Update release notes for security-related releases in all active branches.

Security: CVE-2007-0555, CVE-2007-0556

doc/src/sgml/release.sgml

@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.488.2.4 2007/02/01 19:18:14 neilc Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.488.2.5 2007/02/02 00:10:33 tgl Exp $ -->
 <!--
 
 Typical markup:
@@ -27,13 +27,167 @@ wrap long lines
 
 For new features, add links to the documentation sections.  Use </link>
 so that perl can remove it so HISTORY.html can be created with no
-links to the main documentation.
+links to the main documentation.  This was added only in 8.2, so don't
+do it for earlier branch release files.
 
 -->
 
 <appendix id="release">
  <title>Release Notes</title>
 
+  <sect1 id="release-8-2-2">
+   <title>Release 8.2.2</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 8.2.1, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 8.2.2</title>
+
+    <para>
+     A dump/restore is not required for those running 8.2.X.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerabilities that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerabilities involve suppressing the normal check that a SQL
+      function returns the data type it's declared to, and changing the
+      data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
+      errors can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix not-so-rare-anymore bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix Borland C compile scripts (L Bayuk)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Properly handle <function>to_char('CC')</> for years ending in
+      <literal>00</> (Tom)
+     </para>
+     <para>
+      Year 2000 is in the twentieth century, not the twenty-first.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      <filename>/contrib/tsearch2</> localization improvements (Tatsuo, Teodor)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix incorrect permission check in
+      <literal>information_schema.key_column_usage</> view (Tom)
+     </para>
+     <para>
+      The symptom is <quote>relation with OID nnnnn does not exist</> errors.
+      To get this fix without using <command>initdb</>, use <command>CREATE OR
+      REPLACE VIEW</> to install the corrected definition found in
+      <filename>share/information_schema.sql</>.  Note you will need to do
+      this in each database.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Improve <command>VACUUM</> performance for databases with many tables (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix potentially incorrect results from index searches using
+      <literal>ROW</> inequality conditions (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix bogus <quote>permission denied</> failures occurring on Windows
+      due to attempts to fsync already-deleted files (Magnus, Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix bug that could cause the statistics collector
+      to hang on Windows (Magnus)
+     </para>
+
+     <para>
+      This would in turn lead to autovacuum not working.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix possible crashes when an already-in-use PL/pgSQL function is
+      updated (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix possible errors in processing PL/pgSQL exception blocks (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-8-2-1">
    <title>Release 8.2.1</title>
 
@@ -503,7 +657,7 @@ links to the main documentation.
        </para>
 
        <para>
-        This may eliminate the need to set unrealistically small
+        This might eliminate the need to set unrealistically small
         values of <link
         linkend="guc-random-page-cost"><varname>random_page_cost</></link>.
         If you have been using a very small <varname>random_page_cost</>,
@@ -998,7 +1152,7 @@ links to the main documentation.
 
        <para>
         On platforms where it is expensive to update the <application>ps</>
-        display, it may be worthwhile to turn this off and rely solely on
+        display, it might be worthwhile to turn this off and rely solely on
         <structname>pg_stat_activity</> for status information.
        </para>
       </listitem>
@@ -1279,7 +1433,7 @@ links to the main documentation.
        <para>
         This prevents surprising behavior due to multiple evaluation
         of a <literal>volatile</> function (such as <function>random()</>
-        or <function>nextval()</>).  It may cause performance
+        or <function>nextval()</>).  It might cause performance
         degradation in the presence of functions that are unnecessarily
         marked as <literal>volatile</>.
        </para>
@@ -2726,6 +2880,106 @@ links to the main documentation.
    </sect2>
   </sect1>
 
+  <sect1 id="release-8-1-7">
+   <title>Release 8.1.7</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 8.1.6, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 8.1.7</title>
+
+    <para>
+     A dump/restore is not required for those running 8.1.X.
+     However, if you are upgrading from a version earlier than 8.1.2,
+     see the release notes for 8.1.2.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerabilities that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerabilities involve suppressing the normal check that a SQL
+      function returns the data type it's declared to, and changing the
+      data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
+      errors can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Improve <command>VACUUM</> performance for databases with many tables (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix autovacuum to avoid leaving non-permanent transaction IDs in
+      non-connectable databases (Alvaro)
+     </para>
+
+     <para>
+      This bug affects the 8.1 branch only.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix bogus <quote>permission denied</> failures occurring on Windows
+      due to attempts to fsync already-deleted files (Magnus, Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix possible crashes when an already-in-use PL/pgSQL function is
+      updated (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-8-1-6">
    <title>Release 8.1.6</title>
 
@@ -2975,7 +3229,7 @@ compilers (Hiroshi Saito)</para></listitem>
 
     <para>
      Full security against the SQL-injection attacks described in
-     CVE-2006-2313 and CVE-2006-2314 may require changes in application
+     CVE-2006-2313 and CVE-2006-2314 might require changes in application
      code.  If you have applications that embed untrustworthy strings
      into SQL commands, you should examine them as soon as possible to
      ensure that they are using recommended escaping techniques.  In
@@ -3007,7 +3261,7 @@ literals.  By default, <literal>\'</> is rejected only when
 GB18030, or UHC), which is the scenario in which SQL injection is possible.
 A new configuration parameter <varname>backslash_quote</> is available to
 adjust this behavior when needed.  Note that full security against
-CVE-2006-2314 may require client-side changes; the purpose of
+CVE-2006-2314 might require client-side changes; the purpose of
 <varname>backslash_quote</> is in part to make it obvious that insecure
 clients are insecure.
 </para></listitem>
@@ -3274,7 +3528,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
 <para>This fixes a problem that occurred if the <application>postmaster</> was
 started with environment variables specifying a different locale than what
 <application>initdb</> had been told.  Under these conditions, any use of
-<application>plperl</> was likely to lead to corrupt indexes.  You may need
+<application>plperl</> was likely to lead to corrupt indexes.  You might need
 <command>REINDEX</> to fix existing indexes on
 textual columns if this has happened to you.</para></listitem>
 
@@ -3672,7 +3926,7 @@ DISTINCT query</para></listitem>
       </para>
 
       <para>
-       It may be necessary to set <varname>add_missing_from</> to true
+       It might be necessary to set <varname>add_missing_from</> to true
        in order to load an existing dump file, if the dump contains any
        views or rules created using the implicit-<literal>FROM</> syntax.
        This should be a one-time annoyance, because
@@ -3894,7 +4148,7 @@ psql -t -f fixseq.sql db1 | psql -e db1
 
      <listitem>
       <para>
-       <command>CREATE LANGUAGE</> may ignore the provided arguments
+       <command>CREATE LANGUAGE</> can ignore the provided arguments
        in favor of information from <structname>pg_pltemplate</>
        (Tom)
       </para>
@@ -5536,6 +5790,75 @@ psql -t -f fixseq.sql db1 | psql -e db1
    </sect2>
   </sect1>
 
+  <sect1 id="release-8-0-11">
+   <title>Release 8.0.11</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 8.0.10, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 8.0.11</title>
+
+    <para>
+     A dump/restore is not required for those running 8.0.X.  However,
+     if you are upgrading from a version earlier than 8.0.6, see the release
+     notes for 8.0.6.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerabilities that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerabilities involve suppressing the normal check that a SQL
+      function returns the data type it's declared to, and changing the
+      data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
+      errors can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-8-0-10">
    <title>Release 8.0.10</title>
 
@@ -5733,7 +6056,7 @@ Wieland)</para></listitem>
 
     <para>
      Full security against the SQL-injection attacks described in
-     CVE-2006-2313 and CVE-2006-2314 may require changes in application
+     CVE-2006-2313 and CVE-2006-2314 might require changes in application
      code.  If you have applications that embed untrustworthy strings
      into SQL commands, you should examine them as soon as possible to
      ensure that they are using recommended escaping techniques.  In
@@ -5765,7 +6088,7 @@ literals.  By default, <literal>\'</> is rejected only when
 GB18030, or UHC), which is the scenario in which SQL injection is possible.
 A new configuration parameter <varname>backslash_quote</> is available to
 adjust this behavior when needed.  Note that full security against
-CVE-2006-2314 may require client-side changes; the purpose of
+CVE-2006-2314 might require client-side changes; the purpose of
 <varname>backslash_quote</> is in part to make it obvious that insecure
 clients are insecure.
 </para></listitem>
@@ -5971,7 +6294,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
 <para>This fixes a problem that occurred if the <application>postmaster</> was
 started with environment variables specifying a different locale than what
 <application>initdb</> had been told.  Under these conditions, any use of
-<application>plperl</> was likely to lead to corrupt indexes.  You may need
+<application>plperl</> was likely to lead to corrupt indexes.  You might need
 <command>REINDEX</> to fix existing indexes on
 textual columns if this has happened to you.</para></listitem>
 
@@ -6222,7 +6545,7 @@ code</para></listitem>
      It is strongly recommended that all installations repair these errors,
      either by initdb or by following the manual repair procedure given
      below.  The errors at least allow unprivileged database users to crash
-     their server process, and may allow unprivileged users to gain the
+     their server process, and might allow unprivileged users to gain the
      privileges of a database superuser.
     </para>
 
@@ -6891,8 +7214,7 @@ typedefs (Michael)</para></listitem>
        behavior across all platforms.  In most cases, there should be
        little noticeable difference in time zone behavior, except that
        the time zone names used by <command>SET</>/<command>SHOW</>
-       <varname>TimeZone</> may
+       <varname>TimeZone</> might be different from what your platform provides.
-       be different from what your platform provides.
       </para>
      </listitem>
 
@@ -7321,7 +7643,7 @@ typedefs (Michael)</para></listitem>
         Some logging-related configuration parameters could formerly be adjusted
         by ordinary users, but only in the <quote>more verbose</> direction.
         They are now treated more strictly: only superusers can set them.
-        However, a superuser may use <command>ALTER USER</> to provide per-user
+        However, a superuser can use <command>ALTER USER</> to provide per-user
         settings of these values for non-superusers.  Also, it is now possible
         for superusers to set values of superuser-only configuration parameters
         via <literal>PGOPTIONS</>.
@@ -8862,6 +9184,75 @@ typedefs (Michael)</para></listitem>
    </sect2>
   </sect1>
 
+  <sect1 id="release-7-4-16">
+   <title>Release 7.4.16</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.4.15, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.4.16</title>
+
+    <para>
+     A dump/restore is not required for those running 7.4.X.  However,
+     if you are upgrading from a version earlier than 7.4.11, see the release
+     notes for 7.4.11.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerability that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerability involves suppressing the normal check that a SQL
+      function returns the data type it's declared to, or changing the
+      data type of a table column used in a SQL function (CVE-2007-0555).
+      This error can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-7-4-15">
    <title>Release 7.4.15</title>
 
@@ -9020,7 +9411,7 @@ ANYARRAY</para></listitem>
 
     <para>
      Full security against the SQL-injection attacks described in
-     CVE-2006-2313 and CVE-2006-2314 may require changes in application
+     CVE-2006-2313 and CVE-2006-2314 might require changes in application
      code.  If you have applications that embed untrustworthy strings
      into SQL commands, you should examine them as soon as possible to
      ensure that they are using recommended escaping techniques.  In
@@ -9052,7 +9443,7 @@ literals.  By default, <literal>\'</> is rejected only when
 GB18030, or UHC), which is the scenario in which SQL injection is possible.
 A new configuration parameter <varname>backslash_quote</> is available to
 adjust this behavior when needed.  Note that full security against
-CVE-2006-2314 may require client-side changes; the purpose of
+CVE-2006-2314 might require client-side changes; the purpose of
 <varname>backslash_quote</> is in part to make it obvious that insecure
 clients are insecure.
 </para></listitem>
@@ -9205,7 +9596,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
 <para>This fixes a problem that occurred if the <application>postmaster</> was
 started with environment variables specifying a different locale than what
 <application>initdb</> had been told.  Under these conditions, any use of
-<application>plperl</> was likely to lead to corrupt indexes.  You may need
+<application>plperl</> was likely to lead to corrupt indexes.  You might need
 <command>REINDEX</> to fix existing indexes on
 textual columns if this has happened to you.</para></listitem>
 
@@ -9391,7 +9782,7 @@ code</para></listitem>
      It is strongly recommended that all installations repair these errors,
      either by initdb or by following the manual repair procedures given
      below.  The errors at least allow unprivileged database users to crash
-     their server process, and may allow unprivileged users to gain the
+     their server process, and might allow unprivileged users to gain the
      privileges of a database superuser.
     </para>
 
@@ -9409,7 +9800,7 @@ WHERE pronamespace = 11 AND pronargs = 5
 COMMIT;
 </programlisting>
 
-     Next, if you have installed <filename>contrib/tsearch2</>, do
+     Next, if you have installed <filename>contrib/tsearch2</>, do:
 
 <programlisting>
 BEGIN;
@@ -9438,12 +9829,12 @@ COMMIT;
      template databases then any subsequently created databases will contain
      the same errors.  <literal>template1</> can be fixed in the same way
      as any other database, but fixing <literal>template0</> requires
-     additional steps.  First, from any database issue
+     additional steps.  First, from any database issue:
 <programlisting>
 UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
 </programlisting>
       Next connect to <literal>template0</> and perform the above repair
-      procedures.  Finally, do
+      procedures.  Finally, do:
 <programlisting>
 -- re-freeze template0:
 VACUUM FREEZE;
@@ -9815,7 +10206,7 @@ names from outer query levels.
 
     <para>
      A dump/restore is not required for those running 7.4.X.  However,
-     it may be advisable as the easiest method of incorporating fixes for
+     it might be advisable as the easiest method of incorporating fixes for
      two errors that have been found in the initial contents of 7.4.X system
      catalogs.  A dump/initdb/reload sequence using 7.4.2's initdb will
      automatically correct these problems.
@@ -9881,12 +10272,12 @@ GRANT SELECT, UPDATE ON pg_settings TO PUBLIC;
      template databases then any subsequently created databases will contain
      the same errors.  <literal>template1</> can be fixed in the same way
      as any other database, but fixing <literal>template0</> requires
-     additional steps.  First, from any database issue
+     additional steps.  First, from any database issue:
 <programlisting>
 UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
 </programlisting>
       Next connect to <literal>template0</> and perform the above repair
-      procedures.  Finally, do
+      procedures.  Finally, do:
 <programlisting>
 -- re-freeze template0:
 VACUUM FREEZE;
@@ -10369,7 +10760,7 @@ DROP SCHEMA information_schema CASCADE;
     <listitem>
      <para>
       Inner joins using the explicit <literal>JOIN</literal> syntax
-      may behave differently because they are now better
+      might behave differently because they are now better
       optimized.
      </para>
     </listitem>
@@ -11336,7 +11727,7 @@ DROP SCHEMA information_schema CASCADE;
 
     <listitem>
      <para>
-      Arrays may now be specified as <literal>ARRAY[1,2,3]</literal>,
+      Arrays can now be specified as <literal>ARRAY[1,2,3]</literal>,
       <literal>ARRAY[['a','b'],['c','d']]</literal>, or
       <literal>ARRAY[ARRAY[ARRAY[2]]]</literal> (Joe)
      </para>
@@ -11910,6 +12301,68 @@ DROP SCHEMA information_schema CASCADE;
   </sect2>
  </sect1>
 
+  <sect1 id="release-7-3-18">
+   <title>Release 7.3.18</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.3.17, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.3.18</title>
+
+    <para>
+     A dump/restore is not required for those running 7.3.X.  However,
+     if you are upgrading from a version earlier than 7.3.13, see the release
+     notes for 7.3.13.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerability that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerability involves changing the
+      data type of a table column used in a SQL function (CVE-2007-0555).
+      This error can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-7-3-17">
    <title>Release 7.3.17</title>
 
@@ -12034,7 +12487,7 @@ DROP SCHEMA information_schema CASCADE;
 
     <para>
      Full security against the SQL-injection attacks described in
-     CVE-2006-2313 and CVE-2006-2314 may require changes in application
+     CVE-2006-2313 and CVE-2006-2314 might require changes in application
      code.  If you have applications that embed untrustworthy strings
      into SQL commands, you should examine them as soon as possible to
      ensure that they are using recommended escaping techniques.  In
@@ -12066,7 +12519,7 @@ literals.  By default, <literal>\'</> is rejected only when
 GB18030, or UHC), which is the scenario in which SQL injection is possible.
 A new configuration parameter <varname>backslash_quote</> is available to
 adjust this behavior when needed.  Note that full security against
-CVE-2006-2314 may require client-side changes; the purpose of
+CVE-2006-2314 might require client-side changes; the purpose of
 <varname>backslash_quote</> is in part to make it obvious that insecure
 clients are insecure.
 </para></listitem>
@@ -12199,7 +12652,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
 <para>This fixes a problem that occurred if the <application>postmaster</> was
 started with environment variables specifying a different locale than what
 <application>initdb</> had been told.  Under these conditions, any use of
-<application>plperl</> was likely to lead to corrupt indexes.  You may need
+<application>plperl</> was likely to lead to corrupt indexes.  You might need
 <command>REINDEX</> to fix existing indexes on
 textual columns if this has happened to you.</para></listitem>
 
@@ -12354,7 +12807,7 @@ the variable is of pass-by-reference type</para></listitem>
      It is strongly recommended that all installations repair this error,
      either by initdb or by following the manual repair procedure given
      below.  The error at least allows unprivileged database users to crash
-     their server process, and may allow unprivileged users to gain the
+     their server process, and might allow unprivileged users to gain the
      privileges of a database superuser.
     </para>
 
@@ -12380,12 +12833,12 @@ COMMIT;
      template databases then any subsequently created databases will contain
      the same error.  <literal>template1</> can be fixed in the same way
      as any other database, but fixing <literal>template0</> requires
-     additional steps.  First, from any database issue
+     additional steps.  First, from any database issue:
 <programlisting>
 UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
 </programlisting>
       Next connect to <literal>template0</> and perform the above repair
-      procedure.  Finally, do
+      procedure.  Finally, do:
 <programlisting>
 -- re-freeze template0:
 VACUUM FREEZE;
@@ -12938,7 +13391,7 @@ operations on bytea columns (Joe)</para></listitem>
     A dump/restore is <emphasis>not</emphasis> required for those
     running version 7.3. However, it should be noted that the main
     <productname>PostgreSQL</productname> interface library, libpq,
-    has a new major version number for this release, which may require
+    has a new major version number for this release, which might require
     recompilation of client code in certain cases.
    </para>
   </sect2>
@@ -13174,7 +13627,7 @@ operations on bytea columns (Joe)</para></listitem>
      <para>
       <command>COPY</command> no longer considers missing trailing
       columns to be null.  All columns need to be specified.
-      (However, one may achieve a similar effect by specifying a
+      (However, one can achieve a similar effect by specifying a
       column list in the <command>COPY</command> command.)
      </para>
     </listitem>
@@ -14075,7 +14528,7 @@ since <productname>PostgreSQL</productname> 7.1.
     <listitem>
      <para>
       The semantics of the <command>VACUUM</command> command have
-      changed in this release.  You may wish to update your
+      changed in this release.  You might wish to update your
       maintenance procedures accordingly.
      </para>
     </listitem>
@@ -14670,7 +15123,7 @@ previous releases of <productname>PostgreSQL</productname> have forced
 all data modifications to disk before each transaction commit.  With
 WAL, only one log file must be flushed to disk, greatly improving
 performance.  If you have been using -F in previous releases to
-disable disk flushes, you may want to consider discontinuing its use.
+disable disk flushes, you might want to consider discontinuing its use.
       </para>
      </listitem>
     </varlistentry>
@@ -14711,7 +15164,7 @@ outer join syntax.
 The previous C function manager did not
 handle null values properly, nor did it support 64-bit <acronym>CPU</acronym>'s (Alpha).  The new
 function manager does.  You can continue using your old custom
-functions, but you may want to rewrite them in the future to use the new
+functions, but you might want to rewrite them in the future to use the new
 function manager call interface.
       </para>
      </listitem>
@@ -15184,7 +15637,7 @@ ecpg changes (Michael)
      A dump/restore using <application>pg_dump</application>
      is required for those wishing to migrate data from any
      previous release of <productname>PostgreSQL</productname>.
-     For those upgrading from 6.5.*, you may instead use 
+     For those upgrading from 6.5.*, you can instead use
      <application>pg_upgrade</application> to upgrade to this
      release; however, a full dump/reload installation is always the
      most robust method for upgrades.
@@ -15205,7 +15658,7 @@ ecpg changes (Michael)
        ease the transition by allowing
        <productname>PostgreSQL</productname> to recognize
        the deprecated type names and translate them to the new type
-       names, this mechanism may not be completely transparent to
+       names, this mechanism cannot be completely transparent to
        your existing application.
       </para>
      </listitem>
@@ -15217,8 +15670,8 @@ ecpg changes (Michael)
        decreased query times as the optimizer makes a better choice
        for the preferred plan. However, in a small number of cases,
        usually involving pathological distributions of data, your
-       query times may go up. If you are dealing with large amounts
+       query times might go up. If you are dealing with large amounts
-       of data, you may want to check your queries to verify
+       of data, you might want to check your queries to verify
        performance.
       </para>
      </listitem>
@@ -16382,7 +16835,7 @@ Jdbc cleanups(Peter)
 Show backend status on ps command line(only works on some platforms)(Bruce)
 Pg_hba.conf now has a sameuser option in the database field
 Make lo_unlink take oid param, not int4
-New DISABLE_COMPLEX_MACRO for compilers that can't handle our macros(Bruce)
+New DISABLE_COMPLEX_MACRO for compilers that cannot handle our macros(Bruce)
 Libpgtcl now handles NOTIFY as a Tcl event, need not send dummy queries(Tom)
 libpgtcl cleanups(Tom)
 Add -error option to libpgtcl's pg_result command(Tom)
@@ -16699,7 +17152,7 @@ Better identify tcl and tk libs and includes(Bruce)
      <listitem>
       <para>
        Socket interface for client/server connection. This is the default now
-       so you may need to start <application>postmaster</application> with the
+       so you might need to start <application>postmaster</application> with the
        <option>-i</option> flag.
       </para>
      </listitem>
@@ -16735,9 +17188,9 @@ Better identify tcl and tk libs and includes(Bruce)
     mention that without subselects, SQL is a very limited language.
     Subselects are a major feature, and you should review your code for
     places where subselects provide a better solution for your queries.  I
-    think you will find that there are more uses for subselects than you may
+    think you will find that there are more uses for subselects than you might
     think.  Vadim has put us on the big SQL map with subselects, and fully
-    functional ones too.  The only thing you can't do with subselects is to
+    functional ones too.  The only thing you cannot do with subselects is to
     use them in the target list.
    </para>
    <para>
@@ -16750,7 +17203,7 @@ Better identify tcl and tk libs and includes(Bruce)
     Third, <type>char()</type> fields will now allow faster access than <type>varchar()</type> or
     <type>text</type>. Specifically, the <type>text</> and <type>varchar()</type> have a penalty for access to
     any columns after the first column of this type.  <type>char()</type> used to also
-    have this access penalty, but it no longer does.  This may suggest that
+    have this access penalty, but it no longer does.  This might suggest that
     you redesign some of your tables, especially if you have short character
     columns that you have defined as <type>varchar()</type> or <type>text</type>.  This and other
     changes make 6.3 even faster than earlier releases.
@@ -17299,7 +17752,7 @@ optimizer which uses <firstterm>genetic</firstterm>
   The interpretation of array specifiers (the curly braces around atomic
   values) appears to have changed sometime after the original regression
   tests were generated. The current <filename>./expected/*.out</filename> files reflect this
-  new interpretation, which may not be correct!
+  new interpretation, which might not be correct!
 </para>
 
 <para>
@@ -17787,7 +18240,7 @@ If you do, you must create a file name <literal>pg_hba</literal> in your top-lev
 <step>
 <para>
 If you do not want host-based authentication, you can comment out
-   the line
+   the line:
 <programlisting>
         HBA = 1
 </programlisting>
@@ -18013,7 +18466,7 @@ Incompatible changes:
  * float literals (eg. 3.14) are now of type float4 (instead of float8 in
    previous releases); you might have to do typecasting if you depend on it
    being of type float8.  If you neglect to do the typecasting and you assign
-   a float literal to a field of type float8, you may get incorrect values
+   a float literal to a field of type float8, you might get incorrect values
    stored!
  * LIBPQ has been totally revamped so that frontend applications
    can connect to multiple backends