew Dunstan)
* The collector previously could fail to reassemble large messages if it got too busy.
* Fix logging collector to ensure it will restart file rotation after receiving SIGHUP (Tom Lane)
* Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable (Tom Lane)
* Fix several performance problems in pg_dump when the database contains many objects (Jeff Janes, Tom Lane)
* pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences.
* Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error (Tom Lane)
* Update time zone data files to tzdata release 2012c for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; also historical corrections for Canada.
* Fix bugs in information_schema.referential_constraints view
* Correct collations for citext columns and indexes
* Prevent possible crash when joining to a scalar function
* Prevent transitory data corruption of GIN indexes after a crash
* Prevent data corruption on TOAST columns when copying data
* Fix failures during hot standby startup
* Correct another "variable not found in subplan target list" bug
* Fix bug with sorting on aggregate expressions in windowing functions
* Multiple bug fixes for pg_upgrade
* Change Foreign Key creation order to better support self-referential keys
* Multiple bug fixes to CREATE EXTENSION
* Ensure that function return type and data returned from PL/perl agree
* Ensure that PL/perl strings are always UTF-8
* Assorted bug fixes for various Extensions
* Updates to the time zone database, particularly to CST6
* Fix bugs in indexing of in-doubt HOT-updated tuples
* Fix multiple bugs in GiST index page split processing
* Fix possible buffer overrun in tsvector_concat()
* Fix crash in xml_recv when processing a "standalone" parameter
* Avoid possibly accessing off the end of memory in "ANALYZE" and in
SJIS-2004 encoding conversion
* Fix race condition in relcache init file invalidation
* Fix memory leak at end of a GiST index scan
* Fix performance problem when constructing a large, lossy bitmap
* Fix array- and path-creating functions to ensure padding bytes are zeroes
* Work around gcc 4.6.0 bug that breaks WAL replay
* Fix dump bug for VALUES in a view
* Disallow SELECT FOR UPDATE/SHARE on sequences
This operation doesn't work as expected and can lead to failures.
* Defend against integer overflow when computing size of a hash table
* Fix cases where "CLUSTER" might attempt to access already-removed
TOAST data
* Fix portability bugs in use of credentials control messages for
"peer" authentication
* Fix SSPI login when multiple roundtrips are required
* Fix typo in pg_srand48 seed initialization
* Avoid integer overflow when the sum of LIMIT and OFFSET values
exceeds 2^63
* Add overflow checks to int4 and int8 versions of generate_series()
* Fix trailing-zero removal in to_char()
* Fix pg_size_pretty() to avoid overflow for inputs close to 2^63
* In pg_ctl, support silent mode for service registrations on Windows
* Fix psql's counting of script file line numbers during COPY from a
different file
* more...
* fix build issues on HP-UX and Itanium
* update time zone files for recent time zone changes
* change SQLSTATE for Hot Standby warnings
* prevent bgwriter hang during recovery
* prevent recursive composite type creation
* disallow dropping tables whose triggers are still pending
* allow use of "replication" as a user name
* prevent a crash during GEQO planning
* improve join plans for tables with missing statistics
* fix error with SELECT FOR UPDATE in a subselect
* close PL/python array slice memory leak
* allow SSL connections for users with no home directory
* Avoid failures when "EXPLAIN" tries to display a simple-form CASE
expression.
* Fix assignment to an array slice that is before the existing range
of subscripts.
* Avoid unexpected conversion overflow in planner for very distant
date values.
* Fix pg_restore's text output for large objects (BLOBs) when
standard_conforming_strings is on.
* Fix erroneous parsing of tsquery values containing ... &
!(subexpression) | ...
* Fix buffer overrun in "contrib/intarray"'s input function for the
query_int type.
* Fix bug in "contrib/seg"'s GiST picksplit algorithm.
* Force the default wal_sync_method to be fdatasync on Linux
* Fix assorted bugs in WAL replay logic for GIN indexes
* Fix recovery from base backup when the starting checkpoint WAL
record is not in the same WAL segment as its redo point
* Fix persistent slowdown of autovacuum workers when multiple workers
remain active for a long time
* Add support for detecting register-stack overrun on IA64
* Add a check for stack overflow in copyObject()
* Fix detection of page splits in temporary GiST indexes
* Avoid memory leakage while "ANALYZE"'ing complex index expressions
* Ensure an index that uses a whole-row Var still depends on its
table
* Do not "inline" a SQL function with multiple OUT parameters
* Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is
attached to the VALUES part of INSERT ... VALUES
* Fix constant-folding of COALESCE() expressions
* Fix postmaster crash when connection acceptance (accept() or one of
the calls made immediately after it) fails, and the postmaster was
compiled with GSSAPI support
* Fix missed unlink of temporary files when log_temp_files is active
* Add print functionality for InhRelation nodes
* Fix incorrect calculation of distance from a point to a horizontal
line segment
* Fix PL/pgSQL's handling of "simple" expressions to not fail in
recursion or error-recovery cases
* Fix PL/Python's handling of set-returning functions
* Fix bug in "contrib/cube"'s GiST picksplit algorithm
* Don't emit "identifier will be truncated" notices in
"contrib/dblink" except when creating new connections
* Fix potential coredump on missing public key in "contrib/pgcrypto"
* Fix memory leak in "contrib/xml2"'s XPath query functions
* Update time zone data files to tzdata release 2010o for DST law
changes in Fiji and Samoa; also historical corrections for Hong
Kong.
* Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl
* Prevent possible crashes in pg_get_expr() by disallowing it from being called
with an argument that is not one of the system catalog columns it's intended
to be used with
* Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on Windows
* Fix incorrect usage of non-strict OR joinclauses in Append indexscans
* Fix possible duplicate scans of UNION ALL member relations
* Fix "cannot handle unplanned sub-select" error
* Fix failure to mark cached plans as transient
* Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and
provide additional detail in the resulting error messages
* Prevent show_session_authorization() from crashing within autovacuum
processes
* Defend against functions returning setof record where not all the returned
rows are actually of the same rowtype
* Fix possible failure when hashing a pass-by-reference function result.
* Improve merge join's handling of NULLs in the join columns
* Take care to fsync the contents of lockfiles (both "postmaster.pid" and the
socket lockfile) while writing them
* Avoid recursion while assigning XIDs to heavily-nested subtransactions
* Avoid holding open old WAL segments in the walwriter process
* Fix log_line_prefix's %i escape, which could produce junk early in backend
startup
* Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE" when
archiving is enabled
* Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to be
interrupted by query-cancel
* Fix "REASSIGN OWNED" to handle operator classes and families
* Fix possible core dump when comparing two empty tsquery values
* Fix LIKE's handling of patterns containing % followed by _
* Enforce restrictions in plperl using an opmask applied to the whole
interpreter, instead of using "Safe.pm"
* Prevent PL/Tcl from executing untrustworthy code from pltcl_modules
* Fix possible crash if a cache reset message is received during
rebuild of a relcache entry
* Apply per-function GUC settings while running the language
validator for the function
* Do not allow an unprivileged user to reset superuser-only parameter
settings
* Avoid possible crash during backend shutdown if shutdown occurs
when a CONTEXT addition would be made to log entries
* Ensure the archiver process responds to changes in archive_command
as soon as possible
* Update pl/perl's "ppport.h" for modern Perl versions
* Fix assorted memory leaks in pl/python
* Prevent infinite recursion in psql when expanding a variable that
refers to itself
* Fix psql's \copy to not add spaces around a dot within \copy
(select ...)
* Fix unnecessary "GIN indexes do not support whole-index scans"
errors for unsatisfiable queries using "contrib/intarray" operators
* Ensure that "contrib/pgstattuple" functions respond to cancel
interrupts promptly
* Make server startup deal properly with the case that shmget()
returns EINVAL for an existing shared memory segment
* Avoid possible crashes in syslogger process on Windows
* Deal more robustly with incomplete time zone information in the
Windows registry
* Update the set of known Windows time zone names
* Update time zone data files to tzdata release 2010j for DST law
changes in Argentina, Australian Antarctic, Bangladesh, Mexico,
Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also
historical corrections for Taiwan.
Also, add PKST (Pakistan Summer Time) to the default set of
timezone abbreviations.
* Add new configuration parameter ssl_renegotiation_limit to control
how often we do session key renegotiation for an SSL connection
* Fix possible deadlock during backend startup
* Fix possible crashes due to not handling errors during relcache
reload cleanly
* Fix possible crash due to use of dangling pointer to a cached plan
* Fix possible crashes when trying to recover from a failure in
subtransaction start
* Fix server memory leak associated with use of savepoints and a
client encoding different from server's encoding
* Fix incorrect WAL data emitted during end-of-recovery cleanup of a
GIST index page split
* Make substring() for bit types treat any negative length as meaning
"all the rest of the string"
The previous coding treated only -1 that way, and would produce an
invalid result value for other negative values, possibly leading to
a crash (CVE-2010-0442).
* Fix integer-to-bit-string conversions to handle the first
fractional byte correctly when the output bit width is wider than
the given integer by something other than a multiple of 8 bits
* Fix some cases of pathologically slow regular expression matching
* Fix assorted crashes in xml processing caused by sloppy memory
management
* Fix bug with trying to update a field of an element of a
composite-type array column
* Fix the STOP WAL LOCATION entry in backup history files to report
the next WAL segment's name when the end location is exactly at a
segment boundary
* Fix some more cases of temporary-file leakage
This corrects a problem introduced in the previous minor release.
One case that failed is when a plpgsql function returning set is
called within another function's exception handler.
* Improve constraint exclusion processing of boolean-variable cases,
in particular make it possible to exclude a partition that has a
"bool_column = false" constraint
* When reading "pg_hba.conf" and related files, do not treat
@something as a file inclusion request if the @ appears inside
quote marks; also, never treat @ by itself as a file inclusion
request
* Prevent infinite loop on some platforms if a directory is named as
an inclusion target in "pg_hba.conf" and related files
* Fix possible infinite loop if SSL_read or SSL_write fails without
setting errno
This is reportedly possible with some Windows versions of openssl.
* Disallow GSSAPI authentication on local connections, since it
requires a hostname to function correctly
* Make ecpg report the proper SQLSTATE if the connection disappears
* Fix psql's numericlocale option to not format strings it shouldn't
in latex and troff output formats
* Make psql return the correct exit status (3) when ON_ERROR_STOP and
--single-transaction are both specified and an error occurs during
the implied "COMMIT"
* Fix plpgsql failure in one case where a composite column is set to NULL
* Fix possible failure when calling PL/Perl functions from PL/PerlU
or vice versa
* Add volatile markings in PL/Python to avoid possible
compiler-specific misbehavior
* Ensure PL/Tcl initializes the Tcl interpreter fully
The only known symptom of this oversight is that the Tcl clock
command misbehaves if using Tcl 8.5 or later.
* Prevent crash in "contrib/dblink" when too many key columns are
specified to a dblink_build_sql_* function
* Allow zero-dimensional arrays in "contrib/ltree" operations
* Fix assorted crashes in "contrib/xml2" caused by sloppy memory
management
* Make building of "contrib/xml2" more robust on Windows
* Fix race condition in Windows signal handling
One known symptom of this bug is that rows in pg_listener could be
dropped under heavy load.
* Update time zone data files to tzdata release 2010e for DST law
changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa.
* Protect against indirect security threats caused by index functions
changing session-local state
* Reject SSL certificates containing an embedded null byte in the
common name (CN) field
* Fix possible crash during backend-startup-time cache initialization
* Avoid crash on empty thesaurus dictionary
* Prevent signals from interrupting VACUUM at unsafe times
* Fix possible crash due to integer overflow in hash table size
calculation
* Fix very rare crash in inet/cidr comparisons
* Ensure that shared tuple-level locks held by prepared transactions
are not ignored
* Fix premature drop of temporary files used for a cursor that is
accessed within a subtransaction
* Fix memory leak in syslogger process when rotating to a new CSV
logfile
* Fix Windows permission-downgrade logic
* Fix incorrect logic for GiST index page splits, when the split
depends on a non-first column of the index
* Don't error out if recycling or removing an old WAL file fails at
the end of checkpoint
* Ensure WAL files aren't repeatedly archived on Windows
* Fix PAM password processing to be more robust
* Raise the maximum authentication token (Kerberos ticket) size in
GSSAPI and SSPI authentication methods
* More...
* Make "DISCARD ALL" release advisory locks, in addition to
everything it already did
This was decided to be the most appropriate behavior. This could
affect existing applications, however.
* Fix whole-index GiST scans to work correctly
This error could cause rows to be lost if a table is clustered on a
GiST index.
* Fix crash of xmlconcat(NULL)
* Fix possible crash in ispell dictionary if high-bit-set characters
are used as flags
This is known to be done by one widely available Norwegian
dictionary, and the same condition may exist in others.
* Fix misordering of pg_dump output for composite types
The most likely problem was for user-defined operator classes to be
dumped after indexes or views that needed them.
* Improve handling of URLs in headline() function
* Improve handling of overlength headlines in headline() function
* Prevent possible Assert failure or misconversion if an encoding
conversion is created with the wrong conversion function for the
specified pair of encodings
* Fix possible Assert failure if a statement executed in PL/pgSQL is
rewritten into another kind of statement, for example if an
"INSERT" is rewritten into an "UPDATE"
* Ensure that a snapshot is available to datatype input functions
* Make it safer for SPI-using functions to be used within datatype
I/O; in particular, to be used in domain check constraints
* Avoid unnecessary locking of small tables in "VACUUM"
* Fix a problem that sometimes kept "ALTER TABLE ENABLE/DISABLE RULE"
from being recognized by active sessions
* Fix a problem that made UPDATE RETURNING tableoid return zero
instead of the correct OID
* Allow functions declared as taking ANYARRAY to work on the
pg_statistic columns of that type
This used to work, but was unintentionally broken in 8.3.
* Fix planner misestimation of selectivity when transitive equality
is applied to an outer-join clause
This could result in bad plans for queries like ... from a left
join b on a.a1 = b.b1 where a.a1 = 42 ...
* Improve optimizer's handling of long IN lists
This change avoids wasting large amounts of time on such lists when
constraint exclusion is enabled.
* Prevent synchronous scan during GIN index build
Because GIN is optimized for inserting tuples in increasing TID
order, choosing to use a synchronous scan could slow the build by a
factor of three or more.
* Ensure that the contents of a holdable cursor don't depend on the
contents of TOAST tables
* Fix memory leak when a set-returning function is terminated without
reading its whole result
* Fix encoding conversion problems in XML functions when the database
encoding isn't UTF-8
* Fix "contrib/dblink"'s dblink_get_result(text,bool) function
* Fix possible garbage output from "contrib/sslinfo" functions
* Fix incorrect behavior of "contrib/tsearch2" compatibility trigger
when it's fired more than once in a command
* Fix possible mis-signaling in autovacuum
* Support running as a service on Windows 7 beta
* Fix ecpg's handling of varchar structs
* Fix configure script to properly report failure when unable to
obtain linkage information for PL/Perl
* Make all documentation reference pgsql-bugs and/or pgsql-hackers as
appropriate, instead of the now-decommissioned pgsql-ports and
pgsql-patches mailing lists
* Update time zone data files to tzdata release 2009a (for Kathmandu
and historical DST corrections in Switzerland, Cuba)
* Fix GiST index corruption due to marking the wrong index entry
"dead" after a deletion.
This would result in index searches failing to find rows they
should have found.
* Fix backend crash when the client encoding cannot represent a
localized error message.
We have addressed similar issues before, but it would still fail if
the "character has no equivalent" message itself couldn't be
converted. The fix is to disable localization and send the plain
ASCII error message when we detect such a situation.
* Fix possible crash in bytea-to-XML mapping.
* Fix possible crash when deeply nested functions are invoked from a
trigger.
* Improve optimization of "expression" IN ("expression-list") queries.
* Fix mis-expansion of rule queries when a sub-SELECT appears in a
function call in FROM, a multi-row VALUES list, or a RETURNING list.
* Fix Assert failure during rescan of an IS NULL search of a GiST
index.
* Fix memory leak during rescan of a hashed aggregation plan.
* Ensure an error is reported when a newly-defined PL/pgSQL trigger
function is invoked as a normal function.
* Force a checkpoint before "CREATE DATABASE" starts to copy files.
* Prevent possible collision of relfilenode numbers when moving a
table to another tablespace with "ALTER SET TABLESPACE".
* Fix incorrect text search headline generation when single query
item matches first word of text.
* Fix improper display of fractional seconds in interval values when
using a non-ISO datestyle in an "--enable-integer-datetimes" build.
* Make ILIKE compare characters case-insensitively even when they're
escaped.
* Ensure "DISCARD" is handled properly by statement logging.
* Fix incorrect logging of last-completed-transaction time during
PITR recovery.
* Ensure SPI_getvalue and SPI_getbinval behave correctly when the
passed tuple and tuple descriptor have different numbers of columns.
* Mark SessionReplicationRole as PGDLLIMPORT so it can be used by
Slony on Windows.
* Fix small memory leak when using libpq's gsslib parameter.
* Ensure libgssapi is linked into libpq if needed.
* Fix ecpg's parsing of "CREATE ROLE".
* Fix recent breakage of pg_ctl restart.
* Ensure "pg_control" is opened in binary mode.
* Update time zone data files to tzdata release 2008i (for DST law
changes in Argentina, Brazil, Mauritius, Syria)
* Make pg_get_ruledef() parenthesize negative constants (Tom)
Before this fix, a negative constant in a view or rule might be
dumped as, say, -42::integer, which is subtly incorrect: it should
be (-42)::integer due to operator precedence rules. Usually this
would make little difference, but it could interact with another
recent patch to cause PostgreSQL to reject what had been a valid
"SELECT DISTINCT" view query. Since this could result in pg_dump
output failing to reload, it is being treated as a high-priority
fix. The only released versions in which dump output is actually
incorrect are 8.3.1 and 8.2.7.
* Make "ALTER AGGREGATE ... OWNER TO" update pg_shdepend (Tom)
This oversight could lead to problems if the aggregate was later
involved in a "DROP OWNED" or "REASSIGN OWNED" operation.
* Fix character string comparison for Windows locales that consider
different character combinations as equal
* Repair corner-case bugs in "VACUUM FULL"
* Fix misbehavior of foreign key checks involving character or bit
columns
* Avoid needless deadlock failures in no-op foreign-key checks
* Fix possible core dump when re-planning a prepared query
* Fix possible failure when re-planning a query that calls an
SPI-using function
* Fix failure in row-wise comparisons involving columns of different
datatypes
* Fix longstanding "LISTEN"/"NOTIFY" race condition
* Disallow "LISTEN" and "UNLISTEN" within a prepared transaction
* Disallow dropping a temporary table within a prepared transaction
* Fix rare crash when an error occurs during a query using a hash
index
* Fix incorrect comparison of tsquery values
* Fix incorrect behavior of LIKE with non-ASCII characters in
single-byte encodings
* Disable xmlvalidate
With significant new functionality and performance enhancements, this
release represents a major leap forward for PostgreSQL. This was made
possible by a growing community that has dramatically accelerated the
pace of development. This release adds the following major features:
* Full text search is integrated into the core database system
* Support for the SQL/XML standard, including new operators and an
XML data type
* Enumerated data types (ENUM)
* Arrays of composite types
* Universally Unique Identifier (UUID) data type
* Add control over whether NULLs sort first or last
* Updatable cursors
* Server configuration parameters can now be set on a per-function
basis
* User-defined types can now have type modifiers
* Automatically re-plan cached queries when table definitions change
or statistics are updated
* Numerous improvements in logging and statistics collection
* Support Security Service Provider Interface (SSPI) for
authentication on Windows
* Support multiple concurrent autovacuum processes, and other
autovacuum improvements
* Allow the whole PostgreSQL distribution to be compiled with
Microsoft Visual C++