PostgreSQL (64-bit) 歷史舊版本 Page3

更新時間：2022-05-13
更新細節：

What's new in this version:

Changed:
- Confine additional operations within “security restricted operation” sandboxes
- Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pg_amcheck activated the “security restricted operation” protection mechanism too late, or even not at all in some code paths. A user having permission to create non-temporary objects within a database could define an object that would execute arbitrary SQL code with superuser permissions the next time that autovacuum processed the object, or that some superuser ran one of the affected commands against it.
- The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2022-1552)
- Fix default signature length for gist_ltree_ops indexes
- The default signature length (hash size) for GiST indexes on ltree columns was accidentally changed while upgrading that operator class to support operator class parameters. If any operations had been done on such an index without first upgrading the ltree extension to version 1.2, they were done assuming that the signature length was 28 bytes rather than the intended 8. This means it is very likely that such indexes are now corrupt. For safety we recommend re-indexing all GiST indexes on ltree columns after installing this update. (Note that GiST indexes on ltree[] columns, that is arrays of ltree, are not affected.)
- Stop using query-provided column aliases for the columns of whole-row variables that refer to plain tables
- The column names in tuples produced by a whole-row variable (such as tbl.* in contexts other than the top level of a SELECT list) are now always those of the associated named composite type, if there is one. We'd previously attempted to make them track any column aliases that had been applied to the FROM entry the variable refers to. But that's semantically dubious, because really then the output of the variable is not at all of the composite type it claims to be. Previous attempts to deal with that inconsistency had bad results up to and including storing unreadable data on disk, so just give up on the whole idea.
- In cases where it's important to be able to relabel such columns, a workaround is to introduce an extra level of sub-SELECT, so that the whole-row variable is referring to the sub-SELECT's output and not to a plain table. Then the variable is of type record to begin with and there's no issue.
- Fix incorrect roundoff when extracting epoch values from intervals
- The new numeric-based code for EXTRACT() failed to yield results equivalent to the old float-based code, as a result of accidentally truncating the DAYS_PER_YEAR value to an integer.
- Defend against pg_stat_get_replication_slot(NULL)
- This function should be marked strict in the catalog data, but it was not in v14, so add a run-time check instead.
- Fix incorrect output for types timestamptz and timetz in table_to_xmlschema() and allied functions (Renan Soares Lopes)
- The xmlschema output for these types included a malformed regular expression.
- Avoid core dump in parser for a VALUES clause with zero columns
- Fix planner failure when a Result plan node appears immediately underneath an Append node (Etsuro Fujita)
- Recently-added code to support asynchronous remote queries failed to handle this case, leading to crashes or errors about unrecognized node types.
- Fix planner failure if a query using SEARCH or CYCLE features contains a duplicate CTE name (Tom Lane, Kyotaro Horiguchi)
- When the name of the recursive WITH query is re-used within itself, the planner could crash or report odd errors such as “could not find attribute 2 in subquery targetlist”.
- Fix planner errors for GROUPING() constructs that reference outer query levels (Richard Guo, Tom Lane)
- Fix plan generation for index-only scans on indexes with both returnable and non-returnable columns
- The previous coding could try to read non-returnable columns in addition to the returnable ones. This was fairly harmless because it didn't actually do anything with the bogus values, but it fell foul of a recently-added error check that rejected such a plan.
- Avoid accessing a no-longer-pinned shared buffer while attempting to lock an outdated tuple during EvalPlanQual
- The code would touch the buffer a couple more times after releasing its pin. In theory another process could recycle the buffer (or more likely, try to defragment its free space) as soon as the pin is gone, probably leading to failure to find the newer version of the tuple.
- Fix query-lifespan memory leak in an IndexScan node that is performing reordering
- Fix ALTER FUNCTION to support changing a function's parallelism property and its SET-variable list in the same command
- The parallelism property change was lost if the same command also updated the function's SET clause.
- Tighten lookup of the index “owned by” a constraint
- Some code paths mistook the index depended on by a foreign key constraint for one owned by a unique or primary key constraint, resulting in odd errors during certain ALTER TABLE operations on tables having foreign key constraints.
- Fix bogus errors from attempts to alter system columns of tables
- The system should just tell you that you can't do it, but sometimes it would report “no owned sequence found” instead.
- Fix mis-sorting of table rows when CLUSTERing using an index whose leading key is an expression
- The table would be rebuilt with the correct data, but in an order having little to do with the index order.
- Prevent data loss if a system crash occurs shortly after a sorted GiST index build
- The code path for building GiST indexes using sorting neglected to fsync the file upon completion. This could result in a corrupted index if the operating system crashed shortly later.
- Fix risk of deadlock failures while dropping a partitioned index
- Ensure that the required table and index locks are taken in the standard order (parents before children, tables before indexes). The previous coding for DROP INDEX did it differently, and so could deadlock against concurrent queries taking these locks in the standard order.
- Fix race condition between DROP TABLESPACE and checkpointing
- The checkpoint forced by DROP TABLESPACE could sometimes fail to remove all dead files from the tablespace's directory, leading to a bogus “tablespace is not empty” error.
- Fix possible trouble in crash recovery after a TRUNCATE command that overlaps a checkpoint
- TRUNCATE must ensure that the table's disk file is truncated before the checkpoint is allowed to complete. Otherwise, replay starting from that checkpoint might find unexpected data in the supposedly-removed pages, possibly causing replay failure.
- Fix unsafe toast-data accesses during temporary object cleanup
- Temporary-object deletion during server process exit could fail with “FATAL: cannot fetch toast data without an active snapshot”. This was usually harmless since the next use of that temporary schema would clean up successfully.
- Re-allow underscore as the first character in a custom parameter name
- Such names were unintentionally disallowed in v14.
- Add regress option for the compute_query_id parameter
- This is intended to facilitate testing, by allowing query IDs to be computed but not shown in EXPLAIN output.
- Improve wait logic in RegisterSyncRequest
- If we run out of space in the checkpointer sync request queue (which is hopefully rare on real systems, but is common when testing with a very small buffer pool), we wait for it to drain. While waiting, we should report that as a wait event so that users know what is going on, and also watch for postmaster death, since otherwise the loop might never terminate if the checkpointer has already exited.
- Wake up for latch events when the checkpointer is waiting between writes (Thomas Munro)
- This improves responsiveness to backends sending sync requests. The change also creates a proper wait event class for these waits.
- Fix “PANIC: xlog flush request is not satisfied” failure during standby promotion when there is a missing WAL continuation record
- Fix possibility of self-deadlock in hot standby conflict handling
- With unlucky timing, the WAL-applying process could get stuck while waiting for some other process to release a buffer lock.
- Fix possible mis-identification of the correct ancestor relation to publish logical replication changes through
- If publish_via_partition_root is enabled, and there are multiple publications naming different ancestors of the currently-modified relation, the wrong ancestor might be chosen for reporting the change.
- Ensure that logical replication apply workers can be restarted even when we're up against the max_sync_workers_per_subscription limit
- Faulty coding of the limit check caused a restarted worker to exit immediately, leaving fewer workers than there should be.
- Include unchanged replica identity key columns in the WAL log for an update, if they are stored out-of-line
- Otherwise subscribers cannot see the values and will fail to replicate the update.
- Cope correctly with platforms that have no support for altering the server process's display in ps(1)
- Few platforms are like this (the only supported one is Cygwin), so we'd managed not to notice that refactoring introduced a potential memory clobber.
- Make the server more robust against missed timer interrupts
- An optimization added in v14 meant that if a server process somehow missed a timer interrupt, it would never again ask the kernel for another one, thus breaking timeout detection for the remainder of the session. This seems unduly fragile, so add a recovery path.
- Disallow execution of SPI functions during PL/Perl function compilation
- Perl can be convinced to execute user-defined code during compilation of a PL/Perl function. However, it's not okay for such code to try to invoke SQL operations via SPI. That results in a crash, and if it didn't crash it would be a security hazard, because we really don't want code execution during function validation. Put in a check to give a friendlier error message instead.
- Make libpq accept root-owned SSL private key files
- This change synchronizes libpq's rules for safe ownership and permissions of SSL key files with the rules the server has used since release 9.6. Namely, in addition to the current rules, allow the case where the key file is owned by root and has permissions rw-r----- or less. This is helpful for system-wide management of key files.
- Fix behavior of libpq's PQisBusy() function after a connection failure
- If we'd detected a write failure, PQisBusy() would always return true, which is the wrong thing: we want input processing to carry on normally until we've read whatever is available from the server. The practical effect of this error is that applications using libpq's async-query API would typically detect connection loss only when PQconsumeInput() returns a hard failure. With this fix, a connection loss will normally be reported via an error PGresult object, which is a much cleaner behavior for most applications.
- Re-allow database.schema.table patterns in psql, pg_dump, and pg_amcheck
- Versions before v14 silently ignored all but the schema and table fragments of a pattern containing more than one dot. Refactoring in v14 accidentally broke that use-case. Reinstate it, but now complain if the first fragment is not the name of the current database.
- Make pg_ctl recheck postmaster aliveness while waiting for stop/restart/promote actions
- pg_ctl would verify that the postmaster is alive as a side-effect of sending the stop or promote signal, but then it just naively waited to see the on-disk state change. If the postmaster died uncleanly without having removed its PID file or updated the control file, pg_ctl would wait until timeout. Instead make it recheck every so often that the postmaster process is still there.
- Fix error handling in pg_waldump
- While trying to read a WAL file to determine the WAL segment size, pg_waldump would report an incorrect error for the case of a too-short file. In addition, the file name reported in this and related error messages could be garbage.
- Ensure that contrib/pageinspect functions cope with all-zero pages
- This is a legitimate edge case, but the module was mostly unprepared for it. Arrange to return nulls, or no rows, as appropriate; that seems more useful than raising an error.
- In contrib/pageinspect, add defenses against incorrect page “special space” contents, tighten checks for correct page size, and add some missing checks that an index is of the expected type
- These changes make it less likely that the module will crash on bad data
- In contrib/postgres_fdw, disable batch insertion when BEFORE INSERT ... FOR EACH ROW triggers exist on the foreign table
- Such a trigger might query the table it's on and expect to see previously-inserted rows. With batch insertion, those rows might not be visible yet, so disable the feature to avoid unexpected behavior.
- In contrib/postgres_fdw, verify that ORDER BY clauses are safe to ship before requesting a remotely-ordered query, and include a USING clause if necessary
- This fix prevents situations where the remote server might sort in a different order than we intend. While sometimes that would be only cosmetic, it could produce thoroughly wrong results if the remote data is used as input for a locally-performed merge join.
- Fix configure to handle platforms that have sys/epoll.h but not sys/signalfd.h
- Update JIT code to work with LLVM 14
- Clean up assorted failures under clang's -fsanitize=undefined checks
- Most of these changes are just for pro-forma compliance with the letter of the C and POSIX standards, and are unlikely to have any effect on production builds.
- Do not add OpenSSL dependencies to libpq's pkg-config file when building without OpenSSL
- Fix PL/Perl so it builds on C compilers that don't support statements nested within expressions
- Fix possible build failure of pg_dumpall on Windows, when not using MSVC to build
- In Windows builds, use gendef instead of pexports to build DEF files
- This adapts the build process to work on recent MSys tool chains
- Prevent extra expansion of shell wildcard patterns in programs built under MinGW
- For some reason the C library provided by MinGW will expand shell wildcard characters in a program's command-line arguments by default. This is confusing, not least because it doesn't happen under MSVC, so turn it off.
- Update time zone data files to tzdata release 2022a for DST law changes in Palestine, plus historical corrections for Chile and Ukraine

更新時間：2022-05-13
更新細節：

What's new in this version:

Changed:
- Confine additional operations within “security restricted operation” sandboxes
- Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pg_amcheck activated the “security restricted operation” protection mechanism too late, or even not at all in some code paths. A user having permission to create non-temporary objects within a database could define an object that would execute arbitrary SQL code with superuser permissions the next time that autovacuum processed the object, or that some superuser ran one of the affected commands against it.
- The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2022-1552)
- Fix default signature length for gist_ltree_ops indexes
- The default signature length (hash size) for GiST indexes on ltree columns was accidentally changed while upgrading that operator class to support operator class parameters. If any operations had been done on such an index without first upgrading the ltree extension to version 1.2, they were done assuming that the signature length was 28 bytes rather than the intended 8. This means it is very likely that such indexes are now corrupt. For safety we recommend re-indexing all GiST indexes on ltree columns after installing this update. (Note that GiST indexes on ltree[] columns, that is arrays of ltree, are not affected.)
- Stop using query-provided column aliases for the columns of whole-row variables that refer to plain tables
- The column names in tuples produced by a whole-row variable (such as tbl.* in contexts other than the top level of a SELECT list) are now always those of the associated named composite type, if there is one. We'd previously attempted to make them track any column aliases that had been applied to the FROM entry the variable refers to. But that's semantically dubious, because really then the output of the variable is not at all of the composite type it claims to be. Previous attempts to deal with that inconsistency had bad results up to and including storing unreadable data on disk, so just give up on the whole idea.
- In cases where it's important to be able to relabel such columns, a workaround is to introduce an extra level of sub-SELECT, so that the whole-row variable is referring to the sub-SELECT's output and not to a plain table. Then the variable is of type record to begin with and there's no issue.
- Fix incorrect roundoff when extracting epoch values from intervals
- The new numeric-based code for EXTRACT() failed to yield results equivalent to the old float-based code, as a result of accidentally truncating the DAYS_PER_YEAR value to an integer.
- Defend against pg_stat_get_replication_slot(NULL)
- This function should be marked strict in the catalog data, but it was not in v14, so add a run-time check instead.
- Fix incorrect output for types timestamptz and timetz in table_to_xmlschema() and allied functions (Renan Soares Lopes)
- The xmlschema output for these types included a malformed regular expression.
- Avoid core dump in parser for a VALUES clause with zero columns
- Fix planner failure when a Result plan node appears immediately underneath an Append node (Etsuro Fujita)
- Recently-added code to support asynchronous remote queries failed to handle this case, leading to crashes or errors about unrecognized node types.
- Fix planner failure if a query using SEARCH or CYCLE features contains a duplicate CTE name (Tom Lane, Kyotaro Horiguchi)
- When the name of the recursive WITH query is re-used within itself, the planner could crash or report odd errors such as “could not find attribute 2 in subquery targetlist”.
- Fix planner errors for GROUPING() constructs that reference outer query levels (Richard Guo, Tom Lane)
- Fix plan generation for index-only scans on indexes with both returnable and non-returnable columns
- The previous coding could try to read non-returnable columns in addition to the returnable ones. This was fairly harmless because it didn't actually do anything with the bogus values, but it fell foul of a recently-added error check that rejected such a plan.
- Avoid accessing a no-longer-pinned shared buffer while attempting to lock an outdated tuple during EvalPlanQual
- The code would touch the buffer a couple more times after releasing its pin. In theory another process could recycle the buffer (or more likely, try to defragment its free space) as soon as the pin is gone, probably leading to failure to find the newer version of the tuple.
- Fix query-lifespan memory leak in an IndexScan node that is performing reordering
- Fix ALTER FUNCTION to support changing a function's parallelism property and its SET-variable list in the same command
- The parallelism property change was lost if the same command also updated the function's SET clause.
- Tighten lookup of the index “owned by” a constraint
- Some code paths mistook the index depended on by a foreign key constraint for one owned by a unique or primary key constraint, resulting in odd errors during certain ALTER TABLE operations on tables having foreign key constraints.
- Fix bogus errors from attempts to alter system columns of tables
- The system should just tell you that you can't do it, but sometimes it would report “no owned sequence found” instead.
- Fix mis-sorting of table rows when CLUSTERing using an index whose leading key is an expression
- The table would be rebuilt with the correct data, but in an order having little to do with the index order.
- Prevent data loss if a system crash occurs shortly after a sorted GiST index build
- The code path for building GiST indexes using sorting neglected to fsync the file upon completion. This could result in a corrupted index if the operating system crashed shortly later.
- Fix risk of deadlock failures while dropping a partitioned index
- Ensure that the required table and index locks are taken in the standard order (parents before children, tables before indexes). The previous coding for DROP INDEX did it differently, and so could deadlock against concurrent queries taking these locks in the standard order.
- Fix race condition between DROP TABLESPACE and checkpointing
- The checkpoint forced by DROP TABLESPACE could sometimes fail to remove all dead files from the tablespace's directory, leading to a bogus “tablespace is not empty” error.
- Fix possible trouble in crash recovery after a TRUNCATE command that overlaps a checkpoint
- TRUNCATE must ensure that the table's disk file is truncated before the checkpoint is allowed to complete. Otherwise, replay starting from that checkpoint might find unexpected data in the supposedly-removed pages, possibly causing replay failure.
- Fix unsafe toast-data accesses during temporary object cleanup
- Temporary-object deletion during server process exit could fail with “FATAL: cannot fetch toast data without an active snapshot”. This was usually harmless since the next use of that temporary schema would clean up successfully.
- Re-allow underscore as the first character in a custom parameter name
- Such names were unintentionally disallowed in v14.
- Add regress option for the compute_query_id parameter
- This is intended to facilitate testing, by allowing query IDs to be computed but not shown in EXPLAIN output.
- Improve wait logic in RegisterSyncRequest
- If we run out of space in the checkpointer sync request queue (which is hopefully rare on real systems, but is common when testing with a very small buffer pool), we wait for it to drain. While waiting, we should report that as a wait event so that users know what is going on, and also watch for postmaster death, since otherwise the loop might never terminate if the checkpointer has already exited.
- Wake up for latch events when the checkpointer is waiting between writes (Thomas Munro)
- This improves responsiveness to backends sending sync requests. The change also creates a proper wait event class for these waits.
- Fix “PANIC: xlog flush request is not satisfied” failure during standby promotion when there is a missing WAL continuation record
- Fix possibility of self-deadlock in hot standby conflict handling
- With unlucky timing, the WAL-applying process could get stuck while waiting for some other process to release a buffer lock.
- Fix possible mis-identification of the correct ancestor relation to publish logical replication changes through
- If publish_via_partition_root is enabled, and there are multiple publications naming different ancestors of the currently-modified relation, the wrong ancestor might be chosen for reporting the change.
- Ensure that logical replication apply workers can be restarted even when we're up against the max_sync_workers_per_subscription limit
- Faulty coding of the limit check caused a restarted worker to exit immediately, leaving fewer workers than there should be.
- Include unchanged replica identity key columns in the WAL log for an update, if they are stored out-of-line
- Otherwise subscribers cannot see the values and will fail to replicate the update.
- Cope correctly with platforms that have no support for altering the server process's display in ps(1)
- Few platforms are like this (the only supported one is Cygwin), so we'd managed not to notice that refactoring introduced a potential memory clobber.
- Make the server more robust against missed timer interrupts
- An optimization added in v14 meant that if a server process somehow missed a timer interrupt, it would never again ask the kernel for another one, thus breaking timeout detection for the remainder of the session. This seems unduly fragile, so add a recovery path.
- Disallow execution of SPI functions during PL/Perl function compilation
- Perl can be convinced to execute user-defined code during compilation of a PL/Perl function. However, it's not okay for such code to try to invoke SQL operations via SPI. That results in a crash, and if it didn't crash it would be a security hazard, because we really don't want code execution during function validation. Put in a check to give a friendlier error message instead.
- Make libpq accept root-owned SSL private key files
- This change synchronizes libpq's rules for safe ownership and permissions of SSL key files with the rules the server has used since release 9.6. Namely, in addition to the current rules, allow the case where the key file is owned by root and has permissions rw-r----- or less. This is helpful for system-wide management of key files.
- Fix behavior of libpq's PQisBusy() function after a connection failure
- If we'd detected a write failure, PQisBusy() would always return true, which is the wrong thing: we want input processing to carry on normally until we've read whatever is available from the server. The practical effect of this error is that applications using libpq's async-query API would typically detect connection loss only when PQconsumeInput() returns a hard failure. With this fix, a connection loss will normally be reported via an error PGresult object, which is a much cleaner behavior for most applications.
- Re-allow database.schema.table patterns in psql, pg_dump, and pg_amcheck
- Versions before v14 silently ignored all but the schema and table fragments of a pattern containing more than one dot. Refactoring in v14 accidentally broke that use-case. Reinstate it, but now complain if the first fragment is not the name of the current database.
- Make pg_ctl recheck postmaster aliveness while waiting for stop/restart/promote actions
- pg_ctl would verify that the postmaster is alive as a side-effect of sending the stop or promote signal, but then it just naively waited to see the on-disk state change. If the postmaster died uncleanly without having removed its PID file or updated the control file, pg_ctl would wait until timeout. Instead make it recheck every so often that the postmaster process is still there.
- Fix error handling in pg_waldump
- While trying to read a WAL file to determine the WAL segment size, pg_waldump would report an incorrect error for the case of a too-short file. In addition, the file name reported in this and related error messages could be garbage.
- Ensure that contrib/pageinspect functions cope with all-zero pages
- This is a legitimate edge case, but the module was mostly unprepared for it. Arrange to return nulls, or no rows, as appropriate; that seems more useful than raising an error.
- In contrib/pageinspect, add defenses against incorrect page “special space” contents, tighten checks for correct page size, and add some missing checks that an index is of the expected type
- These changes make it less likely that the module will crash on bad data
- In contrib/postgres_fdw, disable batch insertion when BEFORE INSERT ... FOR EACH ROW triggers exist on the foreign table
- Such a trigger might query the table it's on and expect to see previously-inserted rows. With batch insertion, those rows might not be visible yet, so disable the feature to avoid unexpected behavior.
- In contrib/postgres_fdw, verify that ORDER BY clauses are safe to ship before requesting a remotely-ordered query, and include a USING clause if necessary
- This fix prevents situations where the remote server might sort in a different order than we intend. While sometimes that would be only cosmetic, it could produce thoroughly wrong results if the remote data is used as input for a locally-performed merge join.
- Fix configure to handle platforms that have sys/epoll.h but not sys/signalfd.h
- Update JIT code to work with LLVM 14
- Clean up assorted failures under clang's -fsanitize=undefined checks
- Most of these changes are just for pro-forma compliance with the letter of the C and POSIX standards, and are unlikely to have any effect on production builds.
- Do not add OpenSSL dependencies to libpq's pkg-config file when building without OpenSSL
- Fix PL/Perl so it builds on C compilers that don't support statements nested within expressions
- Fix possible build failure of pg_dumpall on Windows, when not using MSVC to build
- In Windows builds, use gendef instead of pexports to build DEF files
- This adapts the build process to work on recent MSys tool chains
- Prevent extra expansion of shell wildcard patterns in programs built under MinGW
- For some reason the C library provided by MinGW will expand shell wildcard characters in a program's command-line arguments by default. This is confusing, not least because it doesn't happen under MSVC, so turn it off.
- Update time zone data files to tzdata release 2022a for DST law changes in Palestine, plus historical corrections for Chile and Ukraine

更新時間：2022-05-13
更新細節：

What's new in this version:

Changed:
- Confine additional operations within “security restricted operation” sandboxes
- Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pg_amcheck activated the “security restricted operation” protection mechanism too late, or even not at all in some code paths. A user having permission to create non-temporary objects within a database could define an object that would execute arbitrary SQL code with superuser permissions the next time that autovacuum processed the object, or that some superuser ran one of the affected commands against it.
- The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2022-1552)
- Fix default signature length for gist_ltree_ops indexes
- The default signature length (hash size) for GiST indexes on ltree columns was accidentally changed while upgrading that operator class to support operator class parameters. If any operations had been done on such an index without first upgrading the ltree extension to version 1.2, they were done assuming that the signature length was 28 bytes rather than the intended 8. This means it is very likely that such indexes are now corrupt. For safety we recommend re-indexing all GiST indexes on ltree columns after installing this update. (Note that GiST indexes on ltree[] columns, that is arrays of ltree, are not affected.)
- Stop using query-provided column aliases for the columns of whole-row variables that refer to plain tables
- The column names in tuples produced by a whole-row variable (such as tbl.* in contexts other than the top level of a SELECT list) are now always those of the associated named composite type, if there is one. We'd previously attempted to make them track any column aliases that had been applied to the FROM entry the variable refers to. But that's semantically dubious, because really then the output of the variable is not at all of the composite type it claims to be. Previous attempts to deal with that inconsistency had bad results up to and including storing unreadable data on disk, so just give up on the whole idea.
- In cases where it's important to be able to relabel such columns, a workaround is to introduce an extra level of sub-SELECT, so that the whole-row variable is referring to the sub-SELECT's output and not to a plain table. Then the variable is of type record to begin with and there's no issue.
- Fix incorrect roundoff when extracting epoch values from intervals
- The new numeric-based code for EXTRACT() failed to yield results equivalent to the old float-based code, as a result of accidentally truncating the DAYS_PER_YEAR value to an integer.
- Defend against pg_stat_get_replication_slot(NULL)
- This function should be marked strict in the catalog data, but it was not in v14, so add a run-time check instead.
- Fix incorrect output for types timestamptz and timetz in table_to_xmlschema() and allied functions (Renan Soares Lopes)
- The xmlschema output for these types included a malformed regular expression.
- Avoid core dump in parser for a VALUES clause with zero columns
- Fix planner failure when a Result plan node appears immediately underneath an Append node (Etsuro Fujita)
- Recently-added code to support asynchronous remote queries failed to handle this case, leading to crashes or errors about unrecognized node types.
- Fix planner failure if a query using SEARCH or CYCLE features contains a duplicate CTE name (Tom Lane, Kyotaro Horiguchi)
- When the name of the recursive WITH query is re-used within itself, the planner could crash or report odd errors such as “could not find attribute 2 in subquery targetlist”.
- Fix planner errors for GROUPING() constructs that reference outer query levels (Richard Guo, Tom Lane)
- Fix plan generation for index-only scans on indexes with both returnable and non-returnable columns
- The previous coding could try to read non-returnable columns in addition to the returnable ones. This was fairly harmless because it didn't actually do anything with the bogus values, but it fell foul of a recently-added error check that rejected such a plan.
- Avoid accessing a no-longer-pinned shared buffer while attempting to lock an outdated tuple during EvalPlanQual
- The code would touch the buffer a couple more times after releasing its pin. In theory another process could recycle the buffer (or more likely, try to defragment its free space) as soon as the pin is gone, probably leading to failure to find the newer version of the tuple.
- Fix query-lifespan memory leak in an IndexScan node that is performing reordering
- Fix ALTER FUNCTION to support changing a function's parallelism property and its SET-variable list in the same command
- The parallelism property change was lost if the same command also updated the function's SET clause.
- Tighten lookup of the index “owned by” a constraint
- Some code paths mistook the index depended on by a foreign key constraint for one owned by a unique or primary key constraint, resulting in odd errors during certain ALTER TABLE operations on tables having foreign key constraints.
- Fix bogus errors from attempts to alter system columns of tables
- The system should just tell you that you can't do it, but sometimes it would report “no owned sequence found” instead.
- Fix mis-sorting of table rows when CLUSTERing using an index whose leading key is an expression
- The table would be rebuilt with the correct data, but in an order having little to do with the index order.
- Prevent data loss if a system crash occurs shortly after a sorted GiST index build
- The code path for building GiST indexes using sorting neglected to fsync the file upon completion. This could result in a corrupted index if the operating system crashed shortly later.
- Fix risk of deadlock failures while dropping a partitioned index
- Ensure that the required table and index locks are taken in the standard order (parents before children, tables before indexes). The previous coding for DROP INDEX did it differently, and so could deadlock against concurrent queries taking these locks in the standard order.
- Fix race condition between DROP TABLESPACE and checkpointing
- The checkpoint forced by DROP TABLESPACE could sometimes fail to remove all dead files from the tablespace's directory, leading to a bogus “tablespace is not empty” error.
- Fix possible trouble in crash recovery after a TRUNCATE command that overlaps a checkpoint
- TRUNCATE must ensure that the table's disk file is truncated before the checkpoint is allowed to complete. Otherwise, replay starting from that checkpoint might find unexpected data in the supposedly-removed pages, possibly causing replay failure.
- Fix unsafe toast-data accesses during temporary object cleanup
- Temporary-object deletion during server process exit could fail with “FATAL: cannot fetch toast data without an active snapshot”. This was usually harmless since the next use of that temporary schema would clean up successfully.
- Re-allow underscore as the first character in a custom parameter name
- Such names were unintentionally disallowed in v14.
- Add regress option for the compute_query_id parameter
- This is intended to facilitate testing, by allowing query IDs to be computed but not shown in EXPLAIN output.
- Improve wait logic in RegisterSyncRequest
- If we run out of space in the checkpointer sync request queue (which is hopefully rare on real systems, but is common when testing with a very small buffer pool), we wait for it to drain. While waiting, we should report that as a wait event so that users know what is going on, and also watch for postmaster death, since otherwise the loop might never terminate if the checkpointer has already exited.
- Wake up for latch events when the checkpointer is waiting between writes (Thomas Munro)
- This improves responsiveness to backends sending sync requests. The change also creates a proper wait event class for these waits.
- Fix “PANIC: xlog flush request is not satisfied” failure during standby promotion when there is a missing WAL continuation record
- Fix possibility of self-deadlock in hot standby conflict handling
- With unlucky timing, the WAL-applying process could get stuck while waiting for some other process to release a buffer lock.
- Fix possible mis-identification of the correct ancestor relation to publish logical replication changes through
- If publish_via_partition_root is enabled, and there are multiple publications naming different ancestors of the currently-modified relation, the wrong ancestor might be chosen for reporting the change.
- Ensure that logical replication apply workers can be restarted even when we're up against the max_sync_workers_per_subscription limit
- Faulty coding of the limit check caused a restarted worker to exit immediately, leaving fewer workers than there should be.
- Include unchanged replica identity key columns in the WAL log for an update, if they are stored out-of-line
- Otherwise subscribers cannot see the values and will fail to replicate the update.
- Cope correctly with platforms that have no support for altering the server process's display in ps(1)
- Few platforms are like this (the only supported one is Cygwin), so we'd managed not to notice that refactoring introduced a potential memory clobber.
- Make the server more robust against missed timer interrupts
- An optimization added in v14 meant that if a server process somehow missed a timer interrupt, it would never again ask the kernel for another one, thus breaking timeout detection for the remainder of the session. This seems unduly fragile, so add a recovery path.
- Disallow execution of SPI functions during PL/Perl function compilation
- Perl can be convinced to execute user-defined code during compilation of a PL/Perl function. However, it's not okay for such code to try to invoke SQL operations via SPI. That results in a crash, and if it didn't crash it would be a security hazard, because we really don't want code execution during function validation. Put in a check to give a friendlier error message instead.
- Make libpq accept root-owned SSL private key files
- This change synchronizes libpq's rules for safe ownership and permissions of SSL key files with the rules the server has used since release 9.6. Namely, in addition to the current rules, allow the case where the key file is owned by root and has permissions rw-r----- or less. This is helpful for system-wide management of key files.
- Fix behavior of libpq's PQisBusy() function after a connection failure
- If we'd detected a write failure, PQisBusy() would always return true, which is the wrong thing: we want input processing to carry on normally until we've read whatever is available from the server. The practical effect of this error is that applications using libpq's async-query API would typically detect connection loss only when PQconsumeInput() returns a hard failure. With this fix, a connection loss will normally be reported via an error PGresult object, which is a much cleaner behavior for most applications.
- Re-allow database.schema.table patterns in psql, pg_dump, and pg_amcheck
- Versions before v14 silently ignored all but the schema and table fragments of a pattern containing more than one dot. Refactoring in v14 accidentally broke that use-case. Reinstate it, but now complain if the first fragment is not the name of the current database.
- Make pg_ctl recheck postmaster aliveness while waiting for stop/restart/promote actions
- pg_ctl would verify that the postmaster is alive as a side-effect of sending the stop or promote signal, but then it just naively waited to see the on-disk state change. If the postmaster died uncleanly without having removed its PID file or updated the control file, pg_ctl would wait until timeout. Instead make it recheck every so often that the postmaster process is still there.
- Fix error handling in pg_waldump
- While trying to read a WAL file to determine the WAL segment size, pg_waldump would report an incorrect error for the case of a too-short file. In addition, the file name reported in this and related error messages could be garbage.
- Ensure that contrib/pageinspect functions cope with all-zero pages
- This is a legitimate edge case, but the module was mostly unprepared for it. Arrange to return nulls, or no rows, as appropriate; that seems more useful than raising an error.
- In contrib/pageinspect, add defenses against incorrect page “special space” contents, tighten checks for correct page size, and add some missing checks that an index is of the expected type
- These changes make it less likely that the module will crash on bad data
- In contrib/postgres_fdw, disable batch insertion when BEFORE INSERT ... FOR EACH ROW triggers exist on the foreign table
- Such a trigger might query the table it's on and expect to see previously-inserted rows. With batch insertion, those rows might not be visible yet, so disable the feature to avoid unexpected behavior.
- In contrib/postgres_fdw, verify that ORDER BY clauses are safe to ship before requesting a remotely-ordered query, and include a USING clause if necessary
- This fix prevents situations where the remote server might sort in a different order than we intend. While sometimes that would be only cosmetic, it could produce thoroughly wrong results if the remote data is used as input for a locally-performed merge join.
- Fix configure to handle platforms that have sys/epoll.h but not sys/signalfd.h
- Update JIT code to work with LLVM 14
- Clean up assorted failures under clang's -fsanitize=undefined checks
- Most of these changes are just for pro-forma compliance with the letter of the C and POSIX standards, and are unlikely to have any effect on production builds.
- Do not add OpenSSL dependencies to libpq's pkg-config file when building without OpenSSL
- Fix PL/Perl so it builds on C compilers that don't support statements nested within expressions
- Fix possible build failure of pg_dumpall on Windows, when not using MSVC to build
- In Windows builds, use gendef instead of pexports to build DEF files
- This adapts the build process to work on recent MSys tool chains
- Prevent extra expansion of shell wildcard patterns in programs built under MinGW
- For some reason the C library provided by MinGW will expand shell wildcard characters in a program's command-line arguments by default. This is confusing, not least because it doesn't happen under MSVC, so turn it off.
- Update time zone data files to tzdata release 2022a for DST law changes in Palestine, plus historical corrections for Chile and Ukraine

更新時間：2022-02-11
更新細節：

What's new in this version:

Fixes and Improvements:
- Fix for a low probability scenario of index corruption when a HOT (heap-only tuple) chain changes state during VACUUM. Encountering this issue is unlikely, but if you are concerned, please consider reindexing.
- Fix for using REINDEX CONCURRENTLY on TOAST table indexes to prevent corruption. You can fix any TOAST indexes by reindexing them again.
- The psql password command now defaults to setting the password for the role defined by CURRENT_USER. Additionally, the role name is now included in the password prompt.
- Build extended statistics for partitioned tables. If you previously added extended statistics to a partitioned table, you should run ANALYZE on those tables. As autovacuum currently does not process partitioned tables, you must periodically run ANALYZE on any partitioned tables to update their statistics.
- Fix crash with ALTER STATISTICS when the statistics object is dropped concurrently.
- Fix crash with multiranges when extracting variable-length data types.
- Several fixes to the query planner that lead to incorrect query results.
- Several fixes for query plan memoization.
- Fix startup of a physical replica to tolerate transaction ID wraparound.
- When using logical replication, avoid duplicate transmission of a partitioned table's data when the publication includes both the child and parent tables.
- Disallow altering data type of a partitioned table's columns when the partitioned table's row type is used as a composite type elsewhere.
- Disallow ALTER TABLE ... DROP NOT NULL for a column that is part of a replica identity index.
- Several fixes for caching that correct logical replication behavior and improve performance.
- Fix memory leak when updating expression indexes.
- Avoid leaking memory during REASSIGN OWNED BY operations that reassign ownership of many objects.
- Fix display of whole-row variables appearing in INSERT ... VALUES rules.
- Fix race condition that could lead to failure to localize error messages that are reported early in multi-threaded use of libpq or ecpglib.
- Fix psql d command for identifying parent triggers.
- Fix failures on Windows when using the terminal as data source or destination. This affected the psql copy command and using pg_recvlogical with -f -.
- Fix the pg_dump --inserts and --column-inserts modes to handle tables that contain both generated and dropped columns.
- Fix edge cases in how postgres_fdw handles asynchronous queries. These errors could lead to crashes or incorrect results when attempting to run parallel scans of foreign tables.

更新時間：2022-02-11
更新細節：

What's new in this version:

- Fix for a low probability scenario of index corruption when a HOT (heap-only tuple) chain changes state during VACUUM. Encountering this issue is unlikely, but if you are concerned, please consider reindexing.
- Fix for using REINDEX CONCURRENTLY on TOAST table indexes to prevent corruption. You can fix any TOAST indexes by reindexing them again.
- The psql password command now defaults to setting the password for the role defined by CURRENT_USER. Additionally, the role name is now included in the password prompt.
- Build extended statistics for partitioned tables. If you previously added extended statistics to a partitioned table, you should run ANALYZE on those tables. As autovacuum currently does not process partitioned tables, you must periodically run ANALYZE on any partitioned tables to update their statistics.
- Fix crash with ALTER STATISTICS when the statistics object is dropped concurrently
- Fix crash with multiranges when extracting variable-length data types
- Several fixes to the query planner that lead to incorrect query results
- Several fixes for query plan memoization
- Fix startup of a physical replica to tolerate transaction ID wraparound
- When using logical replication, avoid duplicate transmission of a partitioned table's data when the publication includes both the child and parent tables
- Disallow altering data type of a partitioned table's columns when the partitioned table's row type is used as a composite type elsewhere
- Disallow ALTER TABLE ... DROP NOT NULL for a column that is part of a replica identity index
- Several fixes for caching that correct logical replication behavior and improve performance
- Fix memory leak when updating expression indexes
- Avoid leaking memory during REASSIGN OWNED BY operations that reassign ownership of many objects
- Fix display of whole-row variables appearing in INSERT ... VALUES rules
- Fix race condition that could lead to failure to localize error messages that are reported early in multi-threaded use of libpq or ecpglib
- Fix psql d command for identifying parent triggers
- Fix failures on Windows when using the terminal as data source or destination. This affected the psql copy command and using pg_recvlogical with -f -.
- Fix the pg_dump --inserts and --column-inserts modes to handle tables that contain both generated and dropped columns
- Fix edge cases in how postgres_fdw handles asynchronous queries. These errors could lead to crashes or incorrect results when attempting to run parallel scans of foreign tables.

更新時間：2022-02-11
更新細節：

What's new in this version:

- Fix for a low probability scenario of index corruption when a HOT (heap-only tuple) chain changes state during VACUUM. Encountering this issue is unlikely, but if you are concerned, please consider reindexing.
- Fix for using REINDEX CONCURRENTLY on TOAST table indexes to prevent corruption. You can fix any TOAST indexes by reindexing them again.
- The psql password command now defaults to setting the password for the role defined by CURRENT_USER. Additionally, the role name is now included in the password prompt.
- Build extended statistics for partitioned tables. If you previously added extended statistics to a partitioned table, you should run ANALYZE on those tables. As autovacuum currently does not process partitioned tables, you must periodically run ANALYZE on any partitioned tables to update their statistics.
- Fix crash with ALTER STATISTICS when the statistics object is dropped concurrently
- Fix crash with multiranges when extracting variable-length data types
- Several fixes to the query planner that lead to incorrect query results
- Several fixes for query plan memoization
- Fix startup of a physical replica to tolerate transaction ID wraparound
- When using logical replication, avoid duplicate transmission of a partitioned table's data when the publication includes both the child and parent tables
- Disallow altering data type of a partitioned table's columns when the partitioned table's row type is used as a composite type elsewhere
- Disallow ALTER TABLE ... DROP NOT NULL for a column that is part of a replica identity index
- Several fixes for caching that correct logical replication behavior and improve performance
- Fix memory leak when updating expression indexes
- Avoid leaking memory during REASSIGN OWNED BY operations that reassign ownership of many objects
- Fix display of whole-row variables appearing in INSERT ... VALUES rules
- Fix race condition that could lead to failure to localize error messages that are reported early in multi-threaded use of libpq or ecpglib
- Fix psql d command for identifying parent triggers
- Fix failures on Windows when using the terminal as data source or destination. This affected the psql copy command and using pg_recvlogical with -f -.
- Fix the pg_dump --inserts and --column-inserts modes to handle tables that contain both generated and dropped columns
- Fix edge cases in how postgres_fdw handles asynchronous queries. These errors could lead to crashes or incorrect results when attempting to run parallel scans of foreign tables.

更新時間：2022-02-10
更新細節：

更新時間：2022-02-10
更新細節：

更新時間：2022-01-13
更新細節：

What's new in this version:

Fixed:
- Make REPL work again on Mac M1 (upgrade JLine & JNA)
- Fix slicing of views of IndexedSeqs (including fixing 2.13.7 reverseIterator regression)
- Fix 2.13.7 regression in implicit resolution
- Fix 2.13.7 releaseFence regression affecting GraalVM compatibility
- Fix 2.13.7 regression affecting wildcards and F-bounded types

更新時間：2021-11-12
更新細節：

What's new in this version:

- Make the server reject extraneous data after an SSL or GSS encryption handshake
- A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.)
- The PostgreSQL Project thanks Jacob Champion for reporting this problem.
- Make libpq reject extraneous data after an SSL or GSS encryption handshake
- A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214.
- The PostgreSQL Project thanks Jacob Champion for reporting this problem.
- Fix physical replication for cases where the primary crashes after shipping a WAL segment that ends with a partial WAL record
- If the primary did not survive long enough to finish writing the rest of the incomplete WAL record, then the previous crash-recovery logic had it back up and overwrite WAL starting from the beginning of the incomplete WAL record. This is problematic since standby servers may already have copies of that WAL segment. They will then see an inconsistent next segment, and will not be able to recover without manual intervention. To fix, do not back up over a WAL segment boundary when restarting after a crash. Instead write a new type of WAL record at the start of the next WAL segment, informing readers that the incomplete WAL record will never be finished and must be disregarded.
- When applying this update, it's best to update standby servers before the primary, so that they will be ready to handle this new WAL record type if the primary happens to crash.
- Ensure that parallel VACUUM doesn't miss any indexes (Peter Geoghegan, Masahiko Sawada)
- A parallel VACUUM would fail to process indexes that are below the min_parallel_index_scan_size cutoff, if the table also has at least two indexes that are above that size. This could result in those indexes becoming corrupt, since they'd still contain references to any heap entries removed by the VACUUM; subsequent queries using such indexes would be likely to return rows they shouldn't. This problem does not affect autovacuum, since it doesn't use parallel vacuuming. However, it is advisable to reindex any manually-vacuumed tables that have the right mix of index sizes.
- Fix CREATE INDEX CONCURRENTLY to wait for the latest prepared transactions (Andrey Borodin)
- Rows inserted by just-prepared transactions might be omitted from the new index, causing queries relying on the index to miss such rows. The previous fix for this type of problem failed to account for PREPARE TRANSACTION commands that were still in progress when CREATE INDEX CONCURRENTLY checked for them. As before, in installations that have enabled prepared transactions (max_prepared_transactions > 0), it's recommended to reindex any concurrently-built indexes in case this problem occurred when they were built.
- Avoid race condition that can cause backends to fail to add entries for new rows to an index being built concurrently
- While it's apparently rare in the field, this case could potentially affect any index built or reindexed with the CONCURRENTLY option. It is recommended to reindex any such indexes to make sure they are correct.
- Fix REINDEX CONCURRENTLY to preserve operator class parameters that were attached to the target index (Michael Paquier)
- Fix incorrect creation of shared dependencies when cloning a database that contains non-builtin objects
- The effects of this error are probably limited in practice. In principle, it could allow a role to be dropped while it still owns objects; but most installations would never want to drop a role that had been used for objects they'd added to template1.
- Ensure that the relation cache is invalidated for a table being attached to or detached from a partitioned table
- This oversight could allow misbehavior of subsequent inserts/updates addressed directly to the partition, but only in currently-existing sessions.
- Fix corruption of parse tree while creating a range type
- CREATE TYPE incorrectly freed an element of the parse tree, which could cause problems for a later event trigger, or if the CREATE TYPE command was stored in the plan cache and used again later.
- Fix updates of element fields in arrays of domain over composite
- A command such as UPDATE tab SET fld[1].subfld = val failed if the array's elements were domains rather than plain composites.
- Disallow the combination of FETCH FIRST WITH TIES and FOR UPDATE SKIP LOCKED
- FETCH FIRST WITH TIES necessarily fetches one more row than requested, since it cannot stop until it finds a row that is not a tie. In our current implementation, if FOR UPDATE is used then that row will also get locked even though it is not returned. That results in undesirable behavior if the SKIP LOCKED option is specified. It's difficult to change this without introducing a different set of undesirable behaviors, so for now, forbid the combination.
- Disallow ALTER INDEX index ALTER COLUMN col SET (options)
- While the parser accepted this, it's undocumented and doesn't actually work.
- Fix corner-case loss of precision in numeric power()
- The result could be inaccurate when the first argument is very close to 1.
- Avoid choosing the wrong hash equality operator for Memoize plans
- This error could result in crashes or incorrect query results.
- Fix planner error with pulling up subquery expressions into function rangetable entries
- If a function in FROM laterally references the output of some sub-SELECT earlier in the FROM clause, and we are able to flatten that sub-SELECT into the outer query, the expression(s) copied into the function expression were not fully processed. This could lead to crashes at execution.
- Avoid using MCV-only statistics to estimate the range of a column
- There are corner cases in which ANALYZE will build a most-common-values (MCV) list but not a histogram, even though the MCV list does not account for all the observed values. In such cases, keep the planner from using the MCV list alone to estimate the range of column values.
- Fix restoration of a Portal's snapshot inside a subtransaction
- If a procedure commits or rolls back a transaction, and then its next significant action is inside a new subtransaction, snapshot management went wrong, leading to a dangling pointer and probable crash. A typical example in PL/pgSQL is a COMMIT immediately followed by a BEGIN ... EXCEPTION block that performs a query.
- Clean up correctly if a transaction fails after exporting its snapshot
- This oversight would only cause a problem if the same session attempted to export a snapshot again. The most likely scenario for that is creation of a replication slot (followed by rollback) and then creation of another replication slot.
- Prevent wraparound of overflowed-subtransaction tracking on standby servers
- This oversight could cause significant performance degradation (manifesting as excessive SubtransSLRU traffic) on standby servers.
- Ensure that prepared transactions are properly accounted for during promotion of a standby server (Michael Paquier, Andres Freund)
- There was a narrow window where a prepared transaction could be omitted from a snapshot taken by a concurrently-running session. If that session then used the snapshot to perform data updates, erroneous results or data corruption could occur.
- Fix “could not find RecursiveUnion” error when EXPLAIN tries to print a filter condition attached to a WorkTableScan node
- Ensure that the correct lock level is used when renaming a table
- For historical reasons, ALTER INDEX ... RENAME can be applied to any sort of relation. The lock level required to rename an index is lower than that required to rename a table or other kind of relation, but the code got this wrong and would use the weaker lock level whenever the command is spelled ALTER INDEX.
- Avoid null-pointer-dereference crash when dropping a role that owns objects being dropped concurrently
- Prevent “snapshot reference leak” warning when lo_export() or a related function fails
- Fix inefficient code generation for CoerceToDomain expression nodes
- Avoid O(N^2) behavior in some list-manipulation operations
- These changes fix slow processing in several scenarios, including: when a standby replays a transaction that held many exclusive locks on the primary; when many files are due to be unlinked after a checkpoint; when hash aggregation involves many batches; and when pg_trgm extracts indexable conditions from a complex regular expression. Only the first of these scenarios has actually been reported from the field, but they all seem like plausible consequences of inefficient list deletions.
- Add more defensive checks around B-tree posting list splits
- This change should help detect index corruption involving duplicate table TIDs
- Avoid assertion failure when inserting NaN into a BRIN float8 or float4 minmax_multi_ops index
- In production builds, such cases would result in a somewhat inefficient, but not actually incorrect, index.
- Allow the autovacuum launcher process to respond to pg_log_backend_memory_contexts() requests more quickly
- Fix memory leak in HMAC hash calculations
- Disallow setting huge_pages to on when shared_memory_type is sysv
- Previously, this setting was accepted, but it did nothing for lack of any implementation
- Fix checking of query type in PL/pgSQL's RETURN QUERY statement
- RETURN QUERY should accept any query that can return tuples, e.g. UPDATE RETURNING. v14 accidentally disallowed anything but SELECT; moreover, the RETURN QUERY EXECUTE variant failed to apply any query-type check at all.
- Fix pg_dump to dump non-global default privileges correctly
- If a global (unrestricted) ALTER DEFAULT PRIVILEGES command revoked some present-by-default privilege, for example EXECUTE for functions, and then a restricted ALTER DEFAULT PRIVILEGES command granted that privilege again for a selected role or schema, pg_dump failed to dump the restricted privilege grant correctly.
- Make pg_dump acquire shared lock on partitioned tables that are to be dumped
- This oversight was usually pretty harmless, since once pg_dump has locked any of the leaf partitions, that would suffice to prevent significant DDL on the partitioned table itself. However problems could ensue when dumping a childless partitioned table, since no relevant lock would be held.
- Fix crash in pg_dump when attempting to dump trigger definitions from a pre-8.3 server
- Fix incorrect filename in pg_restore's error message about an invalid large object TOC file
- Ensure that pgbench exits with non-zero status after a socket-level failure
- The desired behavior is to finish out the run but then exit with status 2. Also, fix the reporting of such errors.
- Prevent pg_amcheck from checking temporary relations, as well as indexes that are invalid or not ready
- This avoids unhelpful checks of relations that will almost certainly appear inconsistent
- Make contrib/amcheck skip unlogged tables when running on a standby server
- It's appropriate to do this since such tables will be empty, and unlogged indexes were already handled similarly
- Change contrib/pg_stat_statements to read its “query texts” file in units of at most 1GB
- Such large query text files are very unusual, but if they do occur, the previous coding would fail on Windows 64 (which rejects individual read requests of more than 2GB).
- Fix null-pointer crash when contrib/postgres_fdw tries to report a data conversion error
- Ensure that GetSharedSecurityLabel() can be used in a newly-started session that has not yet built its critical relation cache entries
- When running a TAP test, include the module's own directory in PATH
- This allows tests to find built programs that are not installed, such as custom test drivers.
- Use the CLDR project's data to map Windows time zone names to IANA time zones
- When running on Windows, initdb attempts to set the new cluster's timezone parameter to the IANA time zone matching the system's prevailing time zone. We were using a mapping table that we'd generated years ago and updated only fitfully; unsurprisingly, it contained a number of errors as well as omissions of recently-added zones. It turns out that CLDR has been tracking the most appropriate mappings, so start using their data. This change will not affect any existing installation, only newly-initialized clusters.
- Update time zone data files to tzdata release 2021e for DST law changes in Fiji, Jordan, Palestine, and Samoa, plus historical corrections for Barbados, Cook Islands, Guyana, Niue, Portugal, and Tonga.