Release date: 2010-05-17
This release contains a variety of fixes from 8.4.3. For information about new features in the 8.4 major release, see Section E.164.
A dump/restore is not required for those running 8.4.X. However, if you are upgrading from a version earlier than 8.4.2, see Section E.162.
      Enforce restrictions in plperl using an opmask applied to
      the whole interpreter, instead of using Safe.pm
      (Tim Bunce, Andrew Dunstan)
     
      Recent developments have convinced us that Safe.pm is too
      insecure to rely on for making plperl trustable.  This
      change removes use of Safe.pm altogether, in favor of using
      a separate interpreter with an opcode mask that is always applied.
      Pleasant side effects of the change include that it is now possible to
      use Perl's strict pragma in a natural way in
      plperl, and that Perl's $a and $b
      variables work as expected in sort routines, and that function
      compilation is significantly faster.  (CVE-2010-1169)
     
      Prevent PL/Tcl from executing untrustworthy code from
      pltcl_modules (Tom)
     
      PL/Tcl's feature for autoloading Tcl code from a database table
      could be exploited for trojan-horse attacks, because there was no
      restriction on who could create or insert into that table.  This change
      disables the feature unless pltcl_modules is owned by a
      superuser.  (However, the permissions on the table are not checked, so
      installations that really need a less-than-secure modules table can
      still grant suitable privileges to trusted non-superusers.)  Also,
      prevent loading code into the unrestricted “normal” Tcl
      interpreter unless we are really going to execute a pltclu
      function.  (CVE-2010-1170)
     
      Fix data corruption during WAL replay of
      ALTER ... SET TABLESPACE (Tom)
     
      When archive_mode is on, ALTER ... SET TABLESPACE
      generates a WAL record whose replay logic was incorrect.  It could write
      the data to the wrong place, leading to possibly-unrecoverable data
      corruption.  Data corruption would be observed on standby slaves, and
      could occur on the master as well if a database crash and recovery
      occurred after committing the ALTER and before the next
      checkpoint.
     
Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki)
This error was introduced in 8.4.3 while fixing a related failure.
Apply per-function GUC settings while running the language validator for the function (Itagaki Takahiro)
      This avoids failures if the function's code is invalid without the
      setting; an example is that SQL functions may not parse if the
      search_path is not correct.
     
      Do constraint exclusion for inherited UPDATE and
      DELETE target tables when
      constraint_exclusion = partition (Tom)
     
      Due to an oversight, this setting previously only caused constraint
      exclusion to be checked in SELECT commands.
     
Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro)
      Previously, if an unprivileged user ran ALTER USER ... RESET
      ALL for himself, or ALTER DATABASE ... RESET ALL for
      a database he owns, this would remove all special parameter settings
      for the user or database, even ones that are only supposed to be
      changeable by a superuser.  Now, the ALTER will only
      remove the parameters that the user has permission to change.
     
      Avoid possible crash during backend shutdown if shutdown occurs
      when a CONTEXT addition would be made to log entries (Tom)
     
In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message.
      Fix erroneous handling of %r parameter in
      recovery_end_command (Heikki)
     
The value always came out zero.
      Ensure the archiver process responds to changes in
      archive_command as soon as possible (Tom)
     
      Fix PL/pgSQL's CASE statement to not fail when the
      case expression is a query that returns no rows (Tom)
     
      Update PL/Perl's ppport.h for modern Perl versions
      (Andrew)
     
Fix assorted memory leaks in PL/Python (Andreas Freund, Tom)
Handle empty-string connect parameters properly in ecpg (Michael)
Prevent infinite recursion in psql when expanding a variable that refers to itself (Tom)
      Fix psql's \copy to not add spaces around
      a dot within \copy (select ...) (Tom)
     
Addition of spaces around the decimal point in a numeric literal would result in a syntax error.
      Avoid formatting failure in psql when running in a
      locale context that doesn't match the client_encoding
      (Tom)
     
      Fix unnecessary “GIN indexes do not support whole-index scans”
      errors for unsatisfiable queries using contrib/intarray
      operators (Tom)
     
      Ensure that contrib/pgstattuple functions respond to cancel
      interrupts promptly (Tatsuhito Kasahara)
     
      Make server startup deal properly with the case that
      shmget() returns EINVAL for an existing
      shared memory segment (Tom)
     
This behavior has been observed on BSD-derived kernels including macOS. It resulted in an entirely-misleading startup failure complaining that the shared memory request size was too large.
Avoid possible crashes in syslogger process on Windows (Heikki)
Deal more robustly with incomplete time zone information in the Windows registry (Magnus)
Update the set of known Windows time zone names (Magnus)
Update time zone data files to tzdata release 2010j for DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also historical corrections for Taiwan.
      Also, add PKST (Pakistan Summer Time) to the default set of
      timezone abbreviations.