Release date: 2010-05-17
This release contains a variety of fixes from 8.2.16. For information about new features in the 8.2 major release, see Section E.229.
A dump/restore is not required for those running 8.2.X. However, if you are upgrading from a version earlier than 8.2.14, see Section E.215.
Enforce restrictions in
plperl using an opmask applied to the
whole interpreter, instead of using
Safe.pm (Tim Bunce, Andrew Dunstan)
Recent developments have convinced us that
Safe.pm is too insecure to
rely on for making
trustable. This change removes use of
Safe.pm altogether, in favor of using a
separate interpreter with an opcode mask that is always
applied. Pleasant side effects of the change include that
it is now possible to use Perl's
strict pragma in a natural way in
plperl, and that Perl's
$b variables work as expected in sort
routines, and that function compilation is significantly
Prevent PL/Tcl from executing untrustworthy code from
PL/Tcl's feature for autoloading Tcl code from a
database table could be exploited for trojan-horse
attacks, because there was no restriction on who could
create or insert into that table. This change disables
the feature unless
pltcl_modules is owned by a
superuser. (However, the permissions on the table are not
checked, so installations that really need a
less-than-secure modules table can still grant suitable
privileges to trusted non-superusers.) Also, prevent
loading code into the unrestricted “normal” Tcl
interpreter unless we are really going to execute a
Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki)
This error was introduced in 8.2.16 while fixing a related failure.
Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro)
Previously, if an unprivileged user ran
ALTER USER ... RESET ALL for himself, or
ALTER DATABASE ... RESET ALL
for a database he owns, this would remove all special
parameter settings for the user or database, even ones
that are only supposed to be changeable by a superuser.
ALTER will only
remove the parameters that the user has permission to
Avoid possible crash during backend shutdown if
shutdown occurs when a
CONTEXT addition would be made to log
In some cases the context-printing function would fail because the current transaction had already been rolled back when it came time to print a log message.
ppport.h for modern Perl versions
Fix assorted memory leaks in PL/Python (Andreas Freund, Tom)
Prevent infinite recursion in psql when expanding a variable that refers to itself (Tom)
\copy to not add spaces
around a dot within
Addition of spaces around the decimal point in a numeric literal would result in a syntax error.
contrib/pgstattuple functions respond
to cancel interrupts promptly (Tatsuhito Kasahara)
Make server startup deal properly with the case that
EINVAL for an existing
shared memory segment (Tom)
This behavior has been observed on BSD-derived kernels including macOS. It resulted in an entirely-misleading startup failure complaining that the shared memory request size was too large.
Avoid possible crashes in syslogger process on Windows (Heikki)
Deal more robustly with incomplete time zone information in the Windows registry (Magnus)
Update the set of known Windows time zone names (Magnus)
Update time zone data files to tzdata release 2010j for DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; also historical corrections for Taiwan.
Summer Time) to the default set of timezone
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.