| df4b86a | Marc G. Fournier | 10 December 2009, 03:26:04 UTC | tag 7.4.27 | 10 December 2009, 03:26:04 UTC |
| 1b4f16b | Tom Lane | 10 December 2009, 00:32:06 UTC | Update release notes for releases 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, 7.4.27. | 10 December 2009, 00:32:06 UTC |
| 9d97bb7 | Tom Lane | 09 December 2009, 21:59:07 UTC | Prevent indirect security attacks via changing session-local state within an allegedly immutable index function. It was previously recognized that we had to prevent such a function from executing SET/RESET ROLE/SESSION AUTHORIZATION, or it could trivially obtain the privileges of the session user. However, since there is in general no privilege checking for changes of session-local state, it is also possible for such a function to change settings in a way that might subvert later operations in the same session. Examples include changing search_path to cause an unexpected function to be called, or replacing an existing prepared statement with another one that will execute a function of the attacker's choosing. The present patch secures VACUUM, ANALYZE, and CREATE INDEX/REINDEX against these threats, which are the same places previously deemed to need protection against the SET ROLE issue. GUC changes are still allowed, since there are many useful cases for that, but we prevent security problems by forcing a rollback of any GUC change after completing the operation. Other cases are handled by throwing an error if any change is attempted; these include temp table creation, closing a cursor, and creating or deleting a prepared statement. (In 7.4, the infrastructure to roll back GUC changes doesn't exist, so we settle for rejecting changes of "search_path" in these contexts.) Original report and patch by Gurjeet Singh, additional analysis by Tom Lane. Security: CVE-2009-4136 | 09 December 2009, 21:59:07 UTC |
| 5293cc8 | Magnus Hagander | 09 December 2009, 06:37:09 UTC | Reject certificates with embedded NULLs in the commonName field. This stops attacks where an attacker would put <attack>\0<propername> in the field and trick the validation code that the certificate was for <attack>. This is a very low risk attack since it reuqires the attacker to trick the CA into issuing a certificate with an incorrect field, and the common PostgreSQL deployments are with private CAs, and not external ones. Also, default mode in 8.4 does not do any name validation, and is thus also not vulnerable - but the higher security modes are. Backpatch all the way. Even though versions 8.3.x and before didn't have certificate name validation support, they still exposed this field for the user to perform the validation in the application code, and there is no way to detect this problem through that API. Security: CVE-2009-4034 | 09 December 2009, 06:37:09 UTC |
| 32eb482 | Peter Eisentraut | 08 December 2009, 21:54:26 UTC | Translation updates | 08 December 2009, 21:54:26 UTC |
| 8fa5419 | Tom Lane | 02 December 2009, 17:42:02 UTC | Ignore attempts to set "application_name" in the connection startup packet. This avoids a useless connection retry and complaint in the postmaster log when receiving a connection from 8.5 or later libpq. Backpatch in all supported branches, but of course *not* HEAD. | 02 December 2009, 17:42:02 UTC |
| b88ad6e | Alvaro Herrera | 10 November 2009, 18:01:46 UTC | Fix longstanding problems in VACUUM caused by untimely interruptions In VACUUM FULL, an interrupt after the initial transaction has been recorded as committed can cause postmaster to restart with the following error message: PANIC: cannot abort transaction NNNN, it was already committed This problem has been reported many times. In lazy VACUUM, an interrupt after the table has been truncated by lazy_truncate_heap causes other backends' relcache to still point to the removed pages; this can cause future INSERT and UPDATE queries to error out with the following error message: could not read block XX of relation 1663/NNN/MMMM: read only 0 of 8192 bytes The window to this race condition is extremely narrow, but it has been seen in the wild involving a cancelled autovacuum process. The solution for both problems is to inhibit interrupts in both operations until after the respective transactions have been committed. It's not a complete solution, because the transaction could theoretically be aborted by some other error, but at least fixes the most common causes of both problems. | 10 November 2009, 18:01:46 UTC |
| 7c0e804 | Tom Lane | 30 October 2009, 20:59:23 UTC | Make the overflow guards in ExecChooseHashTableSize be more protective. The original coding ensured nbuckets and nbatch didn't exceed INT_MAX, which while not insane on its own terms did nothing to protect subsequent code like "palloc(nbatch * sizeof(BufFile *))". Since enormous join size estimates might well be planner error rather than reality, it seems best to constrain the initial sizes to be not more than work_mem/sizeof(pointer), thus ensuring the allocated arrays don't exceed work_mem. We will allow nbatch to get bigger than that during subsequent ExecHashIncreaseNumBatches calls, but we should still guard against integer overflow in those palloc requests. Per bug #5145 from Bernt Marius Johnsen. Although the given test case only seems to fail back to 8.2, previous releases have variants of this issue, so patch all supported branches. | 30 October 2009, 20:59:23 UTC |
| 4ce8236 | Tom Lane | 16 October 2009, 22:09:16 UTC | Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message. Instead, deal with however many messages there are, and don't throw error for PAM_ERROR_MSG and PAM_TEXT_INFO messages. This logic is borrowed from openssh 5.2p1, which hopefully has seen more real-world PAM usage than we have. Per bug #5121 from Ryan Douglas, which turned out to be caused by the conv_proc being called with zero messages. Apparently that is normal behavior given the combination of Linux pam_krb5 with MS Active Directory as the domain controller. Patch all the way back, since this code has been essentially untouched since 7.4. (Surprising we've not heard complaints before.) | 16 October 2009, 22:09:16 UTC |
| f0e9229 | Heikki Linnakangas | 08 October 2009, 04:47:06 UTC | Fix off-by-one bug in bitncmp(): When comparing a number of bits divisible by 8, bitncmp() may dereference a pointer one byte out of bounds. Chris Mikkelson (bug #5101) | 08 October 2009, 04:47:06 UTC |
| 693cebf | Tom Lane | 26 September 2009, 18:25:35 UTC | Fix RelationCacheInitializePhase2 (Phase3, in HEAD) to cope with the possibility of shared-inval messages causing a relcache flush while it tries to fill in missing data in preloaded relcache entries. There are actually two distinct failure modes here: 1. The flush could delete the next-to-be-processed cache entry, causing the subsequent hash_seq_search calls to go off into the weeds. This is the problem reported by Michael Brown, and I believe it also accounts for bug #5074. The simplest fix is to restart the hashtable scan after we've read any new data from the catalogs. It appears that pre-8.4 branches have not suffered from this failure, because by chance there were no other catalogs sharing the same hash chains with the catalogs that RelationCacheInitializePhase2 had work to do for. However that's obviously pretty fragile, and it seems possible that derivative versions with additional system catalogs might be vulnerable, so I'm back-patching this part of the fix anyway. 2. The flush could delete the *current* cache entry, in which case the pointer to the newly-loaded data would end up being stored into an already-deleted Relation struct. As long as it was still deleted, the only consequence would be some leaked space in CacheMemoryContext. But it seems possible that the Relation struct could already have been recycled, in which case this represents a hard-to-reproduce clobber of cached data structures, with unforeseeable consequences. The fix here is to pin the entry while we work on it. In passing, also change RelationCacheInitializePhase2 to Assert that formrdesc() set up the relation's cached TupleDesc (rd_att) with the correct type OID and hasoids values. This is more appropriate than silently updating the values, because the original tupdesc might already have been copied into the catcache. However this part of the patch is not in HEAD because it fails due to some questionable recent changes in formrdesc :-(. That will be cleaned up in a subsequent patch. | 26 September 2009, 18:25:35 UTC |
| b8218dc | Tom Lane | 08 September 2009, 04:26:17 UTC | Remove outside-the-scanner references to "yyleng". It seems the flex developers have decided to change yyleng from int to size_t. This has already happened in the latest release of OS X, and will start happening elsewhere once the next release of flex appears. Rather than trying to divine how it's declared in any particular build, let's just remove the one existing not-very-necessary external usage. Back-patch to all supported branches; not so much because users in the field are likely to care about building old branches with cutting-edge flex, as to keep OSX-based buildfarm members from having problems with old branches. | 08 September 2009, 04:26:17 UTC |
| ef31ff1 | Marc G. Fournier | 04 September 2009, 05:33:18 UTC | Tag 7.4.26 | 04 September 2009, 05:33:18 UTC |
| 02a87f1 | Tom Lane | 03 September 2009, 22:14:41 UTC | Final updates of release notes for 8.4.1, 8.3.8, 8.2.14, 8.1.18, 8.0.22, 7.4.26. | 03 September 2009, 22:14:41 UTC |
| fd28d83 | Tom Lane | 03 September 2009, 22:09:06 UTC | Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer functions. This extends the previous patch that forbade SETting these variables inside security-definer functions. RESET is equally a security hole, since it would allow regaining privileges of the caller; furthermore it can trigger Assert failures and perhaps other internal errors, since the code is not expecting these variables to change in such contexts. The previous patch did not cover this case because assign hooks don't really have enough information, so move the responsibility for preventing this into guc.c. Problem discovered by Heikki Linnakangas. Security: no CVE assigned yet, extends CVE-2007-6600 | 03 September 2009, 22:09:06 UTC |
| 8422728 | Peter Eisentraut | 03 September 2009, 18:49:05 UTC | Translation updates | 03 September 2009, 18:49:05 UTC |
| 199c6d5 | Peter Eisentraut | 02 September 2009, 13:23:13 UTC | Improve picksplit debug message Missed this earlier because the translation site was broken for the 7.4 branch. | 02 September 2009, 13:23:13 UTC |
| 322404c | Bruce Momjian | 27 August 2009, 01:26:40 UTC | Update release notes for 7.4.26, 8.0.22, 8.1.18, 8.2.14, 8.3.8, 8.4.1. | 27 August 2009, 01:26:40 UTC |
| deab233 | Tom Lane | 24 August 2009, 16:18:49 UTC | Fix inclusions of readline/editline header files so that we only attempt to #include the version of history.h that is in the same directory as the readline.h we are using. This avoids problems in some scenarios where both readline and editline are installed. Report and patch by Zdenek Kotala. | 24 August 2009, 16:18:49 UTC |
| 2e78dc8 | Tom Lane | 18 August 2009, 21:23:58 UTC | Fix overflow for INTERVAL 'x ms' where x is more than a couple million, and integer datetimes are in use. Per bug report from Hubert Depesz Lubaczewski. Alex Hunsaker | 18 August 2009, 21:23:58 UTC |
| c5b758b | Andrew Dunstan | 10 August 2009, 02:39:09 UTC | Re-add documentation for --no-readline option of psql, mistakenly removed a decade ago. Backpatch to release 7.4. | 10 August 2009, 02:39:09 UTC |
| 6119329 | Tom Lane | 07 August 2009, 20:16:49 UTC | Try to defend against the possibility that libpq is still in COPY_IN state when we reach the post-COPY "pump it dry" error recovery code that was added 2006-11-24. Per a report from Neil Best, there is at least one code path in which this occurs, leading to an infinite loop in code that's supposed to be making it more robust not less so. A reasonable response seems to be to call PQputCopyEnd() again, so let's try that. Back-patch to all versions that contain the cleanup loop. | 07 August 2009, 20:16:49 UTC |
| 34f662d | Tom Lane | 23 June 2009, 16:25:35 UTC | Fix an ancient error in dist_ps (distance from point to line segment), which a number of other geometric operators also depend on. It miscalculated the slope of the perpendicular to the given line segment anytime that slope was other than 0, infinite, or +/-1. In some cases the error would be masked because the true closest point on the line segment was one of its endpoints rather than the intersection point, but in other cases it could give an arbitrarily bad answer. Per bug #4872 from Nick Roosevelt. Bug goes clear back to Berkeley days, so patch all supported branches. Make a couple of cosmetic adjustments while at it. | 23 June 2009, 16:25:35 UTC |
| b99bb3b | Tom Lane | 10 June 2009, 16:32:02 UTC | Fix cash_in() to behave properly in locales where frac_digits is zero, eg Japan. Report and fix by Itagaki Takahiro. Also fix CASHDEBUG printout format for branches with 64-bit money type, and some minor comment cleanup. Back-patch to 7.4, because it's broken all the way back. | 10 June 2009, 16:32:02 UTC |
| bc4df3b | Andrew Dunstan | 05 June 2009, 20:33:59 UTC | Adjust recent PERL_SYS_INIT3 call to avoid platforms where it might fail, and to remove compilation warning. Backpatch the release 7.4 | 05 June 2009, 20:33:59 UTC |
| d68475e | Andrew Dunstan | 04 June 2009, 16:01:23 UTC | Initialise perl library as documented in perl API. Backpatch to release 7.4. | 04 June 2009, 16:01:23 UTC |
| f16cd6e | Tom Lane | 02 May 2009, 20:18:21 UTC | Split the release notes into a separate file for each (active) major branch, as per my recent proposal. release.sgml itself is now just a stub that should change rarely; ideally, only once per major release to add a new include line. Most editing work will occur in the release-N.N.sgml files. To update a back branch for a minor release, just copy the appropriate release-N.N.sgml file(s) into the back branch. This commit doesn't change the end-product documentation at all, only the source layout. However, it makes it easy to start omitting ancient information from newer branches' documentation, should we ever decide to do that. | 02 May 2009, 20:18:21 UTC |
| 2a0f7d1 | Tom Lane | 01 May 2009, 19:29:42 UTC | When checking for datetime field overflow, we should allow a fractional-second part that rounds up to exactly 1.0 second. The previous coding rejected input like "00:12:57.9999999999999999999999999999", with the exact number of nines needed to cause failure varying depending on float-timestamp option and possibly on platform. Obviously this should round up to the next integral second, if we don't have enough precision to distinguish the value from that. Per bug #4789 from Robert Kruus. In passing, fix a missed check for fractional seconds in one copy of the "is it greater than 24:00:00" code. Broken all the way back, so patch all the way back. | 01 May 2009, 19:29:42 UTC |
| 9af91a5 | Tom Lane | 25 April 2009, 16:45:34 UTC | Fix the handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function. By definition, such a sub-SELECT cannot reference any variables of query levels between itself and the aggregate's semantic level (else the aggregate would've been assigned to that lower level instead). So the correct, most efficient implementation is to treat the sub-SELECT as being a sub-select of that outer query level, not the level the aggregate syntactically appears in. Not doing so also confuses the heck out of our parameter-passing logic, as illustrated in bug report from Daniel Grace. Fortunately, we were already copying the whole Aggref expression up to the outer query level, so all that's needed is to delay SS_process_sublinks processing of the sub-SELECT until control returns to the outer level. This has been broken since we introduced spec-compliant treatment of outer aggregates in 7.4; so patch all the way back. | 25 April 2009, 16:45:34 UTC |
| 41a74fa | Bruce Momjian | 25 April 2009, 15:53:26 UTC | Remove HELIOS Software GmbH name and copyright from AIX dynloader files, per approval from Helmut Tschemernjak, President. Only back branches; files removed from CVS HEAD. | 25 April 2009, 15:53:26 UTC |
| 65face6 | Magnus Hagander | 15 April 2009, 18:58:26 UTC | Remove beer-ware license from crypt-md5.c, per approval from Poul-Henning Kamp. This makes the file the same standard 2-clause BSD as the rest of PostgreSQL. | 15 April 2009, 18:58:26 UTC |
| ca1316d | Teodor Sigaev | 07 April 2009, 17:49:40 UTC | Fix 'all at one page bug' in picksplit method of R-tree emulation. Add defense from buggy user-defined picksplit to GiST. | 07 April 2009, 17:49:40 UTC |
| 1b40567 | Tom Lane | 07 April 2009, 15:54:30 UTC | Defend against non-ASCII letters in fuzzystrmatch code. The functions still don't behave very sanely for multibyte encodings, but at least they won't be indexing off the ends of static arrays. | 07 April 2009, 15:54:30 UTC |
| 7ca0bae | Tom Lane | 04 April 2009, 04:54:07 UTC | Rewrite interval_hash() so that the hashcodes are equal for values that interval_eq() considers equal. I'm not sure how that fundamental requirement escaped us through multiple revisions of this hash function, but there it is; it's been wrong since interval_hash was first written for PG 7.1. Per bug #4748 from Roman Kononov. Backpatch to all supported releases. This patch changes the contents of hash indexes for interval columns. That's no particular problem for PG 8.4, since we've broken on-disk compatibility of hash indexes already; but it will require a migration warning note in the next minor releases of all existing branches: "if you have any hash indexes on columns of type interval, REINDEX them after updating". | 04 April 2009, 04:54:07 UTC |
| ed00200 | Tom Lane | 31 March 2009, 22:56:28 UTC | Fix contrib/pgstattuple and contrib/pageinspect to prevent attempts to read temporary tables of other sessions; that is unsafe because of the way our buffer management works. Per report from Stuart Bishop. This is redundant with the bufmgr.c checks in HEAD, but not at all redundant in the back branches. | 31 March 2009, 22:56:28 UTC |
| e3c0d67 | Marc G. Fournier | 13 March 2009, 02:39:42 UTC | tag 7.4.25 | 13 March 2009, 02:39:42 UTC |
| dbb6d2f | Tom Lane | 12 March 2009, 22:36:46 UTC | Update back-branch release notes. | 12 March 2009, 22:36:46 UTC |
| aff86a8 | Tom Lane | 12 March 2009, 00:54:04 UTC | Fix core dump due to null-pointer dereference in to_char() when datetime format codes are misapplied to a numeric argument. (The code still produces a pretty bogus error message in such cases, but I'll settle for stopping the crash for now.) Per bug #4700 from Sergey Burladyan. Problem exists in all supported branches, so patch all the way back. In HEAD, also clean up some ugly coding in the nearby cache management code. | 12 March 2009, 00:54:04 UTC |
| cb5a81b | Heikki Linnakangas | 05 March 2009, 14:29:26 UTC | Add MUST (Mauritius Island Summer Time) to the list of known abbreviations. Mauritius began using DST in the summer 2008-2009; the Olson library has been updated already. Xavier Bugaud | 05 March 2009, 14:29:26 UTC |
| 4c13245 | Tom Lane | 04 March 2009, 22:08:53 UTC | Put back our old workaround for machines that declare cbrt() in math.h but fail to provide the function itself. Not sure how we escaped testing anything later than 7.3 on such cases, but they still exist, as per André Volpato's report about AIX 5.3. | 04 March 2009, 22:08:53 UTC |
| 80be605 | Tom Lane | 03 March 2009, 00:17:44 UTC | Ooops ... fix some confusion between gettext() and _() in my previous patch. This has moved around in past releases, so just copying-and-pasting from HEAD didn't work as intended. | 03 March 2009, 00:17:44 UTC |
| 1f3832b | Tom Lane | 02 March 2009, 21:19:23 UTC | When we are in error recursion trouble, arrange to suppress translation and encoding conversion of any elog/ereport message being sent to the frontend. This generalizes a patch that I put in last October, which suppressed translation of only specific messages known to be associated with recursive can't-translate-the-message behavior. As shown in bug #4680, we need a more general answer in order to have some hope of coping with broken encoding conversion setups. This approach seems a good deal less klugy anyway. Patch in all supported branches. | 02 March 2009, 21:19:23 UTC |
| 5156266 | Tom Lane | 28 February 2009, 18:50:25 UTC | Fix buffer allocations in encoding conversion routines so that they won't fail on zero-length inputs. This isn't an issue in normal use because the conversion infrastructure skips calling the converters for empty strings. However a problem was created by yesterday's patch to check whether the right conversion function is supplied in CREATE CONVERSION. The most future-proof fix seems to be to make the converters safe for this corner case. | 28 February 2009, 18:50:25 UTC |
| 17485e5 | Heikki Linnakangas | 27 February 2009, 16:35:53 UTC | In CREATE CONVERSION, test that the given function is a valid conversion function for the specified source and destination encodings. We do that by calling the function with an empty string. If it can't perform the requested conversion, it will throw an error. Backport to 7.4 - 8.3. Per bug report #4680 by Denis Afonin. | 27 February 2009, 16:35:53 UTC |
| cedefbd | Marc G. Fournier | 30 January 2009, 03:54:33 UTC | tag 7.4.24 | 30 January 2009, 03:54:33 UTC |
| fc39a00 | Tom Lane | 30 January 2009, 00:38:26 UTC | Update back-branch release notes. | 30 January 2009, 00:38:26 UTC |
| ef8074d | Peter Eisentraut | 29 January 2009, 22:02:17 UTC | Translation updates | 29 January 2009, 22:02:17 UTC |
| 2011250 | Tom Lane | 29 January 2009, 19:25:15 UTC | Replace argument-checking Asserts with regular test-and-elog checks in all encoding conversion functions. These are not can't-happen cases because it's possible to create a conversion with the wrong conversion function for the specified encoding pair. That would lead to an Assert crash in an Assert-enabled build, or incorrect conversion otherwise, neither of which is desirable. This would be a DOS issue if production databases were customarily built with asserts enabled, but fortunately that's not so. Per an observation by Heikki. Back-patch to all supported branches. | 29 January 2009, 19:25:15 UTC |
| d8b324e | Magnus Hagander | 28 January 2009, 15:06:48 UTC | Go over all OpenSSL return values and make sure we compare them to the documented API value. The previous code got it right as it's implemented, but accepted too much/too little compared to the API documentation. Per comment from Zdenek Kotala. | 28 January 2009, 15:06:48 UTC |
| d01bcba | Teodor Sigaev | 16 January 2009, 12:10:34 UTC | Fix uninitialized variables in get_covers | 16 January 2009, 12:10:34 UTC |
| e0408ba | Teodor Sigaev | 15 January 2009, 18:30:10 UTC | Fix URL generation in headline. Only tag lexeme will be replaced by space. Per http://archives.postgresql.org/pgsql-bugs/2008-12/msg00013.php | 15 January 2009, 18:30:10 UTC |
| f58cccb | Teodor Sigaev | 15 January 2009, 18:29:47 UTC | Fix generation of too long headline with ShortWords. Per http://archives.postgresql.org/pgsql-hackers/2008-09/msg01088.php | 15 January 2009, 18:29:47 UTC |
| b379d53 | Alvaro Herrera | 13 January 2009, 15:28:42 UTC | Backpatch to 7.4 the part of 1.84 (from the 8.0 timeline) that wasn't already patched, viz. str_numth(). The rest of that patch was already applied as part of 1.69.2.1. Per report and patch from Andreas 'ads' Scherbaum. The involved revisions were: revision 1.84 date: 2005-01-12 22:40:13 -0300; author: tgl; state: Exp; lines: +9 -7; branches: 1.84.4; Remove unportable assumption that it's okay to use the target buffer of an sprintf() as a source string. Demonstrably does not work with recent gcc and/or glibc on some platforms. and revision 1.69.2.1 date: 2005-03-25 20:42:21 -0400; author: tgl; state: Exp; lines: +24 -8; Prevent to_char(interval) from dumping core on month-related formats when a zero-month interval is given. Per discussion with Karel. | 13 January 2009, 15:28:42 UTC |
| e3a4d5c | Tom Lane | 06 January 2009, 17:28:15 UTC | Remove references to pgsql-ports and pgsql-patches mailing lists from various documentation, since those lists are now dead/deprecated. Point to pgsql-bugs and/or pgsql-hackers as appropriate. | 06 January 2009, 17:28:15 UTC |
| 4d79a50 | Heikki Linnakangas | 06 January 2009, 14:56:13 UTC | Fix logic in lazy vacuum to decide if it's worth trying to truncate the heap. If the table was smaller than REL_TRUNCATE_FRACTION (= 16) pages, we always tried to acquire AccessExclusiveLock on it even if there was no empty pages at the end. Report by Simon Riggs. Back-patch all the way to 7.4. | 06 January 2009, 14:56:13 UTC |
| 31f6cfb | Marc G. Fournier | 31 October 2008, 03:15:21 UTC | tag 7.4.23 | 31 October 2008, 03:15:21 UTC |
| ef15b87 | Tom Lane | 30 October 2008, 22:23:39 UTC | Update back-branch release notes. | 30 October 2008, 22:23:39 UTC |
| 3b5767c | Peter Eisentraut | 30 October 2008, 19:19:35 UTC | Translation updates | 30 October 2008, 19:19:35 UTC |
| 771374b | Tom Lane | 27 October 2008, 19:37:56 UTC | Install a more robust solution for the problem of infinite error-processing recursion when we are unable to convert a localized error message to the client's encoding. We've been over this ground before, but as reported by Ibrar Ahmed, it still didn't work in the case of conversion failures for the conversion-failure message itself :-(. Fix by installing a "circuit breaker" that disables attempts to localize this message once we get into recursion trouble. Patch all supported branches, because it is in fact broken in all of them; though I had to add some missing translations to the older branches in order to expose the failure in the particular test case I was using. | 27 October 2008, 19:37:56 UTC |
| ca2ecbd | Teodor Sigaev | 17 October 2008, 17:44:15 UTC | Fix small bug in headline generation. Patch from Sushant Sinha <sushant354@gmail.com> http://archives.postgresql.org/pgsql-hackers/2008-07/msg00785.php | 17 October 2008, 17:44:15 UTC |
| 6b969fa | Tom Lane | 16 October 2008, 13:23:57 UTC | Fix SPI_getvalue and SPI_getbinval to range-check the given attribute number according to the TupleDesc's natts, not the number of physical columns in the tuple. The previous coding would do the wrong thing in cases where natts is different from the tuple's column count: either incorrectly report error when it should just treat the column as null, or actually crash due to indexing off the end of the TupleDesc's attribute array. (The second case is probably not possible in modern PG versions, due to more careful handling of inheritance cases than we once had. But it's still a clear lack of robustness here.) The incorrect error indication is ignored by all callers within the core PG distribution, so this bug has no symptoms visible within the core code, but it might well be an issue for add-on packages. So patch all the way back. | 16 October 2008, 13:23:57 UTC |
| 74f7c8e | Michael Meskes | 10 October 2008, 12:19:03 UTC | Optional argument should be optional. | 10 October 2008, 12:19:03 UTC |
| c15b9a5 | Tom Lane | 02 October 2008, 13:48:12 UTC | Fix improper display of fractional seconds in interval values when using --enable-integer-datetimes and a non-ISO datestyle. Ron Mayer | 02 October 2008, 13:48:12 UTC |
| b304b86 | Marc G. Fournier | 19 September 2008, 03:30:27 UTC | tag for 7.4.22 | 19 September 2008, 03:30:27 UTC |
| ff1c15e | Tom Lane | 19 September 2008, 02:46:08 UTC | Update back-branch release notes. | 19 September 2008, 02:46:08 UTC |
| d32b17a | Tom Lane | 26 August 2008, 00:03:52 UTC | Fix pg_dump docs to acknowledge that you can use -Z with plain text output. Pointed out by Daniel Migowski. | 26 August 2008, 00:03:52 UTC |
| 7eb9f61 | Tom Lane | 16 August 2008, 02:25:38 UTC | Fix pg_dump/pg_restore's ExecuteSqlCommand() to behave suitably if PQexec returns NULL instead of a PGresult. The former coding would fail, which is OK, but it neglected to give you the PQerrorMessage that might tell you why. In the oldest branches, there was another problem: it'd sometimes report PQerrorMessage from the wrong connection. | 16 August 2008, 02:25:38 UTC |
| 45b8e6e | Tom Lane | 05 August 2008, 21:29:01 UTC | Do not allow Unique nodes to be scanned backwards. The code claimed that it would work, but in fact it didn't return the same rows when moving backwards as when moving forwards. This would have no visible effect in a DISTINCT query (at least assuming the column datatypes use a strong definition of equality), but it gave entirely wrong answers for DISTINCT ON queries. | 05 August 2008, 21:29:01 UTC |
| 20c20df | Tom Lane | 08 July 2008, 22:18:18 UTC | Fix performance bug in write_syslog(): the code to preferentially break the log message at newlines cost O(N^2) for very long messages with few or no newlines. For messages in the megabyte range this became the dominant cost. Per gripe from Achilleas Mantzios. Patch all the way back, since this is a safe change with no portability risks. I am also thinking of increasing PG_SYSLOG_LIMIT, but that should be done separately. | 08 July 2008, 22:18:18 UTC |
| 99772d6 | Tom Lane | 07 July 2008, 20:25:40 UTC | Fix estimate_num_groups() to assume that GROUP BY expressions yielding boolean results always contribute two groups, regardless of the expression contents. This is very substantially more accurate than the regular heuristic for certain boolean tests like "col IS NULL". Per gripe from Sam Mason. Back-patch to all supported releases, since the behavior of estimate_num_groups() hasn't changed all that much since 7.4. | 07 July 2008, 20:25:40 UTC |
| 2e09f53 | Tom Lane | 10 June 2008, 18:09:26 UTC | Create a script to handle stamping release version numbers into files, replacing the tedious and error-prone manual process we've been using. | 10 June 2008, 18:09:26 UTC |
| 0c423f0 | Tom Lane | 09 June 2008, 19:34:40 UTC | Fix datetime input functions to correctly detect integer overflow when running on a 64-bit platform ... strtol() will happily return 64-bit output in that case. Per bug #4231 from Geoff Tolley. | 09 June 2008, 19:34:40 UTC |
| 9acedf8 | Tom Lane | 09 June 2008, 00:16:58 UTC | tag 7.4.21 | 09 June 2008, 00:16:58 UTC |
| 33266e0 | Tom Lane | 08 June 2008, 22:15:45 UTC | Stamp 7.4.21 (except for configure.in/configure) | 08 June 2008, 22:15:45 UTC |
| ad17600 | Tom Lane | 07 June 2008, 22:11:40 UTC | Update release notes for 8.3.3 et al. | 07 June 2008, 22:11:40 UTC |
| c760d70 | Tom Lane | 06 June 2008, 18:00:09 UTC | Fix pg_get_ruledef() so that negative numeric constants are parenthesized. This is needed because :: casting binds more tightly than minus, so for example -1::integer is not the same as (-1)::integer, and there are cases where the difference is important. In particular this caused a failure in SELECT DISTINCT ... ORDER BY ... where expressions that should have matched were seen as different by the parser; but I suspect that there could be other cases where failure to parenthesize leads to subtler semantic differences in reloaded rules. Per report from Alexandr Popov. | 06 June 2008, 18:00:09 UTC |
| bef8125 | Tom Lane | 06 June 2008, 05:34:03 UTC | Remove link that pre-8.2 doc tools don't support. | 06 June 2008, 05:34:03 UTC |
| c2e3599 | Tom Lane | 06 June 2008, 04:37:07 UTC | tag 7.4.20 | 06 June 2008, 04:37:07 UTC |
| fd3a834 | Tom Lane | 05 June 2008, 23:56:42 UTC | Stamp 7.4.20 (except for configure.in/configure) | 05 June 2008, 23:56:42 UTC |
| ad37d9e | Tom Lane | 05 June 2008, 23:38:03 UTC | Translation updates. | 05 June 2008, 23:38:03 UTC |
| 9245557 | Tom Lane | 04 June 2008, 03:17:01 UTC | Draft release notes for upcoming back-branch updates. | 04 June 2008, 03:17:01 UTC |
| 8b0d594 | Tom Lane | 28 May 2008, 00:46:12 UTC | Improve GRANT documentation to point out that UPDATE and DELETE typically require SELECT privilege as well, since you normally need to read existing column values within such commands. This behavior is according to spec, but we'd never documented it before. Per gripe from Volkan Yazici. | 28 May 2008, 00:46:12 UTC |
| c59eef1 | Tom Lane | 27 May 2008, 21:14:00 UTC | Back-patch the 8.3 fix that prohibits TRUNCATE, CLUSTER, and REINDEX when the current transaction has any open references to the target relation or index (implying it has an active query using the relation). Also back-patch the 8.2 fix that prohibits TRUNCATE and CLUSTER when there are pending AFTER-trigger events. Per suggestion from Heikki. | 27 May 2008, 21:14:00 UTC |
| ea28271 | Tom Lane | 25 May 2008, 21:51:38 UTC | Adjust timestamp regression tests to prevent two low-probability failure cases. Recent buildfarm experience shows that it is sometimes possible to execute several SQL commands in less time than the granularity of Windows' not-very-high-resolution gettimeofday(), leading to a failure because the tests expect the value of now() to change and it doesn't. Also, it was recognized some time ago that the same area of the tests could fail if local midnight passes between the insertion and the checking of the values for 'yesterday', 'tomorrow', etc. Clean all this up per ideas from myself and Greg Stark. There remains a window for failure if the transaction block is entered exactly at local midnight (so that 'now' and 'today' have the same value), but that seems low-probability enough to live with. Since the point of this change is mostly to eliminate buildfarm noise, back-patch to all versions we are still actively testing. | 25 May 2008, 21:51:38 UTC |
| 7cff884 | Magnus Hagander | 13 May 2008, 20:53:54 UTC | Don't try to close negative file descriptors, since this can cause crashes on certain platforms. In particular, the MSVC runtime is known to do this. Fixes bug #4162, reported and diagnosed by Javier Pimas | 13 May 2008, 20:53:54 UTC |
| 7baef60 | Tom Lane | 09 May 2008, 22:38:05 UTC | Fix an ancient oversight in change_varattnos_of_a_node: it neglected to update varoattno along with varattno. This resulted in having Vars that were not seen as equal(), causing inheritance of the "same" constraint from different parent relations to fail. An example is create table pp1 (f1 int check (f1>0)); create table cc1 (f2 text, f3 int) inherits (pp1); create table cc2(f4 float) inherits(pp1,cc1); Backpatch as far as 7.4. (The test case still fails in 7.4, for reasons that I don't feel like investigating at the moment.) This is a backpatch commit only. The fix will be applied in HEAD as part of the upcoming pg_constraint patch. | 09 May 2008, 22:38:05 UTC |
| e29ed89 | Magnus Hagander | 22 April 2008, 09:26:34 UTC | Replace developer FAQ with a reference to the wiki, which is where it now lives (per discussion). Leave the other FAQs alone for now. | 22 April 2008, 09:26:34 UTC |
| b457536 | Magnus Hagander | 21 April 2008, 09:44:54 UTC | Add link to major version release notes at the top of the minor version ones, to make it clear to users just browsing the notes that there are a lot more changes available from whatever version they are at than what's in the minor version release notes. | 21 April 2008, 09:44:54 UTC |
| 29cb46f | Tom Lane | 11 April 2008, 22:53:33 UTC | Fix several datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. While this was okay as far as the datatypes themselves were concerned, it's a problem for the parser because occurrences of the "same" literal might not be recognized as equal by datumIsEqual (and hence not by equal()). It seems sufficient to fix this in the input functions since the only critical use of equal() is in the parser's comparisons of ORDER BY and DISTINCT expressions. Per a trouble report from Marc Cousin. Patch all the way back. Interestingly, array_in did not have the bug before 8.2, which may explain why the issue went unnoticed for so long. | 11 April 2008, 22:53:33 UTC |
| a27b961 | Michael Meskes | 10 April 2008, 10:46:56 UTC | Fixed bug in PGTYPEStimestamp_sub that used pointers instead of the values to substract. | 10 April 2008, 10:46:56 UTC |
| 0bcf763 | Tom Lane | 05 April 2008, 01:59:01 UTC | Defend against JOINs having more than 32K columns altogether. We cannot currently support this because we must be able to build Vars referencing join columns, and varattno is only 16 bits wide. Perhaps this should be improved in future, but considering that it never came up before, I'm not sure the problem is worth much effort. Per bug #4070 from Marcello Ceschia. The problem seems largely academic in 8.0 and 7.4, because they have (different) O(N^2) performance issues with such wide joins, but back-patch all the way anyway. | 05 April 2008, 01:59:01 UTC |
| e409f5f | Tom Lane | 25 March 2008, 19:31:53 UTC | Adjust DatumGetBool macro so that it isn't fooled by garbage in the Datum to the left of the actual bool value. While in most cases there won't be any, our support for old-style user-defined functions violates the C spec to the extent of calling functions that might return char or short through a function pointer declared to return "char *", which we then coerce to Datum. It is not surprising that the result might contain garbage high-order bits ... what is surprising is that we didn't see such cases long ago. Per report from Magnus. This is a back-patch of a change that was made in HEAD almost exactly a year ago. I had refrained from back-patching at the time, but now we find that this is *necessary* for contrib to work with gcc 4.3. | 25 March 2008, 19:31:53 UTC |
| cb59875 | Heikki Linnakangas | 20 March 2008, 10:52:57 UTC | Add the missing cyrillic "Yo" characters ('e' and 'E' with two dots) to the ISO_8859-5 <-> MULE_INTERNAL conversion tables. This was discovered when trying to convert a string containing those characters from ISO_8859-5 to Windows-1251, because we use MULE_INTERNAL/KOI8R as an intermediate encoding between those two. While the missing "Yo" was just an omission in the conversion tables, there are a few other characters like the "Numero" sign ("No" as a single character) that exists in all the other cyrillic encodings (win1251, ISO_8859-5 and cp866), but not in KOI8R. Added comments about that. Patch by Sergey Burladyan. Back-patch to 7.4. | 20 March 2008, 10:52:57 UTC |
| a1453f1 | Tom Lane | 19 March 2008, 02:41:15 UTC | Fix regexp substring matching (substring(string from pattern)) for the corner case where there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, 'foo'). Per bug #4044 from Rui Martins. This has been broken since the beginning; patch in all supported versions. The old behavior was sufficiently inconsistent that it's impossible to believe anyone is depending on it. | 19 March 2008, 02:41:15 UTC |
| 0d52d7a | Tom Lane | 12 March 2008, 20:12:48 UTC | Fix LISTEN/NOTIFY race condition reported by Laurent Birtz, by postponing pg_listener modifications commanded by LISTEN and UNLISTEN until the end of the current transaction. This allows us to hold the ExclusiveLock on pg_listener until after commit, with no greater risk of deadlock than there was before. Aside from fixing the race condition, this gets rid of a truly ugly kludge that was there before, namely having to ignore HeapTupleBeingUpdated failures during NOTIFY. There is a small potential incompatibility, which is that if a transaction issues LISTEN or UNLISTEN and then looks into pg_listener before committing, it won't see any resulting row insertion or deletion, where before it would have. It seems unlikely that anyone would be depending on that, though. | 12 March 2008, 20:12:48 UTC |
| 25a87d0 | Alvaro Herrera | 05 March 2008, 21:20:51 UTC | Add support for dlopen on recent NetBSD/MIPS, per Rémi Zara. | 05 March 2008, 21:20:51 UTC |
| 69e676f | Tom Lane | 27 February 2008, 17:45:02 UTC | If RelationBuildDesc() fails to open a critical system index, PANIC with a relevant error message instead of just dumping core. Odd that nobody reported this before Darren Reed. | 27 February 2008, 17:45:02 UTC |
| a45d896 | Tom Lane | 24 February 2008, 05:22:44 UTC | Use our own getopt() and getopt_long() on Solaris, because that platform's versions don't handle long options the way we want. Per Zdenek Kotala. | 24 February 2008, 05:22:44 UTC |
| 8355df5 | Tom Lane | 23 February 2008, 19:24:09 UTC | Avoid trying to print a NULL char pointer in --describe-config. On some platforms this works, but on some it crashes. Zdenek Kotala | 23 February 2008, 19:24:09 UTC |
| bb4b179 | Tom Lane | 11 February 2008, 19:15:00 UTC | Repair VACUUM FULL bug introduced by HOT patch: the original way of calculating a page's initial free space was fine, and should not have been "improved" by letting PageGetHeapFreeSpace do it. VACUUM FULL is going to reclaim LP_DEAD line pointers later, so there is no need for a guard against the page being too full of line pointers, and having one risks rejecting pages that are perfectly good move destinations. This also exposed a second bug, which is that the empty_end_pages logic assumed that any page with no live tuples would get entered into the fraged_pages list automatically (by virtue of having more free space than the threshold in the do_frag calculation). This assumption certainly seems risky when a low fillfactor has been chosen, and even without tunable fillfactor I think it could conceivably fail on a page with many unused line pointers. So fix the code to force do_frag true when notup is true, and patch this part of the fix all the way back. Per report from Tomas Szepe. | 11 February 2008, 19:15:00 UTC |
