What Is the FileHippo Safety Guarantee?
- Prevent execution of enum_recv from SQL (Tom Lane)
The function was misdeclared, allowing a simple SQL command to crash the server. In principle an attacker might be able to use it to examine the contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue. (CVE-2013-0255)
- Fix multiple problems in detection of when a consistent database state has been reached during WAL replay (Fujii Masao, Heikki Linnakangas, Simon Riggs, Andres Freund)
- Fix detection of end-of-backup point when no actual redo work is required (Heikki Linnakangas)
This mistake could result in incorrect "WAL ends before end of online backup" errors.
- Update minimum recovery point when truncating a relation file (Heikki Linnakangas)
Once data has been discarded, it's no longer safe to stop recovery at an earlier point in the timeline.
- Fix recycling of WAL segments after changing recovery target timeline (Heikki Linnakangas)
Properly restore timeline history files from archive on cascading standby servers (Heikki Linnakangas)
- Fix lock conflict detection on hot-standby servers (Andres Freund, Robert Haas)
- Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs)
The need to cancel conflicting hot-standby queries would sometimes be missed, allowing those queries to see inconsistent data.
- Prevent recovery pause feature from pausing before users can connect (Tom Lane)
- Fix SQL grammar to allow subscripting or field selection from a sub-SELECT result (Tom Lane)
- Fix performance problems with autovacuum truncation in busy workloads (Jan Wieck)
Truncation of empty pages at the end of a table requires exclusive lock, but autovacuum was coded to fail (and release the table lock) when there are conflicting lock requests. Under load, it is easily possible that truncation would never occur, resulting in table bloat. Fix by performing a partial truncation, releasing the lock, then attempting to re-acquire the lock and continue. This fix also greatly reduces the average time before autovacuum releases the lock after a conflicting request arrives.
- Improve performance of SPI_execute and related functions, thereby improving PL/pgSQL's EXECUTE (Heikki Linnakangas, Tom Lane)
Remove some data-copying overhead that was added in 9.2 as a consequence of revisions in the plan caching mechanism. This eliminates a performance regression compared to 9.1, and also saves memory, especially when the query string to be executed contains many SQL statements.
A side benefit is that multi-statement query strings are now processed fully serially, that is we complete execution of earlier statements before running parse analysis and planning on the following ones. This eliminates a long-standing issue, in that DDL that should affect the behavior of a later statement will now behave as expected.
- Restore pre-9.2 cost estimates for index usage (Tom Lane)
An ill-considered change of a fudge factor led to undesirably high cost estimates for use of very large indexes.
- Fix intermittent crash in DROP INDEX CONCURRENTLY (Tom Lane)
- Fix potential corruption of shared-memory lock table during CREATE/DROP INDEX CONCURRENTLY (Tom Lane)
- Fix COPY's multiple-tuple-insertion code for the case of a tuple larger than page size minus fillfactor (Heikki Linnakangas)
The previous coding could get into an infinite loop.
- Protect against race conditions when scanning pg_tablespace (Stephen Frost, Tom Lane)
CREATE DATABASE and DROP DATABASE could misbehave if there were concurrent updates of pg_tablespace entries.
- Prevent DROP OWNED from trying to drop whole databases or tablespaces (Álvaro Herrera)
For safety, ownership of these objects must be reassigned, not dropped.
- Fix error in vacuum_freeze_table_age implementation (Andres Freund)
The main consequence of this mistake is that lowering vacuum_freeze_min_age would cause full-table vacuuming scans to occur much more frequently than intended.
- Prevent misbehavior when a RowExpr or XmlExpr is parse-analyzed twice (Andres Freund, Tom Lane)
This mistake could be user-visible in contexts such as CREATE TABLE LIKE INCLUDING INDEXES.
- Improve defenses against integer overflow in hashtable sizing calculations (Jeff Davis)
- Fix some bugs associated with privileges on datatypes (Tom Lane)
- There were some issues with default privileges for types, and pg_dump failed to dump such privileges at all.
- Fix failure to ignore leftover temporary tables after a server crash (Tom Lane)
- Fix failure to rotate postmaster log files for size reasons on Windows (Jeff Janes, Heikki Linnakangas)
Reject out-of-range dates in to_date() (Hitoshi Harada)
- Fix pg_extension_config_dump() to handle extension-update cases properly (Tom Lane)
This function will now replace any existing entry for the target table, making it usable in extension update scripts.
- Fix PL/pgSQL's reporting of plan-time errors in possibly-simple expressions (Tom Lane)
The previous coding resulted in sometimes omitting the first line in the CONTEXT traceback for the error.
- Fix PL/Python's handling of functions used as triggers on multiple tables (Andres Freund)
- Ensure that non-ASCII prompt strings are translated to the correct code page on Windows (Alexander Law, Noah Misch)
This bug affected psql and some other client programs.
- Fix possible crash in psql's \? command when not connected to a database (Meng Qingzhong)
- Fix possible error if a relation file is removed while pg_basebackup is running (Heikki Linnakangas)
- Tolerate timeline switches while pg_basebackup -X fetch is backing up a standby server (Heikki Linnakangas)
- Make pg_dump exclude data of unlogged tables when running on a hot-standby server (Magnus Hagander)
This would fail anyway because the data is not available on the standby server, so it seems most convenient to assume --no-unlogged-table-data automatically.
- Fix pg_upgrade to deal with invalid indexes safely (Bruce Momjian)
- Fix pg_upgrade's -O/-o options (Bruce Momjian)
- Fix one-byte buffer overrun in libpq's PQprintTuples (Xi Wang)
This ancient function is not used anywhere by PostgreSQL itself, but it might still be used by some client code.
- Make ecpglib use translated messages properly (Chen Huajun)
- Properly install ecpg_compat and pgtypes libraries on MSVC (Jiang Guiqing)
- Include our version of isinf() in libecpg if it's not provided by the system (Jiang Guiqing)
- Rearrange configure's tests for supplied functions so it is not fooled by bogus exports from libedit/libreadline (Christoph Berg)
- Ensure Windows build number increases over time (Magnus Hagander)
- Make pgxs build executables with the right .exe suffix when cross-compiling for Windows (Zoltan Boszormenyi)
- Add new timezone abbreviation FET (Tom Lane)