This release contains a variety of fixes from 8.1.10, including fixes
for significant security issues.
This is the last 8.1.X release for which the PostgreSQL community will
produce binary packages for Windows. Windows users are encouraged to
move to 8.2.X or later, since there are Windows-specific fixes in 8.2.X
that are impractical to back-port. 8.1.X will continue to be supported
on other platforms.
then automatically generate a PLIST that says "${PKGNAME} has no files".
* If PLIST_SRC and GENERATE_PLIST are not set in a package Makefile,
and no PLIST files exist, then fail during the package build with
PKG_FAIL_REASON.
* Remove "intentionally empty" PLISTs again.
Now, the easy way to say that a package installs no files is to just
add the following to the package Makefile:
PLIST_SRC= # empty
that directly manipulate empty PLISTs.
Modify plist/plist.mk so that if the PLIST files are missing and no
GENERATE_PLIST is defined, then the package fails to build.
* Prevent index corruption when a transaction inserts rows and then
aborts close to the end of a concurrent "VACUUM" on the same table
* Make "CREATE DOMAIN ... DEFAULT NULL" work properly
* Allow the interval data type to accept input consisting only of
milliseconds or microseconds
* Speed up rtree index insertion
* Fix excessive logging of SSL error messages
* Fix logging so that log messages are never interleaved when using
the syslogger process
* Fix crash when log_min_error_statement logging runs out of memory
* Fix incorrect handling of some foreign-key corner cases
* Prevent "REINDEX" and "CLUSTER" from failing due to attempting to
process temporary tables of other sessions
* Update the time zone database rules, particularly New Zealand's
upcoming changes
* Windows socket improvements
* Suppress timezone name (%Z) in log timestamps on Windows because of
possible encoding mismatches
* Require non-superusers who use "/contrib/dblink" to use only
password authentication, as a security measure
* Support explicit placement of the temporary-table schema within
search_path, and disable searching it for functions and operators
* "/contrib/tsearch2" crash fixes
* Require "COMMIT PREPARED" to be executed in the same database as
the transaction was prepared in
* Fix potential-data-corruption bug in how "VACUUM FULL" handles
"UPDATE" chains
* Planner fixes, including improving outer join and bitmap scan
selection logic
* Fix PANIC during enlargement of a hash index (bug introduced in
8.1.6)
* Fix POSIX-style timezone specs to follow new USA DST rules
* Remove security vulnerabilities that allowed connected users to
read backend memory
* Fix rare bug wherein btree index page splits could fail due to
choosing an infeasible split point
* Improve "VACUUM" performance for databases with many tables
* Fix autovacuum to avoid leaving non-permanent transaction IDs in
non-connectable databases
This bug affects the 8.1 branch only.
* Fix for rare Assert() crash triggered by UNION
* Tighten security of multi-byte character processing for UTF8
sequences over three bytes long
* Fix bogus "permission denied" failures occurring on Windows due to
attempts to fsync already-deleted files
* Fix possible crashes when an already-in-use PL/pgSQL function is
updated
* Improve handling of getaddrinfo() on AIX
This fixes a problem with starting the statistics collector, among
other things.
* Fix pg_restore to handle a tar-format backup that contains large
objects (blobs) with comments
* Fix "failed to re-find parent key" errors in "VACUUM"
* Clean out "pg_internal.init" cache files during server restart
This avoids a hazard that the cache files might contain stale data
after PITR recovery.
* Fix race condition for truncation of a large relation across a
gigabyte boundary by "VACUUM"
* Fix bug causing needless deadlock errors on row-level locks
* Fix bugs affecting multi-gigabyte hash indexes
* Fix possible deadlock in Windows signal handling
* Fix error when constructing an ARRAY[] made up of multiple empty
elements
* Fix ecpg memory leak during connection
* Fix for Darwin (OS X) compilation
* to_number() and to_char(numeric) are now STABLE, not IMMUTABLE, for
new initdb installs
This is because lc_numeric can potentially change the output of
these functions.
* Improve index usage of regular expressions that use parentheses
This improves psql \d performance also.
* Update timezone database
This affects Australian and Canadian daylight-savings rules in
particular.
* Disallow aggregate functions in "UPDATE" commands, except within
sub-SELECTs (Tom)
The behavior of such an aggregate was unpredictable, and in 8.1.X
could cause a crash, so it has been disabled. The SQL standard does
not allow this either.
* Fix core dump when an untyped literal is taken as ANYARRAY
* Fix core dump in duration logging for extended query protocol when
a "COMMIT" or "ROLLBACK" is executed
* Fix mishandling of AFTER triggers when query contains a SQL
function returning multiple rows (Tom)
* Fix "ALTER TABLE ... TYPE" to recheck NOT NULL for USING clause
(Tom)
* Fix string_to_array() to handle overlapping matches for the
separator string
For example, string_to_array('123xx456xxx789', 'xx').
* Fix to_timestamp() for AM/PM formats (Bruce)
* Fix autovacuum's calculation that decides whether "ANALYZE" is
needed (Alvaro)
* Fix corner cases in pattern matching for psql's \d commands
* Fix index-corrupting bugs in /contrib/ltree (Teodor)
* Numerous robustness fixes in ecpg (Joachim Wieland)
* Fix backslash escaping in /contrib/dbmirror
* Minor fixes in /contrib/dblink and /contrib/tsearch2
* Efficiency improvements in hash tables and bitmap index scans (Tom)
* Fix instability of statistics collection on Win32 (Tom, Andrew)
* Fix statement_timeout to use the proper units on Win32 (Bruce)
In previous Win32 8.1.X versions, the delay was off by a factor of
100.
* Fixes for MSVC and Borland C++ compilers (Hiroshi Saito)
* Fixes for AIX and Intel compilers (Tom)
Common to all versions:
* Change the server to reject invalidly-encoded multibyte characters
in all cases (Tatsuo, Tom) While PostgreSQL has been moving in this
direction for some time, the checks are now applied uniformly to
all encodings and all textual input, and are now always errors not
merely warnings. This change defends against SQL-injection attacks
of the type described in CVE-2006-2313.
* Reject unsafe uses of \' in string literals As a server-side
defense against SQL-injection attacks of the type described in
CVE-2006-2314, the server now only accepts '' and not \' as a
representation of ASCII single quote in SQL string literals. By
default, \' is rejected only when client_encoding is set to a
client-only encoding (SJIS, BIG5, GBK, GB18030, or UHC), which is
the scenario in which SQL injection is possible. A new
configuration parameter backslash_quote is available to adjust
this behavior when needed. Note that full security against
CVE-2006-2314 may require client-side changes; the purpose of
backslash_quote is in part to make it obvious that insecure clients
are insecure.
* Modify libpq's string-escaping routines to be aware of encoding
considerations This fixes libpq-using applications for the
security issues described in CVE-2006-2313 and CVE-2006-2314.
Applications that use multiple PostgreSQL connections concurrently
should migrate to PQescapeStringConn() and PQescapeByteaConn() to
ensure that escaping is done correctly for the settings in use in
each database connection. Applications that do string escaping
"by hand" should be modified to rely on library routines instead.
* Fix some incorrect encoding conversion functions win1251_to_iso,
alt_to_iso, euc_tw_to_big5, euc_tw_to_mic, mic_to_euc_tw were all
broken to varying extents.
* Clean up stray remaining uses of \' in strings (Bruce, Jan)
* Fix server to use custom DH SSL parameters correctly (Michael Fuhr)
* Fix various minor memory leaks
Additionally for 7.4.13 and later:
* Fix bug that sometimes caused OR'd index scans to miss rows they
should have returned
* Fix WAL replay for case where a btree index has been truncated
* Fix SIMILAR TO for patterns involving | (Tom)
* Fix for Bonjour on Intel Macs (Ashley Clark)
Additionally for 8.0.8 and 8.1.4:
* Fix SELECT INTO and CREATE TABLE AS to create tables in the
default tablespace, not the base directory (Kris Jurka)
* Fix problem with password prompting on some Win32 systems (Robert
Kinberg)
Additionally for 8.1.4:
* Fix weak key selection in pgcrypto (Marko Kreen)
Errors in fortuna PRNG reseeding logic could cause a predictable
session key to be selected by pgp_sym_encrypt() in some cases.
This only affects non-OpenSSL-using builds.
* Make autovacuum visible in pg_stat_activity (Alvaro)
* Disable full_page_writes (Tom)
In certain cases, having full_page_writes off would cause crash
recovery to fail. A proper fix will appear in 8.2; for now it's
just disabled.
* Various planner fixes, particularly for bitmap index scans and
MIN/MAX optimization (Tom)
* Fix incorrect optimization in merge join (Tom)
Outer joins could sometimes emit multiple copies of unmatched
rows.
* Fix crash from using and modifying a plpgsql function in the same
transaction
* Improve qsort performance (Dann Corbit)
Currently this code is only used on Solaris.
* Improve pg_dump's handling of default values for domains
* Fix pg_dumpall to handle identically-named users and groups
reasonably (only possible when dumping from a pre-8.1 server) (Tom)
The user and group will be merged into a single role with LOGIN
permission. Formerly the merged role wouldn't have LOGIN
permission, making it unusable as a user.
* Fix pg_restore -n to work as documented (Tom)
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
This is an overview of new features in 8.1.0 against 8.0.x. 8.1.3 includes
many bug fixes since 8.1.0. Please read documentation of the detailed changes
and procedure of data migration.
Overview
Major changes in this release:
Improve concurrent access to the shared buffer cache (Tom)
Access to the shared buffer cache was identified as a
significant scalability problem, particularly on multi-CPU
systems. In this release, the way that locking is done in the
buffer manager has been overhauled to reduce lock contention and
improve scalability. The buffer manager has also been changed to
use a "clock sweep" replacement policy.
Allow index scans to use an intermediate in-memory bitmap (Tom)
In previous releases, only a single index could be used to do
lookups on a table. With this feature, if a query has "WHERE
tab.col1 = 4 and tab.col2 = 9", and there is no multicolumn
index on col1 and col2, but there is an index on col1 and
another on col2, it is possible to search both indexes and
combine the results in memory, then do heap fetches for only the
rows matching both the col1 and col2 restrictions. This is very
useful in environments that have a lot of unstructured queries
where it is impossible to create indexes that match all possible
access conditions. Bitmap scans are useful even with a single
index, as they reduce the amount of random access needed; a
bitmap index scan is efficient for retrieving fairly large
fractions of the complete table, whereas plain index scans are
not.
Add two-phase commit (Heikki Linnakangas, Alvaro, Tom)
Two-phase commit allows transactions to be "prepared" on several
computers, and once all computers have successfully prepared
their transactions (none failed), all transactions can be
committed. Even if a machine crashes after a prepare, the
prepared transaction can be committed after the machine is
restarted. New syntax includes "PREPARE TRANSACTION" and
"COMMIT/ROLLBACK PREPARED". A new system view pg_prepared_xacts
has also been added.
Create a new role system that replaces users and groups (Stephen Frost)
Roles are a combination of users and groups. Like users, they
can have login capability, and like groups, a role can have
other roles as members. Roles basically remove the distinction
between users and groups. For example, a role can:
+ Have login capability (optionally)
+ Own objects
+ Hold access permissions for database objects
+ Inherit permissions from other roles it is a member of
Once a user logs into a role, she obtains capabilities of the
login role plus any inherited roles, and can use "SET ROLE" to
switch to other roles she is a member of. This feature is a
generalization of the SQL standard's concept of roles. This
change also replaces pg_shadow and pg_group by new role-capable
catalogs pg_authid and pg_auth_members. The old tables are
redefined as read-only views on the new role tables.
Automatically use indexes for MIN() and MAX() (Tom)
In previous releases, the only way to use an index for MIN() or
MAX() was to rewrite the query as "SELECT col FROM tab ORDER BY
col LIMIT 1". Index usage now happens automatically.
Move /contrib/pg_autovacuum into the main server (Alvaro)
Integrating autovacuum into the server allows it to be
automatically started and stopped in sync with the database
server, and allows autovacuum to be configured from
"postgresql.conf".
Add shared row level locks using SELECT ... FOR SHARE (Alvaro)
While PostgreSQL's MVCC locking allows "SELECT" to never be
blocked by writers and therefore does not need shared row locks
for typical operations, shared locks are useful for applications
that require shared row locking. In particular this reduces the
locking requirements imposed by referential integrity checks.
Add dependencies on shared objects, specifically roles (Alvaro)
This extension of the dependency mechanism prevents roles from
being dropped while there are still database objects they own.
Formerly it was possible to accidentally "orphan" objects by
deleting their owner. While this could be recovered from, it was
messy and unpleasant.
Improve performance for partitioned tables (Simon)
The new constraint_exclusion configuration parameter avoids
lookups on child tables where constraints indicate that no
matching rows exist in the child table.
This allows for a basic type of table partitioning. If child
tables store separate key ranges and this is enforced using
appropriate "CHECK" constraints, the optimizer will skip child
table accesses when the constraint guarantees no matching rows
exist in the child table.
