diff --git a/doc/src/sgml/release-17.sgml b/doc/src/sgml/release-17.sgml
index 96463b92ef4..0eb57c63fdd 100644
--- a/doc/src/sgml/release-17.sgml
+++ b/doc/src/sgml/release-17.sgml
@@ -1,6 +1,1683 @@
+
+ Release 17.1
+
+
+ Release date:
+ 2024-11-14
+
+
+
+ This release contains a variety of fixes from 17.0.
+ For information about new features in major release 17, see
+ .
+
+
+
+ Migration to Version 17.1
+
+
+ A dump/restore is not required for those running 17.X.
+
+
+
+ However, if you have detached partitions from a partitioned table that
+ has a foreign-key reference to another partitioned table, you may have
+ catalog and/or data corruption to repair, as detailed in the first
+ changelog entry below.
+
+
+
+ Also, in the uncommon case that a
+ database's LC_CTYPE setting is C
+ while its LC_COLLATE setting is some other locale,
+ indexes on textual columns should be reindexed, as described in the
+ second changelog entry below.
+
+
+
+
+ Changes
+
+
+
+
+
+
+ Fix updates of catalog state for foreign-key constraints when
+ attaching or detaching table partitions (Jehan-Guillaume de
+ Rorthais, Tender Wang, Álvaro Herrera)
+ §
+ §
+
+
+
+ If the referenced table is partitioned, then different catalog
+ entries are needed for a referencing table that is stand-alone
+ versus one that is a partition. ATTACH/DETACH
+ PARTITION commands failed to perform this conversion
+ correctly. In particular, after DETACH the now
+ stand-alone table would be missing foreign-key enforcement triggers,
+ which could result in the table later containing rows that fail the
+ foreign-key constraint. A subsequent re-ATTACH
+ could fail with surprising errors, too.
+
+
+
+ The way to fix this is to do ALTER TABLE DROP
+ CONSTRAINT on the now stand-alone table for each faulty
+ constraint, and then re-add the constraint. If re-adding the
+ constraint fails, then some erroneous data has crept in. You will
+ need to manually re-establish consistency between the referencing
+ and referenced tables, then re-add the constraint.
+
+
+
+ XXX need to provide a query for finding faulty constraints
+
+
+
+
+
+
+ Fix test for C locale
+ when LC_COLLATE is different
+ from LC_CTYPE (Jeff Davis)
+ §
+
+
+
+ When using libc as the default collation
+ provider, the test to see if C locale is in use
+ for collation accidentally checked LC_CTYPE
+ not LC_COLLATE. This has no impact in the
+ typical case where those settings are the same, nor if both are
+ not C (nor its alias POSIX).
+ However, if LC_CTYPE is C
+ while LC_COLLATE is some other locale, wrong
+ query answers could ensue, and corruption of indexes on strings was
+ possible. Users of databases with such settings should reindex
+ affected indexes after installing this update.
+ The converse case with LC_COLLATE
+ being C while LC_CTYPE is some
+ other locale would cause performance degradation, but no actual
+ errors.
+
+
+
+
+
+
+ Avoid possible crashes and could not open relation
+ errors in queries on a partitioned table occurring concurrently with
+ a DETACH CONCURRENTLY and immediate drop of a
+ partition (Álvaro Herrera, Kuntal Gosh)
+ §
+ §
+
+
+
+
+
+
+ Disallow ALTER TABLE ATTACH PARTITION if the
+ table to be attached has a foreign key referencing the partitioned
+ table (Álvaro Herrera)
+ §
+
+
+
+ This arrangement is not supported, and other ways of creating it
+ already fail.
+
+
+
+
+
+
+ Don't use partitionwise joins or grouping if the query's collation
+ for the key column doesn't match the partition key's collation (Jian
+ He, Webbo Han)
+ §
+ §
+
+
+
+ Such plans could produce incorrect results.
+
+
+
+
+
+
+ Avoid planner failure after converting an IS NULL
+ test on a NOT NULL column to
+ constant FALSE (Richard Guo)
+ §
+
+
+
+ This bug typically led to errors such as variable not found
+ in subplan target lists.
+
+
+
+
+
+
+ Avoid possible planner crash while inlining a SQL function whose
+ arguments contain certain array-related constructs (Tom Lane, Nathan
+ Bossart)
+ §
+
+
+
+
+
+
+ Fix possible wrong answers or wrong varnullingrels
+ planner errors for MERGE ... WHEN NOT MATCHED BY
+ SOURCE actions (Dean Rasheed)
+ §
+ §
+
+
+
+
+
+
+ Fix possible could not find pathkey item to sort
+ error when the output of a UNION ALL member query
+ needs to be sorted, and the sort column is an expression (Andrei
+ Lepikhov, Tom Lane)
+ §
+
+
+
+
+
+
+ Fix performance regressions involving flattening of subqueries
+ underneath outer joins that are later reduced to plain joins
+ (Tom Lane)
+ §
+
+
+
+ v16 failed to optimize some queries as well as prior versions had,
+ because of overoptimistic simplification of query-pullup logic.
+
+
+
+
+
+
+ Fix edge case in B-tree ScalarArrayOp index scans (Peter Geoghegan)
+ §
+
+
+
+ When a scrollable cursor with a plan of this kind was backed up to its
+ starting point and then run forward again, wrong answers were
+ possible.
+
+
+
+
+
+
+ Allow cancellation of the second stage of index build for large hash
+ indexes (Pavel Borisov)
+ §
+
+
+
+
+
+
+ Fix assertion failure or confusing error message for COPY
+ (query) TO ..., when
+ the query is rewritten by a DO
+ INSTEAD NOTIFY rule (Tender Wang, Tom Lane)
+ §
+
+
+
+
+
+
+ Fix validation
+ of COPY's FORCE_NOT_NULL
+ and FORCE_NULL options (Joel Jacobson)
+ §
+
+
+
+ Some incorrect usages are now rejected as they should be.
+
+
+
+
+
+
+ Fix server crash when a json_objectagg() call
+ contains a volatile function (Amit Langote)
+ §
+
+
+
+
+
+
+ Fix checking of key uniqueness in JSON object constructors
+ (Junwang Zhao, Tomas Vondra)
+ §
+
+
+
+ When building an object larger than a kilobyte, it was possible to
+ accept invalid input that includes duplicate object keys, or to
+ falsely report that duplicate keys are present.
+
+
+
+
+
+
+ Fix detection of skewed data during parallel hash join (Thomas
+ Munro)
+ §
+
+
+
+ After repartitioning the inner side of a hash join because one
+ partition has accumulated too many tuples, we check to see if all
+ the partition's tuples went into the same child partition, which
+ suggests that they all have the same hash value and further
+ repartitioning cannot improve matters. This check malfunctioned in
+ some cases, allowing repeated futile repartitioning which would
+ eventually end in a resource-exhaustion error.
+
+
+
+
+
+
+ Avoid crash when ALTER DATABASE SET is used to
+ set a server parameter that requires search-path-based lookup, such
+ as default_text_search_config (Jeff Davis)
+ §
+
+
+
+
+
+
+ Avoid repeated lookups of opclasses and collations while creating a
+ new index on a partitioned table (Tom Lane)
+ §
+
+
+
+ This was problematic mainly because some of the lookups would be
+ done with a restricted search_path, leading to
+ unexpected failures if the CREATE INDEX command
+ referenced objects outside pg_catalog.
+
+
+
+ This fix also prevents comments on the parent partitioned index from
+ being copied to child indexes.
+
+
+
+
+
+
+ Add missing dependency from a partitioned table to a non-built-in
+ access method specified in CREATE TABLE ... USING
+ (Michael Paquier)
+ §
+
+
+
+ Dropping the access method should be blocked when a table exists
+ that depends on it, but it was not, allowing subsequent odd
+ behavior. Note that this fix only prevents problems for partitioned
+ tables created after this update.
+
+
+
+
+
+
+ Disallow locale names containing non-ASCII characters (Thomas Munro)
+ §
+
+
+
+ This is only an issue on Windows, as such locale names are not used
+ elsewhere. They are problematic because it's quite unclear what
+ encoding such names are represented in (since the locale itself
+ defines the encoding to use). In
+ recent PostgreSQL releases, an abort in
+ the Windows runtime library could occur because of confusion about
+ that.
+
+
+
+ Anyone who encounters the new error message should either create a
+ new duplicated locale with an ASCII-only name using Windows Locale
+ Builder, or consider using BCP 47-compliant locale names
+ like tr-TR.
+
+
+
+
+
+
+ Fix race condition in committing a serializable transaction (Heikki
+ Linnakangas)
+ §
+
+
+
+ Mis-processing of a recently committed transaction could lead to an
+ assertion failure or a could not access status of
+ transaction error.
+
+
+
+
+
+
+ Fix race condition in COMMIT PREPARED
+ that resulted in orphaned 2PC files (wuchengwen)
+ §
+
+
+
+ A concurrent PREPARE TRANSACTION could
+ cause COMMIT PREPARED to not remove the on-disk
+ two-phase state file for the completed transaction. There was no
+ immediate ill effect, but a subsequent crash-and-recovery could fail
+ with could not access status of transaction,
+ requiring manual removal of the orphaned file to restore service.
+
+
+
+
+
+
+ Avoid invalid memory accesses after skipping an invalid toast index
+ during VACUUM FULL (Tender Wang)
+ §
+
+
+
+ A list tracking yet-to-be-rebuilt indexes was not properly updated
+ in this code path, risking assertion failures or crashes later on.
+
+
+
+
+
+
+ Fix ways in which an in place catalog update could be
+ lost (Noah Misch)
+ §
+ §
+ §
+ §
+ §
+ §
+ §
+
+
+
+ Normal row updates write a new version of the row to preserve
+ rollback-ability of the transaction. However, certain system
+ catalog updates are intentionally non-transactional and are done
+ with an in-place update of the row. These patches fix race
+ conditions that could cause the effects of an in-place update to be
+ lost. As an example, it was possible to forget having set
+ pg_class.relhasindex
+ to true, preventing updates of the new index and thus causing index
+ corruption.
+
+
+
+
+
+
+ Reset catalog caches at end of recovery (Noah Misch)
+ §
+
+
+
+ This prevents scenarios wherein an in-place catalog update could be
+ lost due to using stale data from a catalog cache.
+
+
+
+
+
+
+ Avoid using parallel query while holding off interrupts
+ (Francesco Degrassi, Noah Misch, Tom Lane)
+ §
+ §
+
+
+
+ This situation cannot arise normally, but it can be reached with
+ test scenarios such as using a SQL-language function as B-tree
+ support (which would be far too slow for production usage). If it
+ did occur it would result in an indefinite wait.
+
+
+
+
+
+
+ Report the active query ID for statistics purposes at the start of
+ processing of Bind and Execute protocol messages (Sami Imseih)
+ §
+
+
+
+ This allows more of the work done in extended query protocol to be
+ attributed to the correct query.
+
+
+
+
+
+
+ Guard against stack overflow in libxml2
+ with too-deeply-nested XML input (Tom Lane, with hat tip to Nick
+ Wellnhofer)
+ §
+
+
+
+ Use xmlXPathCtxtCompile() rather
+ than xmlXPathCompile(), because the latter
+ fails to protect itself against recursion-to-stack-overflow
+ in libxml2 releases before 2.13.4.
+
+
+
+
+
+
+ Fix some whitespace issues in the result
+ of XMLSERIALIZE(... INDENT) (Jim Jones)
+ §
+
+
+
+ Fix failure to indent nodes separated by whitespace, and ensure that
+ a trailing newline is not added.
+
+
+
+
+
+
+ Do not ignore a concurrent REINDEX CONCURRENTLY
+ that is working on an index with predicates or expressions (Michail
+ Nikolaev)
+ §
+
+
+
+ Normally, REINDEX CONCURRENTLY does not need to
+ wait for other REINDEX CONCURRENTLY operations on
+ other tables. However, this optimization is not applied if the
+ other REINDEX CONCURRENTLY is processing an index
+ with predicates or expressions, on the chance that such expressions
+ contain user-defined code that accesses other tables. Careless
+ coding created a race condition such that that rule was not applied
+ uniformly, possibly allowing inconsistent behavior.
+
+
+
+
+
+
+ Fix mis-deparsing of ORDER BY lists when there is
+ a name conflict (Tom Lane)
+ §
+
+
+
+ If an ORDER BY item in SELECT
+ is a bare identifier, the parser first seeks it as an output column
+ name of the SELECT, for SQL92 compatibility.
+ However, ruleutils.c expects the SQL99 interpretation where such a
+ name is an input column name. So it was possible to produce an
+ incorrect display of a view in the (rather ill-advised) case where
+ some other column is renamed in the SELECT output
+ list to match an input column used in ORDER BY.
+ Fix by table-qualifying such names in the dumped view text.
+
+
+
+
+
+
+ Fix failed to find plan for subquery/CTE errors
+ in EXPLAIN (Richard Guo, Tom Lane)
+ §
+ §
+
+
+
+ This case arose while trying to print references to fields of a
+ RECORD-type output of a subquery when the subquery has been
+ optimized out of the plan altogether (which is possible at least in
+ the case that it has a constant-false WHERE
+ condition). Nothing remains in the plan to identify the original
+ field names, so fall back to
+ printing fN for
+ the N'th record column. (That's actually
+ the right thing anyway, if the record output arose from
+ a ROW() constructor.)
+
+
+
+
+
+
+ Disallow a USING clause when altering the type of
+ a generated column (Peter Eisentraut)
+ §
+
+
+
+ A generated column already has an expression specifying the column
+ contents, so including USING doesn't make sense.
+
+
+
+
+
+
+ Ignore not-yet-defined Portals in
+ the pg_cursors view (Tom Lane)
+ §
+
+
+
+ It is possible for user-defined code that inspects this view to be
+ called while a new cursor is being set up, and if that happens a
+ null pointer dereference would ensue. Avoid the problem by defining
+ the view to exclude incompletely-set-up cursors.
+
+
+
+
+
+
+ Fix incorrect output of the pg_stat_io view
+ on 32-bit machines (Bertrand Drouvot)
+ §
+
+
+
+ The stats_reset timestamp column
+ contained garbage on such hardware.
+
+
+
+
+
+
+ Prevent mis-encoding of trailing junk after numeric
+ literal error messages (Karina Litskevich)
+ §
+
+
+
+ We do not allow identifiers to appear immediately following numeric
+ literals (there must be some whitespace between). If a multibyte
+ character immediately followed a numeric literal, the syntax error
+ message about it included only the first byte of that character,
+ causing bad-encoding problems both in the report to the client and
+ in the postmaster log file.
+
+
+
+
+
+
+ Avoid unexpected table_index_fetch_tuple call during logical
+ decoding error while decoding a transaction involving
+ insertion of a column default value (Takeshi Ideriha, Hou Zhijie)
+ §
+ §
+
+
+
+
+
+
+ Reduce memory consumption of logical decoding (Masahiko Sawada)
+ §
+
+
+
+ Use a smaller default block size to store tuple data received during
+ logical replication. This reduces memory wastage, which has been
+ reported to be severe while processing long-running transactions,
+ even leading to out-of-memory failures.
+
+
+
+
+
+
+ In a logical replication apply worker, ensure that origin progress
+ is not advanced during an error or apply worker shutdown (Hayato
+ Kuroda, Shveta Malik)
+ §
+
+
+
+ This avoids possible loss of a transaction, since once the origin
+ progress point is advanced the source server won't send that data
+ again.
+
+
+
+
+
+
+ Re-disable sending of stateless (TLSv1.2) session tickets
+ (Daniel Gustafsson)
+ §
+
+
+
+ A previous change to prevent sending of stateful (TLSv1.3) session
+ tickets accidentally re-enabled sending of stateless ones. Thus,
+ while we intended to prevent clients from thinking that TLS session
+ resumption is supported, some still did.
+
+
+
+
+
+
+ Avoid wrong tuple length failure when dropping a
+ database with many ACL (permission) entries (Ayush Tiwari)
+ §
+ §
+
+
+
+
+
+
+ Allow adjusting the session_authorization
+ and role settings in parallel workers (Tom Lane)
+ §
+
+
+
+ Our code intends to allow modifiable server settings to be set by
+ function SET clauses, but not otherwise within a
+ parallel worker. SET clauses failed for these
+ two settings, though.
+
+
+
+
+
+
+ Fix behavior of stable functions called from
+ a CALL statement's argument list, when
+ the CALL is within a
+ PL/pgSQL EXCEPTION block (Tom Lane)
+ §
+
+
+
+ As with a similar fix in our previous quarterly releases, this case
+ allowed such functions to be passed the wrong snapshot, causing them
+ to see stale values of rows modified since the start of the outer
+ transaction.
+
+
+
+
+
+
+ Fix cache lookup failed for function errors in edge
+ cases in PL/pgSQL's CALL (Tom Lane)
+ §
+
+
+
+
+
+
+ Fix thread safety of our fallback (non-OpenSSL) MD5 implementation
+ on big-endian hardware (Heikki Linnakangas)
+ §
+
+
+
+ Thread safety is not currently a concern in the server, but it is
+ for libpq.
+
+
+
+
+
+
+ Parse libpq's keepalives
+ connection option in the same way as other integer-valued options
+ (Yuto Sasaki)
+ §
+
+
+
+ The coding used here rejected trailing whitespace in the option
+ value, unlike other cases. This turns out to be problematic
+ in ecpg's usage, for example.
+
+
+
+
+
+
+ Avoid use of pnstrdup()
+ in ecpglib (Jacob Champion)
+ §
+
+
+
+ That function will call exit() on
+ out-of-memory, which is undesirable in a library. The calling code
+ already handles allocation failures properly.
+
+
+
+
+
+
+ In ecpglib, fix out-of-bounds read when
+ parsing incorrect datetime input (Bruce Momjian, Pavel Nekrasov)
+ §
+
+
+
+ It was possible to try to read the location just before the start of
+ a constant array. Real-world consequences seem minimal, though.
+
+
+
+
+
+
+ Fix psql's describe commands to again
+ work with pre-9.4 servers (Tom Lane)
+ §
+
+
+
+ Commands involving display of an ACL (permissions) column failed
+ with very old PostgreSQL servers, due to
+ use of a function not present in those versions.
+
+
+
+
+
+
+ Fix memory leak in psql during repeated
+ use of \bind (Michael Paquier)
+ §
+
+
+
+
+
+
+ Avoid hanging if an interval less than 1ms is specified
+ in psql's \watch
+ command (Andrey Borodin, Michael Paquier)
+ §
+
+
+
+ Instead, treat this the same as an interval of zero (no wait between
+ executions).
+
+
+
+
+
+
+ Fix pg_dump's handling of identity
+ sequences that have persistence different from their owning table's
+ persistence (Tom Lane)
+ §
+
+
+
+ Since v15, it's been possible to set an identity sequence to be
+ LOGGED when its owning table is UNLOGGED or vice versa.
+ However, pg_dump's method for recreating
+ that situation failed in binary-upgrade mode,
+ causing pg_upgrade to fail when such
+ sequences are present. Fix by introducing a new option
+ for ADD/ALTER COLUMN GENERATED AS IDENTITY to
+ allow the sequence's persistence to be set correctly at creation.
+ Note that this means a dump from a database containing such a
+ sequence will only load into a server of this minor version or
+ newer.
+
+
+
+
+
+
+ Fix failure to find replication password
+ in ~/.pgpass (Tom Lane)
+ §
+
+
+
+ pg_basebackup
+ and pg_receivewal failed to match an entry
+ in ~/.pgpass that
+ had replication in the database name field, if
+ no or switch was
+ supplied. This resulted in an unexpected prompt for password.
+
+
+
+
+
+
+ In pg_combinebackup, throw an error if an
+ incremental backup file is present in a directory that is supposed to
+ contain a full backup (Robert Haas)
+ §
+
+
+
+
+
+
+ In pg_combinebackup, don't construct
+ filenames containing double slashes (Robert Haas)
+ §
+
+
+
+ This caused no functional problems, but the duplicate slashes were
+ visible in error messages, which could create confusion.
+
+
+
+
+
+
+ Include the source timeline history
+ in pg_rewind's debug output
+ (Heikki Linnakangas)
+ §
+
+
+
+ This was the intention to begin with, but a coding error caused the
+ source history to always print as empty.
+
+
+
+
+
+
+ Fix misbehavior with junction points on Windows, particularly
+ in pg_rewind (Alexandra Wang)
+
+
+
+ This entailed back-patching previous fixes by Thomas Munro, Peter
+ Eisentraut, Alexander Lakhin, and Juan José Santamaría Flecha.
+ Those changes were originally not back-patched out of caution, but
+ they have been in use in later branches for long enough to deem
+ them safe.
+
+
+
+
+
+
+ Avoid trying to reindex temporary tables and indexes
+ in vacuumdb and in
+ parallel reindexdb (VaibhaveS, Michael
+ Paquier, Fujii Masao, Nathan Bossart)
+ §
+ §
+ §
+
+
+
+ Reindexing other sessions' temporary tables cannot work, but the
+ check to skip them was missing in some code paths, leading to
+ unwanted failures.
+
+
+
+
+
+
+ Allow inspection of sequence relations in relevant functions
+ of contrib/pageinspect
+ and contrib/pgstattuple (Nathan Bossart, Ayush
+ Vatsa)
+ §
+ §
+
+
+
+ This had been allowed in the past, but it got broken during the
+ introduction of non-default access methods for tables.
+
+
+
+
+
+
+ Fix incorrect LLVM-generated code on ARM64 platforms (Thomas
+ Munro, Anthonin Bonnefoy)
+ §
+
+
+
+ When using JIT compilation on ARM platforms, the generated code
+ could not support relocation distances exceeding 32 bits, allowing
+ unlucky placement of generated code to cause server crashes on
+ large-memory systems.
+
+
+
+
+
+
+ Fix a few places that assumed that process start time (represented
+ as a time_t) will fit into a long value
+ (Max Johnson, Nathan Bossart)
+ §
+
+
+
+ On platforms where long is 32 bits (notably Windows),
+ this coding would fail after Y2038. Most of the failures appear
+ only cosmetic, but notably pg_ctl start would
+ hang.
+
+
+
+
+
+
+ Prevent nothing provides
+ perl(PostgreSQL::Test::Utils) failures while building RPM
+ packages of PostgreSQL (Noah Misch)
+
+
+
+
+
+
+ Fix building with Strawberry Perl on Windows (Andrew Dunstan)
+ §
+
+
+
+
+
+
+ Prevent missing declaration for inet_pton compiler
+ warning or error when building with MinGW (Thomas Munro, Andrew
+ Dunstan)
+
+
+
+
+
+
+ Update time zone data files to tzdata
+ release 2024b (Tom Lane)
+ §
+ §
+
+
+
+ This tzdata release changes the old
+ System-V-compatibility zone names to duplicate the corresponding
+ geographic zones; for example PST8PDT is now an
+ alias for America/Los_Angeles. The main visible
+ consequence is that for timestamps before the introduction of
+ standardized time zones, the zone is considered to represent local
+ mean solar time for the named location. For example,
+ in PST8PDT, timestamptz input such
+ as 1801-01-01 00:00 would previously have been
+ rendered as 1801-01-01 00:00:00-08, but now it is
+ rendered as 1801-01-01 00:00:00-07:52:58.
+
+
+
+ Also, historical corrections for Mexico, Mongolia, and Portugal.
+ Notably, Asia/Choibalsan is now an alias
+ for Asia/Ulaanbaatar rather than being a separate
+ zone, mainly because the differences between those zones were found to
+ be based on untrustworthy data.
+
+
+
+
+
+
+
+
Release 17