additional cases correctly.  The original coding failed to load additional
(chain) certificates from the client cert file, meaning that indirectly signed
client certificates didn't work unless one hacked the server's root.crt file
to include intermediate CAs (not the desired approach).  Another problem was
that everything got loaded into the shared SSL_context object, which meant
that concurrent connections trying to use different sslcert settings could
well fail due to conflicting over the single available slot for a keyed
certificate.

To fix, get rid of the use of SSL_CTX_set_client_cert_cb(), which is
deprecated anyway in the OpenSSL documentation, and instead just
unconditionally load the client cert and private key during connection
initialization.  This lets us use SSL_CTX_use_certificate_chain_file(),
which does the right thing with additional certs, and is lots simpler than
the previous hacking about with BIO-level access.  A small disadvantage is
that we have to load the primary client cert a second time with
SSL_use_certificate_file, so that that one ends up in the correct slot
within the connection's SSL object where it can get paired with the key.
Given the other overhead of making an SSL connection, that doesn't seem
worth worrying about.

Per discussion ensuing from bug #5468.

a uaCert entry in auth_failed().  Put the switch entries into a sane
order, namely the one the enum is declared in.

During Hot Standby we need to check for buffer pin deadlocks when the
Startup process begins to wait, in case it never wakes up again. We
previously made the deadlock check immediately on the basis it was
cheap, though clearer thinking and prima facie evidence shows that
was too simple. Refactor existing code to make it easy to add in
deferral of deadlock check until deadlock_timeout allowing a good
reduction in deadlock checks since far few buffer pins are held for
that duration. It's worth doing anyway, though major goal is to
prevent further reports of context switching with high numbers of
users on occasional tests.

Noted by Stephen Frost.

infelicities.

requests for client certs.  This lets a client with a keystore select the
appropriate client certificate to send.  In particular, this is necessary
to get Java clients to work in all but the most trivial configurations.
Per discussion of bug #5468.

Craig Ringer

1. If we receive a fast shutdown request while in the PM_STARTUP state,
process it just as we would in PM_RECOVERY, PM_HOT_STANDBY, or PM_RUN.
Without this change, an early fast shutdown followed by Hot Standby causes
the database to get stuck in a state where a shutdown is pending (so no new
connections are allowed) but the shutdown request is never processed unless
we end Hot Standby and enter normal running.

2. Avoid removing the backup label file when a smart or fast shutdown occurs
during recovery.  It makes sense to do this once we've reached normal running,
since we must be taking a backup which now won't be valid.  But during
recovery we must be recovering from a previously taken backup, and any backup
label file is needed to restart recovery from the right place.

Fujii Masao and Robert Haas

If the original IN operator is cross-type, for example int8 = int4,
we need to use int4 < int4 to sort the inner data and int4 = int4
to unique-ify it.  We got the first part of that right, but tried to
use the original IN operator for the equality checks.  Per bug #5472
from Vlad Romascanu.

Backpatch to 8.4, where the bug was introduced by the patch that unified
SortClause and GroupClause.  I was able to take out a whole lot of on-the-fly
calls of get_equality_op_for_ordering_op(), but failed to realize that
I needed to put one back in right here :-(

for pg_migrator, per suggestion from Magnus.

in their display of command-line options with other client applications.

Added a configure test for "long long" datatypes. So far this is only used in ecpg and replaces the old test that was kind of hackish.

improve 8.3 doc limitations paragraph.

proper default username.

its sole caller does that too.  Jan Matousek, via Pavel Stehule

from SpecialJoinInfo relid sets as well.  Per example from Vaclav Novotny.

This was broken by the following commmit.  Although the original commit was
backpatched all the way to 7.4, this particular bug exists only in the version
applied to HEAD.

http://archives.postgresql.org/pgsql-committers/2010-05/msg00058.php

Ecpg now accepts "long long" datatypes even if "long" is 64bit wide. This used to cover the equally long "long long" type. This patch closes bug #5464.

Asia/Novosibirsk on Windows.

Microsoft changed the behaviour of this zone in the timezone update
from KB976098. The zones differ in handling of DST, and the old
zone was just removed.

Noted by Dmitry Funk

non-contrib command-line tools (no longer in a single table display).

Alvaro

Stefan Kaltenbrunner

comparing the same column to multiple values.

match the behavior of autovacuum, which does this as the xid advances
even if autovacuum is turned off.

now used for other things than just ident authentication.

Noted by Stephen Frost

hardcoding a 'template0' check, per suggestion from Alvaro.

This might fix a problem where someone has allowed 'template0'
connections, but it is a cleaner approach even if doesn't fix the
bug.

Fujii Masao