Update release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17.

Security: CVE-2013-1899, CVE-2013-1901

doc/src/sgml/release-8.4.sgml

@@ -1,6 +1,235 @@
 <!-- doc/src/sgml/release-8.4.sgml -->
 <!-- See header comment in release.sgml about typical markup -->
 
+ <sect1 id="release-8-4-17">
+  <title>Release 8.4.17</title>
+
+  <note>
+  <title>Release Date</title>
+  <simpara>2013-04-04</simpara>
+  </note>
+
+  <para>
+   This release contains a variety of fixes from 8.4.16.
+   For information about new features in the 8.4 major release, see
+   <xref linkend="release-8-4">.
+  </para>
+
+  <sect2>
+   <title>Migration to Version 8.4.17</title>
+
+   <para>
+    A dump/restore is not required for those running 8.4.X.
+   </para>
+
+   <para>
+    However, this release corrects several errors in management of GiST
+    indexes.  After installing this update, it is advisable to
+    <command>REINDEX</> any GiST indexes that meet one or more of the
+    conditions described below.
+   </para>
+
+   <para>
+    Also, if you are upgrading from a version earlier than 8.4.10,
+    see the release notes for 8.4.10.
+   </para>
+
+  </sect2>
+
+  <sect2>
+   <title>Changes</title>
+
+   <itemizedlist>
+
+    <listitem>
+     <para>
+      Reset OpenSSL randomness state in each postmaster child process
+      (Marko Kreen)
+     </para>
+
+     <para>
+      This avoids a scenario wherein random numbers generated by
+      <filename>contrib/pgcrypto</> functions might be relatively easy for
+      another database user to guess.  The risk is only significant when
+      the postmaster is configured with <varname>ssl</> = <literal>on</>
+      but most connections don't use SSL encryption.  (CVE-2013-1900)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when
+      it's not appropriate to do so (Alexander Korotkov)
+     </para>
+
+     <para>
+      The core geometric types perform comparisons using <quote>fuzzy</>
+      equality, but <function>gist_box_same</> must do exact comparisons,
+      else GiST indexes using it might become inconsistent.  After installing
+      this update, users should <command>REINDEX</> any GiST indexes on
+      <type>box</>, <type>polygon</>, <type>circle</>, or <type>point</>
+      columns, since all of these use <function>gist_box_same</>.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix erroneous range-union and penalty logic in GiST indexes that use
+      <filename>contrib/btree_gist</> for variable-width data types, that is
+      <type>text</>, <type>bytea</>, <type>bit</>, and <type>numeric</>
+      columns (Tom Lane)
+     </para>
+
+     <para>
+      These errors could result in inconsistent indexes in which some keys
+      that are present would not be found by searches, and also in useless
+      index bloat.  Users are advised to <command>REINDEX</> such indexes
+      after installing this update.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix bugs in GiST page splitting code for multi-column indexes
+      (Tom Lane)
+     </para>
+
+     <para>
+      These errors could result in inconsistent indexes in which some keys
+      that are present would not be found by searches, and also in indexes
+      that are unnecessarily inefficient to search.  Users are advised to
+      <command>REINDEX</> multi-column GiST indexes after installing this
+      update.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix infinite-loop risk in regular expression compilation (Tom Lane,
+      Don Porter)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix potential null-pointer dereference in regular expression compilation
+      (Tom Lane)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix <function>to_char()</> to use ASCII-only case-folding rules where
+      appropriate (Tom Lane)
+     </para>
+
+     <para>
+      This fixes misbehavior of some template patterns that should be
+      locale-independent, but mishandled <quote><literal>I</></quote> and
+      <quote><literal>i</></quote> in Turkish locales.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix unwanted rejection of timestamp <literal>1999-12-31 24:00:00</>
+      (Tom Lane)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Remove useless <quote>picksplit doesn't support secondary split</> log
+      messages (Josh Hansen, Tom Lane)
+     </para>
+
+     <para>
+      This message seems to have been added in expectation of code that was
+      never written, and probably never will be, since GiST's default
+      handling of secondary splits is actually pretty good.  So stop nagging
+      end users about it.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix possible failure to send a session's last few transaction
+      commit/abort counts to the statistics collector (Tom Lane)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Eliminate memory leaks in PL/Perl's <function>spi_prepare()</> function
+      (Alex Hunsaker, Tom Lane)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix <application>pg_dumpall</> to handle database names containing
+      <quote><literal>=</></quote> correctly (Heikki Linnakangas)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Avoid crash in <application>pg_dump</> when an incorrect connection
+      string is given (Heikki Linnakangas)
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Ignore invalid indexes in <application>pg_dump</> (Michael Paquier)
+     </para>
+
+     <para>
+      Dumping invalid indexes can cause problems at restore time, for example
+      if the reason the index creation failed was because it tried to enforce
+      a uniqueness condition not satisfied by the table's data.  Also, if the
+      index creation is in fact still in progress, it seems reasonable to
+      consider it to be an uncommitted DDL change, which
+      <application>pg_dump</> wouldn't be expected to dump anyway.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix <filename>contrib/pg_trgm</>'s <function>similarity()</> function
+      to return zero for trigram-less strings (Tom Lane)
+     </para>
+
+     <para>
+      Previously it returned <literal>NaN</> due to internal division by zero.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Update time zone data files to <application>tzdata</> release 2013b
+      for DST law changes in Chile, Haiti, Morocco, Paraguay, and some
+      Russian areas.  Also, historical zone data corrections for numerous
+      places.
+     </para>
+
+     <para>
+      Also, update the time zone abbreviation files for recent changes in
+      Russia and elsewhere: <literal>CHOT</>, <literal>GET</>,
+      <literal>IRKT</>, <literal>KGT</>, <literal>KRAT</>, <literal>MAGT</>,
+      <literal>MAWT</>, <literal>MSK</>, <literal>NOVT</>, <literal>OMST</>,
+      <literal>TKT</>, <literal>VLAT</>, <literal>WST</>, <literal>YAKT</>,
+      <literal>YEKT</> now follow their current meanings, and
+      <literal>VOLT</> (Europe/Volgograd) and <literal>MIST</>
+      (Antarctica/Macquarie) are added to the default abbreviations list.
+     </para>
+    </listitem>
+
+   </itemizedlist>
+
+  </sect2>
+ </sect1>
+
  <sect1 id="release-8-4-16">
   <title>Release 8.4.16</title>
 
@@ -98,10 +327,10 @@
      </para>
 
      <para>
-      The main consequence of this mistake is that lowering <link
+      In installations that have existed for more than <link
       linkend="guc-vacuum-freeze-min-age"><varname>vacuum_freeze_min_age</></link>
-      would cause full-table vacuuming scans to occur much more frequently
+      transactions, this mistake prevented autovacuum from using partial-table
-      than intended.
+      scans, so that a full-table scan would always happen instead.
      </para>
     </listitem>