PostgreSQL (64-bit) 歷史舊版本 Page19

更新時間：2013-04-04
更新細節：

What's new in this version:

Changes:
- Fix insecure parsing of server command-line switches (Mitsumasa Kondo, Kyotaro Horiguchi)
- A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is eventually rejected. (CVE-2013-1899)
- Reset OpenSSL randomness state in each postmaster child process (Marko Kreen). This avoids a scenario wherein random numbers generated by contrib/pgcrypto functions might be relatively easy for another database user to guess. The risk is only significant when the postmaster is configured with ssl = on but most connections don't use SSL encryption. (CVE-2013-1900)
- Make REPLICATION privilege checks test current user not authenticated user (Noah Misch)
- An unprivileged database user could exploit this mistake to call pg_start_backup() or pg_stop_backup(), thus possibly interfering with creation of routine backups. (CVE-2013-1901)
- Fix GiST indexes to not use "fuzzy" geometric comparisons when it's not appropriate to do so (Alexander Korotkov). The core geometric types perform comparisons using "fuzzy" equality, but gist_box_same must do exact comparisons, else GiST indexes using it might become inconsistent. After installing this update, users should REINDEX any GiST indexes on box, polygon, circle, or point columns, since all of these use gist_box_same.
- Fix erroneous range-union and penalty logic in GiST indexes that use contrib/btree_gist for variable-width data types, that is text, bytea, bit, and numeric columns (Tom Lane). These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in useless index bloat. Users are advised to REINDEX such indexes after installing this update.
- Fix bugs in GiST page splitting code for multi-column indexes (Tom Lane). These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in indexes that are unnecessarily inefficient to search. Users are advised to REINDEX multi-column GiST indexes after installing this update.
- Fix gist_point_consistent to handle fuzziness consistently (Alexander Korotkov)
- Index scans on GiST indexes on point columns would sometimes yield results different from a sequential scan, because gist_point_consistent disagreed with the underlying operator code about whether to do comparisons exactly or fuzzily.
- Fix buffer leak in WAL replay (Heikki Linnakangas). This bug could result in "incorrect local pin count" errors during replay, making recovery impossible.
- Ensure we do crash recovery before entering archive recovery, if the database was not stopped cleanly and a recovery.conf file is present (Heikki Linnakangas, Kyotaro Horiguchi, Mitsumasa Kondo). This is needed to ensure that the database is consistent in certain scenarios, such as initializing a standby server with a filesystem snapshot from a running server.
- Avoid deleting not-yet-archived WAL files during crash recovery (Heikki Linnakangas, Fujii Masao)
- Fix race condition in DELETE RETURNING (Tom Lane). Under the right circumstances, DELETE RETURNING could attempt to fetch data from a shared buffer that the current process no longer has any pin on. If some other process changed the buffer meanwhile, this would lead to garbage RETURNING output, or even a crash.
- Fix infinite-loop risk in regular expression compilation (Tom Lane, Don Porter)
- Fix potential null-pointer dereference in regular expression compilation (Tom Lane)
- Fix to_char() to use ASCII-only case-folding rules where appropriate (Tom Lane). This fixes misbehavior of some template patterns that should be locale-independent, but mishandled "I" and "i" in Turkish locales.
- Fix unwanted rejection of timestamp 1999-12-31 24:00:00 (Tom Lane)
- Fix SQL-language functions to be safely usable as support functions for range types (Tom Lane)
- Fix logic error when a single transaction does UNLISTEN then LISTEN (Tom Lane). The session wound up not listening for notify events at all, though it surely should listen in this case.
- Fix possible planner crash after columns have been added to a view that's depended on by another view (Tom Lane)
- Fix performance issue in EXPLAIN (ANALYZE, TIMING OFF) (Pavel Stehule)
- Remove useless "picksplit doesn't support secondary split" log messages (Josh Hansen, Tom Lane). This message seems to have been added in expectation of code that was never written, and probably never will be, since GiST's default handling of secondary splits is actually pretty good. So stop nagging end users about it.
- Remove vestigial secondary-split support in gist_box_picksplit() (Tom Lane). Not only was this implementation of secondary-split not better than the default implementation, it's actually worse. So remove it and let the default code path handle the case.
- Fix possible failure to send a session's last few transaction commit/abort counts to the statistics collector (Tom Lane)
- Eliminate memory leaks in PL/Perl's spi_prepare() function (Alex Hunsaker, Tom Lane)
- Fix pg_dumpall to handle database names containing "=" correctly (Heikki Linnakangas)
- Avoid crash in pg_dump when an incorrect connection string is given (Heikki Linnakangas). Ignore invalid indexes in pg_dump and pg_upgrade (Michael Paquier, Bruce Momjian). Dumping invalid indexes can cause problems at restore time, for example if the reason the index creation failed was because it tried to enforce a uniqueness condition not satisfied by the table's data. Also, if the index creation is in fact still in progress, it seems reasonable to consider it to be an uncommitted DDL change, which pg_dump wouldn't be expected to dump anyway. pg_upgrade now also skips invalid indexes rather than failing.
- In pg_basebackup, include only the current server version's subdirectory when backing up a tablespace (Heikki Linnakangas)
- Add a server version check in pg_basebackup and pg_receivexlog, so they fail cleanly with version combinations that won't work (Heikki Linnakangas)
- Fix contrib/dblink to handle inconsistent settings of DateStyle or IntervalStyle safely (Daniel Farina, Tom Lane). Previously, if the remote server had different settings of these parameters, ambiguous dates might be read incorrectly. This fix ensures that datetime and interval columns fetched by a dblink query will be interpreted correctly. Note however that inconsistent settings are still risky, since literal values appearing in SQL commands sent to the remote server might be interpreted differently than they would be locally.
- Fix contrib/pg_trgm's similarity() function to return zero for trigram-less strings (Tom Lane). Previously it returned NaN due to internal division by zero.
- Enable building PostgreSQL with Microsoft Visual Studio 2012 (Brar Piening, Noah Misch)
- Update time zone data files to tzdata release 2013b for DST law changes in Chile, Haiti, Morocco, Paraguay, and some Russian areas. Also, historical zone data corrections for numerous places. Also, update the time zone abbreviation files for recent changes in Russia and elsewhere: CHOT, GET, IRKT, KGT, KRAT, MAGT, MAWT, MSK, NOVT, OMST, TKT, VLAT, WST, YAKT, YEKT now follow their current meanings, and VOLT (Europe/Volgograd) and MIST (Antarctica/Macquarie) are added to the default abbreviations list.

更新時間：2013-02-10
更新細節：

What's new in this version:

Changes:
- Prevent execution of enum_recv from SQL
- The function was misdeclared, allowing a simple SQL command to crash the server. In principle an attacker might be able to use it to examine the contents of server memory.
- Fix multiple problems in detection of when a consistent database state has been reached during WAL replay
- Fix detection of end-of-backup point when no actual redo work is required
- This mistake could result in incorrect "WAL ends before end of online backup" errors.
- Update minimum recovery point when truncating a relation file
- Once data has been discarded, it's no longer safe to stop recovery at an earlier point in the timeline.
- Fix recycling of WAL segments after changing recovery target timeline
- Properly restore timeline history files from archive on cascading standby servers
- Fix lock conflict detection on hot-standby servers
- Fix missing cancellations in hot standby mode
- The need to cancel conflicting hot-standby queries would sometimes be missed, allowing those queries to see inconsistent data.
- Prevent recovery pause feature from pausing before users can connect
- Fix SQL grammar to allow subscripting or field selection from a sub-SELECT result
- Fix performance problems with autovacuum truncation in busy workloads
- Truncation of empty pages at the end of a table requires exclusive lock, but autovacuum was coded to fail (and release the table lock) when there are conflicting lock requests. Under load, it is easily possible that truncation would never occur, resulting in table bloat. Fix by performing a partial truncation, releasing the lock, then attempting to re-acquire the lock and continue. This fix also greatly reduces the average time before autovacuum releases the lock after a conflicting request arrives.
- Improve performance of SPI_execute and related functions, thereby improving PL/pgSQL's EXECUTE
- Remove some data-copying overhead that was added in 9.2 as a consequence of revisions in the plan caching mechanism. This eliminates a performance regression compared to 9.1, and also saves memory, especially when the query string to be executed contains many SQL statements.
- A side benefit is that multi-statement query strings are now processed fully serially, that is we complete execution of earlier statements before running parse analysis and planning on the following ones. This eliminates a long-standing issue, in that DDL that should affect the behavior of a later statement will now behave as expected.
- Restore pre-9.2 cost estimates for index usage
- An ill-considered change of a fudge factor led to undesirably high cost estimates for use of very large indexes.
- Fix intermittent crash in DROP INDEX CONCURRENTLY
- Fix potential corruption of shared-memory lock table during CREATE/DROP INDEX CONCURRENTLY
- Fix COPY's multiple-tuple-insertion code for the case of a tuple larger than page size minus fillfactor
- The previous coding could get into an infinite loop.
- Protect against race conditions when scanning pg_tablespace
- CREATE DATABASE and DROP DATABASE could misbehave if there were concurrent updates of pg_tablespace entries.
- Prevent DROP OWNED from trying to drop whole databases or tablespaces
- For safety, ownership of these objects must be reassigned, not dropped.
- Fix error in vacuum_freeze_table_age implementation (Andres Freund)
- The main consequence of this mistake is that lowering vacuum_freeze_min_age would cause full-table vacuuming scans to occur much more frequently than intended.
- Prevent misbehavior when a RowExpr or XmlExpr is parse-analyzed twice
- This mistake could be user-visible in contexts such as CREATE TABLE LIKE INCLUDING INDEXES.
- Improve defenses against integer overflow in hashtable sizing calculations
- Fix some bugs associated with privileges on datatypes
- There were some issues with default privileges for types, and pg_dump failed to dump such privileges at all.
- Fix failure to ignore leftover temporary tables after a server crash
- Fix failure to rotate postmaster log files for size reasons on Windows
- Reject out-of-range dates in to_date()
- Fix pg_extension_config_dump() to handle extension-update cases properly
- This function will now replace any existing entry for the target table, making it usable in extension update scripts.
- Fix PL/pgSQL's reporting of plan-time errors in possibly-simple expressions
- The previous coding resulted in sometimes omitting the first line in the CONTEXT traceback for the error.
- Fix PL/Python's handling of functions used as triggers on multiple tables
- Ensure that non-ASCII prompt strings are translated to the correct code page on Windows
- This bug affected psql and some other client programs.
- Fix possible crash in psql's ? command when not connected to a database
- Fix possible error if a relation file is removed while pg_basebackup is running
- Tolerate timeline switches while pg_basebackup -X fetch is backing up a standby server
- Make pg_dump exclude data of unlogged tables when running on a hot-standby server
- This would fail anyway because the data is not available on the standby server, so it seems most convenient to assume --no-unlogged-table-data automatically.
- Fix pg_upgrade to deal with invalid indexes safely
- Fix pg_upgrade's -O/-o options
- Fix one-byte buffer overrun in libpq's PQprintTuples
- This ancient function is not used anywhere by PostgreSQL itself, but it might still be used by some client code.
- Make ecpglib use translated messages properly
- Properly install ecpg_compat and pgtypes libraries on MSVC
- Include our version of isinf() in libecpg if it's not provided by the system
- Rearrange configure's tests for supplied functions so it is not fooled by bogus exports from libedit/libreadline
- Ensure Windows build number increases over time
- Make pgxs build executables with the right .exe suffix when cross-compiling for Windows
- Add new timezone abbreviation FET
- This is now used in some eastern-European time zones.

更新時間：2012-12-07
更新細節：

What's new in this version:

Changes:
* Fix multiple bugs associated with CREATE/DROP INDEX CONCURRENTLY 
- An error introduced while adding DROP INDEX CONCURRENTLY allowed incorrect indexing decisions to be made during the initial phase of CREATE INDEX CONCURRENTLY; so that indexes built by that command could be corrupt. It is recommended that indexes built in 9.2.X with CREATE INDEX CONCURRENTLY be rebuilt after applying this update.
- In addition, fix CREATE/DROP INDEX CONCURRENTLY to use in-place updates when changing the state of an index's pg_index row. This prevents race conditions that could cause concurrent sessions to miss updating the target index, thus again resulting in corrupt concurrently-created indexes.
- Also, fix various other operations to ensure that they ignore invalid indexes resulting from a failed CREATE INDEX CONCURRENTLY command. The most important of these is VACUUM, because an auto-vacuum could easily be launched on the table before corrective action can be taken to fix or remove the invalid index.
- Also fix DROP INDEX CONCURRENTLY to not disable insertions into the target index until all queries using it are done.
- Also fix misbehavior if DROP INDEX CONCURRENTLY is canceled: the previous coding could leave an un-droppable index behind.
* Correct predicate locking for DROP INDEX CONCURRENTLY 
- Previously, SSI predicate locks were processed at the wrong time, possibly leading to incorrect behavior of serializable transactions executing in parallel with the DROP.
* Fix buffer locking during WAL replay 
- The WAL replay code was insufficiently careful about locking buffers when replaying WAL records that affect more than one page. This could result in hot standby queries transiently seeing inconsistent states, resulting in wrong answers or unexpected failures.
* Fix an error in WAL generation logic for GIN indexes 
- This could result in index corruption, if a torn-page failure occurred.
* Fix an error in WAL replay logic for SP-GiST indexes 
- This could result in index corruption after a crash, or on a standby server.
* Fix incorrect detection of end-of-base-backup location during WAL recovery
- This mistake allowed hot standby mode to start up before the database reaches a consistent state.
* Properly remove startup process's virtual XID lock when promoting a hot standby server to normal running 
- This oversight could prevent subsequent execution of certain operations such as CREATE INDEX CONCURRENTLY.
* Avoid bogus "out-of-sequence timeline ID" errors in standby mode 
* Prevent the postmaster from launching new child processes after it's received a shutdown signal 
- This mistake could result in shutdown taking longer than it should, or even never completing at all without additional user action.
* Fix the syslogger process to not fail when log_rotation_age exceeds 2^31 milliseconds (about 25 days) 
* Fix WaitLatch() to return promptly when the requested timeout expires 
- With the previous coding, a steady stream of non-wait-terminating interrupts could delay return from WaitLatch() indefinitely. This has been shown to be a problem for the autovacuum launcher process, and might cause trouble elsewhere as well.
* Avoid corruption of internal hash tables when out of memory 
* Prevent file descriptors for dropped tables from being held open past transaction end 
- This should reduce problems with long-since-dropped tables continuing to occupy disk space.
* Prevent database-wide crash and restart when a new child process is unable to create a pipe for its latch 
- Although the new process must fail, there is no good reason to force a database-wide restart, so avoid that. This improves robustness when the kernel is nearly out of file descriptors.
* Avoid planner crash with joins to unflattened subqueries 
* Fix planning of non-strict equivalence clauses above outer joins 
- The planner could derive incorrect constraints from a clause equating a non-strict construct to something else, for example WHERE COALESCE(foo, 0) = 0 when foo is coming from the nullable side of an outer join. 9.2 showed this type of error in more cases than previous releases, but the basic bug has been there for a long time.
* Fix SELECT DISTINCT with index-optimized MIN/MAX on an inheritance tree 
- The planner would fail with "failed to re-find MinMaxAggInfo record" given this combination of factors.
* Make sure the planner sees implicit and explicit casts as equivalent for all purposes, except in the minority of cases where there's actually a semantic difference 
* Include join clauses when considering whether partial indexes can be used for a query 
- A strict join clause can be sufficient to establish an x IS NOT NULL predicate, for example. This fixes a planner regression in 9.2, since previous versions could make comparable deductions.
* Limit growth of planning time when there are many indexable join clauses for the same index 
* Improve planner's ability to prove exclusion constraints from equivalence classes 
* Fix partial-row matching in hashed subplans to handle cross-type cases correctly 
- This affects multicolumn NOT IN subplans, such as WHERE (a, b) NOT IN (SELECT x, y FROM ...) when for instance b and y are int4 and int8 respectively. This mistake led to wrong answers or crashes depending on the specific datatypes involved.
* Fix btree mark/restore functions to handle array keys 
- This oversight could result in wrong answers from merge joins whose inner side is an index scan using an indexed_column = ANY(array) condition.
* Revert patch for taking fewer snapshots 
- The 9.2 change to reduce the number of snapshots taken during query execution led to some anomalous behaviors not seen in previous releases, because execution would proceed with a snapshot acquired before locking the tables used by the query. Thus, for example, a query would not be guaranteed to see updates committed by a preceding transaction even if that transaction had exclusive lock. We'll probably revisit this in future releases, but meanwhile put it back the way it was before 9.2.
* Acquire buffer lock when re-fetching the old tuple for an AFTER ROW UPDATE/DELETE trigger 
- In very unusual circumstances, this oversight could result in passing incorrect data to a trigger WHEN condition, or to the precheck logic for a foreign-key enforcement trigger. That could result in a crash, or in an incorrect decision about whether to fire the trigger.
* Fix ALTER COLUMN TYPE to handle inherited check constraints properly 
- This worked correctly in pre-8.4 releases, and now works correctly in 8.4 and later.
* Fix ALTER EXTENSION SET SCHEMA's failure to move some subsidiary objects into the new schema 
* Handle CREATE TABLE AS EXECUTE correctly in extended query protocol 
* Don't modify the input parse tree in DROP RULE IF NOT EXISTS and DROP TRIGGER IF NOT EXISTS 
- This mistake would cause errors if a cached statement of one of these types was re-executed.
* Fix REASSIGN OWNED to handle grants on tablespaces 
* Ignore incorrect pg_attribute entries for system columns for views
- Views do not have any system columns. However, we forgot to remove such entries when converting a table to a view. That's fixed properly for 9.3 and later, but in previous branches we need to defend against existing mis-converted views.
* Fix rule printing to dump INSERT INTO table DEFAULT VALUES correctly 
* Guard against stack overflow when there are too many UNION/INTERSECT/EXCEPT clauses in a query 
* Prevent platform-dependent failures when dividing the minimum possible integer value by -1 
* Fix possible access past end of string in date parsing 
* Fix failure to advance XID epoch if XID wraparound happens during a checkpoint and wal_level is hot_standby 
- While this mistake had no particular impact on PostgreSQL itself, it was bad for applications that rely on txid_current() and related functions: the TXID value would appear to go backwards.
* Fix pg_terminate_backend() and pg_cancel_backend() to not throw error for a non-existent target process 
- This case already worked as intended when called by a superuser, but not so much when called by ordinary users.
* Fix display of pg_stat_replication.sync_state at a page boundary 
* Produce an understandable error message if the length of the path name for a Unix-domain socket exceeds the platform-specific limit 
- Formerly, this would result in something quite unhelpful, such as "Non-recoverable failure in name resolution".
* Fix memory leaks when sending composite column values to the client 
* Save some cycles by not searching for subtransaction locks at commit 
- In a transaction holding many exclusive locks, this useless activity could be quite costly.
* Make pg_ctl more robust about reading the postmaster.pid file 
- This fixes race conditions and possible file descriptor leakage.
* Fix possible crash in psql if incorrectly-encoded data is presented and the client_encoding setting is a client-only encoding, such as SJIS 
* Make pg_dump dump SEQUENCE SET items in the data not pre-data section of the archive 
- This fixes an undesirable inconsistency between the meanings of --data-only and --section=data, and also fixes dumping of sequences that are marked as extension configuration tables.
* Fix pg_dump's handling of DROP DATABASE commands in --clean mode 
- Beginning in 9.2.0, pg_dump --clean would issue a DROP DATABASE command, which was either useless or dangerous depending on the usage scenario. It no longer does that. This change also fixes the combination of --clean and --create to work sensibly, i.e., emit DROP DATABASE then CREATE DATABASE before reconnecting to the target database.
* Fix pg_dump for views with circular dependencies and no relation options 
- The previous fix to dump relation options when a view is involved in a circular dependency didn't work right for the case that the view has no options; it emitted ALTER VIEW foo SET () which is invalid syntax.
* Fix bugs in the restore.sql script emitted by pg_dump in tar output format 
- The script would fail outright on tables whose names include upper-case characters. Also, make the script capable of restoring data in --inserts mode as well as the regular COPY mode.
* Fix pg_restore to accept POSIX-conformant tar files 
- The original coding of pg_dump's tar output mode produced files that are not fully conformant with the POSIX standard. This has been corrected for version 9.3. This patch updates previous branches so that they will accept both the incorrect and the corrected formats, in hopes of avoiding compatibility problems when 9.3 comes out.
* Fix tar files emitted by pg_basebackup to be POSIX conformant 
* Fix pg_resetxlog to locate postmaster.pid correctly when given a relative path to the data directory 
- This mistake could lead to pg_resetxlog not noticing that there is an active postmaster using the data directory.
* Fix libpq's lo_import() and lo_export() functions to report file I/O errors properly 
* Fix ecpg's processing of nested structure pointer variables 
* Fix ecpg's ecpg_get_data function to handle arrays properly 
* Prevent pg_upgrade from trying to process TOAST tables for system catalogs 
- This fixes an error seen when the information_schema has been dropped and recreated. Other failures were also possible.
* Improve pg_upgrade performance by setting synchronous_commit to off in the new cluster 
* Make contrib/pageinspect's btree page inspection functions take buffer locks while examining pages 
* Work around unportable behavior of malloc(0) and realloc(NULL, 0) 
- On platforms where these calls return NULL, some code mistakenly thought that meant out-of-memory. This is known to have broken pg_dump for databases containing no user-defined aggregates. There might be other cases as well.
* Ensure that make install for an extension creates the extension installation directory 
- Previously, this step was missed if MODULEDIR was set in the extension's Makefile.
* Fix pgxs support for building loadable modules on AIX 
- Building modules outside the original source tree didn't work on AIX.
* Update time zone data files to tzdata release 2012j for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western Samoa, and portions of Brazil.

更新時間：2012-09-25
更新細節：

What's new in this version:

- Fix persistence marking of shared buffers during WAL replay
- Fix possible incorrect sorting of output from queries involving WHERE indexed_column IN (list_of_values)
- Fix planner failure for queries involving GROUP BY expressions along with window functions and aggregates
- Fix planner's assignment of executor parameters
- This error could result in wrong answers from queries that scan the same WITH subquery multiple times.
- Improve planner's handling of join conditions in index scans
- Improve selectivity estimation for text search queries involving prefixes, i.e. word:* patterns
- Fix delayed recognition of permissions changes
- A command that needed no locks other than ones its transaction already had might fail to notice a concurrent GRANT or REVOKE that committed since the start of its transaction.
- Fix ANALYZE to not fail when a column is a domain over an array type
- Prevent PL/Perl from crashing if a recursive PL/Perl function is redefined while being executed
- Work around possible misoptimization in PL/Perl
- Some Linux distributions contain an incorrect version of pthread.h that results in incorrect compiled code in PL/Perl, leading to crashes if a PL/Perl function calls another one that throws an error.
- Remove unnecessary dependency on pg_config from pg_upgrade
- Update time zone data files to tzdata release 2012f for DST law changes in Fiji

更新時間：2012-09-11
更新細節：

What's new in this version:

- Allow queries to retrieve data only from indexes, avoiding heap access (index-only scans)
- Allow the planner to generate custom plans for specific parameter values even when using prepared statements
- Improve the planner's ability to use nested loops with inner index scans
- Allow streaming replication slaves to forward data to other slaves (cascading replication)
- Allow pg_basebackup to make base backups from standby servers
- Add a pg_receivexlog tool to archive WAL file changes as they are written
- Add the SP-GiST (Space-Partitioned GiST) index access method
- Add support for range data types
- Add a JSON data type
- Add a security_barrier option for views
- Allow libpq connection strings to have the format of a URI
- Add a single-row processing mode to libpq for better handling of large result sets

更新時間：2012-08-20
更新細節：

What's new in this version:

- Prevent access to external files/URLs via XML entity references 
- Prevent access to external files/URLs via contrib/xml2's xslt_process() 
- Prevent too-early recycling of btree index pages 
- Fix crash-safety bug with newly-created-or-reset sequences 
- Fix race condition in enum-type value comparisons 
- Fix txid_current() to report the correct epoch when not in hot standby 
- Prevent selection of unsuitable replication connections as the synchronous standby 
- Fix bug in startup of Hot Standby when a master transaction has many subtransactions 
- Ensure the backup_label file is fsync'd after pg_start_backup() 
- Fix timeout handling in walsender processes 
- Wake walsenders after each background flush by walwriter 
- Fix LISTEN/NOTIFY to cope better with I/O problems, such as out of disk space 
- Only allow autovacuum to be auto-canceled by a directly blocked process 
- Improve logging of autovacuum cancels 
- Fix log collector so that log_truncate_on_rotation works during the very first log rotation after server start 
- Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT) 
- Ensure that a whole-row reference to a subquery doesn't include any extra GROUP BY or ORDER BY columns 
- Fix dependencies generated during ALTER TABLE ... ADD CONSTRAINT USING INDEX 
- Fix REASSIGN OWNED to work on extensions 
- Disallow copying whole-row references in CHECK constraints and index definitions during CREATE TABLE 
- Fix memory leak in ARRAY(SELECT ...) subqueries 
- Fix planner to pass correct collation to operator selectivity estimators 
- Fix extraction of common prefixes from regular expressions 
- Fix bugs with parsing signed hh:mm and hh:mm:ss fields in interval constants 
- Fix pg_dump to better handle views containing partial GROUP BY lists 
- In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding 
- Use Postgres' encoding conversion functions, not Python's, when converting a Python Unicode string to the server encoding in PL/Python 
- Fix mapping of PostgreSQL encodings to Python encodings in PL/Python 
- Report errors properly in contrib/xml2's xslt_process() 
- Update time zone data files to tzdata release 2012e for DST law changes in Morocco and Tokelau

更新時間：2012-06-05
更新細節：

What's new in this version:

- Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer) If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. 
- Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler Applying such attributes to a call handler could crash the server. 
- Make contrib/citext's upgrade script fix collations of citext arrays and domains over citext Release 9.1.2 provided a fix for collations of citext columns and indexes in databases upgraded or reloaded from pre-9.1 installations, but that fix was incomplete: it neglected to handle arrays and domains over citext. This release extends the module's upgrade script to handle these cases. As before, if you have already run the upgrade script, you'll need to run the collation update commands by hand instead. See the 9.1.2 release notes for more information about doing this.
- Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload.
- Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions.
- Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings 
- Fix memory copying bug in to_tsquery() 
- Ensure txid_current() reports the correct epoch when executed in hot standby 
- Fix planner's handling of outer PlaceHolderVars within subqueries This bug concerns sub-SELECTs that reference variables coming from the nullable side of an outer join of the surrounding query. In 9.1, queries affected by this bug would fail with "ERROR: Upper-level PlaceHolderVar found where not expected". But in 9.0 and 8.4, you'd silently get possibly-wrong answers, since the value transmitted into the subquery wouldn't go to null when it should.
- Fix planning of UNION ALL subqueries with output columns that are not simple variables Planning of such cases got noticeably worse in 9.1 as a result of a misguided fix for "MergeAppend child's targetlist doesn't match MergeAppend" errors. Revert that fix and do it another way.
- Fix slow session startup when pg_attribute is very large If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once.
- Ensure sequential scans check for query cancel reasonably often A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile.
- Ensure the Windows implementation of PGSemaphoreLock() clears ImmediateInterruptOK before returning This oversight meant that a query-cancel interrupt received later in the same query could be accepted at an unsafe time, with unpredictable but not good consequences.
- Show whole-row variables safely when printing views or rules Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast.
- Fix COPY FROM to properly handle null marker strings that correspond to invalid encoding A null marker string such as E'\0' should work, and did work in the past, but the case got broken in 8.4.
- Fix EXPLAIN VERBOSE for writable CTEs containing RETURNING clauses 
- Fix PREPARE TRANSACTION to work correctly in the presence of advisory locks Historically, PREPARE TRANSACTION has simply ignored any session-level advisory locks the session holds, but this case was accidentally broken in 9.1.
- Fix truncation of unlogged tables 
- Ignore missing schemas during non-interactive assignments of search_path This re-aligns 9.1's behavior with that of older branches. Previously 9.1 would throw an error for nonexistent schemas mentioned in search_path settings obtained from places such as ALTER DATABASE SET.
- Fix bugs with temporary or transient tables used in extension scripts This includes cases such as a rewriting ALTER TABLE within an extension update script, since that uses a transient table behind the scenes.
- Ensure autovacuum worker processes perform stack depth checking properly Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes.
- Fix logging collector to not lose log coherency under high load The collector previously could fail to reassemble large messages if it got too busy.
- Fix logging collector to ensure it will restart file rotation after receiving SIGHUP 
- Fix "too many LWLocks taken" failure in GiST indexes 
- Fix WAL replay logic for GIN indexes to not fail if the index was subsequently dropped 
- Correctly detect SSI conflicts of prepared transactions after a crash 
- Avoid synchronous replication delay when committing a transaction that only modified temporary tables In such a case the transaction's commit record need not be flushed to standby servers, but some of the code didn't know that and waited for it to happen anyway.
- Fix error handling in pg_basebackup 
- Fix walsender to not go into a busy loop if connection is terminated 
- Fix memory leak in PL/pgSQL's RETURN NEXT command 
- Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable 
- Ensure that PL/Perl package-qualifies the _TD variable This bug caused trigger invocations to fail when they are nested within a function invocation that changes the current package.
- Fix PL/Python functions returning composite types to accept a string for their result value This case was accidentally broken by the 9.1 additions to allow a composite result value to be supplied in other formats, such as dictionaries.
- Fix potential access off the end of memory in psql's expanded display (x) mode 
- Fix several performance problems in pg_dump when the database contains many objects pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences.
- Fix memory and file descriptor leaks in pg_restore when reading a directory-format archive 
- Fix pg_upgrade for the case that a database stored in a non-default tablespace contains a table in the cluster's default tablespace 
- In ecpg, fix rare memory leaks and possible overwrite of one byte after the sqlca_t structure 
- Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error 
- Fix contrib/dblink to report the correct connection name in error messages 
- Fix contrib/vacuumlo to use multiple transactions when dropping many large objects This change avoids exceeding max_locks_per_transaction when many objects need to be dropped. The behavior can be adjusted with the new -l (limit) option.
- Update time zone data files to tzdata release 2012c for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; also historical corrections for Canada.

更新時間：2012-06-04
更新細節：

更新時間：2012-02-28
更新細節：

What's new in this version:

Changes:
* Require execute permission on the trigger function for CREATE TRIGGER 
- This missing check could allow another user to execute a trigger function with forged input data, by installing it on a table he owns. This is only of significance for trigger functions marked SECURITY DEFINER, since otherwise trigger functions run as the table owner anyway. 
* Remove arbitrary limitation on length of common name in SSL certificates 
- Both libpq and the server truncated the common name extracted from an SSL certificate at 32 bytes. Normally this would cause nothing worse than an unexpected verification failure, but there are some rather-implausible scenarios in which it might allow one certificate holder to impersonate another. The victim would have to have a common name exactly 32 bytes long, and the attacker would have to persuade a trusted CA to issue a certificate in which the common name has that string as a prefix. Impersonating a server would also require some additional exploit to redirect client connections. 
* Convert newlines to spaces in names written in pg_dump comments 
- pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. 
* Fix btree index corruption from insertions concurrent with vacuuming 
- An index page split caused by an insertion could sometimes cause a concurrently-running VACUUM to miss removing index entries that it should remove. After the corresponding table rows are removed, the dangling index entries would cause errors (such as "could not read block N in file ...") or worse, silently wrong query results after unrelated rows are re-inserted at the now-free table locations. This bug has been present since release 8.2, but occurs so infrequently that it was not diagnosed until now. If you have reason to suspect that it has happened in your database, reindexing the affected index will fix things.
* Fix transient zeroing of shared buffers during WAL replay 
- The replay logic would sometimes zero and refill a shared buffer, so that the contents were transiently invalid. In hot standby mode this can result in a query that's executing in parallel seeing garbage data. Various symptoms could result from that, but the most common one seems to be "invalid memory alloc request size".
* Fix handling of data-modifying WITH subplans in READ COMMITTED rechecking 
- A WITH clause containing INSERT/UPDATE/DELETE would crash if the parent UPDATE or DELETE command needed to be re-evaluated at one or more rows due to concurrent updates in READ COMMITTED mode.
* Fix corner case in SSI transaction cleanup 
- When finishing up a read-write serializable transaction, a crash could occur if all remaining active serializable transactions are read-only.
* Fix postmaster to attempt restart after a hot-standby crash 
- A logic error caused the postmaster to terminate, rather than attempt to restart the cluster, if any backend process crashed while operating in hot standby mode.
* Fix CLUSTER/VACUUM FULL handling of toast values owned by recently-updated rows 
- This oversight could lead to "duplicate key value violates unique constraint" errors being reported against the toast table's index during one of these commands.
* Update per-column permissions, not only per-table permissions, when changing table owner 
- Failure to do this meant that any previously granted column permissions were still shown as having been granted by the old owner. This meant that neither the new owner nor a superuser could revoke the now-untraceable-to-table-owner permissions.
* Support foreign data wrappers and foreign servers in REASSIGN OWNED 
- This command failed with "unexpected classid" errors if it needed to change the ownership of any such objects.
* Allow non-existent values for some settings in ALTER USER/DATABASE SET 
- Allow default_text_search_config, default_tablespace, and temp_tablespaces to be set to names that are not known. This is because they might be known in another database where the setting is intended to be used, or for the tablespace cases because the tablespace might not be created yet. The same issue was previously recognized for search_path, and these settings now act like that one.
* Fix "unsupported node type" error caused by COLLATE in an INSERT expression 
* Avoid crashing when we have problems deleting table files post-commit 
- Dropping a table should lead to deleting the underlying disk files only after the transaction commits. In event of failure then (for instance, because of wrong file permissions) the code is supposed to just emit a warning message and go on, since it's too late to abort the transaction. This logic got broken as of release 8.4, causing such situations to result in a PANIC and an unrestartable database.
* Recover from errors occurring during WAL replay of DROP TABLESPACE 
- Replay will attempt to remove the tablespace's directories, but there are various reasons why this might fail (for example, incorrect ownership or permissions on those directories). Formerly the replay code would panic, rendering the database unrestartable without manual intervention. It seems better to log the problem and continue, since the only consequence of failure to remove the directories is some wasted disk space.
* Fix race condition in logging AccessExclusiveLocks for hot standby 
- Sometimes a lock would be logged as being held by "transaction zero". This is at least known to produce assertion failures on slave servers, and might be the cause of more serious problems.
* Track the OID counter correctly during WAL replay, even when it wraps around 
- Previously the OID counter would remain stuck at a high value until the system exited replay mode. The practical consequences of that are usually nil, but there are scenarios wherein a standby server that's been promoted to master might take a long time to advance the OID counter to a reasonable value once values are needed.
* Prevent emitting misleading "consistent recovery state reached" log message at the beginning of crash recovery 
* Fix initial value of pg_stat_replication.replay_location 
- Previously, the value shown would be wrong until at least one WAL record had been replayed.
* Fix regular expression back-references with * attached 
- Rather than enforcing an exact string match, the code would effectively accept any string that satisfies the pattern sub-expression referenced by the back-reference symbol.
- A similar problem still afflicts back-references that are embedded in a larger quantified expression, rather than being the immediate subject of the quantifier. This will be addressed in a future PostgreSQL release.
* Fix recently-introduced memory leak in processing of inet/cidr values 
- A patch in the December 2011 releases of PostgreSQL caused memory leakage in these operations, which could be significant in scenarios such as building a btree index on such a column.
* Fix planner's ability to push down index-expression restrictions through UNION ALL 
- This type of optimization was inadvertently disabled by a fix for another problem in 9.1.2.
* Fix planning of WITH clauses referenced in UPDATE/DELETE on an inherited table 
- This bug led to "could not find plan for CTE" failures.
* Fix GIN cost estimation to handle column IN (...) index conditions 
- This oversight would usually lead to crashes if such a condition could be used with a GIN index.
* Prevent assertion failure when exiting a session with an open, failed transaction 
- This bug has no impact on normal builds with asserts not enabled.
* Fix dangling pointer after CREATE TABLE AS/SELECT INTO in a SQL-language function 
- In most cases this only led to an assertion failure in assert-enabled builds, but worse consequences seem possible.
* Avoid double close of file handle in syslogger on Windows 
- Ordinarily this error was invisible, but it would cause an exception when running on a debug version of Windows.
* Fix I/O-conversion-related memory leaks in plpgsql 
- Certain operations would leak memory until the end of the current function.
* Work around bug in perl's SvPVutf8() function 
- This function crashes when handed a typeglob or certain read-only objects such as $^V. Make plperl avoid passing those to it.
* In pg_dump, don't dump contents of an extension's configuration tables if the extension itself is not being dumped 
* Improve pg_dump's handling of inherited table columns 
- pg_dump mishandled situations where a child column has a different default expression than its parent column. If the default is textually identical to the parent's default, but not actually the same (for instance, because of schema search path differences) it would not be recognized as different, so that after dump and restore the child would be allowed to inherit the parent's default. Child columns that are NOT NULL where their parent is not could also be restored subtly incorrectly.
* Fix pg_restore's direct-to-database mode for INSERT-style table data 
- Direct-to-database restores from archive files made with --inserts or --column-inserts options fail when using pg_restore from a release dated September or December 2011, as a result of an oversight in a fix for another problem. The archive file itself is not at fault, and text-mode output is okay.
* Teach pg_upgrade to handle renaming of plpython's shared library 
- Upgrading a pre-9.1 database that included plpython would fail because of this oversight.
* Allow pg_upgrade to process tables containing regclass columns 
- Since pg_upgrade now takes care to preserve pg_class OIDs, there was no longer any reason for this restriction.
* Make libpq ignore ENOTDIR errors when looking for an SSL client certificate file 
- This allows SSL connections to be established, though without a certificate, even when the user's home directory is set to something like /dev/null.
* Fix some more field alignment issues in ecpg's SQLDA area 
* Allow AT option in ecpg DEALLOCATE statements 
- The infrastructure to support this has been there for awhile, but through an oversight there was still an error check rejecting the case.
* Do not use the variable name when defining a varchar structure in ecpg 
* Fix contrib/auto_explain's JSON output mode to produce valid JSON 
- The output used brackets at the top level, when it should have used braces.
* Fix error in contrib/intarray's int[] & int[] operator 
- If the smallest integer the two input arrays have in common is 1, and there are smaller values in either array, then 1 would be incorrectly omitted from the result.
* Fix error detection in contrib/pgcrypto's encrypt_iv() and decrypt_iv() 
- These functions failed to report certain types of invalid-input errors, and would instead return random garbage values for incorrect input.
* Fix one-byte buffer overrun in contrib/test_parser 
- The code would try to read one more byte than it should, which would crash in corner cases. Since contrib/test_parser is only example code, this is not a security issue in itself, but bad example code is still bad.
* Use __sync_lock_test_and_set() for spinlocks on ARM, if available 
- This function replaces our previous use of the SWPB instruction, which is deprecated and not available on ARMv6 and later. Reports suggest that the old code doesn't fail in an obvious way on recent ARM boards, but simply doesn't interlock concurrent accesses, leading to bizarre failures in multiprocess operation.
* Use -fexcess-precision=standard option when building with gcc versions that accept it 
- This prevents assorted scenarios wherein recent versions of gcc will produce creative results.
* Allow use of threaded Python on FreeBSD 
- Our configure script previously believed that this combination wouldn't work; but FreeBSD fixed the problem, so remove that error check.
* Allow MinGW builds to use standardly-named OpenSSL libraries

更新時間：2012-02-27
更新細節：