Prevent error recursion crashes when encoding conversion fails (Tom)

This change extends fixes made in the last two minor releases for related failure scenarios. The previous fixes were narrowly tailored for the original problem reports, but we have now recognized that any error thrown by an encoding conversion function could potentially lead to infinite recursion while trying to report the error. The solution therefore is to disable translation and encoding conversion and report the plain-ASCII form of any error message, if we find we have gotten into a recursive error reporting situation. (CVE-2009-0922)

Disallow CREATE CONVERSION with the wrong encodings for the specified conversion function (Heikki)

This prevents one possible scenario for encoding conversion failure. The previous change is a backstop to guard against other kinds of failures in the same area.

Fix xpath() to not modify the path expression unless necessary, and to make a saner attempt at it when necessary (Andrew)

The SQL standard suggests that xpath should work on data that is a document fragment, but libxml doesn't support that, and indeed it's not clear that this is sensible according to the XPath standard. xpath attempted to work around this mismatch by modifying both the data and the path expression, but the modification was buggy and could cause valid searches to fail. Now, xpath checks whether the data is in fact a well-formed document, and if so invokes libxml with no change to the data or path expression. Otherwise, a different modification method that is somewhat less likely to fail is used.

Fix core dump when to_char() is given format codes that are inappropriate for the type of the data argument (Tom)

Fix possible failure in text search when C locale is used with a multi-byte encoding (Teodor)

Crashes were possible on platforms where wchar_t is narrower than int; Windows in particular.

Fix extreme inefficiency in text search parser's handling of an email-like string containing multiple @ characters (Heikki)

Fix planner problem with sub-SELECT in the output list of a larger subquery (Tom)

The known symptom of this bug is a “failed to locate grouping columns” error that is dependent on the datatype involved; but there could be other issues as well.

Fix decompilation of CASE WHEN with an implicit coercion (Tom)

This mistake could lead to Assert failures in an Assert-enabled build, or an “unexpected CASE WHEN clause” error message in other cases, when trying to examine or dump a view.

Fix possible misassignment of the owner of a TOAST table's rowtype (Tom)

If CLUSTER or a rewriting variant of ALTER TABLE were executed by someone other than the table owner, the pg_type entry for the table's TOAST table would end up marked as owned by that someone. This caused no immediate problems, since the permissions on the TOAST rowtype aren't examined by any ordinary database operation. However, it could lead to unexpected failures if one later tried to drop the role that issued the command (in 8.1 or 8.2), or “owner of data type appears to be invalid” warnings from pg_dump after having done so (in 8.3).

Change UNLISTEN to exit quickly if the current session has never executed any LISTEN command (Tom)

Most of the time this is not a particularly useful optimization, but since DISCARD ALL invokes UNLISTEN, the previous coding caused a substantial performance problem for applications that made heavy use of DISCARD ALL.

Fix PL/pgSQL to not treat INTO after INSERT as an INTO-variables clause anywhere in the string, not only at the start; in particular, don't fail for INSERT INTO within CREATE RULE (Tom)

Clean up PL/pgSQL error status variables fully at block exit (Ashesh Vashi and Dave Page)

This is not a problem for PL/pgSQL itself, but the omission could cause the PL/pgSQL Debugger to crash while examining the state of a function.

Retry failed calls to CallNamedPipe() on Windows (Steve Marshall, Magnus)

It appears that this function can sometimes fail transiently; we previously treated any failure as a hard error, which could confuse LISTEN/NOTIFY as well as other operations.

Add MUST (Mauritius Island Summer Time) to the default list of known timezone abbreviations (Xavier Bugaud)