Skip to main content

Browse the archive

https://github.com/postgres/postgres
07 April 2024, 13:56:23 UTC
sort by:
Revision Author Date Message Commit Date
4bcf352 Tom Lane 17 January 2023, 01:35:53 UTC Create common infrastructure for cross-version upgrade testing. To test pg_upgrade across major PG versions, we have to be able to modify or drop any old objects with no-longer-supported properties, and we have to be able to deal with cosmetic changes in pg_dump output. Up to now, the buildfarm and pg_upgrade's own test infrastructure had separate implementations of the former, and we had nothing but very ad-hoc rules for the latter (including an arbitrary threshold on how many lines of unchecked diff were okay!). This patch creates a Perl module that can be shared by both those use-cases, and adds logic that deals with pg_dump output diffs in a much more tightly defined fashion. This largely supersedes previous efforts in commits 0df9641d3, 9814ff550, and 62be9e4cd, which developed a SQL-script-based solution for the task of dropping old objects. There was nothing fundamentally wrong with that work in itself, but it had no basis for solving the output-formatting problem. The most plausible way to deal with formatting is to build a Perl module that can perform editing on the dump files; and once we commit to that, it makes more sense for the same module to also embed the knowledge of what has to be done for dropping old objects. Back-patch versions of the helper module as far as 9.2, to support buildfarm animals that still test that far back. It's also necessary to back-patch PostgreSQL/Version.pm, because the new code depends on that. I fixed up pg_upgrade's 002_pg_upgrade.pl in v15, but did not look into back-patching it further than that. Tom Lane and Andrew Dunstan Discussion: https://postgr.es/m/891521.1673657296@sss.pgh.pa.us 17 January 2023, 01:35:53 UTC
50bee42 Noah Misch 17 November 2022, 15:35:06 UTC Account for IPC::Run::result() Windows behavior change. This restores compatibility with the not-yet-released successor of version 20220807.0. Back-patch to 9.4, which introduced this code. Reviewed by Andrew Dunstan. Discussion: https://postgr.es/m/20221117061805.GA4020280@rfd.leadboat.com 17 November 2022, 15:44:54 UTC
0f5812d Michael Paquier 09 November 2022, 00:40:05 UTC Fix compilation warnings with libselinux 3.1 in contrib/sepgsql/ Upstream SELinux has recently marked security_context_t as officially deprecated, causing warnings with -Wdeprecated-declarations. This is considered as legacy code for some time now by upstream as security_context_t got removed from most of the code tree during the development of 2.3 back in 2014. This removes all the references to security_context_t in sepgsql/ to be consistent with SELinux, fixing the warnings. Note that this does not impact the minimum version of libselinux supported. This has been applied first as 1f32136 for 14~, but no other branches got the call. This is in line with the recent project policy to have no warnings in branches where builds should still be supported (9.2~ as of today). Per discussion with Tom Lane and Álvaro Herrera. Reviewed-by: Tom Lane Discussion: https://postgr.es/m/20200813012735.GC11663@paquier.xyz Discussion: https://postgr.es/m/20221103181028.raqta27jcuypor4l@alvherre.pgsql Backpatch-through: 9.2 09 November 2022, 00:40:05 UTC
57dfb6c Tom Lane 16 October 2022, 19:27:04 UTC Rename parser token REF to REF_P to avoid a symbol conflict. In the latest version of Apple's macOS SDK, <sys/socket.h> fails to compile if "REF" is #define'd as something. Apple may or may not agree that this is a bug, and even if they do accept the bug report I filed, they probably won't fix it very quickly. In the meantime, our back branches will all fail to compile gram.y. v15 and HEAD currently escape the problem thanks to the refactoring done in 98e93a1fc, but that's purely accidental. Moreover, since that patch removed a widely-visible inclusion of <netdb.h>, back-patching it seems too likely to break third-party code. Instead, change the token's code name to REF_P, following our usual convention for naming parser tokens that are likely to have symbol conflicts. The effects of that should be localized to the grammar and immediately surrounding files, so it seems like a safer answer. Per project policy that we want to keep recently-out-of-support branches buildable on modern systems, back-patch all the way to 9.2. Discussion: https://postgr.es/m/1803927.1665938411@sss.pgh.pa.us 16 October 2022, 19:27:04 UTC
3c5a33a Tom Lane 21 September 2022, 17:52:38 UTC Suppress more variable-set-but-not-used warnings from clang 15. Mop up assorted set-but-not-used warnings in the back branches. This includes back-patching relevant fixes from commit 152c9f7b8 the rest of the way, but there are also several cases that did not appear in HEAD. Some of those we'd fixed in a retail way but not back-patched, and others I think just got rewritten out of existence during nearby refactoring. While here, also back-patch b1980f6d0 (PL/Tcl: Fix compiler warnings with Tcl 8.6) into 9.2, so that that branch compiles warning-free with modern Tcl. Per project policy, this is a candidate for back-patching into out-of-support branches: it suppresses annoying compiler warnings but changes no behavior. Hence, back-patch all the way to 9.2. Discussion: https://postgr.es/m/514615.1663615243@sss.pgh.pa.us 21 September 2022, 17:52:38 UTC
7d5d3f0 Tom Lane 20 September 2022, 22:59:53 UTC Disable -Wdeprecated-non-prototype in the back branches. There doesn't seem to be any good ABI-preserving way to silence clang 15's -Wdeprecated-non-prototype warnings about our tree-walk APIs. While we've fixed it properly in HEAD, the only way to not see hundreds of these in the back branches is to disable the warnings. We're not going to do anything about them, so we might as well disable them. I noticed that we also get some of these warnings about fmgr.c's support for V0 function call convention, in branches before v10 where we removed that. That's another area we aren't going to change, so turning off the warning seems fine for that too. Per project policy, this is a candidate for back-patching into out-of-support branches: it suppresses annoying compiler warnings but changes no behavior. Hence, back-patch all the way to 9.2. Discussion: https://postgr.es/m/CA+hUKGKpHPDTv67Y+s6yiC8KH5OXeDg6a-twWo_xznKTcG0kSA@mail.gmail.com 20 September 2022, 22:59:53 UTC
b53780e Tom Lane 01 June 2022, 20:15:47 UTC Fix pl/perl test case so it will still work under Perl 5.36. Perl 5.36 has reclassified the warning condition that this test case used, so that the expected error fails to appear. Tweak the test so it instead exercises a case that's handled the same way in all Perl versions of interest. This appears to meet our standards for back-patching into out-of-support branches: it changes no user-visible behavior but enables testing of old branches with newer tools. Hence, back-patch as far as 9.2. Dagfinn Ilmari Mannsåker, per report from Jitka Plesníková. Discussion: https://postgr.es/m/564579.1654093326@sss.pgh.pa.us 01 June 2022, 20:15:47 UTC
c76164e Andrew Dunstan 10 February 2022, 18:44:05 UTC Use gendef instead of pexports for building windows .def files Modern msys systems lack pexports but have gendef instead, so use that. Discussion: https://postgr.es/m/3ccde7a9-e4f9-e194-30e0-0936e6ad68ba@dunslane.net Backpatch to release 9.4 to enable building with perl on older branches. Before that pexports is not used for plperl. 10 February 2022, 18:56:55 UTC
927e235 Tom Lane 23 January 2022, 16:09:00 UTC Suppress variable-set-but-not-used warning from clang 13. In the normal configuration where GEQO_DEBUG isn't defined, recent clang versions have started to complain that geqo_main.c accumulates the edge_failures count but never does anything with it. As a minimal back-patchable fix, insert a void cast to silence this warning. (I'd speculated about ripping out the GEQO_DEBUG logic altogether, but I don't think we'd wish to back-patch that.) Per recently-established project policy, this is a candidate for back-patching into out-of-support branches: it suppresses an annoying compiler warning but changes no behavior. Hence, back-patch all the way to 9.2. Discussion: https://postgr.es/m/CA+hUKGLTSZQwES8VNPmWO9AO0wSeLt36OCPDAZTccT1h7Q7kTQ@mail.gmail.com 23 January 2022, 16:09:58 UTC
0af2084 Tom Lane 13 December 2021, 05:08:27 UTC Silence another gcc 11 warning. Per buildfarm and local experimentation, bleeding-edge gcc isn't convinced that the MemSet in reorder_function_arguments() is safe. Shut it up by adding an explicit check that pronargs isn't negative, and by changing MemSet to memset. (It appears that either change is enough to quiet the warning at -O2, but let's do both to be sure.) This back-patches commit 1046dbedd into out-of-support branches, pursuant to newly-established project policy. The point is to suppress scary-looking warnings so that people building these branches needn't expend brain cells verifying that it's safe to ignore the warnings. Discussion: https://postgr.es/m/d0316012-ece7-7b7e-2d36-9c38cb77cb3b@enterprisedb.com 13 December 2021, 05:08:27 UTC
25c8e5e Tom Lane 13 December 2021, 01:24:46 UTC Suppress -Warray-parameter warnings in pgcrypto/sha2.c. This is exactly the same problem as commit 1b242f42b fixed in ecpg, but in contrib/pgcrypto. Commit 273c458a2 eliminated the problem here for v10 and up. We hadn't noticed for exactly the same reasons enumerated in bbbf22cf3. Back-patch down to 9.2, pursuant to newly-established project policy about keeping out-of-support branches buildable. Discussion: https://postgr.es/m/d0316012-ece7-7b7e-2d36-9c38cb77cb3b@enterprisedb.com 13 December 2021, 01:24:46 UTC
5eb73fc Tom Lane 13 December 2021, 00:12:18 UTC Reformat imath.c macro to remove -Wmisleading-indentation warnings. Recent versions of gcc whine about the admittedly-completely-illegible formatting of this macro. We've not noticed for a few reasons: * In v12 and up, the problem is gone thanks to 48e24ba6b. (Back-patching that doesn't seem prudent, though, so this patch just manually improves the macro's formatting.) * Buildfarm animals that might have complained, such as caiman, do not because they use --with-openssl and so don't build imath.c. * In a manual run such as "make all check-world", you won't see the warning because it gets buried in an install.log file. You have to do "make -C contrib all" or the like to see it. I noticed this because in older branches, the last bit doesn't happen so "check-world" actually does spew the warnings to stderr. Maybe we should rethink how that works, because the newer behavior is not an improvement IMO. Back-patch down to 9.2, pursuant to newly-established project policy about keeping out-of-support branches buildable. Discussion: https://postgr.es/m/d0316012-ece7-7b7e-2d36-9c38cb77cb3b@enterprisedb.com 13 December 2021, 00:12:18 UTC
3fff9b6 Tom Lane 12 December 2021, 23:06:07 UTC Clean up compilation warnings coming from PL/Perl with clang-12~ clang-12 has introduced -Wcompound-token-split-by-macro, that is causing a large amount of warnings when building PL/Perl because of its interactions with upstream Perl. This commit adds one -Wno to CFLAGS at ./configure time if the flag is supported by the compiler to silence all those warnings. This back-patches commit 9ff47ea41 into out-of-support branches, pursuant to newly-established project policy. The point is to suppress scary-looking warnings so that people building these branches needn't expend brain cells verifying that it's safe to ignore the warnings. Discussion: https://postgr.es/m/d0316012-ece7-7b7e-2d36-9c38cb77cb3b@enterprisedb.com 12 December 2021, 23:06:07 UTC
9ae132d Tom Lane 12 December 2021, 21:59:14 UTC Make ecpg's rjulmdy() and rmdyjul() agree with their declarations. We had "short *mdy" in the extern declarations, but "short mdy[3]" in the actual function definitions. Per C99 these are equivalent, but recent versions of gcc have started to issue warnings about the inconsistency. Clean it up before the warnings get any more widespread. This back-patches commit 1b242f42b into out-of-support branches, pursuant to newly-established project policy. The point is to suppress scary-looking warnings so that people building these branches needn't expend brain cells verifying that it's safe to ignore the warnings. Discussion: https://postgr.es/m/d0316012-ece7-7b7e-2d36-9c38cb77cb3b@enterprisedb.com 12 December 2021, 21:59:14 UTC
47fca01 Tom Lane 12 December 2021, 19:54:26 UTC Use return instead of exit() in configure Using exit() requires stdlib.h, which is not included. Use return instead. Also add return type for main(). This back-patches commit 1c0cf52b3 into out-of-support branches, pursuant to a newly-established project policy that we'll try to keep out-of-support branches buildable on modern platforms for at least ten major releases back, ensuring people can test pg_dump and psql compatibility against servers that far back. With the current development branch being v15, that works out to keeping 9.2 and up buildable as of today. This fix is needed to get through 'configure' when using recent macOS (and possibly other clang-based toolchains). It seems to be sufficient to get through 'check-world', although there are annoyances such as compiler warnings, which will be dealt with separately. Original patch by Peter Eisentraut Discussion: https://postgr.es/m/d0316012-ece7-7b7e-2d36-9c38cb77cb3b@enterprisedb.com 12 December 2021, 19:54:26 UTC
30ffdd2 Tom Lane 10 February 2020, 22:25:31 UTC Stamp 9.4.26. 10 February 2020, 22:25:31 UTC
f611774 Tom Lane 10 February 2020, 17:51:07 UTC Last-minute updates for release notes. Security: CVE-2020-1720 10 February 2020, 17:51:07 UTC
6f1e443 Alvaro Herrera 10 February 2020, 15:14:58 UTC createuser: fix parsing of --connection-limit argument The original coding failed to quote the argument properly. Reported-by: Daniel Gustafsson Discussion: 1B8AE66C-85AB-4728-9BB4-612E8E61C219@yesql.se 10 February 2020, 15:14:58 UTC
3a1acb6 Peter Eisentraut 10 February 2020, 11:52:24 UTC Translation updates Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git Source-Git-Hash: b0010b20ca9b3de3a7ca6e908948ffab7cd3f467 10 February 2020, 11:52:24 UTC
dbae284 Tom Lane 09 February 2020, 19:14:19 UTC Release notes for 12.2, 11.7, 10.12, 9.6.17, 9.5.21, 9.4.26. 09 February 2020, 19:14:19 UTC
bf18402 Fujii Masao 06 February 2020, 15:33:11 UTC Add note about access permission checks by inherited TRUNCATE and LOCK TABLE. Inherited queries perform access permission checks on the parent table only. But there are two exceptions to this rule in v12 or before; TRUNCATE and LOCK TABLE commands through a parent table check the permissions on not only the parent table but also the children tables. Previously these exceptions were not documented. This commit adds the note about these exceptions, into the document. Back-patch to v9.4. But we don't apply this commit to the master because commit e6f1e560e4 already got rid of the exception about inherited TRUNCATE and upcoming commit will do for the exception about inherited LOCK TABLE. Author: Amit Langote Reviewed-by: Fujii Masao Discussion: https://postgr.es/m/CA+HiwqHfTnMU6SUkyHxCmpHUKk7ERLHCR3vZVq19ZOQBjPBLmQ@mail.gmail.com 06 February 2020, 15:45:38 UTC
d034ab0 Fujii Masao 03 February 2020, 03:45:01 UTC Revert commit 56bc82a511. This commit reverts the fix "Make inherited TRUNCATE perform access permission checks on parent table only" only in the back branches. It's not hard to imagine that there are some applications expecting the old behavior and the fix breaks their security. To avoid this compatibility problem, we decided to apply the fix only in HEAD and revert it in all supported back branches. Discussion: https://postgr.es/m/21015.1580400165@sss.pgh.pa.us 03 February 2020, 03:45:01 UTC
95936c7 Thomas Munro 01 February 2020, 01:29:13 UTC Fix memory leak on DSM slot exhaustion. If we attempt to create a DSM segment when no slots are available, we should return the memory to the operating system. Previously we did that if the DSM_CREATE_NULL_IF_MAXSEGMENTS flag was passed in, but we didn't do it if an error was raised. Repair. Back-patch to 9.4, where DSM segments arrived. Author: Thomas Munro Reviewed-by: Robert Haas Reported-by: Julian Backes Discussion: https://postgr.es/m/CA%2BhUKGKAAoEw-R4om0d2YM4eqT1eGEi6%3DQot-3ceDR-SLiWVDw%40mail.gmail.com 01 February 2020, 02:10:20 UTC
f521ef0 Tom Lane 31 January 2020, 22:03:55 UTC Fix CheckAttributeType's handling of collations for ranges. Commit fc7695891 changed CheckAttributeType to recurse into ranges, but made it pass down the wrong collation (always InvalidOid, since ranges as such have no collation). This would result in guaranteed failure when considering a range type whose subtype is collatable. Embarrassingly, we lack any regression tests that would expose such a problem (but fortunately, somebody noticed before we shipped this bug in any release). Fix it to pass down the range's subtype collation property instead, and add some regression test cases to exercise collatable-subtype ranges a bit more. Back-patch to all supported branches, as the previous patch was. Report and patch by Julien Rouhaud, test cases tweaked by me Discussion: https://postgr.es/m/CAOBaU_aBWqNweiGUFX0guzBKkcfJ8mnnyyGC_KBQmO12Mj5f_A@mail.gmail.com 31 January 2020, 22:03:55 UTC
5d60df8 Tom Lane 31 January 2020, 19:41:49 UTC Fix parallel pg_dump/pg_restore for failure to create worker processes. If we failed to fork a worker process, or create a communication pipe for one, WaitForTerminatingWorkers would suffer an assertion failure if assert-enabled, otherwise crash or go into an infinite loop. This was a consequence of not accounting for the startup condition where we've not yet forked all the workers. The original bug was that ParallelBackupStart would set workerStatus to WRKR_IDLE before it had successfully forked a worker. I made things worse in commit b7b8cc0cf by not understanding the undocumented fact that the WRKR_TERMINATED state was also meant to represent the case where a worker hadn't been started yet: I changed enum T_WorkerStatus so that *all* the worker slots were initially in WRKR_IDLE state. But this wasn't any more broken in practice, since even one slot in the wrong state would keep WaitForTerminatingWorkers from terminating. In v10 and later, introduce an explicit T_WorkerStatus value for worker-not-started, in hopes of preventing future oversights of the same ilk. Before that, just document that WRKR_TERMINATED is supposed to cover that case (partly because it wasn't actively broken, and partly because the enum is exposed outside parallel.c in those branches, so there's microscopically more risk involved in changing it). In all branches, introduce a WORKER_IS_RUNNING status test macro to hide which T_WorkerStatus values mean that, and be more careful not to access ParallelSlot fields till we're sure they're valid. Per report from Vignesh C, though this is my patch not his. Back-patch to all supported branches. Discussion: https://postgr.es/m/CALDaNm1Luv-E3sarR+-unz-BjchquHHyfP+YC+2FS2pt_J+wxg@mail.gmail.com 31 January 2020, 19:41:49 UTC
56bc82a Fujii Masao 30 January 2020, 15:46:20 UTC Make inherited TRUNCATE perform access permission checks on parent table only. Previously, TRUNCATE command through a parent table checked the permissions on not only the parent table but also the children tables inherited from it. This was a bug and inherited queries should perform access permission checks on the parent table only. This commit fixes that bug. Back-patch to all supported branches. Author: Amit Langote Reviewed-by: Fujii Masao Discussion: https://postgr.es/m/CAHGQGwFHdSvifhJE+-GSNqUHSfbiKxaeQQ7HGcYz6SC2n_oDcg@mail.gmail.com 30 January 2020, 15:47:09 UTC
8fc33e6 Tom Lane 23 January 2020, 21:15:32 UTC Fix an oversight in commit 4c70098ff. I had supposed that the from_char_seq_search() call sites were all passing the constant arrays you'd expect them to pass ... but on looking closer, the one for DY format was passing the days[] array not days_short[]. This accidentally worked because the day abbreviations in English are all the same as the first three letters of the full day names. However, once we took out the "maximum comparison length" logic, it stopped working. As penance for that oversight, add regression test cases covering this, as well as every other switch case in DCH_from_char() that was not reached according to the code coverage report. Also, fold the DCH_RM and DCH_rm cases into one --- now that seq_search is case independent, there's no need to pass different comparison arrays for those cases. Back-patch, as the previous commit was. 23 January 2020, 21:15:32 UTC
600b953 Tom Lane 23 January 2020, 18:42:10 UTC Clean up formatting.c's logic for matching constant strings. seq_search(), which is used to match input substrings to constants such as month and day names, had a lot of bizarre and unnecessary behaviors. It was mostly possible to avert our eyes from that before, but we don't want to duplicate those behaviors in the upcoming patch to allow recognition of non-English month and day names. So it's time to clean this up. In particular: * seq_search scribbled on the input string, which is a pretty dangerous thing to do, especially in the badly underdocumented way it was done here. Fortunately the input string is a temporary copy, but that was being made three subroutine levels away, making it something easy to break accidentally. The behavior is externally visible nonetheless, in the form of odd case-folding in error reports about unrecognized month/day names. The scribbling is evidently being done to save a few calls to pg_tolower, but that's such a cheap function (at least for ASCII data) that it's pretty pointless to worry about. In HEAD I switched it to be pg_ascii_tolower to ensure it is cheap in all cases; but there are corner cases in Turkish where this'd change behavior, so leave it as pg_tolower in the back branches. * seq_search insisted on knowing the case form (all-upper, all-lower, or initcap) of the constant strings, so that it didn't have to case-fold them to perform case-insensitive comparisons. This likewise seems like excessive micro-optimization, given that pg_tolower is certainly very cheap for ASCII data. It seems unsafe to assume that we know the case form that will come out of pg_locale.c for localized month/day names, so it's better just to define the comparison rule as "downcase all strings before comparing". (The choice between downcasing and upcasing is arbitrary so far as English is concerned, but it might not be in other locales, so follow citext's lead here.) * seq_search also had a parameter that'd cause it to report a match after a maximum number of characters, even if the constant string were longer than that. This was not actually used because no caller passed a value small enough to cut off a comparison. Replicating that behavior for localized month/day names seems expensive as well as useless, so let's get rid of that too. * from_char_seq_search used the maximum-length parameter to truncate the input string in error reports about not finding a matching name. This leads to rather confusing reports in many cases. Worse, it is outright dangerous if the input string isn't all-ASCII, because we risk truncating the string in the middle of a multibyte character. That'd lead either to delivering an illegible error message to the client, or to encoding-conversion failures that obscure the actual data problem. Get rid of that in favor of truncating at whitespace if any (a suggestion due to Alvaro Herrera). In addition to fixing these things, I const-ified the input string pointers of DCH_from_char and its subroutines, to make sure there aren't any other scribbling-on-input problems. The risk of generating a badly-encoded error message seems like enough of a bug to justify back-patching, so patch all supported branches. Discussion: https://postgr.es/m/29432.1579731087@sss.pgh.pa.us 23 January 2020, 18:42:10 UTC
d76652e Michael Paquier 22 January 2020, 00:49:48 UTC Fix concurrent indexing operations with temporary tables Attempting to use CREATE INDEX, DROP INDEX or REINDEX with CONCURRENTLY on a temporary relation with ON COMMIT actions triggered unexpected errors because those operations use multiple transactions internally to complete their work. Here is for example one confusing error when using ON COMMIT DELETE ROWS: ERROR: index "foo" already contains data Issues related to temporary relations and concurrent indexing are fixed in this commit by enforcing the non-concurrent path to be taken for temporary relations even if using CONCURRENTLY, transparently to the user. Using a non-concurrent path does not matter in practice as locks cannot be taken on a temporary relation by a session different than the one owning the relation, and the non-concurrent operation is more effective. The problem exists with REINDEX since v12 with the introduction of CONCURRENTLY, and with CREATE/DROP INDEX since CONCURRENTLY exists for those commands. In all supported versions, this caused only confusing error messages to be generated. Note that with REINDEX, it was also possible to issue a REINDEX CONCURRENTLY for a temporary relation owned by a different session, leading to a server crash. The idea to enforce transparently the non-concurrent code path for temporary relations comes originally from Andres Freund. Reported-by: Manuel Rigger Author: Michael Paquier, Heikki Linnakangas Reviewed-by: Andres Freund, Álvaro Herrera, Heikki Linnakangas Discussion: https://postgr.es/m/CA+u7OA6gP7YAeCguyseusYcc=uR8+ypjCcgDDCTzjQ+k6S9ksQ@mail.gmail.com Backpatch-through: 9.4 22 January 2020, 00:49:48 UTC
ba1dfbe Andres Freund 21 January 2020, 07:26:51 UTC Fix edge case leading to agg transitions skipping ExecAggTransReparent() calls. The code checking whether an aggregate transition value needs to be reparented into the current context has always only compared the transition return value with the previous transition value by datum, i.e. without regard for NULLness. This normally works, because when the transition function returns NULL (via fcinfo->isnull), it'll return a value that won't be the same as its input value. But there's no hard requirement that that's the case. And it turns out, it's possible to hit this case (see discussion or reproducers), leading to a non-null transition value not being reparented, followed by a crash caused by that. Instead of adding another comparison of NULLness, instead have ExecAggTransReparent() ensure that pergroup->transValue ends up as 0 when the new transition value is NULL. That avoids having to add an additional branch to the much more common cases of the transition function returning the old transition value (which is a pointer in this case), and when the new value is different, but not NULL. In branches since 69c3936a149, also deduplicate the reparenting code between the expression evaluation based transitions, and the path for ordered aggregates. Reported-By: Teodor Sigaev, Nikita Glukhov Author: Andres Freund Discussion: https://postgr.es/m/bd34e930-cfec-ea9b-3827-a8bc50891393@sigaev.ru Backpatch: 9.4-, this issue has existed since at least 7.4 21 January 2020, 07:32:21 UTC
dbe405b Michael Paquier 21 January 2020, 04:47:17 UTC Add GUC variables for stat tracking and timeout as PGDLLIMPORT This helps integration of extensions with Windows. The following parameters are changed: - idle_in_transaction_session_timeout (9.6 and newer versions) - lock_timeout - statement_timeout - track_activities - track_counts - track_functions Author: Pascal Legrand Reviewed-by: Amit Kamila, Julien Rouhaud, Michael Paquier Discussion: https://postgr.es/m/1579298868581-0.post@n3.nabble.com Backpatch-through: 9.4 21 January 2020, 04:47:17 UTC
42e538f Tom Lane 20 January 2020, 17:57:18 UTC Fix pg_dump's sigTermHandler() to use _exit() not exit(). sigTermHandler() tried to be careful to invoke only operations that are safe to do in a signal handler. But for some reason we forgot that exit(3) is not among those, because it calls atexit handlers that might do various random things. (pg_dump itself installs no atexit handlers, but e.g. OpenSSL does.) That led to crashes or lockups when attempting to terminate a parallel dump or restore via a signal. Fix by calling _exit() instead. Per bug #16199 from Raúl Marín. Back-patch to all supported branches. Discussion: https://postgr.es/m/16199-cb2f121146a96f9b@postgresql.org 20 January 2020, 17:57:18 UTC
eb9d1f0 Tom Lane 17 January 2020, 21:17:18 UTC Repair more failures with SubPlans in multi-row VALUES lists. Commit 9b63c13f0 turns out to have been fundamentally misguided: the parent node's subPlan list is by no means the only way in which a child SubPlan node can be hooked into the outer execution state. As shown in bug #16213 from Matt Jibson, we can also get short-lived tuple table slots added to the outer es_tupleTable list. At this point I have little faith that there aren't other possible connections as well; the long time it took to notice this problem shows that this isn't a heavily-exercised situation. Therefore, revert that fix, returning to the coding that passed a NULL parent plan pointer down to the transiently-built subexpressions. That gives us a pretty good guarantee that they won't hook into the outer executor state in any way. But then we need some other solution to make SubPlans work. Adopt the solution speculated about in the previous commit's log message: do expression initialization at plan startup for just those VALUES rows containing SubPlans, abandoning the goal of reclaiming memory intra-query for those rows. In practice it seems unlikely that queries containing a vast number of VALUES rows would be using SubPlans in them, so this should not give up much. (BTW, this test case also refutes my claim in connection with the prior commit that the issue only arises with use of LATERAL. That was just wrong: some variants of SubLink always produce SubPlans.) As with previous patch, back-patch to all supported branches. Discussion: https://postgr.es/m/16213-871ac3bc208ecf23@postgresql.org 17 January 2020, 21:17:39 UTC
20a1dc1 Alvaro Herrera 17 January 2020, 21:00:39 UTC Set ReorderBufferTXN->final_lsn more eagerly ... specifically, set it incrementally as each individual change is spilled down to disk. This way, it is set correctly when the transaction disappears without trace, ie. without leaving an XACT_ABORT wal record. (This happens when the server crashes midway through a transaction.) Failing to have final_lsn prevents ReorderBufferRestoreCleanup() from working, since it needs the final_lsn in order to know the endpoint of its iteration through spilled files. Commit df9f682c7bf8 already tried to fix the problem, but it didn't set the final_lsn in all cases. Revert that, since it's no longer needed. Author: Vignesh C Reviewed-by: Amit Kapila, Dilip Kumar Discussion: https://postgr.es/m/CALDaNm2CLk+K9JDwjYST0sPbGg5AQdvhUt0jbKyX_HdAE0jk3A@mail.gmail.com 17 January 2020, 21:00:39 UTC
9be6fcb Dean Rasheed 14 January 2020, 09:47:44 UTC Make rewriter prevent auto-updates on views with conditional INSTEAD rules. A view with conditional INSTEAD rules and no unconditional INSTEAD rules or INSTEAD OF triggers is not auto-updatable. Previously we relied on a check in the executor to catch this, but that's problematic since the planner may fail to properly handle such a query and thus return a particularly unhelpful error to the user, before reaching the executor check. Instead, trap this in the rewriter and report the correct error there. Doing so also allows us to include more useful error detail than the executor check can provide. This doesn't change the existing behaviour of updatable views; it merely ensures that useful error messages are reported when a view isn't updatable. Per report from Pengzhou Tang, though not adopting that suggested fix. Back-patch to all supported branches. Discussion: https://postgr.es/m/CAG4reAQn+4xB6xHJqWdtE0ve_WqJkdyCV4P=trYr4Kn8_3_PEA@mail.gmail.com 14 January 2020, 09:47:44 UTC
6bd567b Tom Lane 12 January 2020, 19:37:00 UTC Fix edge-case crashes and misestimation in range containment selectivity. When estimating the selectivity of "range_var <@ range_constant" or "range_var @> range_constant", if the upper (or respectively lower) bound of the range_constant was above the last bin of the range_var's histogram, the code would access uninitialized memory and potentially crash (though it seems the probability of a crash is quite low). Handle the endpoint cases explicitly to fix that. While at it, be more paranoid about the possibility of getting NaN or other silly results from the range type's subdiff function. And improve some comments. Ordinarily we'd probably add a regression test case demonstrating the bug in unpatched code. But it's too hard to get it to crash reliably because of the uninitialized-memory dependence, so skip that. Per bug #16122 from Adam Scott. It's been broken from the beginning, apparently, so backpatch to all supported branches. Diagnosis by Michael Paquier, patch by Andrey Borodin and Tom Lane. Discussion: https://postgr.es/m/16122-eb35bc248c806c15@postgresql.org 12 January 2020, 19:37:00 UTC
27676e2 Michael Paquier 10 January 2020, 00:37:44 UTC doc: Fix naming of SELinux Reported-by: Tham Nguyen Discussion: https://postgr.es/m/157851402876.29175.12977878383183540468@wrigleys.postgresql.org Backpatch-through: 9.4 10 January 2020, 00:37:44 UTC
b83ba2e Michael Paquier 08 January 2020, 01:36:52 UTC Revert "Forbid DROP SCHEMA on temporary namespaces" This reverts commit a052f6c, following complains from Robert Haas and Tom Lane. Backpatch down to 9.4, like the previous commit. Discussion: https://postgr.es/m/CA+TgmobL4npEX5=E5h=5Jm_9mZun3MT39Kq2suJFVeamc9skSQ@mail.gmail.com Backpatch-through: 9.4 08 January 2020, 01:36:52 UTC
1ad47e8 Amit Kapila 02 January 2020, 06:58:02 UTC Fix running out of file descriptors for spill files. Currently while decoding changes, if the number of changes exceeds a certain threshold, we spill those to disk.  And this happens for each (sub)transaction.  Now, while reading all these files, we don't close them until we read all the files.  While reading these files, if the number of such files exceeds the maximum number of file descriptors, the operation errors out. Use PathNameOpenFile interface to open these files as that internally has the mechanism to release kernel FDs as needed to get us under the max_safe_fds limit. Reported-by: Amit Khandekar Author: Amit Khandekar Reviewed-by: Amit Kapila Backpatch-through: 9.4 Discussion: https://postgr.es/m/CAJ3gD9c-sECEn79zXw4yBnBdOttacoE-6gAyP0oy60nfs_sabQ@mail.gmail.com 02 January 2020, 07:08:29 UTC
ce758a3 Bruce Momjian 01 January 2020, 17:21:44 UTC Update copyrights for 2020 Backpatch-through: update all files in master, backpatch legal files through 9.4 01 January 2020, 17:21:44 UTC
6456947 Bruce Momjian 27 December 2019, 19:49:08 UTC doc: add examples of creative use of unique expression indexes Unique expression indexes can constrain data in creative ways, so show two examples. Reported-by: Tuomas Leikola Discussion: https://postgr.es/m/156760275564.1127.12321702656456074572@wrigleys.postgresql.org Backpatch-through: 9.4 27 December 2019, 19:49:08 UTC
820b1d1 Bruce Momjian 27 December 2019, 19:33:30 UTC docs: clarify infinite range values from data-type infinities The previous docs referenced these distinct ideas confusingly. Reported-by: Eugen Konkov Discussion: https://postgr.es/m/376945611.20191026161529@yandex.ru Backpatch-through: 9.4 27 December 2019, 19:33:30 UTC
898e0c6 Michael Paquier 27 December 2019, 08:59:39 UTC Forbid DROP SCHEMA on temporary namespaces This operation was possible for the owner of the schema or a superuser. Down to 9.4, doing this operation would cause inconsistencies in a session whose temporary schema was dropped, particularly if trying to create new temporary objects after the drop. A more annoying consequence is a crash of autovacuum on an assertion failure when logging information about an orphaned temp table dropped. Note that because of 246a6c8 (present in v11~), which has made the removal of orphaned temporary tables more aggressive, the failure could be triggered more easily, but it is possible to reproduce down to 9.4. Reported-by: Mahendra Singh, Prabhat Sahu Author: Michael Paquier Reviewed-by: Kyotaro Horiguchi, Mahendra Singh Discussion: https://postgr.es/m/CAKYtNAr9Zq=1-ww4etHo-VCC-k120YxZy5OS01VkaLPaDbv2tg@mail.gmail.com Backpatch-through: 9.4 27 December 2019, 08:59:39 UTC
5c0a132 Thomas Munro 23 December 2019, 22:31:24 UTC Rotate instead of shifting hash join batch number. Our algorithm for choosing batch numbers turned out not to work effectively for multi-billion key inner relations. We would use more hash bits than we have, and effectively concentrate all tuples into a smaller number of batches than we intended. While ideally we should switch to wider hashes, for now, change the algorithm to one that effectively gives up bits from the bucket number when we don't have enough bits. That means we'll finish up with longer bucket chains than would be ideal, but that's better than having batches that don't fit in work_mem and can't be divided. Batch-patch to all supported releases. Author: Thomas Munro Reviewed-by: Tom Lane, thanks also to Tomas Vondra, Alvaro Herrera, Andres Freund for testing and discussion Reported-by: James Coleman Discussion: https://postgr.es/m/16104-dc11ed911f1ab9df%40postgresql.org 24 December 2019, 00:13:30 UTC
4a3cdb5 Joe Conway 23 December 2019, 18:34:12 UTC Disallow null category in crosstab_hash While building a hash map of categories in load_categories_hash, resulting category names have not thus far been checked to ensure they are not null. Prior to pg12 null category names worked to the extent that they did not crash on some platforms. This is because those system libraries have an snprintf which can deal with being passed a null pointer argument for a string. But even in those cases null categories did nothing useful. And on some platforms it crashed. As of pg12, our own version of snprintf gets called, and it does not deal with null pointer arguments at all, and crashes consistently. Fix that by disallowing null categories. They never worked usefully, and no one has ever asked for them to work previously. Back-patch to all supported branches. Reported-By: Ireneusz Pluta Discussion: https://postgr.es/m/16176-7489719b05e4303c@postgresql.org 23 December 2019, 18:34:12 UTC
0d245d1 Tom Lane 23 December 2019, 17:08:24 UTC Prevent a rowtype from being included in itself via a range. We probably should have thought of this case when ranges were added, but we didn't. (It's not the fault of commit eb51af71f, because ranges didn't exist then.) It's an old bug, so back-patch to all supported branches. Discussion: https://postgr.es/m/7782.1577051475@sss.pgh.pa.us 23 December 2019, 17:08:24 UTC
297b9cc Michael Paquier 23 December 2019, 01:51:00 UTC Combine initdb tests that successfully create a data directory. This eliminates many seconds of test duration and the cause to invoke "rm -rf", which is typically unavailable on Windows. This is a backpatch of 1a629c1 which has never been applied to REL9_4_STABLE. Per complain from buildarm member drongo. Reported-by: Tom Lane Author: Michael Paquier, Noah Misch Discussion: https://postgr.es/m/11800.1577060649@sss.pgh.pa.us 23 December 2019, 01:51:00 UTC
8f735c0 Tom Lane 22 December 2019, 23:00:18 UTC Avoid low-probability regression test failures in timestamp[tz] tests. If the first transaction block in these tests were entered exactly at midnight (California time), they'd report a bogus failure due to 'now' and 'midnight' having the same values. Commit 8c2ac75c5 had dismissed this as being of negligible probability, but we've now seen it happen in the buildfarm, so let's prevent it. We can get pretty much the same test coverage without an it's-not-midnight assumption by moving the does-'now'-work cases into their own test step. While here, apply commit 47169c255's s/DELETE/TRUNCATE/ change to timestamptz as well as timestamp (not sure why that didn't occur to me at the time; the risk of failure is the same). Back-patch to all supported branches, since the main point is to get rid of potential buildfarm failures. Discussion: https://postgr.es/m/14821.1577031117@sss.pgh.pa.us 22 December 2019, 23:00:18 UTC
f1a4020 Tom Lane 21 December 2019, 22:39:37 UTC In pgwin32_open, loop after ERROR_ACCESS_DENIED only if we can't stat. This fixes a performance problem introduced by commit 6d7547c21. ERROR_ACCESS_DENIED is returned in some other cases besides the delete-pending case considered by that commit; notably, if the given path names a directory instead of a plain file. In that case we'll uselessly loop for 1 second before returning the failure condition. That slows down some usage scenarios enough to cause test timeout failures on our Windows buildfarm critters. To fix, try to stat() the file, and sleep/loop only if that fails. It will fail in the delete-pending case, and also in the case where the deletion completed before we could stat(), so we have the cases where we want to loop covered. In the directory case, the stat() should succeed, letting us exit without a wait. One case where we'll still wait uselessly is if the access-denied problem pertains to a directory in the given pathname. But we don't expect that to happen in any performance-critical code path. There might be room to refine this further, but I'll push it now in hopes of making the buildfarm green again. Back-patch, like the preceding commit. Alexander Lakhin and Tom Lane Discussion: https://postgr.es/m/23073.1576626626@sss.pgh.pa.us 21 December 2019, 22:39:37 UTC
530b5d5 Bruce Momjian 21 December 2019, 17:44:38 UTC docs: clarify handling of column lists in COPY TO/FROM Previously it was unclear how COPY FROM handled cases where not all columns were specified, or if the order didn't match. Reported-by: pavlo.golub@gmail.com Discussion: https://postgr.es/m/157487729344.7213.14245726713444755296@wrigleys.postgresql.org Backpatch-through: 9.4 21 December 2019, 17:44:38 UTC
875c7d7 Tom Lane 20 December 2019, 20:34:08 UTC libpq should expose GSS-related parameters even when not implemented. We realized years ago that it's better for libpq to accept all connection parameters syntactically, even if some are ignored or restricted due to lack of the feature in a particular build. However, that lesson from the SSL support was for some reason never applied to the GSSAPI support. This is causing various buildfarm members to have problems with a test case added by commit 6136e94dc, and it's just a bad idea from a user-experience standpoint anyway, so fix it. While at it, fix some places where parameter-related infrastructure was added with the aid of a dartboard, or perhaps with the aid of the anti-pattern "add new stuff at the end". It should be safe to rearrange the contents of struct pg_conn even in released branches, since that's private to libpq (and we'd have to move some fields in some builds to fix this, anyway). Back-patch to all supported branches. Discussion: https://postgr.es/m/11297.1576868677@sss.pgh.pa.us 20 December 2019, 20:34:08 UTC
298d056 Tom Lane 17 December 2019, 22:44:28 UTC Fix error reporting for index expressions of prohibited types. If CheckAttributeType() threw an error about the datatype of an index expression column, it would report an empty column name, which is pretty unhelpful and certainly not the intended behavior. I (tgl) evidently broke this in commit cfc5008a5, by not noticing that the column's attname was used above where I'd placed the assignment of it. In HEAD and v12, this is trivially fixable by moving up the assignment of attname. Before v12 the code is a bit more messy; to avoid doing substantial refactoring, I took the lazy way out and just put in two copies of the assignment code. Report and patch by Amit Langote. Back-patch to all supported branches. Discussion: https://postgr.es/m/CA+HiwqFA+BGyBFimjiYXXMa2Hc3fcL0+OJOyzUNjhU4NCa_XXw@mail.gmail.com 17 December 2019, 22:44:28 UTC
cfb2a4c Tom Lane 16 December 2019, 20:10:56 UTC On Windows, wait a little to see if ERROR_ACCESS_DENIED goes away. Attempting to open a file fails with ERROR_ACCESS_DENIED if the file is flagged for deletion but not yet actually gone (another in a long list of reasons why Windows is broken, if you ask me). This seems likely to explain a lot of irreproducible failures we see in the buildfarm. This state generally persists for only a millisecond or so, so just wait a bit and retry. If it's a real permissions problem, we'll eventually give up and report it as such. If it's the pending deletion case, we'll see file-not-found and report that after the deletion completes, and the caller will treat that in an appropriate way. In passing, rejigger the existing retry logic for some other error cases so that we don't uselessly wait an extra time when we're not going to retry anymore. Alexander Lakhin (with cosmetic tweaks by me). Back-patch to all supported branches, since this seems like a pretty safe change and the problem is definitely real. Discussion: https://postgr.es/m/16161-7a985d2f1bbe8f71@postgresql.org 16 December 2019, 20:10:56 UTC
6aa1263 Tom Lane 12 December 2019, 17:30:44 UTC Fix EXTRACT(ISOYEAR FROM timestamp) for years BC. The test cases added by commit 26ae3aa80 exposed an old oversight in timestamp[tz]_part: they didn't correct the result of date2isoyear() for BC years, so that we produced an off-by-one answer for such years. Fix that, and back-patch to all supported branches. Discussion: https://postgr.es/m/SG2PR06MB37762CAE45DB0F6CA7001EA9B6550@SG2PR06MB3776.apcprd06.prod.outlook.com 12 December 2019, 17:30:44 UTC
8b0fd6d Tom Lane 12 December 2019, 17:12:36 UTC Remove redundant function calls in timestamp[tz]_part(). The DTK_DOW/DTK_ISODOW and DTK_DOY switch cases in timestamp_part() and timestamptz_part() contained calls of timestamp2tm() that were fully redundant with the ones done just above the switch. This evidently crept in during commit 258ee1b63, which relocated that code from another place where the calls were indeed needed. Just delete the redundant calls. I (tgl) noted that our test coverage of these functions left quite a bit to be desired, so extend timestamp.sql and timestamptz.sql to cover all the branches. Back-patch to all supported branches, as the previous commit was. There's no real issue here other than some wasted cycles in some not-too-heavily-used code paths, but the test coverage seems valuable. Report and patch by Li Japin; test case adjustments by me. Discussion: https://postgr.es/m/SG2PR06MB37762CAE45DB0F6CA7001EA9B6550@SG2PR06MB3776.apcprd06.prod.outlook.com 12 December 2019, 17:12:36 UTC
3ddd8ee Tom Lane 11 December 2019, 20:53:36 UTC Doc: back-patch documentation about limitations of CHECK constraints. Back-patch commits 36d442a25 and 1f66c657f into all supported branches. I'd considered doing this when putting in the latter commit, but failed to pull the trigger. Now that we've had an actual field complaint about the lack of such docs, let's do it. Per bug #16158 from Piotr Jander. Original patches by Lætitia Avrot, Patrick Francelle, and me. Discussion: https://postgr.es/m/16158-7ccf2f74b3d655db@postgresql.org 11 December 2019, 20:53:36 UTC
7309e75 Tom Lane 09 December 2019, 20:03:52 UTC Fix race condition in our Windows signal emulation. pg_signal_dispatch_thread() responded to the client (signal sender) and disconnected the pipe before actually setting the shared variables that make the signal visible to the backend process's main thread. In the worst case, it seems, effective delivery of the signal could be postponed for as long as the machine has any other work to do. To fix, just move the pg_queue_signal() call so that we do it before responding to the client. This essentially makes pgkill() synchronous, which is a stronger guarantee than we have on Unix. That may be overkill, but on the other hand we have not seen comparable timing bugs on any Unix platform. While at it, add some comments to this sadly underdocumented code. Problem diagnosis and fix by Amit Kapila; I just added the comments. Back-patch to all supported versions, as it appears that this can cause visible NOTIFY timing oddities on all of them, and there might be other misbehavior due to slow delivery of other signals. Discussion: https://postgr.es/m/32745.1575303812@sss.pgh.pa.us 09 December 2019, 20:03:52 UTC
08395e5 Noah Misch 08 December 2019, 19:06:26 UTC Document search_path security with untrusted dbowner or CREATEROLE. Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 wrote, incorrectly, that certain schema usage patterns are secure against CREATEROLE users and database owners. When an untrusted user is the database owner or holds CREATEROLE privilege, a query is secure only if its session started with SELECT pg_catalog.set_config('search_path', '', false) or equivalent. Back-patch to 9.4 (all supported versions). Discussion: https://postgr.es/m/20191013013512.GC4131753@rfd.leadboat.com 08 December 2019, 19:06:31 UTC
44381b1 Tomas Vondra 03 December 2019, 15:55:51 UTC Ensure maxlen is at leat 1 in dict_int The dict_int text search dictionary template accepts maxlen parameter, which is then used to cap the length of input strings. The value was not properly checked, and the code simply does txt[d->maxlen] = '\0'; to insert a terminator, leading to segfaults with negative values. This commit simply rejects values less than 1. The issue was there since dct_int was introduced in 9.3, so backpatch all the way back to 9.4 which is the oldest supported version. Reported-by: cili Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org Backpatch-through: 9.4 03 December 2019, 17:43:15 UTC
0c84e99 Tom Lane 01 December 2019, 18:09:27 UTC Fix misbehavior with expression indexes on ON COMMIT DELETE ROWS tables. We implement ON COMMIT DELETE ROWS by truncating tables marked that way, which requires also truncating/rebuilding their indexes. But RelationTruncateIndexes asks the relcache for up-to-date copies of any index expressions, which may cause execution of eval_const_expressions on them, which can result in actual execution of subexpressions. This is a bad thing to have happening during ON COMMIT. Manuel Rigger reported that use of a SQL function resulted in crashes due to expectations that ActiveSnapshot would be set, which it isn't. The most obvious fix perhaps would be to push a snapshot during PreCommit_on_commit_actions, but I think that would just open the door to more problems: CommitTransaction explicitly expects that no user-defined code can be running at this point. Fortunately, since we know that no tuples exist to be indexed, there seems no need to use the real index expressions or predicates during RelationTruncateIndexes. We can set up dummy index expressions instead (we do need something that will expose the right data type, as there are places that build index tupdescs based on this), and just ignore predicates and exclusion constraints. In a green field it'd likely be better to reimplement ON COMMIT DELETE ROWS using the same "init fork" infrastructure used for unlogged relations. That seems impractical without catalog changes though, and even without that it'd be too big a change to back-patch. So for now do it like this. Per private report from Manuel Rigger. This has been broken forever, so back-patch to all supported branches. 01 December 2019, 18:09:27 UTC
d9b974e Tomas Vondra 30 November 2019, 13:51:27 UTC Fix off-by-one error in PGTYPEStimestamp_fmt_asc When using %b or %B patterns to format a date, the code was simply using tm_mon as an index into array of month names. But that is wrong, because tm_mon is 1-based, while array indexes are 0-based. The result is we either use name of the next month, or a segfault (for December). Fix by subtracting 1 from tm_mon for both patterns, and add a regression test triggering the issue. Backpatch to all supported versions (the bug is there far longer, since at least 2003). Reported-by: Paul Spencer Backpatch-through: 9.4 Discussion: https://postgr.es/m/16143-0d861eb8688d3fef%40postgresql.org 30 November 2019, 14:16:58 UTC
304ea5d Etsuro Fujita 27 November 2019, 07:00:55 UTC Fix typo in comment. 27 November 2019, 07:00:55 UTC
34f44f5 Tom Lane 24 November 2019, 20:57:32 UTC Avoid assertion failure with LISTEN in a serializable transaction. If LISTEN is the only action in a serializable-mode transaction, and the session was not previously listening, and the notify queue is not empty, predicate.c reported an assertion failure. That happened because we'd acquire the transaction's initial snapshot during PreCommit_Notify, which was called *after* predicate.c expects any such snapshot to have been established. To fix, just swap the order of the PreCommit_Notify and PreCommit_CheckForSerializationFailure calls during CommitTransaction. This will imply holding the notify-insertion lock slightly longer, but the difference could only be meaningful in serializable mode, which is an expensive option anyway. It appears that this is just an assertion failure, with no consequences in non-assert builds. A snapshot used only to scan the notify queue could not have been involved in any serialization conflicts, so there would be nothing for PreCommit_CheckForSerializationFailure to do except assign it a prepareSeqNo and set the SXACT_FLAG_PREPARED flag. And given no conflicts, neither of those omissions affect the behavior of ReleasePredicateLocks. This admittedly once-over-lightly analysis is backed up by the lack of field reports of trouble. Per report from Mark Dilger. The bug is old, so back-patch to all supported branches; but the new test case only goes back to 9.6, for lack of adequate isolationtester infrastructure before that. Discussion: https://postgr.es/m/3ac7f397-4d5f-be8e-f354-440020675694@gmail.com Discussion: https://postgr.es/m/13881.1574557302@sss.pgh.pa.us 24 November 2019, 20:57:32 UTC
f098290 Tom Lane 21 November 2019, 21:21:44 UTC Defend against self-referential views in relation_is_updatable(). While a self-referential view doesn't actually work, it's possible to create one, and it turns out that this breaks some of the information_schema views. Those views call relation_is_updatable(), which neglected to consider the hazards of being recursive. In older PG versions you get a "stack depth limit exceeded" error, but since v10 it'd recurse to the point of stack overrun and crash, because commit a4c35ea1c took out the expression_returns_set() call that was incidentally checking the stack depth. Since this function is only used by information_schema views, it seems like it'd be better to return "not updatable" than suffer an error. Hence, add tracking of what views we're examining, in just the same way that the nearby fireRIRrules() code detects self-referential views. I added a check_stack_depth() call too, just to be defensive. Per private report from Manuel Rigger. Back-patch to all supported versions. 21 November 2019, 21:21:44 UTC
d81d4c3 Magnus Hagander 20 November 2019, 16:03:07 UTC Remove incorrect markup Author: Daniel Gustafsson <daniel@yesql.se> 20 November 2019, 16:06:06 UTC
91ce01a Alexander Korotkov 19 November 2019, 20:11:24 UTC Revise GIN README We find GIN concurrency bugs from time to time. One of the problems here is that concurrency of GIN isn't well-documented in README. So, it might be even hard to distinguish design bugs from implementation bugs. This commit revised concurrency section in GIN README providing more details. Some examples are illustrated in ASCII art. Also, this commit add the explanation of how is tuple layout in internal GIN B-tree page different in comparison with nbtree. Discussion: https://postgr.es/m/CAPpHfduXR_ywyaVN4%2BOYEGaw%3DcPLzWX6RxYLBncKw8de9vOkqw%40mail.gmail.com Author: Alexander Korotkov Reviewed-by: Peter Geoghegan Backpatch-through: 9.4 19 November 2019, 21:03:08 UTC
1414821 Alexander Korotkov 19 November 2019, 20:08:14 UTC Fix traversing to the deleted GIN page via downlink Current GIN code appears to don't handle traversing to the deleted page via downlink. This commit fixes that by stepping right from the delete page like we do in nbtree. This commit also fixes setting 'deleted' flag to the GIN pages. Now other page flags are not erased once page is deleted. That helps to keep our assertions true if we arrive deleted page via downlink. Discussion: https://postgr.es/m/CAPpHfdvMvsw-NcE5bRS7R1BbvA4BxoDnVVjkXC5W0Czvy9LVrg%40mail.gmail.com Author: Alexander Korotkov Reviewed-by: Peter Geoghegan Backpatch-through: 9.4 19 November 2019, 21:03:04 UTC
6e8516e Tom Lane 19 November 2019, 19:43:37 UTC Doc: clarify use of RECURSIVE in WITH. Apparently some people misinterpreted the syntax as being that RECURSIVE is a prefix of individual WITH queries. It's a modifier for the WITH clause as a whole, so state that more clearly. Discussion: https://postgr.es/m/ca53c6ce-a0c6-b14a-a8e3-162f0b2cc119@a-kretschmer.de 19 November 2019, 19:43:37 UTC
e5df9bb Tom Lane 19 November 2019, 19:21:42 UTC Doc: clarify behavior of ALTER DEFAULT PRIVILEGES ... IN SCHEMA. The existing text stated that "Default privileges that are specified per-schema are added to whatever the global default privileges are for the particular object type". However, that bare-bones observation is not quite clear enough, as demonstrated by the complaint in bug #16124. Flesh it out by stating explicitly that you can't revoke built-in default privileges this way, and by providing an example to drive the point home. Back-patch to all supported branches, since it's been like this from the beginning. Discussion: https://postgr.es/m/16124-423d8ee4358421bc@postgresql.org 19 November 2019, 19:21:42 UTC
65da6dd Tom Lane 17 November 2019, 01:00:20 UTC Further fix dumping of views that contain just VALUES(...). It turns out that commit e9f1c01b7 missed a case: we must print a VALUES clause in long format if get_query_def is given a resultDesc that would require the query's output column name(s) to be different from what the bare VALUES clause would produce. This applies in case an ALTER ... RENAME COLUMN has been done to a view that formerly could be printed in simple format, as shown in the added regression test case. It also explains bug #16119 from Dmitry Telpt, because it turns out that (unlike CREATE VIEW) CREATE MATERIALIZED VIEW fails to apply any column aliases it's given to the stored ON SELECT rule. So to get them to be printed, we have to account for the resultDesc renaming. It might be worth changing the matview code so that it creates the ON SELECT rule with the correct aliases; but we'd still need these messy checks in get_simple_values_rte to handle the case of a subsequent column rename, so any such change would be just neatnik-ism not a bug fix. Like the previous patch, back-patch to all supported branches. Discussion: https://postgr.es/m/16119-e64823f30a45a754@postgresql.org 17 November 2019, 01:00:20 UTC
56c0699 Tom Lane 13 November 2019, 16:35:37 UTC Handle arrays and ranges in pg_upgrade's test for non-upgradable types. pg_upgrade needs to check whether certain non-upgradable data types appear anywhere on-disk in the source cluster. It knew that it has to check for these types being contained inside domains and composite types; but it somehow overlooked that they could be contained in arrays and ranges, too. Extend the existing recursive-containment query to handle those cases. We probably should have noticed this oversight while working on commit 0ccfc2822 and follow-ups, but we failed to :-(. The whole thing's possibly a bit overdesigned, since we don't really expect that any of these types will appear on disk; but if we're going to the effort of doing a recursive search then it's silly not to cover all the possibilities. While at it, refactor so that we have only one copy of the search logic, not three-and-counting. Also, to keep the branches looking more alike, back-patch the output wording change of commit 1634d3615. Back-patch to all supported branches. Discussion: https://postgr.es/m/31473.1573412838@sss.pgh.pa.us 13 November 2019, 16:35:37 UTC
6cd1549 Tom Lane 11 November 2019, 22:13:41 UTC Stamp 9.4.25. 11 November 2019, 22:13:41 UTC
84aad60 Tom Lane 11 November 2019, 19:39:55 UTC Doc: fix ancient mistake, or at least obsolete info, in rules example. The example of expansion of multiple views claimed that the resulting subquery nest would not get fully flattened because of an aggregate function. There's no aggregate in the example, though, only a user defined function confusingly named MIN(). In a modern server, the reason for the non-flattening is that MIN() is volatile, but I'm unsure whether that was true back when this text was written. Let's reduce the confusion level by using LEAST() instead (which we didn't have at the time this example was created). And then we can just say that the planner will flatten the sub-queries, so the rewrite system doesn't have to. Noted by Paul Jungwirth. This text is old enough to vote, so back-patch to all supported branches. Discussion: https://postgr.es/m/CA+renyXZFnmp9PcvX1EVR2dR=XG5e6E-AELr8AHCNZ8RYrpnPw@mail.gmail.com 11 November 2019, 19:39:55 UTC
c86e0dc Peter Eisentraut 11 November 2019, 09:20:03 UTC Translation updates Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git Source-Git-Hash: 0b30fe39819568078943f4fb97f99e8c9421194c 11 November 2019, 09:20:03 UTC
8a2e037 Tom Lane 10 November 2019, 23:31:13 UTC Release notes for 12.1, 11.6, 10.11, 9.6.16, 9.5.20, 9.4.25. 10 November 2019, 23:31:13 UTC
18622ca Tom Lane 09 November 2019, 20:50:16 UTC Remove test case that doesn't work with --disable-integer-timestamps. Commits a7145f6bc et al. added a test to verify integer overflow detection in interval_mul. That only applies with integer timestamps, of course, so it's problematic in pre-v10 branches where we supported float timestamps. The test was only marginally worth the trouble to begin with, so just remove it in those branches. Per buildfarm. Discussion: https://postgr.es/m/6437.1573319193@sss.pgh.pa.us 09 November 2019, 20:50:16 UTC
1bd67d5 Etsuro Fujita 08 November 2019, 08:00:38 UTC postgres_fdw: Fix error message for PREPARE TRANSACTION. Currently, postgres_fdw does not support preparing a remote transaction for two-phase commit even in the case where the remote transaction is read-only, but the old error message appeared to imply that that was not supported only if the remote transaction modified remote tables. Change the message so as to include the case where the remote transaction is read-only. Also fix a comment above the message. Also add a note about the lack of supporting PREPARE TRANSACTION to the postgres_fdw documentation. Reported-by: Gilles Darold Author: Gilles Darold and Etsuro Fujita Reviewed-by: Michael Paquier and Kyotaro Horiguchi Backpatch-through: 9.4 Discussion: https://postgr.es/m/08600ed3-3084-be70-65ba-279ab19618a5%40darold.net 08 November 2019, 08:00:38 UTC
87477b6 Bruce Momjian 07 November 2019, 20:49:59 UTC docs: clarify that only INSERT and UPDATE triggers can mod. NEW The point is that DELETE triggers cannot modify any values. Reported-by: Eugen Konkov Discussion: https://postgr.es/m/919823407.20191029175436@yandex.ru Backpatch-through: 9.4 07 November 2019, 20:49:59 UTC
b20233a Tom Lane 07 November 2019, 19:21:52 UTC Move declaration of ecpg_gettext() to a saner place. Declaring this in the client-visible header ecpglib.h was a pretty poor decision. It's not meant to be application-callable (and if it was, putting it outside the extern "C" { ... } wrapper means that C++ clients would fail to call it). And the declaration would not even compile for a client, anyway, since it would not have the macro pg_attribute_format_arg(). Fortunately, it seems that no clients have tried to include this header with ENABLE_NLS defined, or we'd have gotten complaints about that. But we have no business putting such a restriction on client code. Move the declaration to ecpglib_extern.h, since in fact nothing outside src/interfaces/ecpg/ecpglib/ needs to call it. The practical effect of this is just that clients can now safely #include ecpglib.h while having ENABLE_NLS defined, but that seems like enough of a reason to back-patch it. Discussion: https://postgr.es/m/20590.1573069709@sss.pgh.pa.us 07 November 2019, 19:21:52 UTC
8d38086 Tom Lane 07 November 2019, 16:22:52 UTC Fix integer-overflow edge case detection in interval_mul and pgbench. This patch adopts the overflow check logic introduced by commit cbdb8b4c0 into two more places. interval_mul() failed to notice if it computed a new microseconds value that was one more than INT64_MAX, and pgbench's double-to-int64 logic had the same sorts of edge-case problems that cbdb8b4c0 fixed in the core code. To make this easier to get right in future, put the guts of the checks into new macros in c.h, and add commentary about how to use the macros correctly. Back-patch to all supported branches, as we did with the previous fix. Yuya Watari Discussion: https://postgr.es/m/CAJ2pMkbkkFw2hb9Qb1Zj8d06EhWAQXFLy73St4qWv6aX=vqnjw@mail.gmail.com 07 November 2019, 16:23:06 UTC
1accf99 Fujii Masao 07 November 2019, 07:31:36 UTC Fix assertion failure when running pgbench -s. If there is the WAL page that the continuation WAL record just fits within (i.e., the continuation record ends just at the end of the page) and the LSN in such page is specified with -s option, previously pg_waldump caused an assertion failure. The cause of this assertion failure was that XLogFindNextRecord() that pg_waldump -s calls mistakenly handled such special WAL page. This commit changes XLogFindNextRecord() so that it can handle such WAL page correctly. Back-patch to all supported versions. Author: Andrey Lepikhov Reviewed-by: Fujii Masao, Michael Paquier Discussion: https://postgr.es/m/99303554-5dd5-06e6-f943-b3005ccd6edd@postgrespro.ru 07 November 2019, 07:33:58 UTC
15d90a0 Michael Paquier 06 November 2019, 07:12:56 UTC Fix timestamp of sent message for write context in logical decoding When sending data for logical decoding using the streaming replication protocol via a WAL sender, the timestamp of the sent write message is allocated at the beginning of the message when preparing for the write, and actually computed when the write message is ready to be sent. The timestamp was getting computed after sending the message. This impacts anything using logical decoding, causing for example logical replication to report mostly NULL for last_msg_send_time in pg_stat_subscription. This commit makes sure that the timestamp is computed before sending the message. This is wrong since 5a991ef, so backpatch down to 9.4. Author: Jeff Janes Discussion: https://postgr.es/m/CAMkU=1z=WMn8jt7iEdC5sYNaPgAgOASb_OW5JYv-vMdYaJSL-w@mail.gmail.com Backpatch-through: 9.4 06 November 2019, 07:12:56 UTC
00ac1ec Bruce Momjian 06 November 2019, 01:54:04 UTC doc: fix plurality typo on bgwriter doc sentence Reported-by: matthew.alton@gmail.com Discussion: https://postgr.es/m/157204060717.1042.8194076510523669244@wrigleys.postgresql.org Backpatch-through: 9.4 06 November 2019, 01:54:04 UTC
762b256 Tom Lane 05 November 2019, 19:27:38 UTC Avoid logging complaints about abandoned connections when using PAM. For a long time (since commit aed378e8d) we have had a policy to log nothing about a connection if the client disconnects when challenged for a password. This is because libpq-using clients will typically do that, and then come back for a new connection attempt once they've collected a password from their user, so that logging the abandoned connection attempt will just result in log spam. However, this did not work well for PAM authentication: the bottom-level function pam_passwd_conv_proc() was on board with it, but we logged messages at higher levels anyway, for lack of any reporting mechanism. Add a flag and tweak the logic so that the case is silent, as it is for other password-using auth mechanisms. Per complaint from Yoann La Cancellera. It's been like this for awhile, so back-patch to all supported branches. Discussion: https://postgr.es/m/CACP=ajbrFFYUrLyJBLV8=q+eNCapa1xDEyvXhMoYrNphs-xqPw@mail.gmail.com 05 November 2019, 19:27:38 UTC
9fb25fd Alvaro Herrera 04 November 2019, 18:50:57 UTC Change pg_restore -f- to dump to stdout instead of to ./- Starting with PostgreSQL 12, pg_restore refuses to run when neither -d nor -f are specified (c.f. commit 413ccaa74d9a), and it also makes "-f -" mean the old implicit behavior of dumping to stdout. However, older branches write to a file called ./- when invoked like that, making it impossible to write pg_restore scripts that work across versions. This is a partial backpatch of the aforementioned commit to all older supported branches, providing an upgrade path. Discussion: https://postgr.es/m/20191006190839.GE18030@telsasoft.com 05 November 2019, 12:57:35 UTC
da5cd7a Tom Lane 04 November 2019, 21:25:05 UTC Stabilize pg_dump output order for similarly-named triggers and policies. The code only compared two triggers' names and namespaces (the latter being the owning table's schema). This could result in falling back to an OID-based sort of similarly-named triggers on different tables. We prefer to avoid that, so add a comparison of the table names too. (The sort order is thus table namespace, trigger name, table name, which is a bit odd, but it doesn't seem worth contorting the code to work around that.) Likewise for policy objects, in 9.5 and up. Complaint and fix by Benjie Gillam. Back-patch to all supported branches. Discussion: https://postgr.es/m/CAMThMzEEt2mvBbPgCaZ1Ap1N-moGn=Edxmadddjq89WG4NpPtQ@mail.gmail.com 04 November 2019, 21:25:05 UTC
7ab7c5c Peter Eisentraut 04 November 2019, 08:54:47 UTC Catch invalid typlens in a couple of places Rearrange the logic in record_image_cmp() and record_image_eq() to error out on unexpected typlens (either not supported there or completely invalid due to corruption). Barring corruption, this is not possible today but it seems more future-proof and robust to fix this. Reported-by: Peter Geoghegan <pg@bowt.ie> 04 November 2019, 09:03:18 UTC
f88f720 Michael Paquier 01 November 2019, 13:39:09 UTC Fix race condition at backend exit when deleting element in syncrep queue When a backend exits, it gets deleted from the syncrep queue if present. The queue was checked without SyncRepLock taken in exclusive mode, so it would have been possible for a backend to remove itself after a WAL sender already did the job. Fix this issue based on a suggestion from Fujii Masao, by first checking the queue without the lock. Then, if the backend is present in the queue, take the lock and perform an additional lookup check before doing the element deletion. Author: Dongming Liu Reviewed-by: Kyotaro Horiguchi, Fujii Masao, Michael Paquier Discussion: https://postgr.es/m/a0806273-8bbb-43b3-bbe1-c45a58f6ae21.lingce.ldm@alibaba-inc.com Backpatch-through: 9.4 01 November 2019, 13:39:09 UTC
ddcc582 Tom Lane 26 October 2019, 21:37:20 UTC Fix pg_dump's handling of circular dependencies in views. This is a back-patch of the v10 commit d8c05aff5. The motivation for doing this now is that we received a complaint that a view with a circular dependency is dumped with an extra bogus command "ALTER TABLE ONLY myview REPLICA IDENTITY NOTHING", because pg_dump forgets that it's a view not a table, and the relreplident value stored for a view is that. So you'll get an error message during restore even if not using --clean; this would break pg_upgrade for example. While that could be handled with a one-line patch, it seems better to back-patch d8c05aff5, since that produces cleaner more future-proof output and fixes an additional bug. Per gripe from Alex Williams. Back-patch to 9.4-9.6 (even if 9.3 were still in support, it hasn't got REPLICA IDENTITY so no bug). Discussion: https://postgr.es/m/NFqxoEi7-8Rw9OW0f-GwHcjvS2I4YQXov4g9OoWv3i7lVOZdLWkAWl9jQQqwEaUq6WV0vdobromhW82e8y5I0_59yZTXcZnXsrmFuldlmZc=@protonmail.com Original commit message follows: pg_dump's traditional solution for breaking a circular dependency involving a view was to create the view with CREATE TABLE and then later issue CREATE RULE "_RETURN" ... to convert the table to a view, relying on the backend's very very ancient code that supports making views that way. We've wanted to get rid of that kluge for a long time, but the thing that finally motivates doing something about it is the recognition that this method fails with the --clean option, because it leads to issuing DROP RULE "_RETURN" followed by DROP TABLE --- and the backend won't let you drop a view's _RETURN rule. Instead, let's break circular dependencies by initially creating the view using CREATE VIEW AS SELECT NULL::columntype AS columnname, ... (so that it has the right column names and types to support external references, but no dependencies beyond the column data types), and then later dumping the ON SELECT rule using the spelling CREATE OR REPLACE VIEW. This method wasn't available when this code was originally written, but it's been possible since PG 7.3, so it seems fine to start relying on it now. To solve the --clean problem, make the dropStmt for an ON SELECT rule be CREATE OR REPLACE VIEW with the same dummy target list as above. In this way, during the DROP phase, we first reduce the view to have no extra dependencies, and then we can drop it entirely when we've gotten rid of whatever had a circular dependency on it. (Note: this should work adequately well with the --if-exists option, since the CREATE OR REPLACE VIEW will go through whether the view exists or not. It could fail if the view exists with a conflicting column set, but we don't really support --clean against a non-matching database anyway.) This allows cleaning up some other kluges inside pg_dump, notably that we don't need a notion of reloptions attached to a rule anymore. Although this is a bug fix, commit to HEAD only for now. The problem's existed for a long time and we've had relatively few complaints, so it doesn't really seem worth taking risks to fix it in the back branches. We might revisit that choice if no problems emerge. Discussion: <19092.1479325184@sss.pgh.pa.us> 26 October 2019, 21:37:20 UTC
7db3651 Bruce Momjian 24 October 2019, 00:29:02 UTC docs: fix wording of REFRESH CONCURRENTLY manual page Reported-by: Asim / apraveen@pivotal.io Discussion: https://postgr.es/m/157076828181.26165.15231292023740913543@wrigleys.postgresql.org Backpatch-through: 9.4 24 October 2019, 00:29:02 UTC
02f7f24 Michael Paquier 23 October 2019, 01:26:28 UTC Clean up properly error_context_stack in autovacuum worker on exception Any callback set would have no meaning in the context of an exception. As an autovacuum worker exits quickly in this context, this could be only an issue within EmitErrorReport(), where the elog hook is for example called. That's unlikely to going to be a problem, but let's be clean and consistent with other code paths handling exceptions. This is present since 2909419, which introduced autovacuum. Author: Ashwin Agrawal Reviewed-by: Tom Lane, Michael Paquier Discussion: https://postgr.es/m/CALfoeisM+_+dgmAdAOHAu0k-ZpEHHqSSG=GRf3pKJGm8OqWX0w@mail.gmail.com Backpatch-through: 9.4 23 October 2019, 01:26:28 UTC
fedcab3 Tom Lane 21 October 2019, 18:18:01 UTC Deal with yet another issue related to "Norwegian (Bokmål)" locale. It emerges that recent versions of Windows (at least 2016 Standard) spell this locale name as "Norwegian Bokmål_Norway.1252", defeating our mapping code that translates "Norwegian (Bokmål)_Norway" to something that's all-ASCII (cf commits db29620d4 and aa1d2fc5e). Add another mapping entry to handle this spelling. Per bug #16068 from Robert Ford. Like the previous patches, back-patch to all supported branches. Discussion: https://postgr.es/m/16068-4cb6eeaa7eb46d93@postgresql.org 21 October 2019, 18:19:03 UTC
6d2b18d Tom Lane 21 October 2019, 17:52:26 UTC Use CFLAGS_SL while probing linkability of libperl. On recent Red Hat platforms (at least RHEL 8 and Fedora 30, maybe older), configure's probe for libperl failed if the user forces CFLAGS to be -O0. This is because some code in perl's inline.h fails to be optimized away at -O0, and said code doesn't work if compiled without -fPIC. To fix, add CFLAGS_SL to the compile flags used during the libperl probe. This is a better simulation of the way that plperl is built, anyway, so it might forestall other issues in future. Per gripe from Kyotaro Horiguchi. Back-patch to all supported branches, since people might want to build older branches on these platforms. Discussion: https://postgr.es/m/20191010.144533.263180400.horikyota.ntt@gmail.com 21 October 2019, 17:52:26 UTC
727c2cc Tom Lane 21 October 2019, 16:32:36 UTC Select CFLAGS_SL at configure time, not in platform-specific Makefiles. Move the platform-dependent logic that sets CFLAGS_SL from src/makefiles/Makefile.foo to src/template/foo, so that the value is determined at configure time and thus is available while running configure's tests. On a couple of platforms this might save a few microseconds of build time by eliminating a test that make otherwise has to do over and over. Otherwise it's pretty much a wash for build purposes; in particular, this makes no difference to anyone who might be overriding CFLAGS_SL via a make option. This patch in itself does nothing with the value and thus should not change any behavior, though you'll probably have to re-run configure to get a correctly updated Makefile.global. We'll use the new configure variable in a follow-on patch. Per gripe from Kyotaro Horiguchi. Back-patch to all supported branches, because the follow-on patch is a portability bug fix. Discussion: https://postgr.es/m/20191010.144533.263180400.horikyota.ntt@gmail.com 21 October 2019, 16:32:36 UTC
930787c Noah Misch 19 October 2019, 03:20:28 UTC For PowerPC instruction "addi", use constraint "b". Without "b", a variant of the tas() code miscompiles on macOS 10.4. This may also fix a compilation failure involving macOS 10.1. Today's compilers have been allocating acceptable registers with or without this change, but this future-proofs the code by precisely conveying the acceptable registers. Back-patch to 9.4 (all supported versions). Reviewed by Tom Lane. Discussion: https://postgr.es/m/20191009063900.GA4066266@rfd.leadboat.com 19 October 2019, 03:20:33 UTC
14c5918 Fujii Masao 18 October 2019, 13:32:18 UTC Fix failure of archive recovery with recovery_min_apply_delay enabled. recovery_min_apply_delay parameter is intended for use with streaming replication deployments. However, the document clearly explains that the parameter will be honored in all cases if it's specified. So it should take effect even if in archive recovery. But, previously, archive recovery with recovery_min_apply_delay enabled always failed, and caused assertion failure if --enable-caasert is enabled. The cause of this problem is that; the ownership of recoveryWakeupLatch that recovery_min_apply_delay uses was taken only when standby mode is requested. So unowned latch could be used in archive recovery, and which caused the failure. This commit changes recovery code so that the ownership of recoveryWakeupLatch is taken even in archive recovery. Which prevents archive recovery with recovery_min_apply_delay from failing. Back-patch to v9.4 where recovery_min_apply_delay was added. Author: Fujii Masao Reviewed-by: Michael Paquier Discussion: https://postgr.es/m/CAHGQGwEyD6HdZLfdWc+95g=VQFPR4zQL4n+yHxQgGEGjaSVheQ@mail.gmail.com 18 October 2019, 13:35:52 UTC
abd5071 Alvaro Herrera 17 October 2019, 13:06:05 UTC Fix minor bug in logical-replication walsender shutdown Logical walsender should exit when it catches up with sending WAL during shutdown; but there was a rare corner case when it failed to because of a race condition that puts it back to wait for more WAL instead -- but since there wasn't any, it'd not shut down immediately. It would only continue the shutdown when wal_sender_timeout terminates the sleep, which causes annoying waits during shutdown procedure. Restructure the code so that we no longer forget to set WalSndCaughtUp in that case. This was an oversight in commit c6c333436. Backpatch all the way down to 9.4. Author: Craig Ringer, Álvaro Herrera Discussion: https://postgr.es/m/CAMsr+YEuz4XwZX_QmnX_-2530XhyAmnK=zCmicEnq1vLr0aZ-g@mail.gmail.com 17 October 2019, 13:06:05 UTC
080cf32 Thomas Munro 16 October 2019, 20:59:21 UTC Fix bug that could try to freeze running multixacts. Commits 801c2dc7 and 801c2dc7 made it possible for vacuum to try to freeze a multixact that is still running. That was prevented by a check, but raised an error. Repair. Back-patch all the way. Author: Nathan Bossart, Jeremy Schneider Reported-by: Jeremy Schneider Reviewed-by: Jim Nasby, Thomas Munro Discussion: https://postgr.es/m/DAFB8AFF-2F05-4E33-AD7F-FF8B0F760C17%40amazon.com 16 October 2019, 21:14:51 UTC
bc3a94d Tomas Vondra 16 October 2019, 14:08:40 UTC Add missing include to pg_upgrade/version.c Commit 8d48e6a724 uses RELKIND_ constants when building the query, but did not include the header defining them. On 10+ this header is already included, but on 9.6 and earlier it was missing. It compiles just fine, but then fails during execution ERROR: column "relkind_relation" does not exist Fix by adding the necessary header file, and backpatch to 9.4-. Backpatch-to: 9.4- Discussion: https://postgr.es/m/16045-673e8fa6b5ace196%40postgresql.org 16 October 2019, 14:28:48 UTC
235a52c Tomas Vondra 16 October 2019, 11:31:00 UTC Improve the check for pg_catalog.line data type in pg_upgrade The pg_upgrade check for pg_catalog.line data type when upgrading from 9.3 had a couple of issues with domains and composite types. Firstly, it triggered false positives for composite types unused in objects with storage. This was enough to trigger an unnecessary pg_upgrade failure: CREATE TYPE line_composite AS (l pg_catalog.line) On the other hand, this only happened with composite types directly on the pg_catalog.line data type, but not with a domain. So this was not detected CREATE DOMAIN line_domain AS pg_catalog.line; CREATE TYPE line_composite_2 AS (l line_domain); unlike the first example. These false positives and inconsistencies are unfortunate, but what's worse we've failed to detected objects using the pg_catalog.line data type through a domain. So we missed cases like this CREATE TABLE t (l line_composite_2); The consequence is clusters broken after a pg_upgrade. This fixes these false positives and false negatives by using the same recursive CTE introduced by eaf900e842 for sql_identifier. 9.3 did not support domains on composite types, but we can still have multi-level composite types. Backpatch all the way to 9.4, where the format for pg_catalog.line data type changed. Author: Tomas Vondra Backpatch-to: 9.4- Discussion: https://postgr.es/m/16045-673e8fa6b5ace196%40postgresql.org 16 October 2019, 11:31:00 UTC
back to top