diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2012-08-14 18:24:14 -0400 | 
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2012-08-14 18:34:07 -0400 | 
| commit | 18ee575df30d3b41444e2309205427cd11a8b30a (patch) | |
| tree | f137ecce14feede286febdb44836cab38b31245f | |
| parent | e76e25228600709a1b641341be39bef061a36116 (diff) | |
Update release notes for 9.1.5, 9.0.9, 8.4.13, 8.3.20.
| -rw-r--r-- | doc/src/sgml/release-8.3.sgml | 223 | ||||
| -rw-r--r-- | doc/src/sgml/release-8.4.sgml | 234 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.0.sgml | 306 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.1.sgml | 387 | 
4 files changed, 1150 insertions, 0 deletions
| diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml index b28e6dfecc0..dda418fa557 100644 --- a/doc/src/sgml/release-8.3.sgml +++ b/doc/src/sgml/release-8.3.sgml @@ -1,6 +1,229 @@  <!-- doc/src/sgml/release-8.3.sgml -->  <!-- See header comment in release.sgml about typical markup --> + <sect1 id="release-8-3-20"> +  <title>Release 8.3.20</title> + +  <note> +  <title>Release Date</title> +  <simpara>2012-08-17</simpara> +  </note> + +  <para> +   This release contains a variety of fixes from 8.3.19. +   For information about new features in the 8.3 major release, see +   <xref linkend="release-8-3">. +  </para> + +  <para> +   The <productname>PostgreSQL</> community will stop releasing updates +   for the 8.3.X release series in February 2013. +   Users are encouraged to update to a newer release branch soon. +  </para> + +  <sect2> +   <title>Migration to Version 8.3.20</title> + +   <para> +    A dump/restore is not required for those running 8.3.X. +   </para> + +   <para> +    However, if you are upgrading from a version earlier than 8.3.17, +    see the release notes for 8.3.17. +   </para> + +  </sect2> + +  <sect2> +   <title>Changes</title> + +   <itemizedlist> + +    <listitem> +     <para> +      Prevent access to external files/URLs via XML entity references +      (Noah Misch, Tom Lane) +     </para> + +     <para> +      <function>xml_parse()</> would attempt to fetch external files or +      URLs as needed to resolve DTD and entity references in an XML value, +      thus allowing unprivileged database users to attempt to fetch data +      with the privileges of the database server.  While the external data +      wouldn't get returned directly to the user, portions of it could be +      exposed in error messages if the data didn't parse as valid XML; and +      in any case the mere ability to check existence of a file might be +      useful to an attacker.  (CVE-2012-3489) +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent access to external files/URLs via <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Peter Eisentraut) +     </para> + +     <para> +      <application>libxslt</> offers the ability to read and write both +      files and URLs through stylesheet commands, thus allowing +      unprivileged database users to both read and write data with the +      privileges of the database server.  Disable that through proper use +      of <application>libxslt</>'s security options.  (CVE-2012-3488) +     </para> + +     <para> +      Also, remove <function>xslt_process()</>'s ability to fetch documents +      and stylesheets from external files/URLs.  While this was a +      documented <quote>feature</>, it was long regarded as a bad idea. +      The fix for CVE-2012-3489 broke that capability, and rather than +      expend effort on trying to fix it, we're just going to summarily +      remove it. +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent too-early recycling of btree index pages (Noah Misch) +     </para> + +     <para> +      When we allowed read-only transactions to skip assigning XIDs, we +      introduced the possibility that a deleted btree page could be +      recycled while a read-only transaction was still in flight to it. +      This would result in incorrect index search results.  The probability +      of such an error occurring in the field seems very low because of the +      timing requirements, but nonetheless it should be fixed. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) +     </para> + +     <para> +      If <command>ALTER SEQUENCE</> was executed on a freshly created or +      reset sequence, and then precisely one <function>nextval()</> call +      was made on it, and then the server crashed, WAL replay would restore +      the sequence to a state in which it appeared that no +      <function>nextval()</> had been done, thus allowing the first +      sequence value to be returned again by the next +      <function>nextval()</> call.  In particular this could manifest for +      <type>serial</> columns, since creation of a serial column's sequence +      includes an <command>ALTER SEQUENCE OWNED BY</> step. +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure the <filename>backup_label</> file is fsync'd after +      <function>pg_start_backup()</> (Dave Kerr) +     </para> +    </listitem> + +    <listitem> +     <para> +      Back-patch 9.1 improvement to compress the fsync request queue +      (Robert Haas) +     </para> + +     <para> +      This improves performance during checkpoints.  The 9.1 change +      has now seen enough field testing to seem safe to back-patch. +     </para> +    </listitem> + +    <listitem> +     <para> +      Only allow autovacuum to be auto-canceled by a directly blocked +      process (Tom Lane) +     </para> + +     <para> +      The original coding could allow inconsistent behavior in some cases; +      in particular, an autovacuum could get canceled after less than +      <literal>deadlock_timeout</> grace period. +     </para> +    </listitem> + +    <listitem> +     <para> +      Improve logging of autovacuum cancels (Robert Haas) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix log collector so that <literal>log_truncate_on_rotation</> works +      during the very first log rotation after server start (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure that a whole-row reference to a subquery doesn't include any +      extra <literal>GROUP BY</> or <literal>ORDER BY</> columns (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Disallow copying whole-row references in <literal>CHECK</> +      constraints and index definitions during <command>CREATE TABLE</> +      (Tom Lane) +     </para> + +     <para> +      This situation can arise in <command>CREATE TABLE</> with +      <literal>LIKE</> or <literal>INHERITS</>.  The copied whole-row +      variable was incorrectly labeled with the row type of the original +      table not the new one.  Rejecting the case seems reasonable for +      <literal>LIKE</>, since the row types might well diverge later.  For +      <literal>INHERITS</> we should ideally allow it, with an implicit +      coercion to the parent table's row type; but that will require more +      work than seems safe to back-patch. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix memory leak in <literal>ARRAY(SELECT ...)</> subqueries (Heikki +      Linnakangas, Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix extraction of common prefixes from regular expressions (Tom Lane) +     </para> + +     <para> +      The code could get confused by quantified parenthesized +      subexpressions, such as <literal>^(foo)?bar</>.  This would lead to +      incorrect index optimization of searches for such patterns. +     </para> +    </listitem> + +    <listitem> +     <para> +      Report errors properly in <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Update time zone data files to <application>tzdata</> release 2012e +      for DST law changes in Morocco and Tokelau +     </para> +    </listitem> + +   </itemizedlist> + +  </sect2> + </sect1> +   <sect1 id="release-8-3-19">    <title>Release 8.3.19</title> diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml index 213c52e61c6..5c89fb699ab 100644 --- a/doc/src/sgml/release-8.4.sgml +++ b/doc/src/sgml/release-8.4.sgml @@ -1,6 +1,240 @@  <!-- doc/src/sgml/release-8.4.sgml -->  <!-- See header comment in release.sgml about typical markup --> + <sect1 id="release-8-4-13"> +  <title>Release 8.4.13</title> + +  <note> +  <title>Release Date</title> +  <simpara>2012-08-17</simpara> +  </note> + +  <para> +   This release contains a variety of fixes from 8.4.12. +   For information about new features in the 8.4 major release, see +   <xref linkend="release-8-4">. +  </para> + +  <sect2> +   <title>Migration to Version 8.4.13</title> + +   <para> +    A dump/restore is not required for those running 8.4.X. +   </para> + +   <para> +    However, if you are upgrading from a version earlier than 8.4.10, +    see the release notes for 8.4.10. +   </para> + +  </sect2> + +  <sect2> +   <title>Changes</title> + +   <itemizedlist> + +    <listitem> +     <para> +      Prevent access to external files/URLs via XML entity references +      (Noah Misch, Tom Lane) +     </para> + +     <para> +      <function>xml_parse()</> would attempt to fetch external files or +      URLs as needed to resolve DTD and entity references in an XML value, +      thus allowing unprivileged database users to attempt to fetch data +      with the privileges of the database server.  While the external data +      wouldn't get returned directly to the user, portions of it could be +      exposed in error messages if the data didn't parse as valid XML; and +      in any case the mere ability to check existence of a file might be +      useful to an attacker.  (CVE-2012-3489) +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent access to external files/URLs via <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Peter Eisentraut) +     </para> + +     <para> +      <application>libxslt</> offers the ability to read and write both +      files and URLs through stylesheet commands, thus allowing +      unprivileged database users to both read and write data with the +      privileges of the database server.  Disable that through proper use +      of <application>libxslt</>'s security options.  (CVE-2012-3488) +     </para> + +     <para> +      Also, remove <function>xslt_process()</>'s ability to fetch documents +      and stylesheets from external files/URLs.  While this was a +      documented <quote>feature</>, it was long regarded as a bad idea. +      The fix for CVE-2012-3489 broke that capability, and rather than +      expend effort on trying to fix it, we're just going to summarily +      remove it. +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent too-early recycling of btree index pages (Noah Misch) +     </para> + +     <para> +      When we allowed read-only transactions to skip assigning XIDs, we +      introduced the possibility that a deleted btree page could be +      recycled while a read-only transaction was still in flight to it. +      This would result in incorrect index search results.  The probability +      of such an error occurring in the field seems very low because of the +      timing requirements, but nonetheless it should be fixed. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) +     </para> + +     <para> +      If <command>ALTER SEQUENCE</> was executed on a freshly created or +      reset sequence, and then precisely one <function>nextval()</> call +      was made on it, and then the server crashed, WAL replay would restore +      the sequence to a state in which it appeared that no +      <function>nextval()</> had been done, thus allowing the first +      sequence value to be returned again by the next +      <function>nextval()</> call.  In particular this could manifest for +      <type>serial</> columns, since creation of a serial column's sequence +      includes an <command>ALTER SEQUENCE OWNED BY</> step. +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure the <filename>backup_label</> file is fsync'd after +      <function>pg_start_backup()</> (Dave Kerr) +     </para> +    </listitem> + +    <listitem> +     <para> +      Back-patch 9.1 improvement to compress the fsync request queue +      (Robert Haas) +     </para> + +     <para> +      This improves performance during checkpoints.  The 9.1 change +      has now seen enough field testing to seem safe to back-patch. +     </para> +    </listitem> + +    <listitem> +     <para> +      Only allow autovacuum to be auto-canceled by a directly blocked +      process (Tom Lane) +     </para> + +     <para> +      The original coding could allow inconsistent behavior in some cases; +      in particular, an autovacuum could get canceled after less than +      <literal>deadlock_timeout</> grace period. +     </para> +    </listitem> + +    <listitem> +     <para> +      Improve logging of autovacuum cancels (Robert Haas) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix log collector so that <literal>log_truncate_on_rotation</> works +      during the very first log rotation after server start (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <literal>WITH</> attached to a nested set operation +      (<literal>UNION</>/<literal>INTERSECT</>/<literal>EXCEPT</>) +      (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure that a whole-row reference to a subquery doesn't include any +      extra <literal>GROUP BY</> or <literal>ORDER BY</> columns (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Disallow copying whole-row references in <literal>CHECK</> +      constraints and index definitions during <command>CREATE TABLE</> +      (Tom Lane) +     </para> + +     <para> +      This situation can arise in <command>CREATE TABLE</> with +      <literal>LIKE</> or <literal>INHERITS</>.  The copied whole-row +      variable was incorrectly labeled with the row type of the original +      table not the new one.  Rejecting the case seems reasonable for +      <literal>LIKE</>, since the row types might well diverge later.  For +      <literal>INHERITS</> we should ideally allow it, with an implicit +      coercion to the parent table's row type; but that will require more +      work than seems safe to back-patch. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix memory leak in <literal>ARRAY(SELECT ...)</> subqueries (Heikki +      Linnakangas, Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix extraction of common prefixes from regular expressions (Tom Lane) +     </para> + +     <para> +      The code could get confused by quantified parenthesized +      subexpressions, such as <literal>^(foo)?bar</>.  This would lead to +      incorrect index optimization of searches for such patterns. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix bugs with parsing signed +      <replaceable>hh</><literal>:</><replaceable>mm</> and +      <replaceable>hh</><literal>:</><replaceable>mm</><literal>:</><replaceable>ss</> +      fields in <type>interval</> constants (Amit Kapila, Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Report errors properly in <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Update time zone data files to <application>tzdata</> release 2012e +      for DST law changes in Morocco and Tokelau +     </para> +    </listitem> + +   </itemizedlist> + +  </sect2> + </sect1> +   <sect1 id="release-8-4-12">    <title>Release 8.4.12</title> diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index c5f7d819098..398a3659191 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -1,6 +1,312 @@  <!-- doc/src/sgml/release-9.0.sgml -->  <!-- See header comment in release.sgml about typical markup --> + <sect1 id="release-9-0-9"> +  <title>Release 9.0.9</title> + +  <note> +  <title>Release Date</title> +  <simpara>2012-08-17</simpara> +  </note> + +  <para> +   This release contains a variety of fixes from 9.0.8. +   For information about new features in the 9.0 major release, see +   <xref linkend="release-9-0">. +  </para> + +  <sect2> +   <title>Migration to Version 9.0.9</title> + +   <para> +    A dump/restore is not required for those running 9.0.X. +   </para> + +   <para> +    However, if you are upgrading from a version earlier than 9.0.6, +    see the release notes for 9.0.6. +   </para> + +  </sect2> + +  <sect2> +   <title>Changes</title> + +   <itemizedlist> + +    <listitem> +     <para> +      Prevent access to external files/URLs via XML entity references +      (Noah Misch, Tom Lane) +     </para> + +     <para> +      <function>xml_parse()</> would attempt to fetch external files or +      URLs as needed to resolve DTD and entity references in an XML value, +      thus allowing unprivileged database users to attempt to fetch data +      with the privileges of the database server.  While the external data +      wouldn't get returned directly to the user, portions of it could be +      exposed in error messages if the data didn't parse as valid XML; and +      in any case the mere ability to check existence of a file might be +      useful to an attacker.  (CVE-2012-3489) +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent access to external files/URLs via <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Peter Eisentraut) +     </para> + +     <para> +      <application>libxslt</> offers the ability to read and write both +      files and URLs through stylesheet commands, thus allowing +      unprivileged database users to both read and write data with the +      privileges of the database server.  Disable that through proper use +      of <application>libxslt</>'s security options.  (CVE-2012-3488) +     </para> + +     <para> +      Also, remove <function>xslt_process()</>'s ability to fetch documents +      and stylesheets from external files/URLs.  While this was a +      documented <quote>feature</>, it was long regarded as a bad idea. +      The fix for CVE-2012-3489 broke that capability, and rather than +      expend effort on trying to fix it, we're just going to summarily +      remove it. +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent too-early recycling of btree index pages (Noah Misch) +     </para> + +     <para> +      When we allowed read-only transactions to skip assigning XIDs, we +      introduced the possibility that a deleted btree page could be +      recycled while a read-only transaction was still in flight to it. +      This would result in incorrect index search results.  The probability +      of such an error occurring in the field seems very low because of the +      timing requirements, but nonetheless it should be fixed. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) +     </para> + +     <para> +      If <command>ALTER SEQUENCE</> was executed on a freshly created or +      reset sequence, and then precisely one <function>nextval()</> call +      was made on it, and then the server crashed, WAL replay would restore +      the sequence to a state in which it appeared that no +      <function>nextval()</> had been done, thus allowing the first +      sequence value to be returned again by the next +      <function>nextval()</> call.  In particular this could manifest for +      <type>serial</> columns, since creation of a serial column's sequence +      includes an <command>ALTER SEQUENCE OWNED BY</> step. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <function>txid_current()</> to report the correct epoch when not +      in hot standby (Heikki Linnakangas) +     </para> + +     <para> +      This fixes a regression introduced in the previous minor release. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix bug in startup of Hot Standby when a master transaction has many +      subtransactions (Andres Freund) +     </para> + +     <para> +      This mistake led to failures reported as <quote>out-of-order XID +      insertion in KnownAssignedXids</>. +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure the <filename>backup_label</> file is fsync'd after +      <function>pg_start_backup()</> (Dave Kerr) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix timeout handling in walsender processes (Tom Lane) +     </para> + +     <para> +      WAL sender background processes neglected to establish a +      <systemitem>SIGALRM</> handler, meaning they would wait forever in +      some corner cases where a timeout ought to happen. +     </para> +    </listitem> + +    <listitem> +     <para> +      Back-patch 9.1 improvement to compress the fsync request queue +      (Robert Haas) +     </para> + +     <para> +      This improves performance during checkpoints.  The 9.1 change +      has now seen enough field testing to seem safe to back-patch. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <literal>LISTEN</>/<literal>NOTIFY</> to cope better with I/O +      problems, such as out of disk space (Tom Lane) +     </para> + +     <para> +      After a write failure, all subsequent attempts to send more +      <literal>NOTIFY</> messages would fail with messages like +      <quote>Could not read from file "pg_notify/<replaceable>nnnn</>" at +      offset <replaceable>nnnnn</>: Success</quote>. +     </para> +    </listitem> + +    <listitem> +     <para> +      Only allow autovacuum to be auto-canceled by a directly blocked +      process (Tom Lane) +     </para> + +     <para> +      The original coding could allow inconsistent behavior in some cases; +      in particular, an autovacuum could get canceled after less than +      <literal>deadlock_timeout</> grace period. +     </para> +    </listitem> + +    <listitem> +     <para> +      Improve logging of autovacuum cancels (Robert Haas) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix log collector so that <literal>log_truncate_on_rotation</> works +      during the very first log rotation after server start (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <literal>WITH</> attached to a nested set operation +      (<literal>UNION</>/<literal>INTERSECT</>/<literal>EXCEPT</>) +      (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure that a whole-row reference to a subquery doesn't include any +      extra <literal>GROUP BY</> or <literal>ORDER BY</> columns (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Disallow copying whole-row references in <literal>CHECK</> +      constraints and index definitions during <command>CREATE TABLE</> +      (Tom Lane) +     </para> + +     <para> +      This situation can arise in <command>CREATE TABLE</> with +      <literal>LIKE</> or <literal>INHERITS</>.  The copied whole-row +      variable was incorrectly labeled with the row type of the original +      table not the new one.  Rejecting the case seems reasonable for +      <literal>LIKE</>, since the row types might well diverge later.  For +      <literal>INHERITS</> we should ideally allow it, with an implicit +      coercion to the parent table's row type; but that will require more +      work than seems safe to back-patch. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix memory leak in <literal>ARRAY(SELECT ...)</> subqueries (Heikki +      Linnakangas, Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix extraction of common prefixes from regular expressions (Tom Lane) +     </para> + +     <para> +      The code could get confused by quantified parenthesized +      subexpressions, such as <literal>^(foo)?bar</>.  This would lead to +      incorrect index optimization of searches for such patterns. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix bugs with parsing signed +      <replaceable>hh</><literal>:</><replaceable>mm</> and +      <replaceable>hh</><literal>:</><replaceable>mm</><literal>:</><replaceable>ss</> +      fields in <type>interval</> constants (Amit Kapila, Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Use Postgres' encoding conversion functions, not Python's, when +      converting a Python Unicode string to the server encoding in +      PL/Python (Jan Urbanski) +     </para> + +     <para> +      This avoids some corner-case problems, notably that Python doesn't +      support all the encodings Postgres does.  A notable functional change +      is that if the server encoding is SQL_ASCII, you will get the UTF-8 +      representation of the string; formerly, any non-ASCII characters in +      the string would result in an error. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix mapping of PostgreSQL encodings to Python encodings in PL/Python +      (Jan Urbanski) +     </para> +    </listitem> + +    <listitem> +     <para> +      Report errors properly in <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Update time zone data files to <application>tzdata</> release 2012e +      for DST law changes in Morocco and Tokelau +     </para> +    </listitem> + +   </itemizedlist> + +  </sect2> + </sect1> +   <sect1 id="release-9-0-8">    <title>Release 9.0.8</title> diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index b65e8daa133..a65d7fb6351 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -1,6 +1,393 @@  <!-- doc/src/sgml/release-9.1.sgml -->  <!-- See header comment in release.sgml about typical markup --> + <sect1 id="release-9-1-5"> +  <title>Release 9.1.5</title> + +  <note> +  <title>Release Date</title> +  <simpara>2012-08-17</simpara> +  </note> + +  <para> +   This release contains a variety of fixes from 9.1.4. +   For information about new features in the 9.1 major release, see +   <xref linkend="release-9-1">. +  </para> + +  <sect2> +   <title>Migration to Version 9.1.5</title> + +   <para> +    A dump/restore is not required for those running 9.1.X. +   </para> + +   <para> +    However, if you are upgrading from a version earlier than 9.1.4, +    see the release notes for 9.1.4. +   </para> + +  </sect2> + +  <sect2> +   <title>Changes</title> + +   <itemizedlist> + +    <listitem> +     <para> +      Prevent access to external files/URLs via XML entity references +      (Noah Misch, Tom Lane) +     </para> + +     <para> +      <function>xml_parse()</> would attempt to fetch external files or +      URLs as needed to resolve DTD and entity references in an XML value, +      thus allowing unprivileged database users to attempt to fetch data +      with the privileges of the database server.  While the external data +      wouldn't get returned directly to the user, portions of it could be +      exposed in error messages if the data didn't parse as valid XML; and +      in any case the mere ability to check existence of a file might be +      useful to an attacker.  (CVE-2012-3489) +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent access to external files/URLs via <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Peter Eisentraut) +     </para> + +     <para> +      <application>libxslt</> offers the ability to read and write both +      files and URLs through stylesheet commands, thus allowing +      unprivileged database users to both read and write data with the +      privileges of the database server.  Disable that through proper use +      of <application>libxslt</>'s security options.  (CVE-2012-3488) +     </para> + +     <para> +      Also, remove <function>xslt_process()</>'s ability to fetch documents +      and stylesheets from external files/URLs.  While this was a +      documented <quote>feature</>, it was long regarded as a bad idea. +      The fix for CVE-2012-3489 broke that capability, and rather than +      expend effort on trying to fix it, we're just going to summarily +      remove it. +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent too-early recycling of btree index pages (Noah Misch) +     </para> + +     <para> +      When we allowed read-only transactions to skip assigning XIDs, we +      introduced the possibility that a deleted btree page could be +      recycled while a read-only transaction was still in flight to it. +      This would result in incorrect index search results.  The probability +      of such an error occurring in the field seems very low because of the +      timing requirements, but nonetheless it should be fixed. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) +     </para> + +     <para> +      If <command>ALTER SEQUENCE</> was executed on a freshly created or +      reset sequence, and then precisely one <function>nextval()</> call +      was made on it, and then the server crashed, WAL replay would restore +      the sequence to a state in which it appeared that no +      <function>nextval()</> had been done, thus allowing the first +      sequence value to be returned again by the next +      <function>nextval()</> call.  In particular this could manifest for +      <type>serial</> columns, since creation of a serial column's sequence +      includes an <command>ALTER SEQUENCE OWNED BY</> step. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix race condition in <literal>enum</>-type value comparisons (Robert +      Haas, Tom Lane) +     </para> + +     <para> +      Comparisons could fail when encountering an enum value added since +      the current query started. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <function>txid_current()</> to report the correct epoch when not +      in hot standby (Heikki Linnakangas) +     </para> + +     <para> +      This fixes a regression introduced in the previous minor release. +     </para> +    </listitem> + +    <listitem> +     <para> +      Prevent selection of unsuitable replication connections as +      the synchronous standby (Fujii Masao) +     </para> + +     <para> +      The master might improperly choose pseudo-servers such as +      <application>pg_receivexlog</> or <application>pg_basebackup</> +      as the synchronous standby, and then wait indefinitely for them. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix bug in startup of Hot Standby when a master transaction has many +      subtransactions (Andres Freund) +     </para> + +     <para> +      This mistake led to failures reported as <quote>out-of-order XID +      insertion in KnownAssignedXids</>. +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure the <filename>backup_label</> file is fsync'd after +      <function>pg_start_backup()</> (Dave Kerr) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix timeout handling in walsender processes (Tom Lane) +     </para> + +     <para> +      WAL sender background processes neglected to establish a +      <systemitem>SIGALRM</> handler, meaning they would wait forever in +      some corner cases where a timeout ought to happen. +     </para> +    </listitem> + +    <listitem> +     <para> +      Wake walsenders after each background flush by walwriter (Andres +      Freund, Simon Riggs) +     </para> + +     <para> +      This greatly reduces replication delay when the workload contains +      only asynchronously-committed transactions. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <literal>LISTEN</>/<literal>NOTIFY</> to cope better with I/O +      problems, such as out of disk space (Tom Lane) +     </para> + +     <para> +      After a write failure, all subsequent attempts to send more +      <literal>NOTIFY</> messages would fail with messages like +      <quote>Could not read from file "pg_notify/<replaceable>nnnn</>" at +      offset <replaceable>nnnnn</>: Success</quote>. +     </para> +    </listitem> + +    <listitem> +     <para> +      Only allow autovacuum to be auto-canceled by a directly blocked +      process (Tom Lane) +     </para> + +     <para> +      The original coding could allow inconsistent behavior in some cases; +      in particular, an autovacuum could get canceled after less than +      <literal>deadlock_timeout</> grace period. +     </para> +    </listitem> + +    <listitem> +     <para> +      Improve logging of autovacuum cancels (Robert Haas) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix log collector so that <literal>log_truncate_on_rotation</> works +      during the very first log rotation after server start (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <literal>WITH</> attached to a nested set operation +      (<literal>UNION</>/<literal>INTERSECT</>/<literal>EXCEPT</>) +      (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Ensure that a whole-row reference to a subquery doesn't include any +      extra <literal>GROUP BY</> or <literal>ORDER BY</> columns (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix dependencies generated during <literal>ALTER TABLE ... ADD +      CONSTRAINT USING INDEX</> (Tom Lane) +     </para> + +     <para> +      This command left behind a redundant <structname>pg_depend</> entry +      for the index, which could confuse later operations, notably +      <literal>ALTER TABLE ... ALTER COLUMN TYPE</> on one of the indexed +      columns. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <command>REASSIGN OWNED</> to work on extensions (Alvaro Herrera) +     </para> +    </listitem> + +    <listitem> +     <para> +      Disallow copying whole-row references in <literal>CHECK</> +      constraints and index definitions during <command>CREATE TABLE</> +      (Tom Lane) +     </para> + +     <para> +      This situation can arise in <command>CREATE TABLE</> with +      <literal>LIKE</> or <literal>INHERITS</>.  The copied whole-row +      variable was incorrectly labeled with the row type of the original +      table not the new one.  Rejecting the case seems reasonable for +      <literal>LIKE</>, since the row types might well diverge later.  For +      <literal>INHERITS</> we should ideally allow it, with an implicit +      coercion to the parent table's row type; but that will require more +      work than seems safe to back-patch. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix memory leak in <literal>ARRAY(SELECT ...)</> subqueries (Heikki +      Linnakangas, Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix planner to pass correct collation to operator selectivity +      estimators (Tom Lane) +     </para> + +     <para> +      This was not previously required by any core selectivity estimation +      function, but third-party code might need it. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix extraction of common prefixes from regular expressions (Tom Lane) +     </para> + +     <para> +      The code could get confused by quantified parenthesized +      subexpressions, such as <literal>^(foo)?bar</>.  This would lead to +      incorrect index optimization of searches for such patterns. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix bugs with parsing signed +      <replaceable>hh</><literal>:</><replaceable>mm</> and +      <replaceable>hh</><literal>:</><replaceable>mm</><literal>:</><replaceable>ss</> +      fields in <type>interval</> constants (Amit Kapila, Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix <application>pg_dump</> to better handle views containing partial +      <literal>GROUP BY</> lists (Tom Lane) +     </para> + +     <para> +      A view that lists only a primary key column in <literal>GROUP BY</>, +      but uses other table columns as if they were grouped, gets marked as +      depending on the primary key.  Improper handling of such primary key +      dependencies in <application>pg_dump</> resulted in poorly-ordered +      dumps, which at best would be inefficient to restore and at worst +      could result in outright failure of a parallel +      <application>pg_restore</> run. +     </para> +    </listitem> + +    <listitem> +     <para> +      In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding +      (Alex Hunsaker, Kyotaro Horiguchi, Alvaro Herrera) +     </para> +    </listitem> + +    <listitem> +     <para> +      Use Postgres' encoding conversion functions, not Python's, when +      converting a Python Unicode string to the server encoding in +      PL/Python (Jan Urbanski) +     </para> + +     <para> +      This avoids some corner-case problems, notably that Python doesn't +      support all the encodings Postgres does.  A notable functional change +      is that if the server encoding is SQL_ASCII, you will get the UTF-8 +      representation of the string; formerly, any non-ASCII characters in +      the string would result in an error. +     </para> +    </listitem> + +    <listitem> +     <para> +      Fix mapping of PostgreSQL encodings to Python encodings in PL/Python +      (Jan Urbanski) +     </para> +    </listitem> + +    <listitem> +     <para> +      Report errors properly in <filename>contrib/xml2</>'s +      <function>xslt_process()</> (Tom Lane) +     </para> +    </listitem> + +    <listitem> +     <para> +      Update time zone data files to <application>tzdata</> release 2012e +      for DST law changes in Morocco and Tokelau +     </para> +    </listitem> + +   </itemizedlist> + +  </sect2> + </sect1> +   <sect1 id="release-9-1-4">    <title>Release 9.1.4</title> | 
