PostgreSQL 歷史版本列表
PostgreSQL 是一個跨平台的對象關係型數據庫管理系統,自 1995 年首次發布以來,已經成長為國際知名的解決方案,可幫助管理員輕鬆創建,組織,管理和部署各種形狀和大小的項目數據庫。這當然包括對運行 SQL 查詢,觸發管理,屬性管理以及其他企業級數據庫管理系統當前正在使用的所有功能的全面控制。為使日常管理多個作業和項目組件的管理員更容易訪問,PostgreSQL 符合大多數 SQL 2008... PostgreSQL 軟體介紹PostgreSQL (32-bit)PostgreSQL (64-bit)
更新時間:2015-06-13
更新細節:
What's new in this version:
Changes:
Fix possible failure to recover from an inconsistent database state:
- Recent PostgreSQL releases introduced mechanisms to protect against multixact wraparound, but some of that code did not account for the possibility that it would need to run during crash recovery, when the database may not be in a consistent state. This could result in failure to restart after a crash, or failure to start up a secondary server. The lingering effects of a previously-fixed bug in pg_upgrade could also cause such a failure, in installations that had used pg_upgrade versions between 9.3.0 and 9.3.4.
- The pg_upgrade bug in question was that it would set oldestMultiXid to 1 in pg_control even if the true value should be higher. With the fixes introduced in this release, such a situation will result in immediate emergency autovacuuming until a correct oldestMultiXid value can be determined. If that would pose a hardship, users can avoid it by doing manual vacuuming before upgrading to this release.
In detail:
- Check whether pg_controldata reports "Latest checkpoint's oldestMultiXid" to be 1. If not, there's nothing to do.
- Look in PGDATA/pg_multixact/offsets to see if there's a file named 0000. If there is, there's nothing to do.
- Otherwise, for each table that has pg_class.relminmxid equal to 1, VACUUM that table with both vacuum_multixact_freeze_min_age and vacuum_multixact_freeze_table_age set to zero. (You can use the vacuum cost delay parameters described in Section 18.4.4 to reduce the performance consequences for concurrent sessions.)
Fix rare failure to invalidate relation cache init file:
- With just the wrong timing of concurrent activity, a VACUUM FULL on a system catalog might fail to update the "init file" that's used to avoid cache-loading work for new sessions. This would result in later sessions being unable to access that catalog at all. This is a very ancient bug, but it's so hard to trigger that no reproducible case had been seen until recently.
Avoid deadlock between incoming sessions and CREATE/DROP DATABASE:
- A new session starting in a database that is the target of a DROP DATABASE command, or is the template for a CREATE DATABASE command, could cause the command to wait for five seconds and then fail, even if the new session would have exited before that.
Improve planner's cost estimates for semi-joins and anti-joins with inner indexscans:
- This type of plan is quite cheap when all the join clauses are used as index scan conditions, even if the inner scan would nominally fetch many rows, because the executor will stop after obtaining one row. The planner only partially accounted for that effect, and would therefore overestimate the cost, leading it to possibly choose some other much less efficient plan type.
更新時間:2015-06-05
更新細節:
What's new in this version:
- Avoid failures while fsync'ing data directory during crash restart
- In the previous minor releases we added a patch to fsync everything in the data directory after a crash. Unfortunately its response to any error condition was to fail, thereby preventing the server from starting up, even when the problem was quite harmless. An example is that an unwritable file in the data directory would prevent restart on some platforms; but it is common to make SSL certificate files unwritable by the server. Revise this behavior so that permissions failures are ignored altogether, and other types of failures are logged but do not prevent continuing.
- Also apply the same rules in initdb --sync-only. This case is less critical but it should act similarly.
- Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set
- Fix pushJsonbValue() to unpack jbvBinary objects (Andrew Dunstan)
- This change does not affect any behavior in the core code as of 9.4, but it avoids a corner case for possible third-party callers.
- Remove configure's check prohibiting linking to a threaded libpython on OpenBSD
- The failure this restriction was meant to prevent seems to not be a problem anymore on current OpenBSD versions.
更新時間:2015-06-05
更新細節:
What's new in this version:
- Avoid failures while fsync'ing data directory during crash restart
- In the previous minor releases we added a patch to fsync everything in the data directory after a crash. Unfortunately its response to any error condition was to fail, thereby preventing the server from starting up, even when the problem was quite harmless. An example is that an unwritable file in the data directory would prevent restart on some platforms; but it is common to make SSL certificate files unwritable by the server. Revise this behavior so that permissions failures are ignored altogether, and other types of failures are logged but do not prevent continuing.
- Also apply the same rules in initdb --sync-only. This case is less critical but it should act similarly.
- Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set
- Fix pushJsonbValue() to unpack jbvBinary objects (Andrew Dunstan)
- This change does not affect any behavior in the core code as of 9.4, but it avoids a corner case for possible third-party callers.
- Remove configure's check prohibiting linking to a threaded libpython on OpenBSD
- The failure this restriction was meant to prevent seems to not be a problem anymore on current OpenBSD versions.
更新時間:2015-05-24
更新細節:
What's new in this version:
Migration to Version 9.4.2:
- A dump/restore is not required for those running 9.4.X.
- However, if you use contrib/citext's regexp_matches() functions, see the changelog entry below about that.
- Also, if you are upgrading from a version earlier than 9.4.1, see Section E.2. Changes:
- Avoid possible crash when client disconnects just before the authentication timeout expires
- If the timeout interrupt fired partway through the session shutdown sequence, SSL-related state would be freed twice, typically causing a crash and hence denial of service to other sessions. Experimentation shows that an unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue.
- Improve detection of system-call failures
- Our replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure, due to our code assuming that a buffer had been overwritten when it hadn't been. Also, there were a few places in which security-relevant calls of other system library functions did not check for failure.
- It remains possible that some calls of the *printf() family of functions are vulnerable to information disclosure if an out-of-memory error occurs at just the wrong time. We judge the risk to not be large, but will continue analysis in this area.
- In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data"
- Previously, some cases of decryption with an incorrect key could report other error message texts. It has been shown that such variance in error reports can aid attackers in recovering keys from other systems. While it's unknown whether pgcrypto's specific behaviors are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message.
- Protect against wraparound of multixact member IDs
- Under certain usage patterns, the existing defenses against this might be insufficient, allowing pg_multixact/members files to be removed too early, resulting in data loss. The fix for this includes modifying the server to fail transactions that would result in overwriting old multixact member ID data, and improving autovacuum to ensure it will act proactively to prevent multixact member ID wraparound, as it does for transaction ID wraparound.
- Fix incorrect declaration of contrib/citext's regexp_matches() functions
- These functions should return setof text[], like the core functions they are wrappers for; but they were incorrectly declared as returning just text[]. This mistake had two results: first, if there was no match you got a scalar null result, whereas what you should get is an empty set (zero rows). Second, the g flag was effectively ignored, since you would get only one result array even if there were multiple matches.
- While the latter behavior is clearly a bug, there might be applications depending on the former behavior; therefore the function declarations will not be changed by default until PostgreSQL 9.5. In pre-9.5 branches, the old behavior exists in version 1.0 of the citext extension, while we have provided corrected declarations in version 1.1 (which is not installed by default). To adopt the fix in pre-9.5 branches, execute ALTER EXTENSION citext UPDATE TO '1.1' in each database in which citext is installed. (You can also "update" back to 1.0 if you need to undo that.) Be aware that either update direction will require dropping and recreating any views or rules that use citext's regexp_matches() functions.
- Render infinite dates and timestamps as infinity when converting to json, rather than throwing an error
- Fix json/jsonb's populate_record() and to_record() functions to handle empty input properly
- Fix incorrect checking of deferred exclusion constraints after a HOT update
- If a new row that potentially violates a deferred exclusion constraint is HOT-updated (that is, no indexed columns change and the row can be stored back onto the same table page) later in the same transaction, the exclusion constraint would be reported as violated when the check finally occurred, even if the row(s) the new row originally conflicted with had been deleted.
- Fix behavior when changing foreign key constraint deferrability status with ALTER TABLE ... ALTER CONSTRAINT
- Operations later in the same session or concurrent sessions might not honor the status change promptly.
- Fix planning of star-schema-style queries
- Sometimes, efficient scanning of a large table requires that index parameters be provided from more than one other table (commonly, dimension tables whose keys are needed to index a large fact table). The planner should be able to find such plans, but an overly restrictive search heuristic prevented it.
- Prevent improper reordering of antijoins (NOT EXISTS joins) versus other outer joins
- This oversight in the planner has been observed to cause "could not find RelOptInfo for given relids" errors, but it seems possible that sometimes an incorrect query plan might get past that consistency check and result in silently-wrong query output.
- Fix incorrect matching of subexpressions in outer-join plan nodes
- Previously, if textually identical non-strict subexpressions were used both above and below an outer join, the planner might try to re-use the value computed below the join, which would be incorrect because the executor would force the value to NULL in case of an unmatched outer row.
- Fix GEQO planner to cope with failure of its join order heuristic (Tom Lane)
- This oversight has been seen to lead to "failed to join all relations together" errors in queries involving LATERAL, and that might happen in other cases as well.
- Ensure that row locking occurs properly when the target of an UPDATE or DELETE is a security-barrier view
- Use a file opened for read/write when syncing replication slot data during database startup
- On some platforms, the previous coding could result in errors like "could not fsync file "pg_replslot/...": Bad file descriptor".
- Fix possible deadlock at startup when max_prepared_transactions is too small
- Don't archive useless preallocated WAL files after a timeline switch
- Recursively fsync() the data directory after a crash
- This ensures consistency if another crash occurs shortly later. (The second crash would have to be a system-level crash, not just a database crash, for there to be a problem.)
- Fix autovacuum launcher's possible failure to shut down, if an error occurs after it receives SIGTERM
- Fix failure to handle invalidation messages for system catalogs early in session startup
- This oversight could result in failures in sessions that start concurrently with a VACUUM FULL on a system catalog.
- Fix crash in BackendIdGetTransactionIds() when trying to get status for a backend process that just exited
- Cope with unexpected signals in LockBufferForCleanup()
- This oversight could result in spurious errors about "multiple backends attempting to wait for pincount 1".
- Fix crash when doing COPY IN to a table with check constraints that contain whole-row references
- The known failure case only crashes in 9.4 and up, but there is very similar code in 9.3 and 9.2, so back-patch those branches as well.
- Avoid waiting for WAL flush or synchronous replication during commit of a transaction that was read-only so far as the user is concerned
- Previously, a delay could occur at commit in transactions that had written WAL due to HOT page pruning, leading to undesirable effects such as sessions getting stuck at startup if all synchronous replicas are down. Sessions have also been observed to get stuck in catchup interrupt processing when using synchronous replication; this will fix that problem as well.
- Avoid busy-waiting with short recovery_min_apply_delay values
- Fix crash when manipulating hash indexes on temporary tables
- Fix possible failure during hash index bucket split, if other processes are modifying the index concurrently
- Fix memory leaks in GIN index vacuum
- Check for interrupts while analyzing index expressions
- ANALYZE executes index expressions many times; if there are slow functions in such an expression, it's desirable to be able to cancel the ANALYZE before that loop finishes.
- Ensure tableoid of a foreign table is reported correctly when a READ COMMITTED recheck occurs after locking rows in SELECT FOR UPDATE, UPDATE, or DELETE
- Add the name of the target server to object description strings for foreign-server user mappings
- Include the schema name in object identity strings for conversions
- Recommend setting include_realm to 1 when using Kerberos/GSSAPI/SSPI authentication
- Without this, identically-named users from different realms cannot be distinguished. For the moment this is only a documentation change, but it will become the default setting in PostgreSQL 9.5.
- Remove code for matching IPv4 pg_hba.conf entries to IPv4-in-IPv6 addresses
- This hack was added in 2003 in response to a report that some Linux kernels of the time would report IPv4 connections as having IPv4-in-IPv6 addresses. However, the logic was accidentally broken in 9.0. The lack of any field complaints since then shows that it's not needed anymore. Now we have reports that the broken code causes crashes on some systems, so let's just remove it rather than fix it. (Had we chosen to fix it, that would make for a subtle and potentially security-sensitive change in the effective meaning of IPv4 pg_hba.conf entries, which does not seem like a good thing to do in minor releases.)
- Fix status reporting for terminated background workers that were never actually started
- After a database crash, don't restart background workers that are marked BGW_NEVER_RESTART
- Report WAL flush, not insert, position in IDENTIFY_SYSTEM replication command
- This avoids a possible startup failure in pg_receivexlog.
- While shutting down service on Windows, periodically send status updates to the Service Control Manager to prevent it from killing the service too soon; and ensure that pg_ctl will wait for shutdown
- Reduce risk of network deadlock when using libpq's non-blocking mode
- When sending large volumes of data, it's important to drain the input buffer every so often, in case the server has sent enough response data to cause it to block on output. (A typical scenario is that the server is sending a stream of NOTICE messages during COPY FROM STDIN.) This worked properly in the normal blocking mode, but not so much in non-blocking mode. We've modified libpq to opportunistically drain input when it can, but a full defense against this problem requires application cooperation: the application should watch for socket read-ready as well as write-ready conditions, and be sure to call PQconsumeInput() upon read-ready.
- In libpq, fix misparsing of empty values in URI connection strings
- Fix array handling in ecpg
- Fix psql to sanely handle URIs and conninfo strings as the first parameter to connect
- This syntax has been accepted (but undocumented) for a long time, but previously some parameters might be taken from the old connection instead of the given string, which was agreed to be undesirable.
- Suppress incorrect complaints from psql on some platforms that it failed to write ~/.psql_history at exit
- This misbehavior was caused by a workaround for a bug in very old (pre-2006) versions of libedit. We fixed it by removing the workaround, which will cause a similar failure to appear for anyone still using such versions of libedit. Recommendation: upgrade that library, or use libreadline.
- Fix pg_dump's rule for deciding which casts are system-provided casts that should not be dumped
- In pg_dump, fix failure to honor -Z compression level option together with -Fd
- Make pg_dump consider foreign key relationships between extension configuration tables while choosing dump order
- This oversight could result in producing dumps that fail to reload because foreign key constraints are transiently violated.
- Avoid possible pg_dump failure when concurrent sessions are creating and dropping temporary functions
- Fix dumping of views that are just VALUES(...) but have column aliases
- Ensure that a view's replication identity is correctly set to nothing during dump/restore
- Previously, if the view was involved in a circular dependency, it might wind up with an incorrect replication identity property.
- In pg_upgrade, force timeline 1 in the new cluster
- This change prevents upgrade failures caused by bogus complaints about missing WAL history files.
- In pg_upgrade, check for improperly non-connectable databases before proceeding
- In pg_upgrade, quote directory paths properly in the generated delete_old_cluster script
- In pg_upgrade, preserve database-level freezing info properly
- This oversight could cause missing-clog-file errors for tables within the postgres and template1 databases.
- Run pg_upgrade and pg_resetxlog with restricted privileges on Windows, so that they don't fail when run by an administrator
- Improve handling of readdir() failures when scanning directories in initdb and pg_basebackup
- Fix slow sorting algorithm in contrib/intarray
- Fix compile failure on Sparc V8 machines
- Silence some build warnings on OS X
- Update time zone data files to tzdata release 2015d for DST law changes in Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile. Also adopt revised zone abbreviations for the America/Adak zone (HST/HDT not HAST/HADT).
更新時間:2015-05-24
更新細節:
What's new in this version:
Migration to Version 9.4.2:
- A dump/restore is not required for those running 9.4.X.
- However, if you use contrib/citext's regexp_matches() functions, see the changelog entry below about that.
- Also, if you are upgrading from a version earlier than 9.4.1, see Section E.2. Changes:
- Avoid possible crash when client disconnects just before the authentication timeout expires
- If the timeout interrupt fired partway through the session shutdown sequence, SSL-related state would be freed twice, typically causing a crash and hence denial of service to other sessions. Experimentation shows that an unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue.
- Improve detection of system-call failures
- Our replacement implementation of snprintf() failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. In the worst case this might lead to information exposure, due to our code assuming that a buffer had been overwritten when it hadn't been. Also, there were a few places in which security-relevant calls of other system library functions did not check for failure.
- It remains possible that some calls of the *printf() family of functions are vulnerable to information disclosure if an out-of-memory error occurs at just the wrong time. We judge the risk to not be large, but will continue analysis in this area.
- In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data"
- Previously, some cases of decryption with an incorrect key could report other error message texts. It has been shown that such variance in error reports can aid attackers in recovering keys from other systems. While it's unknown whether pgcrypto's specific behaviors are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message.
- Protect against wraparound of multixact member IDs
- Under certain usage patterns, the existing defenses against this might be insufficient, allowing pg_multixact/members files to be removed too early, resulting in data loss. The fix for this includes modifying the server to fail transactions that would result in overwriting old multixact member ID data, and improving autovacuum to ensure it will act proactively to prevent multixact member ID wraparound, as it does for transaction ID wraparound.
- Fix incorrect declaration of contrib/citext's regexp_matches() functions
- These functions should return setof text[], like the core functions they are wrappers for; but they were incorrectly declared as returning just text[]. This mistake had two results: first, if there was no match you got a scalar null result, whereas what you should get is an empty set (zero rows). Second, the g flag was effectively ignored, since you would get only one result array even if there were multiple matches.
- While the latter behavior is clearly a bug, there might be applications depending on the former behavior; therefore the function declarations will not be changed by default until PostgreSQL 9.5. In pre-9.5 branches, the old behavior exists in version 1.0 of the citext extension, while we have provided corrected declarations in version 1.1 (which is not installed by default). To adopt the fix in pre-9.5 branches, execute ALTER EXTENSION citext UPDATE TO '1.1' in each database in which citext is installed. (You can also "update" back to 1.0 if you need to undo that.) Be aware that either update direction will require dropping and recreating any views or rules that use citext's regexp_matches() functions.
- Render infinite dates and timestamps as infinity when converting to json, rather than throwing an error
- Fix json/jsonb's populate_record() and to_record() functions to handle empty input properly
- Fix incorrect checking of deferred exclusion constraints after a HOT update
- If a new row that potentially violates a deferred exclusion constraint is HOT-updated (that is, no indexed columns change and the row can be stored back onto the same table page) later in the same transaction, the exclusion constraint would be reported as violated when the check finally occurred, even if the row(s) the new row originally conflicted with had been deleted.
- Fix behavior when changing foreign key constraint deferrability status with ALTER TABLE ... ALTER CONSTRAINT
- Operations later in the same session or concurrent sessions might not honor the status change promptly.
- Fix planning of star-schema-style queries
- Sometimes, efficient scanning of a large table requires that index parameters be provided from more than one other table (commonly, dimension tables whose keys are needed to index a large fact table). The planner should be able to find such plans, but an overly restrictive search heuristic prevented it.
- Prevent improper reordering of antijoins (NOT EXISTS joins) versus other outer joins
- This oversight in the planner has been observed to cause "could not find RelOptInfo for given relids" errors, but it seems possible that sometimes an incorrect query plan might get past that consistency check and result in silently-wrong query output.
- Fix incorrect matching of subexpressions in outer-join plan nodes
- Previously, if textually identical non-strict subexpressions were used both above and below an outer join, the planner might try to re-use the value computed below the join, which would be incorrect because the executor would force the value to NULL in case of an unmatched outer row.
- Fix GEQO planner to cope with failure of its join order heuristic (Tom Lane)
- This oversight has been seen to lead to "failed to join all relations together" errors in queries involving LATERAL, and that might happen in other cases as well.
- Ensure that row locking occurs properly when the target of an UPDATE or DELETE is a security-barrier view
- Use a file opened for read/write when syncing replication slot data during database startup
- On some platforms, the previous coding could result in errors like "could not fsync file "pg_replslot/...": Bad file descriptor".
- Fix possible deadlock at startup when max_prepared_transactions is too small
- Don't archive useless preallocated WAL files after a timeline switch
- Recursively fsync() the data directory after a crash
- This ensures consistency if another crash occurs shortly later. (The second crash would have to be a system-level crash, not just a database crash, for there to be a problem.)
- Fix autovacuum launcher's possible failure to shut down, if an error occurs after it receives SIGTERM
- Fix failure to handle invalidation messages for system catalogs early in session startup
- This oversight could result in failures in sessions that start concurrently with a VACUUM FULL on a system catalog.
- Fix crash in BackendIdGetTransactionIds() when trying to get status for a backend process that just exited
- Cope with unexpected signals in LockBufferForCleanup()
- This oversight could result in spurious errors about "multiple backends attempting to wait for pincount 1".
- Fix crash when doing COPY IN to a table with check constraints that contain whole-row references
- The known failure case only crashes in 9.4 and up, but there is very similar code in 9.3 and 9.2, so back-patch those branches as well.
- Avoid waiting for WAL flush or synchronous replication during commit of a transaction that was read-only so far as the user is concerned
- Previously, a delay could occur at commit in transactions that had written WAL due to HOT page pruning, leading to undesirable effects such as sessions getting stuck at startup if all synchronous replicas are down. Sessions have also been observed to get stuck in catchup interrupt processing when using synchronous replication; this will fix that problem as well.
- Avoid busy-waiting with short recovery_min_apply_delay values
- Fix crash when manipulating hash indexes on temporary tables
- Fix possible failure during hash index bucket split, if other processes are modifying the index concurrently
- Fix memory leaks in GIN index vacuum
- Check for interrupts while analyzing index expressions
- ANALYZE executes index expressions many times; if there are slow functions in such an expression, it's desirable to be able to cancel the ANALYZE before that loop finishes.
- Ensure tableoid of a foreign table is reported correctly when a READ COMMITTED recheck occurs after locking rows in SELECT FOR UPDATE, UPDATE, or DELETE
- Add the name of the target server to object description strings for foreign-server user mappings
- Include the schema name in object identity strings for conversions
- Recommend setting include_realm to 1 when using Kerberos/GSSAPI/SSPI authentication
- Without this, identically-named users from different realms cannot be distinguished. For the moment this is only a documentation change, but it will become the default setting in PostgreSQL 9.5.
- Remove code for matching IPv4 pg_hba.conf entries to IPv4-in-IPv6 addresses
- This hack was added in 2003 in response to a report that some Linux kernels of the time would report IPv4 connections as having IPv4-in-IPv6 addresses. However, the logic was accidentally broken in 9.0. The lack of any field complaints since then shows that it's not needed anymore. Now we have reports that the broken code causes crashes on some systems, so let's just remove it rather than fix it. (Had we chosen to fix it, that would make for a subtle and potentially security-sensitive change in the effective meaning of IPv4 pg_hba.conf entries, which does not seem like a good thing to do in minor releases.)
- Fix status reporting for terminated background workers that were never actually started
- After a database crash, don't restart background workers that are marked BGW_NEVER_RESTART
- Report WAL flush, not insert, position in IDENTIFY_SYSTEM replication command
- This avoids a possible startup failure in pg_receivexlog.
- While shutting down service on Windows, periodically send status updates to the Service Control Manager to prevent it from killing the service too soon; and ensure that pg_ctl will wait for shutdown
- Reduce risk of network deadlock when using libpq's non-blocking mode
- When sending large volumes of data, it's important to drain the input buffer every so often, in case the server has sent enough response data to cause it to block on output. (A typical scenario is that the server is sending a stream of NOTICE messages during COPY FROM STDIN.) This worked properly in the normal blocking mode, but not so much in non-blocking mode. We've modified libpq to opportunistically drain input when it can, but a full defense against this problem requires application cooperation: the application should watch for socket read-ready as well as write-ready conditions, and be sure to call PQconsumeInput() upon read-ready.
- In libpq, fix misparsing of empty values in URI connection strings
- Fix array handling in ecpg
- Fix psql to sanely handle URIs and conninfo strings as the first parameter to connect
- This syntax has been accepted (but undocumented) for a long time, but previously some parameters might be taken from the old connection instead of the given string, which was agreed to be undesirable.
- Suppress incorrect complaints from psql on some platforms that it failed to write ~/.psql_history at exit
- This misbehavior was caused by a workaround for a bug in very old (pre-2006) versions of libedit. We fixed it by removing the workaround, which will cause a similar failure to appear for anyone still using such versions of libedit. Recommendation: upgrade that library, or use libreadline.
- Fix pg_dump's rule for deciding which casts are system-provided casts that should not be dumped
- In pg_dump, fix failure to honor -Z compression level option together with -Fd
- Make pg_dump consider foreign key relationships between extension configuration tables while choosing dump order
- This oversight could result in producing dumps that fail to reload because foreign key constraints are transiently violated.
- Avoid possible pg_dump failure when concurrent sessions are creating and dropping temporary functions
- Fix dumping of views that are just VALUES(...) but have column aliases
- Ensure that a view's replication identity is correctly set to nothing during dump/restore
- Previously, if the view was involved in a circular dependency, it might wind up with an incorrect replication identity property.
- In pg_upgrade, force timeline 1 in the new cluster
- This change prevents upgrade failures caused by bogus complaints about missing WAL history files.
- In pg_upgrade, check for improperly non-connectable databases before proceeding
- In pg_upgrade, quote directory paths properly in the generated delete_old_cluster script
- In pg_upgrade, preserve database-level freezing info properly
- This oversight could cause missing-clog-file errors for tables within the postgres and template1 databases.
- Run pg_upgrade and pg_resetxlog with restricted privileges on Windows, so that they don't fail when run by an administrator
- Improve handling of readdir() failures when scanning directories in initdb and pg_basebackup
- Fix slow sorting algorithm in contrib/intarray
- Fix compile failure on Sparc V8 machines
- Silence some build warnings on OS X
- Update time zone data files to tzdata release 2015d for DST law changes in Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile. Also adopt revised zone abbreviations for the America/Adak zone (HST/HDT not HAST/HADT).
更新時間:2015-02-08
更新細節:
What's new in this version:
Fix buffer overruns in to_char() (Bruce Momjian):
- When to_char() processes a numeric formatting template calling for a large number of digits, PostgreSQL would read past the end of a buffer. When processing a crafted timestamp formatting template, PostgreSQL would write past the end of a buffer. Either case could crash the server. We have not ruled out the possibility of attacks that lead to privilege escalation, though they seem unlikely. (CVE-2015-0241)
Fix buffer overrun in replacement *printf() functions (Tom Lane):
- PostgreSQL includes a replacement implementation of printf and related functions. This code will overrun a stack buffer when formatting a floating point number (conversion specifiers e, E, f, F, g or G) with requested precision greater than about 500. This will crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. A database user can trigger such a buffer overrun through the to_char() SQL function. While that is the only affected core PostgreSQL functionality, extension modules that use printf-family functions may be at risk as well. This issue primarily affects PostgreSQL on Windows. PostgreSQL uses the system implementation of these functions where adequate, which it is on other modern platforms. (CVE-2015-0242)
Fix buffer overruns in contrib/pgcrypto (Marko Tiikkaja, Noah Misch):
- Errors in memory size tracking within the pgcrypto module permitted stack buffer overruns and improper dependence on the contents of uninitialized memory. The buffer overrun cases can crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. (CVE-2015-0243)
Fix possible loss of frontend/backend protocol synchronization after an error (Heikki Linnakangas):
- If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit. Our thanks to Emil Lenngren for reporting this issue. (CVE-2015-0244)
Fix information leak via constraint-violation error messages (Stephen Frost):
- Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the code so that values are displayed only when they came from the SQL command or could be selected by the user. (CVE-2014-8161)
Lock down regression testing's temporary installations on Windows (Noah Misch):
- Use SSPI authentication to allow connections only from the OS user who launched the test suite. This closes on Windows the same vulnerability previously closed on other platforms, namely that other users might be able to connect to the test postmaster. (CVE-2014-0067)
Fix use-of-already-freed-memory problem in EvalPlanQual processing (Tom Lane):
- In READ COMMITTED mode, queries that lock or update recently-updated rows could crash as a result of this bug.
Fix jsonb Unicode escape processing, and in consequence disallow u0000 (Tom Lane):
- Previously, the JSON Unicode escape u0000 was accepted and was stored as those six characters; but that is indistinguishable from what is stored for the input \u0000, resulting in ambiguity. Moreover, in cases where de-escaped textual output is expected, such as the ->> operator, the sequence was printed as u0000, which does not meet the expectation that JSON escaping would be removed. (Consistent behavior would require emitting a zero byte, but PostgreSQL does not support zero bytes embedded in text strings.) 9.4.0 included an ill-advised attempt to improve this situation by adjusting JSON output conversion rules; but of course that could not fix the fundamental ambiguity, and it turned out to break other usages of Unicode escape sequences. Revert that, and to avoid the core problem, reject u0000 in jsonb input. If a jsonb column contains a u0000 value stored with 9.4.0, it will henceforth read out as though it were \u0000, which is the other valid interpretation of the data stored by 9.4.0 for this case. The json type did not have the storage-ambiguity problem, but it did have the problem of inconsistent de-escaped textual output. Therefore u0000 will now also be rejected in json values when conversion to de-escaped form is required. This change does not break the ability to store u0000 in json columns so long as no processing is done on the values. This is exactly parallel to the cases in which non-ASCII Unicode escapes are allowed when the database encoding is not UTF8.
Fix namespace handling in xpath() (Ali Akbar):
- Previously, the xml value resulting from an xpath() call would not have namespace declarations if the namespace declarations were attached to an ancestor element in the input xml value, rather than to the specific element being returned. Propagate the ancestral declaration so that the result is correct when considered in isolation.
Fix assorted oversights in range-operator selectivity estimation (Emre Hasegeli):
- This patch fixes corner-case "unexpected operator NNNN" planner errors, and improves the selectivity estimates for some other cases.
Revert unintended reduction in maximum size of a GIN index item (Heikki Linnakangas):
- 9.4.0 could fail with "index row size exceeds maximum" errors for data that previous versions would accept.
Change "pgstat wait timeout" warning message to be LOG level, and rephrase it to be more understandable (Tom Lane):
- This message was originally thought to be essentially a can't-happen case, but it occurs often enough on our slower buildfarm members to be a nuisance. Reduce it to LOG level, and expend a bit more effort on the wording: it now reads "using stale statistics instead of current ones because stats collector is not responding".
Fix libpq's behavior when /etc/passwd isn't readable (Tom Lane):
- While doing PQsetdbLogin(), libpq attempts to ascertain the user's operating system name, which on most Unix platforms involves reading /etc/passwd. As of 9.4, failure to do that was treated as a hard error. Restore the previous behavior, which was to fail only if the application does not provide a database role name to connect as. This supports operation in chroot environments that lack an /etc/passwd file.
- Improve consistency of parsing of psql's special variables (Tom Lane):
- Allow variant spellings of on and off (such as 1/0) for ECHO_HIDDEN and ON_ERROR_ROLLBACK. Report a warning for unrecognized values for COMP_KEYWORD_CASE, ECHO, ECHO_HIDDEN, HISTCONTROL, ON_ERROR_ROLLBACK, and VERBOSITY. Recognize all values for all these variables case-insensitively; previously there was a mishmash of case-sensitive and case-insensitive behaviors.
- Handle unexpected query results, especially NULLs, safely in contrib/tablefunc's connectby() (Michael Paquier): connectby() previously crashed if it encountered a NULL key value. It now prints that row but doesn't recurse further.
- Numerous cleanups of warnings from Coverity static code analyzer (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier):
- These changes are mostly cosmetic but in some cases fix corner-case bugs, for example a crash rather than a proper error report after an out-of-memory failure. None are believed to represent security issues.
Allow CFLAGS from configure's environment to override automatically-supplied CFLAGS (Tom Lane):
- Previously, configure would add any switches that it chose of its own accord to the end of the user-specified CFLAGS string. Since most compilers process switches left-to-right, this meant that configure's choices would override the user-specified flags in case of conflicts. That should work the other way around, so adjust the logic to put the user's string at the end not the beginning.
Make pg_regress remove any temporary installation it created upon successful exit (Tom Lane):
- This results in a very substantial reduction in disk space usage during make check-world, since that sequence involves creation of numerous temporary installations.
Miscellaneous changes:
- Add CST (China Standard Time) to our lists of timezone abbreviations (Tom Lane)
- Update time zone data files to tzdata release 2015a for DST law changes in Chile and Mexico, plus historical changes in Iceland. Avoid possible deadlock while trying to acquire tuple locks in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood)
- Fix failure to wait when a transaction tries to acquire a FOR NO KEY EXCLUSIVE tuple lock, while multiple other transactions currently hold FOR SHARE locks (Álvaro Herrera)
- Improve performance of EXPLAIN with large range tables (Tom Lane)
- Fix query-duration memory leak during repeated GIN index rescans (Heikki Linnakangas)
- Fix possible crash when using nonzero gin_fuzzy_search_limit (Heikki Linnakangas)
- Assorted fixes for logical decoding (Andres Freund)
- Fix incorrect replay of WAL parameter change records that report changes in the wal_log_hints setting (Petr Jalinek)
- Warn if OS X's setlocale() starts an unwanted extra thread inside the postmaster (Noah Misch)
- Fix pg_dump to handle comments on event triggers without failing (Tom Lane)
- Allow parallel pg_dump to use --serializable-deferrable (Kevin Grittner)
- Prevent WAL files created by pg_basebackup -x/-X from being archived again when the standby is promoted (Andres Freund)
更新時間:2015-02-08
更新細節:
What's new in this version:
Fix buffer overruns in to_char() (Bruce Momjian):
- When to_char() processes a numeric formatting template calling for a large number of digits, PostgreSQL would read past the end of a buffer. When processing a crafted timestamp formatting template, PostgreSQL would write past the end of a buffer. Either case could crash the server. We have not ruled out the possibility of attacks that lead to privilege escalation, though they seem unlikely. (CVE-2015-0241)
Fix buffer overrun in replacement *printf() functions (Tom Lane):
- PostgreSQL includes a replacement implementation of printf and related functions. This code will overrun a stack buffer when formatting a floating point number (conversion specifiers e, E, f, F, g or G) with requested precision greater than about 500. This will crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. A database user can trigger such a buffer overrun through the to_char() SQL function. While that is the only affected core PostgreSQL functionality, extension modules that use printf-family functions may be at risk as well. This issue primarily affects PostgreSQL on Windows. PostgreSQL uses the system implementation of these functions where adequate, which it is on other modern platforms. (CVE-2015-0242)
Fix buffer overruns in contrib/pgcrypto (Marko Tiikkaja, Noah Misch):
- Errors in memory size tracking within the pgcrypto module permitted stack buffer overruns and improper dependence on the contents of uninitialized memory. The buffer overrun cases can crash the server, and we have not ruled out the possibility of attacks that lead to privilege escalation. (CVE-2015-0243)
Fix possible loss of frontend/backend protocol synchronization after an error (Heikki Linnakangas):
- If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit. Our thanks to Emil Lenngren for reporting this issue. (CVE-2015-0244)
Fix information leak via constraint-violation error messages (Stephen Frost):
- Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the code so that values are displayed only when they came from the SQL command or could be selected by the user. (CVE-2014-8161)
Lock down regression testing's temporary installations on Windows (Noah Misch):
- Use SSPI authentication to allow connections only from the OS user who launched the test suite. This closes on Windows the same vulnerability previously closed on other platforms, namely that other users might be able to connect to the test postmaster. (CVE-2014-0067)
Fix use-of-already-freed-memory problem in EvalPlanQual processing (Tom Lane):
- In READ COMMITTED mode, queries that lock or update recently-updated rows could crash as a result of this bug.
Fix jsonb Unicode escape processing, and in consequence disallow u0000 (Tom Lane):
- Previously, the JSON Unicode escape u0000 was accepted and was stored as those six characters; but that is indistinguishable from what is stored for the input u0000, resulting in ambiguity. Moreover, in cases where de-escaped textual output is expected, such as the ->> operator, the sequence was printed as u0000, which does not meet the expectation that JSON escaping would be removed. (Consistent behavior would require emitting a zero byte, but PostgreSQL does not support zero bytes embedded in text strings.) 9.4.0 included an ill-advised attempt to improve this situation by adjusting JSON output conversion rules; but of course that could not fix the fundamental ambiguity, and it turned out to break other usages of Unicode escape sequences. Revert that, and to avoid the core problem, reject u0000 in jsonb input. If a jsonb column contains a u0000 value stored with 9.4.0, it will henceforth read out as though it were u0000, which is the other valid interpretation of the data stored by 9.4.0 for this case. The json type did not have the storage-ambiguity problem, but it did have the problem of inconsistent de-escaped textual output. Therefore u0000 will now also be rejected in json values when conversion to de-escaped form is required. This change does not break the ability to store u0000 in json columns so long as no processing is done on the values. This is exactly parallel to the cases in which non-ASCII Unicode escapes are allowed when the database encoding is not UTF8.
Fix namespace handling in xpath() (Ali Akbar):
- Previously, the xml value resulting from an xpath() call would not have namespace declarations if the namespace declarations were attached to an ancestor element in the input xml value, rather than to the specific element being returned. Propagate the ancestral declaration so that the result is correct when considered in isolation.
Fix assorted oversights in range-operator selectivity estimation (Emre Hasegeli):
- This patch fixes corner-case "unexpected operator NNNN" planner errors, and improves the selectivity estimates for some other cases.
Revert unintended reduction in maximum size of a GIN index item (Heikki Linnakangas):
- 9.4.0 could fail with "index row size exceeds maximum" errors for data that previous versions would accept.
Change "pgstat wait timeout" warning message to be LOG level, and rephrase it to be more understandable (Tom Lane):
- This message was originally thought to be essentially a can't-happen case, but it occurs often enough on our slower buildfarm members to be a nuisance. Reduce it to LOG level, and expend a bit more effort on the wording: it now reads "using stale statistics instead of current ones because stats collector is not responding".
Fix libpq's behavior when /etc/passwd isn't readable (Tom Lane):
- While doing PQsetdbLogin(), libpq attempts to ascertain the user's operating system name, which on most Unix platforms involves reading /etc/passwd. As of 9.4, failure to do that was treated as a hard error. Restore the previous behavior, which was to fail only if the application does not provide a database role name to connect as. This supports operation in chroot environments that lack an /etc/passwd file.
- Improve consistency of parsing of psql's special variables (Tom Lane):
- Allow variant spellings of on and off (such as 1/0) for ECHO_HIDDEN and ON_ERROR_ROLLBACK. Report a warning for unrecognized values for COMP_KEYWORD_CASE, ECHO, ECHO_HIDDEN, HISTCONTROL, ON_ERROR_ROLLBACK, and VERBOSITY. Recognize all values for all these variables case-insensitively; previously there was a mishmash of case-sensitive and case-insensitive behaviors.
- Handle unexpected query results, especially NULLs, safely in contrib/tablefunc's connectby() (Michael Paquier): connectby() previously crashed if it encountered a NULL key value. It now prints that row but doesn't recurse further.
- Numerous cleanups of warnings from Coverity static code analyzer (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier):
- These changes are mostly cosmetic but in some cases fix corner-case bugs, for example a crash rather than a proper error report after an out-of-memory failure. None are believed to represent security issues.
Allow CFLAGS from configure's environment to override automatically-supplied CFLAGS (Tom Lane):
- Previously, configure would add any switches that it chose of its own accord to the end of the user-specified CFLAGS string. Since most compilers process switches left-to-right, this meant that configure's choices would override the user-specified flags in case of conflicts. That should work the other way around, so adjust the logic to put the user's string at the end not the beginning.
Make pg_regress remove any temporary installation it created upon successful exit (Tom Lane):
- This results in a very substantial reduction in disk space usage during make check-world, since that sequence involves creation of numerous temporary installations.
Miscellaneous changes:
- Add CST (China Standard Time) to our lists of timezone abbreviations (Tom Lane)
- Update time zone data files to tzdata release 2015a for DST law changes in Chile and Mexico, plus historical changes in Iceland. Avoid possible deadlock while trying to acquire tuple locks in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood)
- Fix failure to wait when a transaction tries to acquire a FOR NO KEY EXCLUSIVE tuple lock, while multiple other transactions currently hold FOR SHARE locks (Álvaro Herrera)
- Improve performance of EXPLAIN with large range tables (Tom Lane)
- Fix query-duration memory leak during repeated GIN index rescans (Heikki Linnakangas)
- Fix possible crash when using nonzero gin_fuzzy_search_limit (Heikki Linnakangas)
- Assorted fixes for logical decoding (Andres Freund)
- Fix incorrect replay of WAL parameter change records that report changes in the wal_log_hints setting (Petr Jalinek)
- Warn if OS X's setlocale() starts an unwanted extra thread inside the postmaster (Noah Misch)
- Fix pg_dump to handle comments on event triggers without failing (Tom Lane)
- Allow parallel pg_dump to use --serializable-deferrable (Kevin Grittner)
- Prevent WAL files created by pg_basebackup -x/-X from being archived again when the standby is promoted (Andres Freund)
更新時間:2014-12-20
更新細節:
What's new in this version:
Server:
- Allow background worker processes to be dynamically registered, started and terminated
- The new worker_spi module shows an example of use of this feature.
- Allow dynamic allocation of shared memory segments
- This feature is illustrated in the test_shm_mq module.
- During crash recovery or immediate shutdown, send uncatchable termination signals (SIGKILL) to child processes that do not shut down promptly
- This reduces the likelihood of leaving orphaned child processes behind after postmaster shutdown, as well as ensuring that crash recovery can proceed if some child processes have become "stuck".
- Improve randomness of the database system identifier
- Make VACUUM properly report dead but not-yet-removable rows to the statistics collector
- Previously these were reported as live rows.
Indexes:
- Reduce GIN index size
- Indexes upgraded via pg_upgrade will work fine but will still be in the old, larger GIN format. Use REINDEX to recreate old GIN indexes in the new format
- Improve speed of multi-key GIN lookups
- Add GiST index support for inet and cidr data types
- Such indexes improve subnet and supernet lookups and ordering comparisons
- Fix rare race condition in B-tree page deletion
- Make the handling of interrupted B-tree page splits more robust
General Performance:
- Allow multiple backends to insert into WAL buffers concurrently
- This improves parallel write performance.
- Conditionally write only the modified portion of updated rows to WAL
- Improve performance of aggregate functions used as window functions
- Improve speed of aggregates that use numeric state values
- Attempt to freeze tuples when tables are rewritten with CLUSTER or VACUUM FULL
- This can avoid the need to freeze the tuples in the future.
- Improve speed of COPY with default nextval() columns
- Improve speed of accessing many different sequences in the same session
- Raise hard limit on the number of tuples held in memory during sorting and B-tree index builds
- Reduce memory allocated by PL/pgSQL DO blocks
- Make the planner more aggressive about extracting restriction clauses from mixed AND/OR clauses
- Disallow pushing volatile WHERE clauses down into DISTINCT subqueries
- Pushing down a WHERE clause can produce a more efficient plan overall, but at the cost of evaluating the clause more often than is implied by the text of the query; so don't do it if the clause contains any volatile functions.
- Auto-resize the catalog caches
- This reduces memory consumption for sessions accessing only a few tables, and improves performance for sessions accessing many tables.
Monitoring:
- Add pg_stat_archiver system view to report WAL archiver activity
- Add n_mod_since_analyze columns to pg_stat_all_tables and related system views
- These columns expose the system's estimate of the number of changed tuples since the table's last ANALYZE. This estimate drives decisions about when to auto-analyze.
- Add backend_xid and backend_xmin columns to the system view pg_stat_activity, and a backend_xmin column to pg_stat_replication
SSL:
- Add support for SSL ECDH key exchange
- This allows use of Elliptic Curve keys for server authentication. Such keys are faster and have better security than RSA keys. The new configuration parameter ssl_ecdh_curve controls which curve is used for ECDH.
- Improve the default ssl_ciphers setting
- By default, the server not the client now controls the preference order of SSL ciphers
- Previously, the order specified by ssl_ciphers was usually ignored in favor of client-side defaults, which are not configurable in most PostgreSQL clients. If desired, the old behavior can be restored via the new configuration parameter ssl_prefer_server_ciphers.
- Make log_connections show SSL encryption information (Andreas Kunert)
- Improve SSL renegotiation handling
Server Settings:
- Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries
- Previously such settings could only be changed by manually editing postgresql.conf.
- Add autovacuum_work_mem configuration parameter to control the amount of memory used by autovacuum workers
- Add huge_pages parameter to allow using huge memory pages on Linux
- This can improve performance on large-memory systems.
- Add max_worker_processes parameter to limit the number of background workers
- This is helpful in configuring a standby server to have the required number of worker processes (the same as the primary).
- Add superuser-only session_preload_libraries parameter to load libraries at session start
- In contrast to local_preload_libraries, this parameter can load any shared library, not just those in the $libdir/plugins directory.
- Add wal_log_hints parameter to enable WAL logging of hint-bit changes
- Hint bit changes are not normally logged, except when checksums are enabled. This is useful for external tools like pg_rewind.
- Increase the default settings of work_mem and maintenance_work_mem by four times
- The new defaults are 4MB and 64MB respectively.
- Increase the default setting of effective_cache_size to 4GB
- Allow printf-style space padding to be specified in log_line_prefix (David Rowley)
- Allow terabyte units (TB) to be used when specifying configuration variable values
- Show PIDs of lock holders and waiters and improve information about relations in log_lock_waits log messages
- Reduce server logging level when loading shared libraries
- The previous level was LOG, which was too verbose for libraries loaded per-session.
- On Windows, make SQL_ASCII-encoded databases and server processes (e.g., postmaster) emit messages in the character encoding of the server's Windows user locale
- Previously these messages were output in the Windows ANSI code page.
Replication and Recovery:
- Add replication slots to coordinate activity on streaming standbys with the node they are streaming from
- Replication slots allow preservation of resources like WAL files on the primary until they are no longer needed by standby servers.
- Add recovery parameter recovery_min_apply_delay to delay replication
- Delaying replay on standby servers can be useful for recovering from user errors.
- Add recovery_target option immediate to stop WAL recovery as soon as a consistent state is reached
- Improve recovery target processing
- The timestamp reported by pg_last_xact_replay_timestamp() now reflects already-committed records, not transactions about to be committed. Recovering to a restore point now replays the restore point, rather than stopping just before the restore point.
- pg_switch_xlog() now clears any unused trailing space in the old WAL file
- This improves the compression ratio for WAL files.
- Report failure return codes from external recovery commands
- Reduce spinlock contention during WAL replay
- Write WAL records of running transactions more frequently
- This allows standby servers to start faster and clean up resources more aggressively.
- Logical Decoding - allows database changes to be streamed in a configurable format. The data is read from the WAL and transformed into the desired target format. To implement this feature, the following changes were made:
- Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format
- Add new wal_level setting logical to enable logical change-set encoding in WAL
- Add table-level parameter REPLICA IDENTITY to control logical replication
- Add relation option user_catalog_table to identify user-created tables involved in logical change-set encoding
- Add pg_recvlogical application to receive logical-decoding data
- Add test_decoding module to illustrate logical decoding at the SQL level
Queries:
- Add WITH ORDINALITY syntax to number the rows returned from a set-returning function in the FROM clause
- This is particularly useful for functions like unnest().
- Add ROWS FROM() syntax to allow horizontal concatenation of set-returning functions in the FROM clause
- Allow SELECT to have an empty target list
- This was added so that views that select from a table with zero columns can be dumped and restored correctly.
- Ensure that SELECT ... FOR UPDATE NOWAIT does not wait in corner cases involving already-concurrently-updated tuples
Utility Commands:
- Add DISCARD SEQUENCES command to discard cached sequence-related state
- DISCARD ALL will now also discard such information.
- Add FORCE NULL option to COPY FROM, which causes quoted strings matching the specified null string to be converted to NULLs in CSV mode
- Without this option, only unquoted matching strings will be imported as null values.
- Issue warnings for commands used outside of transaction blocks when they can have no effect
- New warnings are issued for SET LOCAL, SET CONSTRAINTS, SET TRANSACTION and ABORT when used outside a transaction block.
EXPLAIN:
- Make EXPLAIN ANALYZE show planning time
- Make EXPLAIN show the grouping columns in Agg and Group nodes
- Make EXPLAIN ANALYZE show exact and lossy block counts in bitmap heap scans
Views:
- Allow a materialized view to be refreshed without blocking other sessions from reading the view meanwhile
- This is done with REFRESH MATERIALIZED VIEW CONCURRENTLY.
- Allow views to be automatically updated even if they contain some non-updatable columns
- Previously the presence of non-updatable output columns such as expressions, literals, and function calls prevented automatic updates. Now INSERTs, UPDATEs and DELETEs are supported, provided that they do not attempt to assign new values to any of the non-updatable columns.
- Allow control over whether INSERTs and UPDATEs can add rows to an auto-updatable view that would not appear in the view
- This is controlled with the new CREATE VIEW clause WITH CHECK OPTION.
- Allow security barrier views to be automatically updatable
Object Manipulation:
- Support triggers on foreign tables
- Allow moving groups of objects from one tablespace to another using the ALL IN TABLESPACE ... SET TABLESPACE form of ALTER TABLE, ALTER INDEX, or ALTER MATERIALIZED VIEW
- Allow changing foreign key constraint deferrability via ALTER TABLE ... ALTER CONSTRAINT
- Reduce lock strength for some ALTER TABLE commands
- Specifically, VALIDATE CONSTRAINT, CLUSTER ON, SET WITHOUT CLUSTER, ALTER COLUMN SET STATISTICS, ALTER COLUMN SET (attribute_option), ALTER COLUMN RESET (attribute_option) no longer require ACCESS EXCLUSIVE locks.
- Allow tablespace options to be set in CREATE TABLESPACE (Vik Fearing)
- Formerly these options could only be set via ALTER TABLESPACE.
- Allow CREATE AGGREGATE to define the estimated size of the aggregate's transition state data
- Proper use of this feature allows the planner to better estimate how much memory will be used by aggregates.
- Fix DROP IF EXISTS to avoid errors for non-existent objects in more cases
- Improve how system relations are identified
- Previously, relations once moved into the pg_catalog schema could no longer be modified or dropped.
Data Types:
- Fully implement the line data type
- The line segment data type (lseg) has always been fully supported. The previous line data type (which was enabled only via a compile-time option) is not binary or dump-compatible with the new implementation.
- Add pg_lsn data type to represent a WAL log sequence number (LSN)
- Allow single-point polygons to be converted to circles (Bruce Momjian)
- Support time zone abbreviations that change UTC offset from time to time
- Previously, PostgreSQL assumed that the UTC offset associated with a time zone abbreviation (such as EST) never changes in the usage of any particular locale. However this assumption fails in the real world, so introduce the ability for a zone abbreviation to represent a UTC offset that sometimes changes. Update the zone abbreviation definition files to make use of this feature in timezone locales that have changed the UTC offset of their abbreviations since 1970 (according to the IANA timezone database). In such timezones, PostgreSQL will now associate the correct UTC offset with the abbreviation depending on the given date.
- Allow 5+ digit years for non-ISO timestamp and date strings, where appropriate
JSON:
- Add jsonb, a more capable and efficient data type for storing JSON data
- This new type allows faster access to values within a JSON document, and faster and more useful indexing of JSON columns. Scalar values in jsonb documents are stored as appropriate scalar SQL types, and the JSON document structure is pre-parsed rather than being stored as text as in the original json data type.
- Add new JSON functions to allow for the construction of arbitrarily complex JSON trees
- New functions include json_array_elements_text(), json_build_array(), json_object(), json_object_agg(), json_to_record(), and json_to_recordset().
- Add json_typeof() to return the data type of a json value (Andrew Tipton)
- Add checks for overflow/underflow of interval values
Functions:
- Add pg_sleep_for(interval) and pg_sleep_until(timestamp) to specify delays more flexibly
- The existing pg_sleep() function only supports delays specified in seconds.
- Add cardinality() function for arrays
- This returns the total number of elements in the array, or zero for an array with no elements.
- Add SQL functions to allow large object reads/writes at arbitrary offsets
- Allow unnest() to take multiple arguments, which are individually unnested then horizontally concatenated
- Add functions to construct times, dates, timestamps, timestamptzs, and intervals from individual values, rather than strings
- These functions' names are prefixed with make_, e.g. make_date().
- Make to_char()'s TZ format specifier return a useful value for simple numeric time zone offsets
- Previously, to_char(CURRENT_TIMESTAMP, 'TZ') returned an empty string if the timezone was set to a constant like -4.
- Add timezone offset format specifier OF to to_char()
- Improve the random seed used for random()
- Tighten validity checking for Unicode code points in chr(int)
- This function now only accepts values that are valid UTF8 characters according to RFC 3629.
System Information Functions:
- Add functions for looking up objects in pg_class, pg_proc, pg_type, and pg_operator that do not generate errors for non-existent objects
- For example, to_regclass() does a lookup in pg_class similarly to the regclass input function, but it returns NULL for a non-existent object instead of failing.
- Add function pg_filenode_relation() to allow for more efficient lookup of relation names from filenodes
- Add parameter_default column to information_schema.parameters view
- Make information_schema.schemata show all accessible schemas
- Previously it only showed schemas owned by the current user.
Aggregates:
- Add control over which rows are passed into aggregate functions via the FILTER clause
- Support ordered-set (WITHIN GROUP) aggregates
- Add standard ordered-set aggregates percentile_cont(), percentile_disc(), mode(), rank(), dense_rank(), percent_rank(), and cume_dist()
- Support VARIADIC aggregate functions
- Allow polymorphic aggregates to have non-polymorphic state data types
- This allows proper declaration in SQL of aggregates like the built-in aggregate array_agg().
Server-Side Languages:
- Add event trigger support to PL/Perl and PL/Tcl
- Convert numeric values to decimal in PL/Python
- Previously such values were converted to Python float values, risking loss of precision.
PL/pgSQL Server-Side Language:
- Add ability to retrieve the current PL/PgSQL call stack using GET DIAGNOSTICS
- Add option print_strict_params to display the parameters passed to a query that violated a STRICT constraint
- Add variables plpgsql.extra_warnings and plpgsql.extra_errors to enable additional PL/pgSQL warnings and errors
- Currently only warnings/errors about shadowed variables are available.
libpq:
- Make libpq's PQconndefaults() function ignore invalid service files
- Previously it returned NULL if an incorrect service file was encountered.
- Accept TLS protocol versions beyond TLSv1 in libpq
Client Applications:
- Add createuser option -g to specify role membership (Chistopher Browne)
- Add vacuumdb option --analyze-in-stages to analyze in stages of increasing granularity
- This allows minimal statistics to be created quickly.
- Make pg_resetxlog with option -n output current and potentially changed values
- Make initdb throw error for incorrect locale settings, rather than silently falling back to a default choice
- Make pg_ctl return exit code 4 for an inaccessible data directory
- This behavior more closely matches the Linux Standard Base (LSB) Core Specification.
- On Windows, ensure that a non-absolute -D path specification is interpreted relative to pg_ctl's current directory
- Previously it would be interpreted relative to whichever directory the underlying Windows service was started in.
- Allow sizeof() in ECPG C array definitions
- Make ECPG properly handle nesting of C-style comments in both C and SQL text
psql:
- Suppress "No rows" output in psql expanded mode when the footer is disabled
- Allow Control-C to abort psql when it's hung at connection startup
Backslash Commands:
- Make psql's db+ show tablespace options
- Make do+ display the functions that implement the operators
- Make d+ output an OID line only if an oid column exists in the table
- Previously, the presence or absence of an oid column was always reported.
- Make d show disabled system triggers
- Previously, if you disabled all triggers, only user triggers would show as disabled.
- Fix copy to no longer require a space between stdin and a semicolon
- Output the row count at the end of copy, just like COPY already did
- Fix conninfo to display the server's IP address for connections using hostaddr
- Previously conninfo could not display the server's IP address in such cases.
- Show the SSL protocol version in conninfo
- Add tab completion for pset
- Allow pset with no arguments to show all settings
- Make s display the name of the history file it wrote without converting it to an absolute path
- The code previously attempted to convert a relative file name to an absolute path for display, but frequently got it wrong.
pg_dump:
- Allow pg_restore options -I, -P, -T and -n to be specified multiple times
- This allows multiple objects to be restored in one operation
- Optionally add IF EXISTS clauses to the DROP commands emitted when removing old objects during a restore
- This change prevents unnecessary errors when removing old objects. The new --if-exists option for pg_dump, pg_dumpall, and pg_restore is only available when --clean is also specified
pg_basebackup:
- Add pg_basebackup option --xlogdir to specify the pg_xlog directory location
- Allow pg_basebackup to relocate tablespaces in the backup copy
- This is particularly useful for using pg_basebackup on the same machine as the primary.
- Allow network-stream base backups to be throttled
- This can be controlled with the pg_basebackup --max-rate parameter.
Source Code:
- Improve the way tuples are frozen to preserve forensic information
- This change removes the main objection to freezing tuples as soon as possible. Code that inspects tuple flag bits will need to be modified.
- No longer require function prototypes for functions marked with the PG_FUNCTION_INFO_V1 macro
- This change eliminates the need to write boilerplate prototypes. Note that the PG_FUNCTION_INFO_V1 macro must appear before the corresponding function definition to avoid compiler warnings.
- Remove SnapshotNow and HeapTupleSatisfiesNow()
- All existing uses have been switched to more appropriate snapshot types. Catalog scans now use MVCC snapshots.
- Add an API to allow memory allocations over one gigabyte
- Add psprintf() to simplify memory allocation during string composition
- Support printf() size modifier z to print size_t values
- Change API of appendStringInfoVA() to better use vsnprintf()
- Allow new types of external toast datums to be created
- Add single-reader, single-writer, lightweight shared message queue
- Improve spinlock speed on x86_64 CPUs
- Remove spinlock support for unsupported platforms SINIX, Sun3, and NS32K
- Remove IRIX port
- Reduce the number of semaphores required by --disable-spinlocks builds
- Rewrite duplicate_oids Unix shell script in Perl
- Add Test Anything Protocol (TAP) tests for client programs
- Currently, these tests are run by make check-world only if the --enable-tap-tests option was given to configure. This might become the default behavior in some future release.
- Add make targets check-tests and installcheck-tests, which allow selection of individual tests to be run
- Remove maintainer-check makefile rule
- The default build rules now include all the formerly-optional tests.
- Improve support for VPATH builds of PGXS modules
- Upgrade to Autoconf 2.69
- Add a configure flag that appends custom text to the PG_VERSION string
- This is useful for packagers building custom binaries.
- Improve DocBook XML validity
- Fix various minor security and sanity issues reported by the Coverity scanner
- Improve detection of invalid memory usage when testing PostgreSQL with Valgrind
- Improve sample Emacs configuration file emacs.samples
- Also add .dir-locals.el to the top of the source tree.
- Allow pgindent to accept a command-line list of typedefs
- Make pgindent smarter about blank lines around preprocessor conditionals
- Avoid most uses of dlltool in Cygwin and Mingw builds
- Support client-only installs in MSVC (Windows) builds
Additional Modules:
- Add pg_prewarm extension to preload relation data into the shared buffer cache at server start
- This allows reaching full operating performance more quickly.
- Add UUID random number generator gen_random_uuid() to pgcrypto
- This allows creation of version 4 UUIDs without requiring installation of uuid-ossp.
- Allow uuid-ossp to work with the BSD or e2fsprogs UUID libraries, not only the OSSP UUID library
- This improves the uuid-ossp module's portability since it no longer has to have the increasingly-obsolete OSSP library. The module's name is now rather a misnomer, but we won't change it.
- Add option to auto_explain to include trigger execution time
- Fix pgstattuple to not report rows from uncommitted transactions as dead
- Make pgstattuple functions use regclass-type arguments
- While text-type arguments are still supported, they may be removed in a future major release.
- Improve consistency of pgrowlocks output to honor snapshot rules more consistently
- Improve pg_trgm's choice of trigrams for indexed regular expression searches
- This change discourages use of trigrams containing whitespace, which are usually less selective.
- Allow pg_xlogdump to report a live log stream with --follow
- Store cube data more compactly
- Existing data must be dumped/restored to use the new format. The old format can still be read.
- Reduce vacuumlo client-side memory usage by using a cursor
- Dramatically reduce memory consumption in pg_upgrade
- Pass pg_upgrade's user name (-U) option to generated analyze scripts
pgbench:
- Remove line length limit for pgbench scripts
- The previous line limit was BUFSIZ
- Add long option names to pgbench
- Add pgbench option --rate to control the transaction rate
- Add pgbench option --progress to print periodic progress reports
pg_stat_statements:
- Make pg_stat_statements use a file, rather than shared memory, for query text storage
- This removes the previous limitation on query text length, and allows a higher number of unique statements to be tracked by default
- Allow reporting of pg_stat_statements's internal query hash identifier
- Add the ability to retrieve all pg_stat_statements information except the query text
- This allows monitoring tools to fetch query text only for just-created entries, improving performance during repeated querying of the statistics
- Make pg_stat_statements ignore DEALLOCATE commands
- It already ignored PREPARE, as well as planning time in general, so this seems more consistent
- Save the statistics file into $PGDATA/pg_stat at server shutdown, rather than $PGDATA/global
更新時間:2014-12-20
更新細節:
What's new in this version:
Server:
- Allow background worker processes to be dynamically registered, started and terminated
- The new worker_spi module shows an example of use of this feature.
- Allow dynamic allocation of shared memory segments
- This feature is illustrated in the test_shm_mq module.
- During crash recovery or immediate shutdown, send uncatchable termination signals (SIGKILL) to child processes that do not shut down promptly
- This reduces the likelihood of leaving orphaned child processes behind after postmaster shutdown, as well as ensuring that crash recovery can proceed if some child processes have become "stuck".
- Improve randomness of the database system identifier
- Make VACUUM properly report dead but not-yet-removable rows to the statistics collector
- Previously these were reported as live rows.
Indexes:
- Reduce GIN index size
- Indexes upgraded via pg_upgrade will work fine but will still be in the old, larger GIN format. Use REINDEX to recreate old GIN indexes in the new format
- Improve speed of multi-key GIN lookups
- Add GiST index support for inet and cidr data types
- Such indexes improve subnet and supernet lookups and ordering comparisons
- Fix rare race condition in B-tree page deletion
- Make the handling of interrupted B-tree page splits more robust
General Performance:
- Allow multiple backends to insert into WAL buffers concurrently
- This improves parallel write performance.
- Conditionally write only the modified portion of updated rows to WAL
- Improve performance of aggregate functions used as window functions
- Improve speed of aggregates that use numeric state values
- Attempt to freeze tuples when tables are rewritten with CLUSTER or VACUUM FULL
- This can avoid the need to freeze the tuples in the future.
- Improve speed of COPY with default nextval() columns
- Improve speed of accessing many different sequences in the same session
- Raise hard limit on the number of tuples held in memory during sorting and B-tree index builds
- Reduce memory allocated by PL/pgSQL DO blocks
- Make the planner more aggressive about extracting restriction clauses from mixed AND/OR clauses
- Disallow pushing volatile WHERE clauses down into DISTINCT subqueries
- Pushing down a WHERE clause can produce a more efficient plan overall, but at the cost of evaluating the clause more often than is implied by the text of the query; so don't do it if the clause contains any volatile functions.
- Auto-resize the catalog caches
- This reduces memory consumption for sessions accessing only a few tables, and improves performance for sessions accessing many tables.
Monitoring:
- Add pg_stat_archiver system view to report WAL archiver activity
- Add n_mod_since_analyze columns to pg_stat_all_tables and related system views
- These columns expose the system's estimate of the number of changed tuples since the table's last ANALYZE. This estimate drives decisions about when to auto-analyze.
- Add backend_xid and backend_xmin columns to the system view pg_stat_activity, and a backend_xmin column to pg_stat_replication
SSL:
- Add support for SSL ECDH key exchange
- This allows use of Elliptic Curve keys for server authentication. Such keys are faster and have better security than RSA keys. The new configuration parameter ssl_ecdh_curve controls which curve is used for ECDH.
- Improve the default ssl_ciphers setting
- By default, the server not the client now controls the preference order of SSL ciphers
- Previously, the order specified by ssl_ciphers was usually ignored in favor of client-side defaults, which are not configurable in most PostgreSQL clients. If desired, the old behavior can be restored via the new configuration parameter ssl_prefer_server_ciphers.
- Make log_connections show SSL encryption information (Andreas Kunert)
- Improve SSL renegotiation handling
Server Settings:
- Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries
- Previously such settings could only be changed by manually editing postgresql.conf.
- Add autovacuum_work_mem configuration parameter to control the amount of memory used by autovacuum workers
- Add huge_pages parameter to allow using huge memory pages on Linux
- This can improve performance on large-memory systems.
- Add max_worker_processes parameter to limit the number of background workers
- This is helpful in configuring a standby server to have the required number of worker processes (the same as the primary).
- Add superuser-only session_preload_libraries parameter to load libraries at session start
- In contrast to local_preload_libraries, this parameter can load any shared library, not just those in the $libdir/plugins directory.
- Add wal_log_hints parameter to enable WAL logging of hint-bit changes
- Hint bit changes are not normally logged, except when checksums are enabled. This is useful for external tools like pg_rewind.
- Increase the default settings of work_mem and maintenance_work_mem by four times
- The new defaults are 4MB and 64MB respectively.
- Increase the default setting of effective_cache_size to 4GB
- Allow printf-style space padding to be specified in log_line_prefix (David Rowley)
- Allow terabyte units (TB) to be used when specifying configuration variable values
- Show PIDs of lock holders and waiters and improve information about relations in log_lock_waits log messages
- Reduce server logging level when loading shared libraries
- The previous level was LOG, which was too verbose for libraries loaded per-session.
- On Windows, make SQL_ASCII-encoded databases and server processes (e.g., postmaster) emit messages in the character encoding of the server's Windows user locale
- Previously these messages were output in the Windows ANSI code page.
Replication and Recovery:
- Add replication slots to coordinate activity on streaming standbys with the node they are streaming from
- Replication slots allow preservation of resources like WAL files on the primary until they are no longer needed by standby servers.
- Add recovery parameter recovery_min_apply_delay to delay replication
- Delaying replay on standby servers can be useful for recovering from user errors.
- Add recovery_target option immediate to stop WAL recovery as soon as a consistent state is reached
- Improve recovery target processing
- The timestamp reported by pg_last_xact_replay_timestamp() now reflects already-committed records, not transactions about to be committed. Recovering to a restore point now replays the restore point, rather than stopping just before the restore point.
- pg_switch_xlog() now clears any unused trailing space in the old WAL file
- This improves the compression ratio for WAL files.
- Report failure return codes from external recovery commands
- Reduce spinlock contention during WAL replay
- Write WAL records of running transactions more frequently
- This allows standby servers to start faster and clean up resources more aggressively.
- Logical Decoding - allows database changes to be streamed in a configurable format. The data is read from the WAL and transformed into the desired target format. To implement this feature, the following changes were made:
- Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format
- Add new wal_level setting logical to enable logical change-set encoding in WAL
- Add table-level parameter REPLICA IDENTITY to control logical replication
- Add relation option user_catalog_table to identify user-created tables involved in logical change-set encoding
- Add pg_recvlogical application to receive logical-decoding data
- Add test_decoding module to illustrate logical decoding at the SQL level
Queries:
- Add WITH ORDINALITY syntax to number the rows returned from a set-returning function in the FROM clause
- This is particularly useful for functions like unnest().
- Add ROWS FROM() syntax to allow horizontal concatenation of set-returning functions in the FROM clause
- Allow SELECT to have an empty target list
- This was added so that views that select from a table with zero columns can be dumped and restored correctly.
- Ensure that SELECT ... FOR UPDATE NOWAIT does not wait in corner cases involving already-concurrently-updated tuples
Utility Commands:
- Add DISCARD SEQUENCES command to discard cached sequence-related state
- DISCARD ALL will now also discard such information.
- Add FORCE NULL option to COPY FROM, which causes quoted strings matching the specified null string to be converted to NULLs in CSV mode
- Without this option, only unquoted matching strings will be imported as null values.
- Issue warnings for commands used outside of transaction blocks when they can have no effect
- New warnings are issued for SET LOCAL, SET CONSTRAINTS, SET TRANSACTION and ABORT when used outside a transaction block.
EXPLAIN:
- Make EXPLAIN ANALYZE show planning time
- Make EXPLAIN show the grouping columns in Agg and Group nodes
- Make EXPLAIN ANALYZE show exact and lossy block counts in bitmap heap scans
Views:
- Allow a materialized view to be refreshed without blocking other sessions from reading the view meanwhile
- This is done with REFRESH MATERIALIZED VIEW CONCURRENTLY.
- Allow views to be automatically updated even if they contain some non-updatable columns
- Previously the presence of non-updatable output columns such as expressions, literals, and function calls prevented automatic updates. Now INSERTs, UPDATEs and DELETEs are supported, provided that they do not attempt to assign new values to any of the non-updatable columns.
- Allow control over whether INSERTs and UPDATEs can add rows to an auto-updatable view that would not appear in the view
- This is controlled with the new CREATE VIEW clause WITH CHECK OPTION.
- Allow security barrier views to be automatically updatable
Object Manipulation:
- Support triggers on foreign tables
- Allow moving groups of objects from one tablespace to another using the ALL IN TABLESPACE ... SET TABLESPACE form of ALTER TABLE, ALTER INDEX, or ALTER MATERIALIZED VIEW
- Allow changing foreign key constraint deferrability via ALTER TABLE ... ALTER CONSTRAINT
- Reduce lock strength for some ALTER TABLE commands
- Specifically, VALIDATE CONSTRAINT, CLUSTER ON, SET WITHOUT CLUSTER, ALTER COLUMN SET STATISTICS, ALTER COLUMN SET (attribute_option), ALTER COLUMN RESET (attribute_option) no longer require ACCESS EXCLUSIVE locks.
- Allow tablespace options to be set in CREATE TABLESPACE (Vik Fearing)
- Formerly these options could only be set via ALTER TABLESPACE.
- Allow CREATE AGGREGATE to define the estimated size of the aggregate's transition state data
- Proper use of this feature allows the planner to better estimate how much memory will be used by aggregates.
- Fix DROP IF EXISTS to avoid errors for non-existent objects in more cases
- Improve how system relations are identified
- Previously, relations once moved into the pg_catalog schema could no longer be modified or dropped.
Data Types:
- Fully implement the line data type
- The line segment data type (lseg) has always been fully supported. The previous line data type (which was enabled only via a compile-time option) is not binary or dump-compatible with the new implementation.
- Add pg_lsn data type to represent a WAL log sequence number (LSN)
- Allow single-point polygons to be converted to circles (Bruce Momjian)
- Support time zone abbreviations that change UTC offset from time to time
- Previously, PostgreSQL assumed that the UTC offset associated with a time zone abbreviation (such as EST) never changes in the usage of any particular locale. However this assumption fails in the real world, so introduce the ability for a zone abbreviation to represent a UTC offset that sometimes changes. Update the zone abbreviation definition files to make use of this feature in timezone locales that have changed the UTC offset of their abbreviations since 1970 (according to the IANA timezone database). In such timezones, PostgreSQL will now associate the correct UTC offset with the abbreviation depending on the given date.
- Allow 5+ digit years for non-ISO timestamp and date strings, where appropriate
JSON:
- Add jsonb, a more capable and efficient data type for storing JSON data
- This new type allows faster access to values within a JSON document, and faster and more useful indexing of JSON columns. Scalar values in jsonb documents are stored as appropriate scalar SQL types, and the JSON document structure is pre-parsed rather than being stored as text as in the original json data type.
- Add new JSON functions to allow for the construction of arbitrarily complex JSON trees
- New functions include json_array_elements_text(), json_build_array(), json_object(), json_object_agg(), json_to_record(), and json_to_recordset().
- Add json_typeof() to return the data type of a json value (Andrew Tipton)
- Add checks for overflow/underflow of interval values
Functions:
- Add pg_sleep_for(interval) and pg_sleep_until(timestamp) to specify delays more flexibly
- The existing pg_sleep() function only supports delays specified in seconds.
- Add cardinality() function for arrays
- This returns the total number of elements in the array, or zero for an array with no elements.
- Add SQL functions to allow large object reads/writes at arbitrary offsets
- Allow unnest() to take multiple arguments, which are individually unnested then horizontally concatenated
- Add functions to construct times, dates, timestamps, timestamptzs, and intervals from individual values, rather than strings
- These functions' names are prefixed with make_, e.g. make_date().
- Make to_char()'s TZ format specifier return a useful value for simple numeric time zone offsets
- Previously, to_char(CURRENT_TIMESTAMP, 'TZ') returned an empty string if the timezone was set to a constant like -4.
- Add timezone offset format specifier OF to to_char()
- Improve the random seed used for random()
- Tighten validity checking for Unicode code points in chr(int)
- This function now only accepts values that are valid UTF8 characters according to RFC 3629.
System Information Functions:
- Add functions for looking up objects in pg_class, pg_proc, pg_type, and pg_operator that do not generate errors for non-existent objects
- For example, to_regclass() does a lookup in pg_class similarly to the regclass input function, but it returns NULL for a non-existent object instead of failing.
- Add function pg_filenode_relation() to allow for more efficient lookup of relation names from filenodes
- Add parameter_default column to information_schema.parameters view
- Make information_schema.schemata show all accessible schemas
- Previously it only showed schemas owned by the current user.
Aggregates:
- Add control over which rows are passed into aggregate functions via the FILTER clause
- Support ordered-set (WITHIN GROUP) aggregates
- Add standard ordered-set aggregates percentile_cont(), percentile_disc(), mode(), rank(), dense_rank(), percent_rank(), and cume_dist()
- Support VARIADIC aggregate functions
- Allow polymorphic aggregates to have non-polymorphic state data types
- This allows proper declaration in SQL of aggregates like the built-in aggregate array_agg().
Server-Side Languages:
- Add event trigger support to PL/Perl and PL/Tcl
- Convert numeric values to decimal in PL/Python
- Previously such values were converted to Python float values, risking loss of precision.
PL/pgSQL Server-Side Language:
- Add ability to retrieve the current PL/PgSQL call stack using GET DIAGNOSTICS
- Add option print_strict_params to display the parameters passed to a query that violated a STRICT constraint
- Add variables plpgsql.extra_warnings and plpgsql.extra_errors to enable additional PL/pgSQL warnings and errors
- Currently only warnings/errors about shadowed variables are available.
libpq:
- Make libpq's PQconndefaults() function ignore invalid service files
- Previously it returned NULL if an incorrect service file was encountered.
- Accept TLS protocol versions beyond TLSv1 in libpq
Client Applications:
- Add createuser option -g to specify role membership (Chistopher Browne)
- Add vacuumdb option --analyze-in-stages to analyze in stages of increasing granularity
- This allows minimal statistics to be created quickly.
- Make pg_resetxlog with option -n output current and potentially changed values
- Make initdb throw error for incorrect locale settings, rather than silently falling back to a default choice
- Make pg_ctl return exit code 4 for an inaccessible data directory
- This behavior more closely matches the Linux Standard Base (LSB) Core Specification.
- On Windows, ensure that a non-absolute -D path specification is interpreted relative to pg_ctl's current directory
- Previously it would be interpreted relative to whichever directory the underlying Windows service was started in.
- Allow sizeof() in ECPG C array definitions
- Make ECPG properly handle nesting of C-style comments in both C and SQL text
psql:
- Suppress "No rows" output in psql expanded mode when the footer is disabled
- Allow Control-C to abort psql when it's hung at connection startup
Backslash Commands:
- Make psql's db+ show tablespace options
- Make do+ display the functions that implement the operators
- Make d+ output an OID line only if an oid column exists in the table
- Previously, the presence or absence of an oid column was always reported.
- Make d show disabled system triggers
- Previously, if you disabled all triggers, only user triggers would show as disabled.
- Fix copy to no longer require a space between stdin and a semicolon
- Output the row count at the end of copy, just like COPY already did
- Fix conninfo to display the server's IP address for connections using hostaddr
- Previously conninfo could not display the server's IP address in such cases.
- Show the SSL protocol version in conninfo
- Add tab completion for pset
- Allow pset with no arguments to show all settings
- Make s display the name of the history file it wrote without converting it to an absolute path
- The code previously attempted to convert a relative file name to an absolute path for display, but frequently got it wrong.
pg_dump:
- Allow pg_restore options -I, -P, -T and -n to be specified multiple times
- This allows multiple objects to be restored in one operation
- Optionally add IF EXISTS clauses to the DROP commands emitted when removing old objects during a restore
- This change prevents unnecessary errors when removing old objects. The new --if-exists option for pg_dump, pg_dumpall, and pg_restore is only available when --clean is also specified
pg_basebackup:
- Add pg_basebackup option --xlogdir to specify the pg_xlog directory location
- Allow pg_basebackup to relocate tablespaces in the backup copy
- This is particularly useful for using pg_basebackup on the same machine as the primary.
- Allow network-stream base backups to be throttled
- This can be controlled with the pg_basebackup --max-rate parameter.
Source Code:
- Improve the way tuples are frozen to preserve forensic information
- This change removes the main objection to freezing tuples as soon as possible. Code that inspects tuple flag bits will need to be modified.
- No longer require function prototypes for functions marked with the PG_FUNCTION_INFO_V1 macro
- This change eliminates the need to write boilerplate prototypes. Note that the PG_FUNCTION_INFO_V1 macro must appear before the corresponding function definition to avoid compiler warnings.
- Remove SnapshotNow and HeapTupleSatisfiesNow()
- All existing uses have been switched to more appropriate snapshot types. Catalog scans now use MVCC snapshots.
- Add an API to allow memory allocations over one gigabyte
- Add psprintf() to simplify memory allocation during string composition
- Support printf() size modifier z to print size_t values
- Change API of appendStringInfoVA() to better use vsnprintf()
- Allow new types of external toast datums to be created
- Add single-reader, single-writer, lightweight shared message queue
- Improve spinlock speed on x86_64 CPUs
- Remove spinlock support for unsupported platforms SINIX, Sun3, and NS32K
- Remove IRIX port
- Reduce the number of semaphores required by --disable-spinlocks builds
- Rewrite duplicate_oids Unix shell script in Perl
- Add Test Anything Protocol (TAP) tests for client programs
- Currently, these tests are run by make check-world only if the --enable-tap-tests option was given to configure. This might become the default behavior in some future release.
- Add make targets check-tests and installcheck-tests, which allow selection of individual tests to be run
- Remove maintainer-check makefile rule
- The default build rules now include all the formerly-optional tests.
- Improve support for VPATH builds of PGXS modules
- Upgrade to Autoconf 2.69
- Add a configure flag that appends custom text to the PG_VERSION string
- This is useful for packagers building custom binaries.
- Improve DocBook XML validity
- Fix various minor security and sanity issues reported by the Coverity scanner
- Improve detection of invalid memory usage when testing PostgreSQL with Valgrind
- Improve sample Emacs configuration file emacs.samples
- Also add .dir-locals.el to the top of the source tree.
- Allow pgindent to accept a command-line list of typedefs
- Make pgindent smarter about blank lines around preprocessor conditionals
- Avoid most uses of dlltool in Cygwin and Mingw builds
- Support client-only installs in MSVC (Windows) builds
Additional Modules:
- Add pg_prewarm extension to preload relation data into the shared buffer cache at server start
- This allows reaching full operating performance more quickly.
- Add UUID random number generator gen_random_uuid() to pgcrypto
- This allows creation of version 4 UUIDs without requiring installation of uuid-ossp.
- Allow uuid-ossp to work with the BSD or e2fsprogs UUID libraries, not only the OSSP UUID library
- This improves the uuid-ossp module's portability since it no longer has to have the increasingly-obsolete OSSP library. The module's name is now rather a misnomer, but we won't change it.
- Add option to auto_explain to include trigger execution time
- Fix pgstattuple to not report rows from uncommitted transactions as dead
- Make pgstattuple functions use regclass-type arguments
- While text-type arguments are still supported, they may be removed in a future major release.
- Improve consistency of pgrowlocks output to honor snapshot rules more consistently
- Improve pg_trgm's choice of trigrams for indexed regular expression searches
- This change discourages use of trigrams containing whitespace, which are usually less selective.
- Allow pg_xlogdump to report a live log stream with --follow
- Store cube data more compactly
- Existing data must be dumped/restored to use the new format. The old format can still be read.
- Reduce vacuumlo client-side memory usage by using a cursor
- Dramatically reduce memory consumption in pg_upgrade
- Pass pg_upgrade's user name (-U) option to generated analyze scripts
pgbench:
- Remove line length limit for pgbench scripts
- The previous line limit was BUFSIZ
- Add long option names to pgbench
- Add pgbench option --rate to control the transaction rate
- Add pgbench option --progress to print periodic progress reports
pg_stat_statements:
- Make pg_stat_statements use a file, rather than shared memory, for query text storage
- This removes the previous limitation on query text length, and allows a higher number of unique statements to be tracked by default
- Allow reporting of pg_stat_statements's internal query hash identifier
- Add the ability to retrieve all pg_stat_statements information except the query text
- This allows monitoring tools to fetch query text only for just-created entries, improving performance during repeated querying of the statistics
- Make pg_stat_statements ignore DEALLOCATE commands
- It already ignored PREPARE, as well as planning time in general, so this seems more consistent
- Save the statistics file into $PGDATA/pg_stat at server shutdown, rather than $PGDATA/global
更新時間:2014-07-27
更新細節:
What's new in this version:
- Correctly initialize padding bytes in contrib/btree_gist indexes on bit columns (Heikki Linnakangas)
- This error could result in incorrect query results due to values that should compare equal not being seen as equal. Users with GiST indexes on bit or bit varying columns should REINDEX those indexes after installing this update.
- Protect against torn pages when deleting GIN list pages (Heikki Linnakangas)
- This fix prevents possible index corruption if a system crash occurs while the page update is being written to disk.
- Fix possibly-incorrect cache invalidation during nested calls to ReceiveSharedInvalidMessages (Andres Freund)
- Don't assume a subquery's output is unique if there's a set-returning function in its targetlist (David Rowley)
- This oversight could lead to misoptimization of constructs like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP BY y).
- Fix failure to detoast fields in composite elements of structured types (Tom Lane)
- This corrects cases where TOAST pointers could be copied into other tables without being dereferenced. If the original data is later deleted, it would lead to errors like "missing chunk number 0 for toast value ..." when the now-dangling pointer is used.
- Fix "record type has not been registered" failures with whole-row references to the output of Append plan nodes (Tom Lane)
- Fix possible crash when invoking a user-defined function while rewinding a cursor (Tom Lane)
- Fix query-lifespan memory leak while evaluating the arguments for a function in FROM (Tom Lane)
- Fix session-lifespan memory leaks in regular-expression processing (Tom Lane, Arthur O'Dwyer, Greg Stark)
- Fix data encoding error in hungarian.stop (Tom Lane)
- Fix liveness checks for rows that were inserted in the current transaction and then deleted by a now-rolled-back subtransaction (Andres Freund)
- This could cause problems (at least spurious warnings, and at worst an infinite loop) if CREATE INDEX or CLUSTER were done later in the same transaction.
- Clear pg_stat_activity.xact_start during PREPARE TRANSACTION (Andres Freund)
- After the PREPARE, the originating session is no longer in a transaction, so it should not continue to display a transaction start time.
- Fix REASSIGN OWNED to not fail for text search objects (Álvaro Herrera)
- Block signals during postmaster startup (Tom Lane)
- This ensures that the postmaster will properly clean up after itself if, for example, it receives SIGINT while still starting up.
- Secure Unix-domain sockets of temporary postmasters started during make check (Noah Misch)
- Any local user able to access the socket file could connect as the server's bootstrap superuser, then proceed to execute arbitrary code as the operating-system user running the test, as we previously noted in CVE-2014-0067. This change defends against that risk by placing the server's socket in a temporary, mode 0700 subdirectory of /tmp. The hazard remains however on platforms where Unix sockets are not supported, notably Windows, because then the temporary postmaster must accept local TCP connections.
- A useful side effect of this change is to simplify make check testing in builds that override DEFAULT_PGSOCKET_DIR. Popular non-default values like /var/run/postgresql are often not writable by the build user, requiring workarounds that will no longer be necessary.
- On Windows, allow new sessions to absorb values of PGC_BACKEND parameters (such as log_connections) from the configuration file (Amit Kapila)
- Previously, if such a parameter were changed in the file post-startup, the change would have no effect.
- Properly quote executable path names on Windows (Nikhil Deshpande)
- This oversight could cause initdb and pg_upgrade to fail on Windows, if the installation path contained both spaces and @ signs.
- Fix linking of libpython on OS X (Tom Lane)
- The method we previously used can fail with the Python library supplied by Xcode 5.0 and later.
- Avoid buffer bloat in libpq when the server consistently sends data faster than the client can absorb it (Shin-ichi Morita, Tom Lane)
- libpq could be coerced into enlarging its input buffer until it runs out of memory (which would be reported misleadingly as "lost synchronization with server"). Under ordinary circumstances it's quite far-fetched that data could be continuously transmitted more quickly than the recv() loop can absorb it, but this has been observed when the client is artificially slowed by scheduler constraints.
- Ensure that LDAP lookup attempts in libpq time out as intended (Laurenz Albe)
- Fix pg_restore's processing of old-style large object comments (Tom Lane)
- A direct-to-database restore from an archive file generated by a pre-9.0 version of pg_dump would usually fail if the archive contained more than a few comments for large objects.
- In contrib/pgcrypto functions, ensure sensitive information is cleared from stack variables before returning (Marko Kreen)
- In contrib/uuid-ossp, cache the state of the OSSP UUID library across calls (Tom Lane)
- This improves the efficiency of UUID generation and reduces the amount of entropy drawn from /dev/urandom, on platforms that have that.
- Update time zone data files to tzdata release 2014e for DST law changes in Crimea, Egypt, and Morocco.