parser will allow "\'" to be used to represent a literal quote mark.  The
"\'" representation has been deprecated for some time in favor of the
SQL-standard representation "''" (two single quote marks), but it has been
used often enough that just disallowing it immediately won't do.  Hence
backslash_quote allows the settings "on", "off", and "safe_encoding",
the last meaning to allow "\'" only if client_encoding is a valid server
encoding.  That is now the default, and the reason is that in encodings
such as SJIS that allow 0x5c (ASCII backslash) to be the last byte of a
multibyte character, accepting "\'" allows SQL-injection attacks as per
CVE-2006-2314 (further details will be published after release).  The
"on" setting is available for backward compatibility, but it must not be
used with clients that are exposed to untrusted input.

Thanks to Akio Ishida and Yasuo Ohgaki for identifying this security issue.

throw warnings for 100%-SQL-standard constructs, clean up some minor
infelicities, try to un-break ecpg to the best of my ability.  (It's not clear
how ecpg is going to find out the setting of standard_conforming_strings,
though.)  I think pg_dump still needs work, too.

	escape_string_warning = on

Kevin Grittner

postgresql.conf.sample too.

SET.

functionality, but I still need to make another pass looking at places
that incidentally use arrays (such as ACL manipulation) to make sure they
are null-safe.  Contrib needs work too.
I have not changed the behaviors that are still under discussion about
array comparison and what to do with lower bounds.

add missing quote mark to ident_file sample line - per Hiroshi Saito

to call krb5_sname_to_principal() always.  Also, use krb_srvname rather
than the hardwired string 'postgres' as the appl_version string in the
krb5_sendauth/recvauth calls, to avoid breaking compatibility with PG
8.0.  Magnus Hagander

to drop connections unceremoniously.  Also some other marginal cleanups:
don't query getsockopt() repeatedly if it fails, and avoid having the
apparent definition of struct Port depend on which system headers you
might have included or not.  Oliver Jowett and Tom Lane.

Darcy Buskermolen

reality.

saves nearly 700kB in the default shared memory segment size, which seems
worthwhile, and it is a feature that many users won't use anyway.  Per
Heikki's argument, there is no point in a compromise value --- those who
are using 2PC at all will probably want it at least equal to max_connections.
But we can't set it to zero by default without breaking the prepared_xacts
regression test.

Also improve wording.

in postgresql.conf.sample, mark custom_variable_classes as SIGHUP not
POSTMASTER to agree with the documentation (I can't see a reason it has
to be POSTMASTER so I think the docs are right).

to 'Size' (that is, size_t), and install overflow detection checks in it.
This allows us to remove the former arbitrary restrictions on NBuffers
etc.  It won't make any difference in a 32-bit machine, but in a 64-bit
machine you could theoretically have terabytes of shared buffers.
(How efficiently we could manage 'em remains to be seen.)  Similarly,
num_temp_buffers, work_mem, and maintenance_work_mem can be set above
2Gb on a 64-bit machine.  Original patch from Koichi Suzuki, additional
work by moi.

the right to stand out.

delay and limit, both as global GUCs and as table-specific entries in
pg_autovacuum.  stats_reset_on_server_start is now OFF by default,
but a reset is forced if we did WAL replay.  XID-wrap vacuums do not
ANALYZE, but do FREEZE if it's a template database.  Alvaro Herrera

count.

Oliver Jowett

scans are candidates for exclusion; this should be fixed eventually.
Simon Riggs, with some help from Tom Lane.

few loose ends to be dealt with, but it seems to work.  Alvaro Herrera,
based on the contrib code by Matthew O'Connor.

documentation, to match SHOW.

literally.

Add GUC variables:

        "escape_string_warning" - warn about backslashes in non-E strings
        "escape_string_syntax" - supports E'' syntax?
        "standard_compliant_strings" - treats backslashes literally in ''

Update code to use E'' when escapes are used.

hacking by Alvaro Herrera and Tom Lane.

	#log_line_prefix = ''   # %u = user name
                                # %d = database name
                                # %r = remote host and port
                                # %h = remote host
                                # %p = PID
                                # %t = timestamp
                                # %m = timestamp with milliseconds
                                # %i = command tag
                                # %c = session id
                                # %l = session line number
                                # %s = session start timestamp
                                # %x = transaction id
                                # %q = stop here in non-session processes
                                # %% = '%'
                                # e.g. '<%u%%%d> '

millisecond timestamps (%m) and remote host (%h). The milliseconds are
useful for QPS measurements.

Ed L.

Allow kerberos name and username case sensitivity to be specified from
postgresql.conf.

---------------------------------------------------------------------------


Here's an updated version of the patch, with the following changes:

1) No longer uses "service name" as "application version". It's instead
hardcoded as "postgres". It could be argued that this part should be
backpatched to 8.0, but it doesn't make a big difference until you can
start changing it with GUC / connection parameters. This change only
affects kerberos 5, not 4.

2) Now downcases kerberos usernames when the client is running on win32.

3) Adds guc option for "krb_caseins_users" to make the server ignore
case mismatch which is required by some KDCs such as Active Directory.
Off by default, per discussion with Tom. This change only affects
kerberos 5, not 4.

4) Updated so it doesn't conflict with the rendevouz/bonjour patch
already in ;-)

Magnus Hagander

logic operations during planning.  Seems cleaner to create two new Path
node types, instead --- this avoids duplication of cost-estimation code.
Also, create an enable_bitmapscan GUC parameter to control use of bitmap
plans.

the long-term plan for this behavior for quite some time, but it is only
possible now that DELETE has a USING clause so that the user can join
other tables in a DELETE statement without relying on this behavior.

currently does.  This is now the default Win32 wal sync method because
we perfer o_datasync to fsync.

Also, change Win32 fsync to a new wal sync method called
fsync_writethrough because that is the behavior of _commit, which is
what is used for fsync on Win32.

Backpatch to 8.0.X.