database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-06 19:59:18 +03:00
Code

Update release notes for security-related releases in all active branches.

Browse Source 
Security: CVE-2007-0555, CVE-2007-0556
This commit is contained in:
Tom Lane 2007-02-02 00:10:33 +00:00
parent 23326cd18b
commit 40cf433eb6
1 changed files with 957 additions and 504 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

557
doc/src/sgml/release.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.488.2.4 2007/02/01 19:18:14 neilc Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.488.2.5 2007/02/02 00:10:33 tgl Exp $ -->
<!--
Typical markup:
@ -27,13 +27,167 @@ wrap long lines
For new features, add links to the documentation sections. Use </link>
so that perl can remove it so HISTORY.html can be created with no
links to the main documentation.
links to the main documentation. This was added only in 8.2, so don't
do it for earlier branch release files.
-->
<appendix id="release">
<title>Release Notes</title>
<sect1 id="release-8-2-2">
<title>Release 8.2.2</title>
<note>
<title>Release date</title>
<simpara>2007-02-05</simpara>
</note>
<para>
This release contains a variety of fixes from 8.2.1, including
a security fix.
</para>
<sect2>
<title>Migration to version 8.2.2</title>
<para>
A dump/restore is not required for those running 8.2.X.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Remove security vulnerabilities that allowed connected users
to read backend memory (Tom)
</para>
<para>
The vulnerabilities involve suppressing the normal check that a SQL
function returns the data type it's declared to, and changing the
data type of a table column (CVE-2007-0555, CVE-2007-0556). These
errors can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
</para>
</listitem>
<listitem>
<para>
Fix not-so-rare-anymore bug wherein btree index page splits could fail
due to choosing an infeasible split point (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix Borland C compile scripts (L Bayuk)
</para>
</listitem>
<listitem>
<para>
Properly handle <function>to_char('CC')</> for years ending in
<literal>00</> (Tom)
</para>
<para>
Year 2000 is in the twentieth century, not the twenty-first.
</para>
</listitem>
<listitem>
<para>
<filename>/contrib/tsearch2</> localization improvements (Tatsuo, Teodor)
</para>
</listitem>
<listitem>
<para>
Fix incorrect permission check in
<literal>information_schema.key_column_usage</> view (Tom)
</para>
<para>
The symptom is <quote>relation with OID nnnnn does not exist</> errors.
To get this fix without using <command>initdb</>, use <command>CREATE OR
REPLACE VIEW</> to install the corrected definition found in
<filename>share/information_schema.sql</>. Note you will need to do
this in each database.
</para>
</listitem>
<listitem>
<para>
Improve <command>VACUUM</> performance for databases with many tables (Tom)
</para>
</listitem>
<listitem>
<para>
Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
</para>
</listitem>
<listitem>
<para>
Fix potentially incorrect results from index searches using
<literal>ROW</> inequality conditions (Tom)
</para>
</listitem>
<listitem>
<para>
Tighten security of multi-byte character processing for UTF8 sequences
over three bytes long (Tom)
</para>
</listitem>
<listitem>
<para>
Fix bogus <quote>permission denied</> failures occurring on Windows
due to attempts to fsync already-deleted files (Magnus, Tom)
</para>
</listitem>
<listitem>
<para>
Fix bug that could cause the statistics collector
to hang on Windows (Magnus)
</para>
<para>
This would in turn lead to autovacuum not working.
</para>
</listitem>
<listitem>
<para>
Fix possible crashes when an already-in-use PL/pgSQL function is
updated (Tom)
</para>
</listitem>
<listitem>
<para>
Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom)
</para>
</listitem>
<listitem>
<para>
Fix possible errors in processing PL/pgSQL exception blocks (Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-2-1">
<title>Release 8.2.1</title>
@ -503,7 +657,7 @@ links to the main documentation.
</para>
<para>
This may eliminate the need to set unrealistically small
This might eliminate the need to set unrealistically small
values of <link
linkend="guc-random-page-cost"><varname>random_page_cost</></link>.
If you have been using a very small <varname>random_page_cost</>,
@ -998,7 +1152,7 @@ links to the main documentation.
<para>
On platforms where it is expensive to update the <application>ps</>
display, it may be worthwhile to turn this off and rely solely on
display, it might be worthwhile to turn this off and rely solely on
<structname>pg_stat_activity</> for status information.
</para>
</listitem>
@ -1279,7 +1433,7 @@ links to the main documentation.
<para>
This prevents surprising behavior due to multiple evaluation
of a <literal>volatile</> function (such as <function>random()</>
or <function>nextval()</>). It may cause performance
or <function>nextval()</>). It might cause performance
degradation in the presence of functions that are unnecessarily
marked as <literal>volatile</>.
</para>
@ -2726,6 +2880,106 @@ links to the main documentation.
</sect2>
</sect1>
<sect1 id="release-8-1-7">
<title>Release 8.1.7</title>
<note>
<title>Release date</title>
<simpara>2007-02-05</simpara>
</note>
<para>
This release contains a variety of fixes from 8.1.6, including
a security fix.
</para>
<sect2>
<title>Migration to version 8.1.7</title>
<para>
A dump/restore is not required for those running 8.1.X.
However, if you are upgrading from a version earlier than 8.1.2,
see the release notes for 8.1.2.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Remove security vulnerabilities that allowed connected users
to read backend memory (Tom)
</para>
<para>
The vulnerabilities involve suppressing the normal check that a SQL
function returns the data type it's declared to, and changing the
data type of a table column (CVE-2007-0555, CVE-2007-0556). These
errors can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
</para>
</listitem>
<listitem>
<para>
Fix rare bug wherein btree index page splits could fail
due to choosing an infeasible split point (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Improve <command>VACUUM</> performance for databases with many tables (Tom)
</para>
</listitem>
<listitem>
<para>
Fix autovacuum to avoid leaving non-permanent transaction IDs in
non-connectable databases (Alvaro)
</para>
<para>
This bug affects the 8.1 branch only.
</para>
</listitem>
<listitem>
<para>
Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
</para>
</listitem>
<listitem>
<para>
Tighten security of multi-byte character processing for UTF8 sequences
over three bytes long (Tom)
</para>
</listitem>
<listitem>
<para>
Fix bogus <quote>permission denied</> failures occurring on Windows
due to attempts to fsync already-deleted files (Magnus, Tom)
</para>
</listitem>
<listitem>
<para>
Fix possible crashes when an already-in-use PL/pgSQL function is
updated (Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-1-6">
<title>Release 8.1.6</title>
@ -2975,7 +3229,7 @@ compilers (Hiroshi Saito)</para></listitem>
<para>
Full security against the SQL-injection attacks described in
CVE-2006-2313 and CVE-2006-2314 may require changes in application
CVE-2006-2313 and CVE-2006-2314 might require changes in application
code. If you have applications that embed untrustworthy strings
into SQL commands, you should examine them as soon as possible to
ensure that they are using recommended escaping techniques. In
@ -3007,7 +3261,7 @@ literals. By default, <literal>\'</> is rejected only when
GB18030, or UHC), which is the scenario in which SQL injection is possible.
A new configuration parameter <varname>backslash_quote</> is available to
adjust this behavior when needed. Note that full security against
CVE-2006-2314 may require client-side changes; the purpose of
CVE-2006-2314 might require client-side changes; the purpose of
<varname>backslash_quote</> is in part to make it obvious that insecure
clients are insecure.
</para></listitem>
@ -3274,7 +3528,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
<para>This fixes a problem that occurred if the <application>postmaster</> was
started with environment variables specifying a different locale than what
<application>initdb</> had been told. Under these conditions, any use of
<application>plperl</> was likely to lead to corrupt indexes. You may need
<application>plperl</> was likely to lead to corrupt indexes. You might need
<command>REINDEX</> to fix existing indexes on
textual columns if this has happened to you.</para></listitem>
@ -3672,7 +3926,7 @@ DISTINCT query</para></listitem>
</para>
<para>
It may be necessary to set <varname>add_missing_from</> to true
It might be necessary to set <varname>add_missing_from</> to true
in order to load an existing dump file, if the dump contains any
views or rules created using the implicit-<literal>FROM</> syntax.
This should be a one-time annoyance, because
@ -3894,7 +4148,7 @@ psql -t -f fixseq.sql db1 | psql -e db1
<listitem>
<para>
<command>CREATE LANGUAGE</> may ignore the provided arguments
<command>CREATE LANGUAGE</> can ignore the provided arguments
in favor of information from <structname>pg_pltemplate</>
(Tom)
</para>
@ -5536,6 +5790,75 @@ psql -t -f fixseq.sql db1 | psql -e db1
</sect2>
</sect1>
<sect1 id="release-8-0-11">
<title>Release 8.0.11</title>
<note>
<title>Release date</title>
<simpara>2007-02-05</simpara>
</note>
<para>
This release contains a variety of fixes from 8.0.10, including
a security fix.
</para>
<sect2>
<title>Migration to version 8.0.11</title>
<para>
A dump/restore is not required for those running 8.0.X. However,
if you are upgrading from a version earlier than 8.0.6, see the release
notes for 8.0.6.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Remove security vulnerabilities that allowed connected users
to read backend memory (Tom)
</para>
<para>
The vulnerabilities involve suppressing the normal check that a SQL
function returns the data type it's declared to, and changing the
data type of a table column (CVE-2007-0555, CVE-2007-0556). These
errors can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
</para>
</listitem>
<listitem>
<para>
Fix rare bug wherein btree index page splits could fail
due to choosing an infeasible split point (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
</para>
</listitem>
<listitem>
<para>
Tighten security of multi-byte character processing for UTF8 sequences
over three bytes long (Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-8-0-10">
<title>Release 8.0.10</title>
@ -5733,7 +6056,7 @@ Wieland)</para></listitem>
<para>
Full security against the SQL-injection attacks described in
CVE-2006-2313 and CVE-2006-2314 may require changes in application
CVE-2006-2313 and CVE-2006-2314 might require changes in application
code. If you have applications that embed untrustworthy strings
into SQL commands, you should examine them as soon as possible to
ensure that they are using recommended escaping techniques. In
@ -5765,7 +6088,7 @@ literals. By default, <literal>\'</> is rejected only when
GB18030, or UHC), which is the scenario in which SQL injection is possible.
A new configuration parameter <varname>backslash_quote</> is available to
adjust this behavior when needed. Note that full security against
CVE-2006-2314 may require client-side changes; the purpose of
CVE-2006-2314 might require client-side changes; the purpose of
<varname>backslash_quote</> is in part to make it obvious that insecure
clients are insecure.
</para></listitem>
@ -5971,7 +6294,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
<para>This fixes a problem that occurred if the <application>postmaster</> was
started with environment variables specifying a different locale than what
<application>initdb</> had been told. Under these conditions, any use of
<application>plperl</> was likely to lead to corrupt indexes. You may need
<application>plperl</> was likely to lead to corrupt indexes. You might need
<command>REINDEX</> to fix existing indexes on
textual columns if this has happened to you.</para></listitem>
@ -6222,7 +6545,7 @@ code</para></listitem>
It is strongly recommended that all installations repair these errors,
either by initdb or by following the manual repair procedure given
below. The errors at least allow unprivileged database users to crash
their server process, and may allow unprivileged users to gain the
their server process, and might allow unprivileged users to gain the
privileges of a database superuser.
</para>
@ -6891,8 +7214,7 @@ typedefs (Michael)</para></listitem>
behavior across all platforms. In most cases, there should be
little noticeable difference in time zone behavior, except that
the time zone names used by <command>SET</>/<command>SHOW</>
<varname>TimeZone</> may
be different from what your platform provides.
<varname>TimeZone</> might be different from what your platform provides.
</para>
</listitem>
@ -7321,7 +7643,7 @@ typedefs (Michael)</para></listitem>
Some logging-related configuration parameters could formerly be adjusted
by ordinary users, but only in the <quote>more verbose</> direction.
They are now treated more strictly: only superusers can set them.
However, a superuser may use <command>ALTER USER</> to provide per-user
However, a superuser can use <command>ALTER USER</> to provide per-user
settings of these values for non-superusers. Also, it is now possible
for superusers to set values of superuser-only configuration parameters
via <literal>PGOPTIONS</>.
@ -8862,6 +9184,75 @@ typedefs (Michael)</para></listitem>
</sect2>
</sect1>
<sect1 id="release-7-4-16">
<title>Release 7.4.16</title>
<note>
<title>Release date</title>
<simpara>2007-02-05</simpara>
</note>
<para>
This release contains a variety of fixes from 7.4.15, including
a security fix.
</para>
<sect2>
<title>Migration to version 7.4.16</title>
<para>
A dump/restore is not required for those running 7.4.X. However,
if you are upgrading from a version earlier than 7.4.11, see the release
notes for 7.4.11.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Remove security vulnerability that allowed connected users
to read backend memory (Tom)
</para>
<para>
The vulnerability involves suppressing the normal check that a SQL
function returns the data type it's declared to, or changing the
data type of a table column used in a SQL function (CVE-2007-0555).
This error can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
</para>
</listitem>
<listitem>
<para>
Fix rare bug wherein btree index page splits could fail
due to choosing an infeasible split point (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
</para>
</listitem>
<listitem>
<para>
Tighten security of multi-byte character processing for UTF8 sequences
over three bytes long (Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-7-4-15">
<title>Release 7.4.15</title>
@ -9020,7 +9411,7 @@ ANYARRAY</para></listitem>
<para>
Full security against the SQL-injection attacks described in
CVE-2006-2313 and CVE-2006-2314 may require changes in application
CVE-2006-2313 and CVE-2006-2314 might require changes in application
code. If you have applications that embed untrustworthy strings
into SQL commands, you should examine them as soon as possible to
ensure that they are using recommended escaping techniques. In
@ -9052,7 +9443,7 @@ literals. By default, <literal>\'</> is rejected only when
GB18030, or UHC), which is the scenario in which SQL injection is possible.
A new configuration parameter <varname>backslash_quote</> is available to
adjust this behavior when needed. Note that full security against
CVE-2006-2314 may require client-side changes; the purpose of
CVE-2006-2314 might require client-side changes; the purpose of
<varname>backslash_quote</> is in part to make it obvious that insecure
clients are insecure.
</para></listitem>
@ -9205,7 +9596,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
<para>This fixes a problem that occurred if the <application>postmaster</> was
started with environment variables specifying a different locale than what
<application>initdb</> had been told. Under these conditions, any use of
<application>plperl</> was likely to lead to corrupt indexes. You may need
<application>plperl</> was likely to lead to corrupt indexes. You might need
<command>REINDEX</> to fix existing indexes on
textual columns if this has happened to you.</para></listitem>
@ -9391,7 +9782,7 @@ code</para></listitem>
It is strongly recommended that all installations repair these errors,
either by initdb or by following the manual repair procedures given
below. The errors at least allow unprivileged database users to crash
their server process, and may allow unprivileged users to gain the
their server process, and might allow unprivileged users to gain the
privileges of a database superuser.
</para>
@ -9409,7 +9800,7 @@ WHERE pronamespace = 11 AND pronargs = 5
COMMIT;
</programlisting>
Next, if you have installed <filename>contrib/tsearch2</>, do
Next, if you have installed <filename>contrib/tsearch2</>, do:
<programlisting>
BEGIN;
@ -9438,12 +9829,12 @@ COMMIT;
template databases then any subsequently created databases will contain
the same errors. <literal>template1</> can be fixed in the same way
as any other database, but fixing <literal>template0</> requires
additional steps. First, from any database issue
additional steps. First, from any database issue:
<programlisting>
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
</programlisting>
Next connect to <literal>template0</> and perform the above repair
procedures. Finally, do
procedures. Finally, do:
<programlisting>
-- re-freeze template0:
VACUUM FREEZE;
@ -9815,7 +10206,7 @@ names from outer query levels.
<para>
A dump/restore is not required for those running 7.4.X. However,
it may be advisable as the easiest method of incorporating fixes for
it might be advisable as the easiest method of incorporating fixes for
two errors that have been found in the initial contents of 7.4.X system
catalogs. A dump/initdb/reload sequence using 7.4.2's initdb will
automatically correct these problems.
@ -9881,12 +10272,12 @@ GRANT SELECT, UPDATE ON pg_settings TO PUBLIC;
template databases then any subsequently created databases will contain
the same errors. <literal>template1</> can be fixed in the same way
as any other database, but fixing <literal>template0</> requires
additional steps. First, from any database issue
additional steps. First, from any database issue:
<programlisting>
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
</programlisting>
Next connect to <literal>template0</> and perform the above repair
procedures. Finally, do
procedures. Finally, do:
<programlisting>
-- re-freeze template0:
VACUUM FREEZE;
@ -10369,7 +10760,7 @@ DROP SCHEMA information_schema CASCADE;
<listitem>
<para>
Inner joins using the explicit <literal>JOIN</literal> syntax
may behave differently because they are now better
might behave differently because they are now better
optimized.
</para>
</listitem>
@ -11336,7 +11727,7 @@ DROP SCHEMA information_schema CASCADE;
<listitem>
<para>
Arrays may now be specified as <literal>ARRAY[1,2,3]</literal>,
Arrays can now be specified as <literal>ARRAY[1,2,3]</literal>,
<literal>ARRAY[['a','b'],['c','d']]</literal>, or
<literal>ARRAY[ARRAY[ARRAY[2]]]</literal> (Joe)
</para>
@ -11910,6 +12301,68 @@ DROP SCHEMA information_schema CASCADE;
</sect2>
</sect1>
<sect1 id="release-7-3-18">
<title>Release 7.3.18</title>
<note>
<title>Release date</title>
<simpara>2007-02-05</simpara>
</note>
<para>
This release contains a variety of fixes from 7.3.17, including
a security fix.
</para>
<sect2>
<title>Migration to version 7.3.18</title>
<para>
A dump/restore is not required for those running 7.3.X. However,
if you are upgrading from a version earlier than 7.3.13, see the release
notes for 7.3.13.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Remove security vulnerability that allowed connected users
to read backend memory (Tom)
</para>
<para>
The vulnerability involves changing the
data type of a table column used in a SQL function (CVE-2007-0555).
This error can easily be exploited to cause a backend crash, and in
principle might be used to read database content that the user
should not be able to access.
</para>
</listitem>
<listitem>
<para>
Fix rare bug wherein btree index page splits could fail
due to choosing an infeasible split point (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Tighten security of multi-byte character processing for UTF8 sequences
over three bytes long (Tom)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-7-3-17">
<title>Release 7.3.17</title>
@ -12034,7 +12487,7 @@ DROP SCHEMA information_schema CASCADE;
<para>
Full security against the SQL-injection attacks described in
CVE-2006-2313 and CVE-2006-2314 may require changes in application
CVE-2006-2313 and CVE-2006-2314 might require changes in application
code. If you have applications that embed untrustworthy strings
into SQL commands, you should examine them as soon as possible to
ensure that they are using recommended escaping techniques. In
@ -12066,7 +12519,7 @@ literals. By default, <literal>\'</> is rejected only when
GB18030, or UHC), which is the scenario in which SQL injection is possible.
A new configuration parameter <varname>backslash_quote</> is available to
adjust this behavior when needed. Note that full security against
CVE-2006-2314 may require client-side changes; the purpose of
CVE-2006-2314 might require client-side changes; the purpose of
<varname>backslash_quote</> is in part to make it obvious that insecure
clients are insecure.
</para></listitem>
@ -12199,7 +12652,7 @@ to ensure that <application>plperl</> won't change the locale later</para>
<para>This fixes a problem that occurred if the <application>postmaster</> was
started with environment variables specifying a different locale than what
<application>initdb</> had been told. Under these conditions, any use of
<application>plperl</> was likely to lead to corrupt indexes. You may need
<application>plperl</> was likely to lead to corrupt indexes. You might need
<command>REINDEX</> to fix existing indexes on
textual columns if this has happened to you.</para></listitem>
@ -12354,7 +12807,7 @@ the variable is of pass-by-reference type</para></listitem>
It is strongly recommended that all installations repair this error,
either by initdb or by following the manual repair procedure given
below. The error at least allows unprivileged database users to crash
their server process, and may allow unprivileged users to gain the
their server process, and might allow unprivileged users to gain the
privileges of a database superuser.
</para>
@ -12380,12 +12833,12 @@ COMMIT;
template databases then any subsequently created databases will contain
the same error. <literal>template1</> can be fixed in the same way
as any other database, but fixing <literal>template0</> requires
additional steps. First, from any database issue
additional steps. First, from any database issue:
<programlisting>
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
</programlisting>
Next connect to <literal>template0</> and perform the above repair
procedure. Finally, do
procedure. Finally, do:
<programlisting>
-- re-freeze template0:
VACUUM FREEZE;
@ -12938,7 +13391,7 @@ operations on bytea columns (Joe)</para></listitem>
A dump/restore is <emphasis>not</emphasis> required for those
running version 7.3. However, it should be noted that the main
<productname>PostgreSQL</productname> interface library, libpq,
has a new major version number for this release, which may require
has a new major version number for this release, which might require
recompilation of client code in certain cases.
</para>
</sect2>
@ -13174,7 +13627,7 @@ operations on bytea columns (Joe)</para></listitem>
<para>
<command>COPY</command> no longer considers missing trailing
columns to be null. All columns need to be specified.
(However, one may achieve a similar effect by specifying a
(However, one can achieve a similar effect by specifying a
column list in the <command>COPY</command> command.)
</para>
</listitem>
@ -14075,7 +14528,7 @@ since <productname>PostgreSQL</productname> 7.1.
<listitem>
<para>
The semantics of the <command>VACUUM</command> command have
changed in this release. You may wish to update your
changed in this release. You might wish to update your
maintenance procedures accordingly.
</para>
</listitem>
@ -14670,7 +15123,7 @@ previous releases of <productname>PostgreSQL</productname> have forced
all data modifications to disk before each transaction commit. With
WAL, only one log file must be flushed to disk, greatly improving
performance. If you have been using -F in previous releases to
disable disk flushes, you may want to consider discontinuing its use.
disable disk flushes, you might want to consider discontinuing its use.
</para>
</listitem>
</varlistentry>
@ -14711,7 +15164,7 @@ outer join syntax.
The previous C function manager did not
handle null values properly, nor did it support 64-bit <acronym>CPU</acronym>'s (Alpha). The new
function manager does. You can continue using your old custom
functions, but you may want to rewrite them in the future to use the new
functions, but you might want to rewrite them in the future to use the new
function manager call interface.
</para>
</listitem>
@ -15184,7 +15637,7 @@ ecpg changes (Michael)
A dump/restore using <application>pg_dump</application>
is required for those wishing to migrate data from any
previous release of <productname>PostgreSQL</productname>.
For those upgrading from 6.5.*, you may instead use
For those upgrading from 6.5.*, you can instead use
<application>pg_upgrade</application> to upgrade to this
release; however, a full dump/reload installation is always the
most robust method for upgrades.
@ -15205,7 +15658,7 @@ ecpg changes (Michael)
ease the transition by allowing
<productname>PostgreSQL</productname> to recognize
the deprecated type names and translate them to the new type
names, this mechanism may not be completely transparent to
names, this mechanism cannot be completely transparent to
your existing application.
</para>
</listitem>
@ -15217,8 +15670,8 @@ ecpg changes (Michael)
decreased query times as the optimizer makes a better choice
for the preferred plan. However, in a small number of cases,
usually involving pathological distributions of data, your
query times may go up. If you are dealing with large amounts
of data, you may want to check your queries to verify
query times might go up. If you are dealing with large amounts
of data, you might want to check your queries to verify
performance.
</para>
</listitem>
@ -16382,7 +16835,7 @@ Jdbc cleanups(Peter)
Show backend status on ps command line(only works on some platforms)(Bruce)
Pg_hba.conf now has a sameuser option in the database field
Make lo_unlink take oid param, not int4
New DISABLE_COMPLEX_MACRO for compilers that can't handle our macros(Bruce)
New DISABLE_COMPLEX_MACRO for compilers that cannot handle our macros(Bruce)
Libpgtcl now handles NOTIFY as a Tcl event, need not send dummy queries(Tom)
libpgtcl cleanups(Tom)
Add -error option to libpgtcl's pg_result command(Tom)
@ -16699,7 +17152,7 @@ Better identify tcl and tk libs and includes(Bruce)
<listitem>
<para>
Socket interface for client/server connection. This is the default now
so you may need to start <application>postmaster</application> with the
so you might need to start <application>postmaster</application> with the
<option>-i</option> flag.
</para>
</listitem>
@ -16735,9 +17188,9 @@ Better identify tcl and tk libs and includes(Bruce)
mention that without subselects, SQL is a very limited language.
Subselects are a major feature, and you should review your code for
places where subselects provide a better solution for your queries. I
think you will find that there are more uses for subselects than you may
think you will find that there are more uses for subselects than you might
think. Vadim has put us on the big SQL map with subselects, and fully
functional ones too. The only thing you can't do with subselects is to
functional ones too. The only thing you cannot do with subselects is to
use them in the target list.
</para>
<para>
@ -16750,7 +17203,7 @@ Better identify tcl and tk libs and includes(Bruce)
Third, <type>char()</type> fields will now allow faster access than <type>varchar()</type> or
<type>text</type>. Specifically, the <type>text</> and <type>varchar()</type> have a penalty for access to
any columns after the first column of this type. <type>char()</type> used to also
have this access penalty, but it no longer does. This may suggest that
have this access penalty, but it no longer does. This might suggest that
you redesign some of your tables, especially if you have short character
columns that you have defined as <type>varchar()</type> or <type>text</type>. This and other
changes make 6.3 even faster than earlier releases.
@ -17299,7 +17752,7 @@ optimizer which uses <firstterm>genetic</firstterm>
The interpretation of array specifiers (the curly braces around atomic
values) appears to have changed sometime after the original regression
tests were generated. The current <filename>./expected/*.out</filename> files reflect this
new interpretation, which may not be correct!
new interpretation, which might not be correct!
</para>
<para>
@ -17787,7 +18240,7 @@ If you do, you must create a file name <literal>pg_hba</literal> in your top-lev
<step>
<para>
If you do not want host-based authentication, you can comment out
the line
the line:
<programlisting>
HBA = 1
</programlisting>
@ -18013,7 +18466,7 @@ Incompatible changes:
* float literals (eg. 3.14) are now of type float4 (instead of float8 in
previous releases); you might have to do typecasting if you depend on it
being of type float8. If you neglect to do the typecasting and you assign
a float literal to a field of type float8, you may get incorrect values
a float literal to a field of type float8, you might get incorrect values
stored!
* LIBPQ has been totally revamped so that frontend applications
can connect to multiple backends