From 66ca1427a4963012fd565b922d0a67a8a8930d1f Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 5 May 2022 18:27:31 -0400 Subject: [PATCH] First-draft release notes for 14.3. As usual, the release notes for other branches will be made by cutting these down, but put them up for community review first. --- doc/src/sgml/release-14.sgml | 1224 ++++++++++++++++++++++++++++++++++ 1 file changed, 1224 insertions(+) diff --git a/doc/src/sgml/release-14.sgml b/doc/src/sgml/release-14.sgml index d824d2d8885..0118f0913a6 100644 --- a/doc/src/sgml/release-14.sgml +++ b/doc/src/sgml/release-14.sgml @@ -1,6 +1,1230 @@ + + Release 14.3 + + + Release date: + 2022-05-12 + + + + This release contains a variety of fixes from 14.2. + For information about new features in major release 14, see + . + + + + Migration to Version 14.3 + + + A dump/restore is not required for those running 14.X. + + + + However, if you have any GiST indexes on columns of type + ltree (supplied by the contrib/ltree + extension), you should re-index them after updating. + See the first changelog entry below. + + + + Also, if you are upgrading from a version earlier than 14.2, + see . + + + + + Changes + + + + + + + Fix default signature length for gist_ltree_ops + indexes (Tomas Vondra, Alexander Korotkov) + + + + The default signature length (hash size) for GiST indexes + on ltree columns was accidentally changed while + upgrading that operator class to support operator class parameters. + If any operations had been done on such an index without first + upgrading the ltree extension to version 1.2, + they were done assuming that the signature length was 28 bytes + rather than the intended 8. This means it is very likely that such + indexes are now corrupt. For safety we recommend re-indexing all + GiST indexes on ltree columns after installing this + update. (Note that GiST indexes on ltree[] + columns, that is arrays of ltree, are not affected.) + + + + + + + Stop using query-provided column aliases for the columns of + whole-row variables that refer to plain tables (Tom Lane) + + + + The column names in tuples produced by a whole-row variable (such + as tbl.* in contexts other than the top level of + a SELECT list) are now always those of the + associated named composite type, if there is one. We'd previously + attempted to make them track any column aliases that had been + applied to the FROM entry the variable refers to. + But that's semantically dubious, because really then the output of + the variable is not at all of the composite type it claims to be. + Previous attempts to deal with that inconsistency had bad results up + to and including storing unreadable data on disk, so just give up on + the whole idea. + + + + In cases where it's important to be able to relabel such columns, + a workaround is to introduce an extra level of + sub-SELECT, so that the whole-row variable is + referring to the sub-SELECT's output and not to a + plain table. Then the variable is of type record + to begin with and there's no issue. + + + + + + + Fix incorrect roundoff when extracting epoch values from intervals + (Peter Eisentraut) + + + + The new numeric-based code + for EXTRACT() failed to yield results + equivalent to the old float-based code, as a result of + accidentally truncating the DAYS_PER_YEAR value + to an integer. + + + + + + + Disallow infinite endpoints in the timestamp variants + of generate_series() (Tom Lane) + + + + Previously, such a call would run until canceled (or + out-of-disk-space). The numeric variant already threw an error for + an infinite endpoint value, so do likewise for timestamps. + + + + + + + Defend against pg_stat_get_replication_slot(NULL) + (Andres Freund) + + + + This function should be marked strict in the catalog data, but it + was not in v14, so add a run-time check instead. + + + + + + + Fix incorrect output for types timestamptz + and timetz in table_to_xmlschema() + and allied functions (Renan Soares Lopes) + + + + The xmlschema output for these types included a malformed regular + expression. + + + + + + + Fix planner failure when a Result plan node appears immediately + underneath an Append node (Etsuro Fujita) + + + + Recently-added code to support asynchronous remote queries failed to + handle this case, leading to crashes or errors about unrecognized + node types. + + + + + + + Fix planner failure if a query using SEARCH + or CYCLE features contains a duplicate CTE name + (Tom Lane, Kyotaro Horiguchi) + + + + When the name of the recursive WITH query is + re-used within itself, the planner could crash or report odd errors + such as could not find attribute 2 in subquery + targetlist. + + + + + + + Fix planner errors for GROUPING() constructs + that reference outer query levels (Richard Guo, Tom Lane) + + + + + + + Fix plan generation for index-only scans on indexes with + both returnable and non-returnable columns (Tom Lane) + + + + The previous coding could try to read non-returnable columns + in addition to the returnable ones. This was fairly harmless + because it didn't actually do anything with the bogus values; + but it fell foul of a recently-added error check that rejected + such a plan. + + + + + + + Avoid accessing a no-longer-pinned shared buffer while attempting + to lock an outdated tuple during EvalPlanQual (Tom Lane) + + + + The code would touch the buffer a couple more times after releasing + its pin. In theory another process could recycle the buffer (or + more likely, try to defragment its free space) as soon as the pin is + gone, probably leading to failure to find the newer version of the + tuple. + + + + + + + Fix query-lifespan memory leak in an IndexScan node that is + performing reordering (Aliaksandr Kalenik) + + + + + + + Fix ALTER FUNCTION to support changing a + function's parallelism property and + its SET-variable list in the same command (Tom + Lane) + + + + The parallelism property change was lost if the same command also + updated the function's SET clause. + + + + + + + Tighten lookup of the index owned by a constraint + (Tom Lane, Japin Li) + + + + Some code paths mistook the index depended on by a foreign key + constraint for one owned by a unique or primary key constraint, + resulting in odd errors during certain ALTER + TABLE operations on tables having foreign key constraints. + + + + + + + Fix bogus errors from attempts to alter system columns of tables + (Tom Lane) + + + + The system should just tell you that you can't do it, but sometimes + it would report no owned sequence found instead. + + + + + + + Fix mis-sorting of table rows when CLUSTERing + using an index whose leading key is an expression (Peter Geoghegan, + Thomas Munro) + + + + The table would be rebuilt with the correct data, but in an order + having little to do with the index order. + + + + + + + Prevent data loss if a system crash occurs shortly after a sorted + GiST index build (Heikki Linnakangas) + + + + The code path for building GiST indexes using sorting neglected + to fsync the file upon completion. This could + result in a corrupted index if the operating system crashed shortly + later. + + + + + + + Fix risk of deadlock failures while dropping a partitioned index + (Jimmy Yih, Gaurab Dey, Tom Lane) + + + + Ensure that the required table and index locks are taken in the + standard order (parents before children, tables before indexes). + The previous coding for DROP INDEX did it + differently, and so could deadlock against concurrent queries taking + these locks in the standard order. + + + + + + + Fix race condition between DROP TABLESPACE and + checkpointing (Nathan Bossart) + + + + The checkpoint forced by DROP TABLESPACE could + sometimes fail to remove all dead files from the tablespace's + directory, leading to a bogus tablespace is not empty + error. + + + + + + + Fix possible trouble in crash recovery after + a TRUNCATE command that overlaps a checkpoint + (Kyotaro Horiguchi, Heikki Linnakangas, Robert Haas) + + + + TRUNCATE must ensure that the table's disk file + is truncated before the checkpoint is allowed to complete. + Otherwise, replay starting from that checkpoint might find + unexpected data in the supposedly-removed pages, possibly causing + replay failure. + + + + + + + Fix unsafe toast-data accesses during temporary object cleanup + (Andres Freund) + + + + Temporary-object deletion during server process exit could fail + with FATAL: cannot fetch toast data without an active + snapshot. This was usually harmless since the next use of + that temporary schema would clean up successfully. + + + + + + + Re-allow underscore as the first character in a custom parameter + name (Japin Li) + + + + Such names were unintentionally disallowed in v14. + + + + + + + Add regress option for + the compute_query_id parameter (Michael Paquier) + + + + This is intended to facilitate testing, by allowing query IDs to be + computed but not shown in EXPLAIN output. + + + + + + + Improve wait logic in RegisterSyncRequest (Thomas Munro) + + + + If we run out of space in the checkpointer sync request queue (which + is hopefully rare on real systems, but is common when testing with a + very small buffer pool), we wait for it to drain. While waiting, we + should report that as a wait event so that users know what is going + on, and also watch for postmaster death, since otherwise the loop might + never terminate if the checkpointer has already exited. + + + + + + + Wake up for latch events when the checkpointer is waiting between + writes (Thomas Munro) + + + + This improves responsiveness to backends sending sync requests. + The change also creates a proper wait event class for these waits. + + + + + + + Fix PANIC: xlog flush request is not satisfied + failure during standby promotion when there is a missing WAL + continuation record (Sami Imseih) + + + + + + + Fix possibility of self-deadlock in hot standby conflict handling + (Andres Freund) + + + + With unlucky timing, the WAL-applying process could get stuck + while waiting for some other process to release a buffer lock. + + + + + + + Fix possible mis-identification of the correct ancestor relation + to publish logical replication changes through (Tomas Vondra, Hou + zj, Amit Kapila) + + + + If publish_via_partition_root is enabled, and + there are multiple publications naming different ancestors of the + currently-modified relation, the wrong ancestor might be chosen for + reporting the change. + + + + + + + Ensure that logical replication apply workers can be restarted even + when we're up against + the max_sync_workers_per_subscription limit + (Amit Kapila) + + + + Faulty coding of the limit check caused a restarted worker to exit + immediately, leaving fewer workers than there should be. + + + + + + + Include unchanged replica identity key columns in the WAL log for an + update, if they are stored out-of-line (Dilip Kumar, Amit Kapila) + + + + Otherwise subscribers cannot see the values and will fail to + replicate the update. + + + + + + + Improve logical replication subscriber's error message for an + unsupported relation kind (Tom Lane) + + + + v13 and later servers support publishing partitioned tables. Older + server versions cannot handle subscribing to such a table, and they + gave a very misleading error message: table XYZ not found on + publisher. Arrange to deliver a more on-point message. + + + + + + + Cope correctly with platforms that have no support for altering the + server process's display in ps(1) (Andrew + Dunstan) + + + + Few platforms are like this (the only supported one is Cygwin), so + we'd managed not to notice that refactoring introduced a potential + memory clobber. + + + + + + + Make the server more robust against missed timer interrupts (Michael + Harris, Tom Lane) + + + + An optimization added in v14 meant that if a server process somehow + missed a timer interrupt, it would never again ask the kernel for + another one, thus breaking timeout detection for the remainder of the + session. This seems unduly fragile, so add a recovery path. + + + + + + + Disallow execution of SPI functions during PL/Perl function + compilation (Tom Lane) + + + + Perl can be convinced to execute user-defined code during compilation + of a PL/Perl function. However, it's not okay for such code to try + to invoke SQL operations via SPI. That results in a crash, and if + it didn't crash it would be a security hazard, because we really + don't want code execution during function validation. Put in a + check to give a friendlier error message instead. + + + + + + + Make libpq accept root-owned SSL private + key files (David Steele) + + + + This change synchronizes libpq's rules + for safe ownership and permissions of SSL key files with the rules + the server has used since release 9.6. Namely, in addition to the + current rules, allow the case where the key file is owned by root + and has permissions rw-r----- or less. This is + helpful for system-wide management of key files. + + + + + + + Fix behavior of libpq's + PQisBusy() function after a connection failure + (Tom Lane) + + + + If we'd detected a write failure, PQisBusy() + would always return true, which is the wrong thing: we want input + processing to carry on normally until we've read whatever is + available from the server. The practical effect of this error is + that applications using libpq's + async-query API would typically detect connection loss only + when PQconsumeInput() returns a hard failure. + With this fix, a connection loss will normally be reported via an + error PGresult object, which is a much + cleaner behavior for most applications. + + + + + + + Re-allow database.schema.table + patterns + in psql, pg_dump, + and pg_amcheck (Mark Dilger) + + + + Versions before v14 silently ignored all but + the schema + and table fragments of a pattern + containing more than one dot. Refactoring in v14 accidentally broke + that use-case. Reinstate it, but now complain if the first fragment + is not the name of the current database. + + + + + + + Make pg_ctl recheck postmaster aliveness + while waiting for stop/restart/promote actions (Tom Lane) + + + + pg_ctl would verify that the postmaster + is alive as a side-effect of sending the stop or promote signal, but + then it just naively waited to see the on-disk state change. If the + postmaster died uncleanly without having removed its PID file or + updated the control file, pg_ctl would + wait until timeout. Instead make it recheck every so often that the + postmaster process is still there. + + + + + + + Fix error handling in pg_waldump (Kyotaro + Horiguchi, Andres Freund) + + + + While trying to read a WAL file to determine the WAL segment size, + pg_waldump would report an incorrect + error for the case of a too-short file. In addition, the file name + reported in this and related error messages could be garbage. + + + + + + + Ensure that contrib/pageinspect functions cope + with all-zero pages (Michael Paquier) + + + + This is a legitimate edge case, but the module was mostly unprepared + for it. Arrange to return nulls, or no rows, as appropriate; that + seems more useful than raising an error. + + + + + + + In contrib/pageinspect, add defenses against + incorrect page special space contents, tighten checks + for correct page size, and add some missing checks that an index is + of the expected type (Michael Paquier, Justin Pryzby, Julien + Rouhaud) + + + + These changes make it less likely that the module will crash on bad + data. + + + + + + + In contrib/postgres_fdw, disable batch + insertion when BEFORE INSERT ... FOR EACH ROW + triggers exist on the foreign table (Etsuro Fujita) + + + + Such a trigger might query the table it's on and expect to see + previously-inserted rows. With batch insertion, those rows might + not be visible yet, so disable the feature to avoid unexpected + behavior. + + + + + + + In contrib/postgres_fdw, verify + that ORDER BY clauses are safe to ship before + requesting a remotely-ordered query, and include + a USING clause if necessary (Ronan Dunklau) + + + + This fix prevents situations where the remote server might sort in a + different order than we intend. While sometimes that would be only + cosmetic, it could produce thoroughly wrong results if the remote + data is used as input for a locally-performed merge join. + + + + + + + Fix configure to handle platforms that + have sys/epoll.h but + not sys/signalfd.h (Tom Lane) + + + + + + + Update JIT code to work with LLVM 14 + (Thomas Munro) + + + + + + + Clean up assorted failures under clang's + -fsanitize=undefined checks (Tom Lane, Andres + Freund, Zhihong Yu) + + + + Most of these changes are just for pro-forma compliance with the + letter of the C and POSIX standards, and are unlikely to have any + effect on production builds. + + + + + + + Do not add OpenSSL dependencies to libpq's + pkg-config file when building without OpenSSL + (Fabrice Fontaine) + + + + + + + Fix PL/Perl so it builds on C compilers that don't support statements + nested within expressions (Tom Lane) + + + + + + + + + + Fix possible build failure of pg_dumpall + on Windows, when not using MSVC to build (Andres Freund) + + + + + + + In Windows builds, use gendef instead + of pexports to build DEF files (Andrew + Dunstan) + + + + This adapts the build process to work on recent MSys tool chains. + + + + + + + Prevent extra expansion of shell wildcard patterns in programs built + under MinGW (Andrew Dunstan) + + + + For some reason the C library provided by MinGW will expand shell + wildcard characters in a program's command-line arguments by + default. This is confusing, not least because it doesn't happen + under MSVC, so turn it off. + + + + + + + Update time zone data files to tzdata + release 2022a for DST law changes in Palestine, plus historical + corrections for Chile and Ukraine. + + + + + + + + Release 14.2