1
1
<!-- doc/src/sgml/release-9.0.sgml -->
2
2
<!-- See header comment in release.sgml about typical markup -->
4
<sect1 id="release-9-0-9">
5
<title>Release 9.0.9</title>
8
<title>Release Date</title>
9
<simpara>2012-08-17</simpara>
13
This release contains a variety of fixes from 9.0.8.
14
For information about new features in the 9.0 major release, see
15
<xref linkend="release-9-0">.
19
<title>Migration to Version 9.0.9</title>
22
A dump/restore is not required for those running 9.0.X.
26
However, if you are upgrading from a version earlier than 9.0.6,
27
see the release notes for 9.0.6.
33
<title>Changes</title>
39
Prevent access to external files/URLs via XML entity references
40
(Noah Misch, Tom Lane)
44
<function>xml_parse()</> would attempt to fetch external files or
45
URLs as needed to resolve DTD and entity references in an XML value,
46
thus allowing unprivileged database users to attempt to fetch data
47
with the privileges of the database server. While the external data
48
wouldn't get returned directly to the user, portions of it could be
49
exposed in error messages if the data didn't parse as valid XML; and
50
in any case the mere ability to check existence of a file might be
51
useful to an attacker. (CVE-2012-3489)
57
Prevent access to external files/URLs via <filename>contrib/xml2</>'s
58
<function>xslt_process()</> (Peter Eisentraut)
62
<application>libxslt</> offers the ability to read and write both
63
files and URLs through stylesheet commands, thus allowing
64
unprivileged database users to both read and write data with the
65
privileges of the database server. Disable that through proper use
66
of <application>libxslt</>'s security options. (CVE-2012-3488)
70
Also, remove <function>xslt_process()</>'s ability to fetch documents
71
and stylesheets from external files/URLs. While this was a
72
documented <quote>feature</>, it was long regarded as a bad idea.
73
The fix for CVE-2012-3489 broke that capability, and rather than
74
expend effort on trying to fix it, we're just going to summarily
81
Prevent too-early recycling of btree index pages (Noah Misch)
85
When we allowed read-only transactions to skip assigning XIDs, we
86
introduced the possibility that a deleted btree page could be
87
recycled while a read-only transaction was still in flight to it.
88
This would result in incorrect index search results. The probability
89
of such an error occurring in the field seems very low because of the
90
timing requirements, but nonetheless it should be fixed.
96
Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane)
100
If <command>ALTER SEQUENCE</> was executed on a freshly created or
101
reset sequence, and then precisely one <function>nextval()</> call
102
was made on it, and then the server crashed, WAL replay would restore
103
the sequence to a state in which it appeared that no
104
<function>nextval()</> had been done, thus allowing the first
105
sequence value to be returned again by the next
106
<function>nextval()</> call. In particular this could manifest for
107
<type>serial</> columns, since creation of a serial column's sequence
108
includes an <command>ALTER SEQUENCE OWNED BY</> step.
114
Fix <function>txid_current()</> to report the correct epoch when not
115
in hot standby (Heikki Linnakangas)
119
This fixes a regression introduced in the previous minor release.
125
Fix bug in startup of Hot Standby when a master transaction has many
126
subtransactions (Andres Freund)
130
This mistake led to failures reported as <quote>out-of-order XID
131
insertion in KnownAssignedXids</>.
137
Ensure the <filename>backup_label</> file is fsync'd after
138
<function>pg_start_backup()</> (Dave Kerr)
144
Fix timeout handling in walsender processes (Tom Lane)
148
WAL sender background processes neglected to establish a
149
<systemitem>SIGALRM</> handler, meaning they would wait forever in
150
some corner cases where a timeout ought to happen.
156
Back-patch 9.1 improvement to compress the fsync request queue
161
This improves performance during checkpoints. The 9.1 change
162
has now seen enough field testing to seem safe to back-patch.
168
Fix <literal>LISTEN</>/<literal>NOTIFY</> to cope better with I/O
169
problems, such as out of disk space (Tom Lane)
173
After a write failure, all subsequent attempts to send more
174
<literal>NOTIFY</> messages would fail with messages like
175
<quote>Could not read from file "pg_notify/<replaceable>nnnn</>" at
176
offset <replaceable>nnnnn</>: Success</quote>.
182
Only allow autovacuum to be auto-canceled by a directly blocked
187
The original coding could allow inconsistent behavior in some cases;
188
in particular, an autovacuum could get canceled after less than
189
<literal>deadlock_timeout</> grace period.
195
Improve logging of autovacuum cancels (Robert Haas)
201
Fix log collector so that <literal>log_truncate_on_rotation</> works
202
during the very first log rotation after server start (Tom Lane)
208
Fix <literal>WITH</> attached to a nested set operation
209
(<literal>UNION</>/<literal>INTERSECT</>/<literal>EXCEPT</>)
216
Ensure that a whole-row reference to a subquery doesn't include any
217
extra <literal>GROUP BY</> or <literal>ORDER BY</> columns (Tom Lane)
223
Disallow copying whole-row references in <literal>CHECK</>
224
constraints and index definitions during <command>CREATE TABLE</>
229
This situation can arise in <command>CREATE TABLE</> with
230
<literal>LIKE</> or <literal>INHERITS</>. The copied whole-row
231
variable was incorrectly labeled with the row type of the original
232
table not the new one. Rejecting the case seems reasonable for
233
<literal>LIKE</>, since the row types might well diverge later. For
234
<literal>INHERITS</> we should ideally allow it, with an implicit
235
coercion to the parent table's row type; but that will require more
236
work than seems safe to back-patch.
242
Fix memory leak in <literal>ARRAY(SELECT ...)</> subqueries (Heikki
243
Linnakangas, Tom Lane)
249
Fix extraction of common prefixes from regular expressions (Tom Lane)
253
The code could get confused by quantified parenthesized
254
subexpressions, such as <literal>^(foo)?bar</>. This would lead to
255
incorrect index optimization of searches for such patterns.
261
Fix bugs with parsing signed
262
<replaceable>hh</><literal>:</><replaceable>mm</> and
263
<replaceable>hh</><literal>:</><replaceable>mm</><literal>:</><replaceable>ss</>
264
fields in <type>interval</> constants (Amit Kapila, Tom Lane)
270
Use Postgres' encoding conversion functions, not Python's, when
271
converting a Python Unicode string to the server encoding in
272
PL/Python (Jan Urbanski)
276
This avoids some corner-case problems, notably that Python doesn't
277
support all the encodings Postgres does. A notable functional change
278
is that if the server encoding is SQL_ASCII, you will get the UTF-8
279
representation of the string; formerly, any non-ASCII characters in
280
the string would result in an error.
286
Fix mapping of PostgreSQL encodings to Python encodings in PL/Python
293
Report errors properly in <filename>contrib/xml2</>'s
294
<function>xslt_process()</> (Tom Lane)
300
Update time zone data files to <application>tzdata</> release 2012e
301
for DST law changes in Morocco and Tokelau
4
310
<sect1 id="release-9-0-8">
5
311
<title>Release 9.0.8</title>