IdentifiantMot de passe
Mot de passe oublié ?Je m'inscris ! (gratuit)

E.78. Release 8.2.18


Release date


This release contains a variety of fixes from 8.2.17. For information about new features in the 8.2 major release, see Section E.96, « Version 8.2 ».

E.78.1. Migration to Version 8.2.18

A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see the release notes for 8.2.14.

E.78.2. Changes

  • Use a separate interpreter for each calling SQL userid in PL/Perl and PL/Tcl (Tom Lane)

    This change prevents security problems that can be caused by subverting Perl or Tcl code that will be executed later in the same session under another SQL user identity (for example, within a SECURITY DEFINER function). Most scripting languages offer numerous ways that that might be done, such as redefining standard functions or operators called by the target function. Without this change, any SQL user with Perl or Tcl language usage rights can do essentially anything with the SQL privileges of the target function's owner.

    The cost of this change is that intentional communication among Perl and Tcl functions becomes more difficult. To provide an escape hatch, PL/PerlU and PL/TclU functions continue to use only one interpreter per session. This is not considered a security issue since all such functions execute at the trust level of a database superuser already.

    It is likely that third-party procedural languages that claim to offer trusted execution have similar security issues. We advise contacting the authors of any PL you are depending on for security-critical purposes.

    Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).

  • Prevent possible crashes in pg_get_expr() by disallowing it from being called with an argument that is not one of the system catalog columns it's intended to be used with (Heikki Linnakangas, Tom Lane)

  • Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus Hagander)

    This bug led to the often-reported « could not reattach to shared memory » error message. This is a back-patch of a fix that was applied to newer branches some time ago.

  • Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on Windows (Magnus Hagander)

    Under high load, Windows processes will sometimes fail at startup with this error code. Formerly the postmaster treated this as a panic condition and restarted the whole database, but that seems to be an overreaction.

  • Fix possible duplicate scans of UNION ALL member relations (Tom Lane)

  • Fix « cannot handle unplanned sub-select » error (Tom Lane)

    This occurred when a sub-select contains a join alias reference that expands into an expression containing another sub-select.

  • Reduce PANIC to ERROR in some occasionally-reported btree failure cases, and provide additional detail in the resulting error messages (Tom Lane)

    This should improve the system's robustness with corrupted indexes.

  • Prevent show_session_authorization() from crashing within autovacuum processes (Tom Lane)

  • Defend against functions returning setof record where not all the returned rows are actually of the same rowtype (Tom Lane)

  • Fix possible failure when hashing a pass-by-reference function result (Tao Ma, Tom Lane)

  • Take care to fsync the contents of lockfiles (both and the socket lockfile) while writing them (Tom Lane)

    This omission could result in corrupted lockfile contents if the machine crashes shortly after postmaster start. That could in turn prevent subsequent attempts to start the postmaster from succeeding, until the lockfile is manually removed.

  • Avoid recursion while assigning XIDs to heavily-nested subtransactions (Andres Freund, Robert Haas)

    The original coding could result in a crash if there was limited stack space.

  • Fix log_line_prefix's %i escape, which could produce junk early in backend startup (Tom Lane)

  • Fix possible data corruption in ALTER TABLE ... SET TABLESPACE when archiving is enabled (Jeff Davis)

  • Allow CREATE DATABASE and ALTER DATABASE ... SET TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge)

  • In PL/Python, defend against null pointer results from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr (Peter Eisentraut)

  • Improve contrib/dblink's handling of tables containing dropped columns (Tom Lane)

  • Fix connection leak after « duplicate connection name » errors in contrib/dblink (Itagaki Takahiro)

  • Fix contrib/dblink to handle connection names longer than 62 bytes correctly (Itagaki Takahiro)

  • Add hstore(text, text) function to contrib/hstore (Robert Haas)

    This function is the recommended substitute for the now-deprecated => operator. It was back-patched so that future-proofed code can be used with older server versions. Note that the patch will be effective only after contrib/hstore is installed or reinstalled in a particular database. Users might prefer to execute the CREATE FUNCTION command by hand, instead.

  • Update build infrastructure and documentation to reflect the source code repository's move from CVS to Git (Magnus Hagander and others)

  • Update time zone data files to tzdata release 2010l for DST law changes in Egypt and Palestine; also historical corrections for Finland.

    This change also adds new names for two Micronesian timezones: Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over Pacific/Ponape.

  • Make Windows' « N. Central Asia Standard Time » timezone map to Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander)

    Microsoft changed the DST behavior of this zone in the timezone update from KB976098. Asia/Novosibirsk is a better match to its new behavior.