Skip to main content

Browse the archive

https://github.com/postgres/postgres
02 May 2024, 11:03:54 UTC
sort by:
Revision Author Date Message Commit Date
115c90b Marc G. Fournier 12 March 2010, 03:59:00 UTC tag 8.0.24, not .23 12 March 2010, 03:59:00 UTC
c15c8fb Tom Lane 10 March 2010, 01:59:15 UTC Preliminary release notes for releases 8.4.3, 8.3.10, 8.2.16, 8.1.20, 8.0.24, 7.4.28. 10 March 2010, 01:59:15 UTC
02db782 Tom Lane 09 March 2010, 22:35:25 UTC Use SvROK(sv) rather than directly checking SvTYPE(sv) == SVt_RV in plperl. The latter is considered unwarranted chumminess with the implementation, and can lead to crashes with recent Perl versions. Report and fix by Tim Bunce. Back-patch to all versions containing the questionable coding pattern. 09 March 2010, 22:35:25 UTC
0303f04 Alvaro Herrera 09 March 2010, 14:32:28 UTC Update time zone data files to tzdata release 2010d: DST law changes in Fiji, Samoa, Chile; corrections to recent changes in Paraguay and Bangladesh. 09 March 2010, 14:32:28 UTC
098a8a4 Magnus Hagander 08 March 2010, 12:39:10 UTC Add missing space in example. Tim Landscheidt 08 March 2010, 12:39:10 UTC
37cfda0 Tom Lane 08 March 2010, 01:18:53 UTC Update time zone data files to tzdata release 2010c: DST law changes in Bangladesh, Mexico, Paraguay. 08 March 2010, 01:18:53 UTC
cc2f4e0 Tom Lane 06 March 2010, 00:46:18 UTC When reading pg_hba.conf and similar files, do not treat @file as an inclusion unless (1) the @ isn't quoted and (2) the filename isn't empty. This guards against unexpectedly treating usernames or other strings in "flat files" as inclusion requests, as seen in a recent trouble report from Ed L. The empty-filename case would be guaranteed to misbehave anyway, because our subsequent path-munging behavior results in trying to read the directory containing the current input file. I think this might finally explain the report at http://archives.postgresql.org/pgsql-bugs/2004-05/msg00132.php of a crash after printing "authentication file token too long, skipping", since I was able to duplicate that message (though not a crash) on a platform where stdio doesn't refuse to read directories. We never got far in investigating that problem, but now I'm suspicious that the trigger condition was an @ in the flat password file. Back-patch to all active branches since the problem can be demonstrated in all branches except HEAD. The test case, creating a user named "@", doesn't cause a problem in HEAD since we got rid of the flat password file. Nonetheless it seems like a good idea to not consider quoted @ as a file inclusion spec, so I changed HEAD too. 06 March 2010, 00:46:18 UTC
1b8fe53 Tom Lane 03 March 2010, 20:31:41 UTC Fix a couple of places that would loop forever if attempts to read a stdio file set ferror() but never set feof(). This is known to be the case for recent glibc when trying to read a directory as a file, and might be true for other platforms/cases too. Per report from Ed L. (There is more that we ought to do about his report, but this is one easily identifiable issue.) 03 March 2010, 20:31:41 UTC
a15fa97 Tom Lane 03 March 2010, 19:10:52 UTC Make contrib/xml2 use core xml.c's error handler, when available (that is, in versions >= 8.3). The core code is more robust and efficient than what was there before, and this also reduces risks involved in swapping different libxml error handler settings. Before 8.3, there is still some risk of problems if add-on modules such as Perl invoke libxml without setting their own error handler. Given the lack of reports I'm not sure there's a risk in practice, so I didn't take the step of actually duplicating the core code into older contrib/xml2 branches. Instead I just tweaked the existing code to ensure it didn't leave a dangling pointer to short-lived memory when throwing an error. 03 March 2010, 19:10:52 UTC
727af2a Tom Lane 01 March 2010, 18:08:41 UTC Fix contrib/xml2 so regression test still works when it's built without libxslt. This involves modifying the module to have a stable ABI, that is, the xslt_process() function still exists even without libxslt. It throws a runtime error if called, but doesn't prevent executing the CREATE FUNCTION call. This is a good thing anyway to simplify cross-version upgrades. 01 March 2010, 18:08:41 UTC
8a37a03 Tom Lane 01 March 2010, 05:17:08 UTC Remove xmlCleanupParser calls from contrib/xml2. These are unnecessary and probably dangerous. I don't see any immediate risk situations in the core XML support or contrib/xml2 itself, but there could be issues with external uses of libxml2, and in any case it's an accident waiting to happen. 01 March 2010, 05:17:08 UTC
5cdd478 Tom Lane 01 March 2010, 03:41:29 UTC Back-patch today's memory management fixups in contrib/xml2. Prior to 8.3, these changes are not critical for compatibility with core Postgres, since core had no libxml2 calls then. However there is still a risk if contrib/xml2 is used along with libxml2 functionality in Perl or other loadable modules. So back-patch to all versions. Also back-patch addition of regression tests. I'm not sure how many of the cases are interesting without the interaction with core xml code, but a silly regression test is still better than none at all. 01 March 2010, 03:41:29 UTC
118e1cb Tom Lane 25 February 2010, 23:45:04 UTC Back-patch addition of ssl_renegotiation_limit into 7.4 through 8.1. 25 February 2010, 23:45:04 UTC
739898d Itagaki Takahiro 19 February 2010, 01:09:02 UTC Fix STOP WAL LOCATION in backup history files no to return the next segment of XLOG_BACKUP_END record even if the the record is placed at a segment boundary. Furthermore the previous implementation could return nonexistent segment file name when the boundary is in segments that has "FE" suffix; We never use segments with "FF" suffix. Backpatch to 8.0, where hot backup was introduced. Reported by Fujii Masao. 19 February 2010, 01:09:02 UTC
7925085 Tom Lane 18 February 2010, 23:50:41 UTC Volatile-ize all five places where we expect a PG_TRY block to restore old memory context in plpython. Before only one of them was marked volatile, but per report from Zdenek Kotala, some compilers do the wrong thing here. 18 February 2010, 23:50:41 UTC
e2a2990 Tom Lane 12 February 2010, 19:38:15 UTC Don't choke when exec_move_row assigns a synthesized null to a column that happens to be composite itself. Per bug #5314 from Oleg Serov. Backpatch to 8.0 --- 7.4 has got too many other shortcomings in composite-type support to make this worth worrying about in that branch. 12 February 2010, 19:38:15 UTC
7a1c615 Joe Conway 03 February 2010, 23:02:17 UTC Check to ensure the number of primary key fields supplied does not exceed the total number of non-dropped source table fields for dblink_build_sql_*(). Addresses bug report from Rushabh Lathia. Backpatch all the way to the 7.3 branch. 03 February 2010, 23:02:17 UTC
c7ddee0 Tom Lane 01 February 2010, 02:46:01 UTC Change regexp engine's ccondissect/crevdissect routines to perform DFA matching before recursing instead of after. The DFA match eliminates unworkable midpoint choices a lot faster than the recursive check, in most cases, so doing it first can speed things up; particularly in pathological cases such as recently exhibited by Michael Glaesemann. In addition, apply some cosmetic changes that were applied upstream (in the Tcl project) at the same time, in order to sync with upstream version 1.15 of regexec.c. Upstream apparently intends to backpatch this, so I will too. The pathological behavior could be unpleasant if encountered in the field, which seems to justify any risk of introducing new bugs. Tom Lane, reviewed by Donal K. Fellows of Tcl project 01 February 2010, 02:46:01 UTC
3255ea0 Tom Lane 30 January 2010, 20:10:22 UTC Avoid performing encoding conversion on command tag strings during EndCommand. Since all current and foreseeable future command tags will be pure ASCII, there is no need to do conversion on them. This saves a few cycles and also avoids polluting otherwise-pristine subtransaction memory contexts, which is the cause of the backend memory leak exhibited in bug #5302. (Someday we'll probably want to have a better method of determining whether subtransaction contexts need to be kept around, but today is not that day.) Backpatch to 8.0. The cycle-shaving aspect of this would work in 7.4 too, but without subtransactions the memory-leak aspect doesn't apply, so it doesn't seem worth touching 7.4. 30 January 2010, 20:10:22 UTC
c4c29e0 Tom Lane 25 January 2010, 01:58:48 UTC Apply Tcl_Init() to the "hold" interpreter created by pltcl. You might think this is unnecessary since that interpreter is never used to run code --- but it turns out that's wrong. As of Tcl 8.5, the "clock" command (alone among builtin Tcl commands) is partially implemented by loaded-on-demand Tcl code, which means that it fails if there's not unknown-command support, and also that it's impossible to run it directly in a safe interpreter. The way they get around the latter is that Tcl_CreateSlave() automatically sets up an alias command that forwards any execution of "clock" in a safe slave interpreter to its parent interpreter. Thus, when attempting to execute "clock" in trusted pltcl, the command actually executes in the "hold" interpreter, where it will fail if unknown-command support hasn't been introduced by sourcing the standard init.tcl script, which is done by Tcl_Init(). (This is a pretty dubious design decision on the Tcl boys' part, if you ask me ... but they didn't.) Back-patch all the way. It's not clear that anyone would try to use ancient versions of pltcl with a recent Tcl, but it's not clear they wouldn't, either. Also add a regression test using "clock", in branches that have regression test support for pltcl. Per recent trouble report from Kyle Bateman. 25 January 2010, 01:58:48 UTC
ce95d0f Tom Lane 24 January 2010, 21:50:09 UTC Fix assorted core dumps and Assert failures that could occur during AbortTransaction or AbortSubTransaction, when trying to clean up after an error that prevented (sub)transaction start from completing: * access to TopTransactionResourceOwner that might not exist * assert failure in AtEOXact_GUC, if AtStart_GUC not called yet * assert failure or core dump in AfterTriggerEndSubXact, if AfterTriggerBeginSubXact not called yet Per testing by injecting elog(ERROR) at successive steps in StartTransaction and StartSubTransaction. It's not clear whether all of these cases could really occur in the field, but at least one of them is easily exposed by simple stress testing, as per my accidental discovery yesterday. 24 January 2010, 21:50:09 UTC
34d7ef6 Tom Lane 07 January 2010, 19:53:39 UTC Make bit/varbit substring() treat any negative length as meaning "all the rest of the string". The previous coding treated only -1 that way, and would produce an invalid result value for other negative values. We ought to fix it so that 2-parameter bit substring() is a different C function and the 3-parameter form throws error for negative length, but that takes a pg_proc change which is impractical in the back branches; and in any case somebody might be relying on -1 working this way. So just do this as a back-patchable fix. 07 January 2010, 19:53:39 UTC
2714d78 Tom Lane 12 December 2009, 19:25:10 UTC Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits. This has been wrong since I first wrote that code for 8.0 :-(. Kudos to Roman Kononov for being the first to notice, though I didn't use his patch. Per bug #5237. 12 December 2009, 19:25:10 UTC
f061928 Marc G. Fournier 10 December 2009, 03:21:32 UTC tag 8.0.23 10 December 2009, 03:21:32 UTC
69b3052 Tom Lane 10 December 2009, 00:31:59 UTC Update release notes for releases 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, 7.4.27. 10 December 2009, 00:31:59 UTC
a3a2626 Tom Lane 09 December 2009, 21:58:56 UTC Prevent indirect security attacks via changing session-local state within an allegedly immutable index function. It was previously recognized that we had to prevent such a function from executing SET/RESET ROLE/SESSION AUTHORIZATION, or it could trivially obtain the privileges of the session user. However, since there is in general no privilege checking for changes of session-local state, it is also possible for such a function to change settings in a way that might subvert later operations in the same session. Examples include changing search_path to cause an unexpected function to be called, or replacing an existing prepared statement with another one that will execute a function of the attacker's choosing. The present patch secures VACUUM, ANALYZE, and CREATE INDEX/REINDEX against these threats, which are the same places previously deemed to need protection against the SET ROLE issue. GUC changes are still allowed, since there are many useful cases for that, but we prevent security problems by forcing a rollback of any GUC change after completing the operation. Other cases are handled by throwing an error if any change is attempted; these include temp table creation, closing a cursor, and creating or deleting a prepared statement. (In 7.4, the infrastructure to roll back GUC changes doesn't exist, so we settle for rejecting changes of "search_path" in these contexts.) Original report and patch by Gurjeet Singh, additional analysis by Tom Lane. Security: CVE-2009-4136 09 December 2009, 21:58:56 UTC
e27495f Magnus Hagander 09 December 2009, 06:37:13 UTC Reject certificates with embedded NULLs in the commonName field. This stops attacks where an attacker would put <attack>\0<propername> in the field and trick the validation code that the certificate was for <attack>. This is a very low risk attack since it reuqires the attacker to trick the CA into issuing a certificate with an incorrect field, and the common PostgreSQL deployments are with private CAs, and not external ones. Also, default mode in 8.4 does not do any name validation, and is thus also not vulnerable - but the higher security modes are. Backpatch all the way. Even though versions 8.3.x and before didn't have certificate name validation support, they still exposed this field for the user to perform the validation in the application code, and there is no way to detect this problem through that API. Security: CVE-2009-4034 09 December 2009, 06:37:13 UTC
17d1e65 Tom Lane 09 December 2009, 00:36:40 UTC Update time zone data files to tzdata release 2009s: DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria. Also historical corrections for Hong Kong. 09 December 2009, 00:36:40 UTC
0828a2a Peter Eisentraut 08 December 2009, 21:57:00 UTC Translation updates 08 December 2009, 21:57:00 UTC
72f5c58 Heikki Linnakangas 03 December 2009, 11:04:13 UTC Fix bug in temporary file management with subtransactions. A cursor opened in a subtransaction stays open even if the subtransaction is aborted, so any temporary files related to it must stay alive as well. With the patch, we use ResourceOwners to track open temporary files and don't automatically close them at subtransaction end (though in the normal case temporary files are registered with the subtransaction resource owner and will therefore be closed). At end of top transaction, we still check that there's no temporary files marked as close-at-end-of-transaction open, but that's now just a debugging cross-check as the resource owner cleanup should've closed them already. 03 December 2009, 11:04:13 UTC
6bd8a54 Tom Lane 02 December 2009, 17:41:53 UTC Ignore attempts to set "application_name" in the connection startup packet. This avoids a useless connection retry and complaint in the postmaster log when receiving a connection from 8.5 or later libpq. Backpatch in all supported branches, but of course *not* HEAD. 02 December 2009, 17:41:53 UTC
a816296 Tom Lane 10 November 2009, 23:12:52 UTC Do not build psql's flex module on its own, but instead include it in mainloop.c. This ensures that postgres_fe.h is read before including any system headers, which is necessary to avoid problems on some platforms where we make nondefault selections of feature macros for stdio.h or other headers. We have had this policy for flex modules in the backend for many years, but for some reason it was not applied to psql. Per trouble report from Alexandra Roy and diagnosis by Albe Laurenz. 10 November 2009, 23:12:52 UTC
5804f4b Alvaro Herrera 10 November 2009, 18:01:27 UTC Fix longstanding problems in VACUUM caused by untimely interruptions In VACUUM FULL, an interrupt after the initial transaction has been recorded as committed can cause postmaster to restart with the following error message: PANIC: cannot abort transaction NNNN, it was already committed This problem has been reported many times. In lazy VACUUM, an interrupt after the table has been truncated by lazy_truncate_heap causes other backends' relcache to still point to the removed pages; this can cause future INSERT and UPDATE queries to error out with the following error message: could not read block XX of relation 1663/NNN/MMMM: read only 0 of 8192 bytes The window to this race condition is extremely narrow, but it has been seen in the wild involving a cancelled autovacuum process. The solution for both problems is to inhibit interrupts in both operations until after the respective transactions have been committed. It's not a complete solution, because the transaction could theoretically be aborted by some other error, but at least fixes the most common causes of both problems. 10 November 2009, 18:01:27 UTC
4276fe3 Peter Eisentraut 03 November 2009, 07:53:58 UTC Fix obscure segfault condition in PL/Python In PLy_output(), when the elog() call in the TRY branch throws an exception (this can happen when a statement timeout kicks in, for example), the PyErr_SetString() call in the CATCH branch can cause a segfault, because the Py_XDECREF(so) call before it releases memory that is still used by the sv variable that PyErr_SetString() uses as argument, because sv points into memory owned by so. Backpatched back to 8.0, where this code was introduced. I also threw in a couple of volatile declarations for variables that are used before and after the TRY. I don't think they caused the crash that I observed, but they could become issues. 03 November 2009, 07:53:58 UTC
73b4c2b Tom Lane 30 October 2009, 20:59:16 UTC Make the overflow guards in ExecChooseHashTableSize be more protective. The original coding ensured nbuckets and nbatch didn't exceed INT_MAX, which while not insane on its own terms did nothing to protect subsequent code like "palloc(nbatch * sizeof(BufFile *))". Since enormous join size estimates might well be planner error rather than reality, it seems best to constrain the initial sizes to be not more than work_mem/sizeof(pointer), thus ensuring the allocated arrays don't exceed work_mem. We will allow nbatch to get bigger than that during subsequent ExecHashIncreaseNumBatches calls, but we should still guard against integer overflow in those palloc requests. Per bug #5145 from Bernt Marius Johnsen. Although the given test case only seems to fail back to 8.2, previous releases have variants of this issue, so patch all supported branches. 30 October 2009, 20:59:16 UTC
b9d803b Tom Lane 27 October 2009, 20:15:04 UTC Fix AfterTriggerSaveEvent to use a test and elog, not just Assert, to check that it's called within an AfterTriggerBeginQuery/AfterTriggerEndQuery pair. The RI cascade triggers suppress that overhead on the assumption that they are always run non-deferred, so it's possible to violate the condition if someone mistakenly changes pg_trigger to mark such a trigger deferred. We don't really care about supporting that, but throwing an error instead of crashing seems desirable. Per report from Marcelo Costa. 27 October 2009, 20:15:04 UTC
0407c83 Tom Lane 16 October 2009, 22:09:08 UTC Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message. Instead, deal with however many messages there are, and don't throw error for PAM_ERROR_MSG and PAM_TEXT_INFO messages. This logic is borrowed from openssh 5.2p1, which hopefully has seen more real-world PAM usage than we have. Per bug #5121 from Ryan Douglas, which turned out to be caused by the conv_proc being called with zero messages. Apparently that is normal behavior given the combination of Linux pam_krb5 with MS Active Directory as the domain controller. Patch all the way back, since this code has been essentially untouched since 7.4. (Surprising we've not heard complaints before.) 16 October 2009, 22:09:08 UTC
ce98d98 Heikki Linnakangas 08 October 2009, 04:46:59 UTC Fix off-by-one bug in bitncmp(): When comparing a number of bits divisible by 8, bitncmp() may dereference a pointer one byte out of bounds. Chris Mikkelson (bug #5101) 08 October 2009, 04:46:59 UTC
f830ea4 Tom Lane 26 September 2009, 18:25:27 UTC Fix RelationCacheInitializePhase2 (Phase3, in HEAD) to cope with the possibility of shared-inval messages causing a relcache flush while it tries to fill in missing data in preloaded relcache entries. There are actually two distinct failure modes here: 1. The flush could delete the next-to-be-processed cache entry, causing the subsequent hash_seq_search calls to go off into the weeds. This is the problem reported by Michael Brown, and I believe it also accounts for bug #5074. The simplest fix is to restart the hashtable scan after we've read any new data from the catalogs. It appears that pre-8.4 branches have not suffered from this failure, because by chance there were no other catalogs sharing the same hash chains with the catalogs that RelationCacheInitializePhase2 had work to do for. However that's obviously pretty fragile, and it seems possible that derivative versions with additional system catalogs might be vulnerable, so I'm back-patching this part of the fix anyway. 2. The flush could delete the *current* cache entry, in which case the pointer to the newly-loaded data would end up being stored into an already-deleted Relation struct. As long as it was still deleted, the only consequence would be some leaked space in CacheMemoryContext. But it seems possible that the Relation struct could already have been recycled, in which case this represents a hard-to-reproduce clobber of cached data structures, with unforeseeable consequences. The fix here is to pin the entry while we work on it. In passing, also change RelationCacheInitializePhase2 to Assert that formrdesc() set up the relation's cached TupleDesc (rd_att) with the correct type OID and hasoids values. This is more appropriate than silently updating the values, because the original tupdesc might already have been copied into the catcache. However this part of the patch is not in HEAD because it fails due to some questionable recent changes in formrdesc :-(. That will be cleaned up in a subsequent patch. 26 September 2009, 18:25:27 UTC
662d623 Tom Lane 08 September 2009, 04:26:04 UTC Remove outside-the-scanner references to "yyleng". It seems the flex developers have decided to change yyleng from int to size_t. This has already happened in the latest release of OS X, and will start happening elsewhere once the next release of flex appears. Rather than trying to divine how it's declared in any particular build, let's just remove the one existing not-very-necessary external usage. Back-patch to all supported branches; not so much because users in the field are likely to care about building old branches with cutting-edge flex, as to keep OSX-based buildfarm members from having problems with old branches. 08 September 2009, 04:26:04 UTC
c29a386 Marc G. Fournier 04 September 2009, 05:28:47 UTC Tag 8.0.22 04 September 2009, 05:28:47 UTC
c377f39 Tom Lane 03 September 2009, 22:14:33 UTC Final updates of release notes for 8.4.1, 8.3.8, 8.2.14, 8.1.18, 8.0.22, 7.4.26. 03 September 2009, 22:14:33 UTC
7020c76 Tom Lane 03 September 2009, 22:08:54 UTC Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer functions. This extends the previous patch that forbade SETting these variables inside security-definer functions. RESET is equally a security hole, since it would allow regaining privileges of the caller; furthermore it can trigger Assert failures and perhaps other internal errors, since the code is not expecting these variables to change in such contexts. The previous patch did not cover this case because assign hooks don't really have enough information, so move the responsibility for preventing this into guc.c. Problem discovered by Heikki Linnakangas. Security: no CVE assigned yet, extends CVE-2007-6600 03 September 2009, 22:08:54 UTC
e3eb717 Peter Eisentraut 03 September 2009, 18:59:02 UTC Translation updates 03 September 2009, 18:59:02 UTC
01fb06b Tom Lane 03 September 2009, 04:45:12 UTC Update time zone data files to tzdata release 2009l: DST law changes in Egypt, Mauritius, Bangladesh. 03 September 2009, 04:45:12 UTC
448b140 Tom Lane 02 September 2009, 02:41:27 UTC Fix pg_ctl's readfile() to not go into infinite loop on an empty file (could happen if either postgresql.conf or postmaster.opts is empty). It's been broken since the C version was written for 8.0, so patch all the way back. initdb's copy of the function is broken in the same way, but it's less important there since the input files should never be empty. Patch that in HEAD only, and also fix some cosmetic differences that crept into that copy of the function. Per report from Corry Haines and Jeff Davis. 02 September 2009, 02:41:27 UTC
0ae8a8e Bruce Momjian 27 August 2009, 01:26:51 UTC Update release notes for 7.4.26, 8.0.22, 8.1.18, 8.2.14, 8.3.8, 8.4.1. 27 August 2009, 01:26:51 UTC
a20bc74 Tom Lane 24 August 2009, 16:18:42 UTC Fix inclusions of readline/editline header files so that we only attempt to #include the version of history.h that is in the same directory as the readline.h we are using. This avoids problems in some scenarios where both readline and editline are installed. Report and patch by Zdenek Kotala. 24 August 2009, 16:18:42 UTC
68dfd1d Tom Lane 18 August 2009, 21:23:50 UTC Fix overflow for INTERVAL 'x ms' where x is more than a couple million, and integer datetimes are in use. Per bug report from Hubert Depesz Lubaczewski. Alex Hunsaker 18 August 2009, 21:23:50 UTC
484fe41 Bruce Momjian 15 August 2009, 20:22:50 UTC Remove tabs from SGML. 15 August 2009, 20:22:50 UTC
2c2fb7a Andrew Dunstan 10 August 2009, 02:39:12 UTC Re-add documentation for --no-readline option of psql, mistakenly removed a decade ago. Backpatch to release 7.4. 10 August 2009, 02:39:12 UTC
769222d Tom Lane 07 August 2009, 20:16:41 UTC Try to defend against the possibility that libpq is still in COPY_IN state when we reach the post-COPY "pump it dry" error recovery code that was added 2006-11-24. Per a report from Neil Best, there is at least one code path in which this occurs, leading to an infinite loop in code that's supposed to be making it more robust not less so. A reasonable response seems to be to call PQputCopyEnd() again, so let's try that. Back-patch to all versions that contain the cleanup loop. 07 August 2009, 20:16:41 UTC
f5c2de2 Tom Lane 10 July 2009, 00:32:29 UTC Fix xslt_process() to ensure that it inserts a NULL terminator after the last pair of parameter name/value strings, even when there are MAXPARAMS of them. Aboriginal bug in contrib/xml2, noted while studying bug #4912 (though I'm not sure whether there's something else involved in that report). This might be thought a security issue, since it's a potential backend crash; but considering that untrustworthy users shouldn't be allowed to get their hands on xslt_process() anyway, it's probably not worth getting excited about. 10 July 2009, 00:32:29 UTC
455658a Heikki Linnakangas 06 July 2009, 19:12:12 UTC Fix ancient bug in handling of to_char modifier 'TH', when used with HH. In what seems like an oversight, we used to treat 'TH' the same as lowercase 'th', but only with HH/HH12. 06 July 2009, 19:12:12 UTC
cfb27b6 Tom Lane 23 June 2009, 16:25:28 UTC Fix an ancient error in dist_ps (distance from point to line segment), which a number of other geometric operators also depend on. It miscalculated the slope of the perpendicular to the given line segment anytime that slope was other than 0, infinite, or +/-1. In some cases the error would be masked because the true closest point on the line segment was one of its endpoints rather than the intersection point, but in other cases it could give an arbitrarily bad answer. Per bug #4872 from Nick Roosevelt. Bug goes clear back to Berkeley days, so patch all supported branches. Make a couple of cosmetic adjustments while at it. 23 June 2009, 16:25:28 UTC
1c84edd Tom Lane 11 June 2009, 17:46:10 UTC Update time zone data files to tzdata release 2009i: DST law changes in Bangladesh, Egypt, Jordan, Pakistan. 11 June 2009, 17:46:10 UTC
59ad0ce Peter Eisentraut 10 June 2009, 18:43:24 UTC Improve capitalization and punctuation in recently added GiST message. 10 June 2009, 18:43:24 UTC
eb424ce Tom Lane 10 June 2009, 16:31:56 UTC Fix cash_in() to behave properly in locales where frac_digits is zero, eg Japan. Report and fix by Itagaki Takahiro. Also fix CASHDEBUG printout format for branches with 64-bit money type, and some minor comment cleanup. Back-patch to 7.4, because it's broken all the way back. 10 June 2009, 16:31:56 UTC
1e82d52 Andrew Dunstan 05 June 2009, 20:32:58 UTC Adjust recent PERL_SYS_INIT3 call to avoid platforms where it might fail, and to remove compilation warning. Backpatch the release 7.4 05 June 2009, 20:32:58 UTC
279e744 Andrew Dunstan 04 June 2009, 16:01:03 UTC Initialise perl library as documented in perl API. Backpatch to release 7.4. 04 June 2009, 16:01:03 UTC
1d3942e Tom Lane 02 May 2009, 20:18:09 UTC Split the release notes into a separate file for each (active) major branch, as per my recent proposal. release.sgml itself is now just a stub that should change rarely; ideally, only once per major release to add a new include line. Most editing work will occur in the release-N.N.sgml files. To update a back branch for a minor release, just copy the appropriate release-N.N.sgml file(s) into the back branch. This commit doesn't change the end-product documentation at all, only the source layout. However, it makes it easy to start omitting ancient information from newer branches' documentation, should we ever decide to do that. 02 May 2009, 20:18:09 UTC
7c26416 Tom Lane 01 May 2009, 19:29:34 UTC When checking for datetime field overflow, we should allow a fractional-second part that rounds up to exactly 1.0 second. The previous coding rejected input like "00:12:57.9999999999999999999999999999", with the exact number of nines needed to cause failure varying depending on float-timestamp option and possibly on platform. Obviously this should round up to the next integral second, if we don't have enough precision to distinguish the value from that. Per bug #4789 from Robert Kruus. In passing, fix a missed check for fractional seconds in one copy of the "is it greater than 24:00:00" code. Broken all the way back, so patch all the way back. 01 May 2009, 19:29:34 UTC
6e7b2d8 Tom Lane 25 April 2009, 16:45:25 UTC Fix the handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function. By definition, such a sub-SELECT cannot reference any variables of query levels between itself and the aggregate's semantic level (else the aggregate would've been assigned to that lower level instead). So the correct, most efficient implementation is to treat the sub-SELECT as being a sub-select of that outer query level, not the level the aggregate syntactically appears in. Not doing so also confuses the heck out of our parameter-passing logic, as illustrated in bug report from Daniel Grace. Fortunately, we were already copying the whole Aggref expression up to the outer query level, so all that's needed is to delay SS_process_sublinks processing of the sub-SELECT until control returns to the outer level. This has been broken since we introduced spec-compliant treatment of outer aggregates in 7.4; so patch all the way back. 25 April 2009, 16:45:25 UTC
fe3ba84 Bruce Momjian 25 April 2009, 15:53:34 UTC Remove HELIOS Software GmbH name and copyright from AIX dynloader files, per approval from Helmut Tschemernjak, President. Only back branches; files removed from CVS HEAD. 25 April 2009, 15:53:34 UTC
9785f73 Magnus Hagander 15 April 2009, 18:58:28 UTC Remove beer-ware license from crypt-md5.c, per approval from Poul-Henning Kamp. This makes the file the same standard 2-clause BSD as the rest of PostgreSQL. 15 April 2009, 18:58:28 UTC
4a33e60 Tom Lane 09 April 2009, 20:51:11 UTC Update time zone data files to tzdata release 2009e: DST law changes in Argentina/San_Luis, Cuba, Jordan (historical correction only), Morocco, Palestine, Syria, Tunisia. 09 April 2009, 20:51:11 UTC
077d10d Teodor Sigaev 07 April 2009, 17:48:11 UTC Fix 'all at one page bug' in picksplit method of R-tree emulation. Add defense from buggy user-defined picksplit to GiST. 07 April 2009, 17:48:11 UTC
c58da65 Tom Lane 07 April 2009, 15:54:22 UTC Defend against non-ASCII letters in fuzzystrmatch code. The functions still don't behave very sanely for multibyte encodings, but at least they won't be indexing off the ends of static arrays. 07 April 2009, 15:54:22 UTC
27cc7db Tom Lane 04 April 2009, 04:53:58 UTC Rewrite interval_hash() so that the hashcodes are equal for values that interval_eq() considers equal. I'm not sure how that fundamental requirement escaped us through multiple revisions of this hash function, but there it is; it's been wrong since interval_hash was first written for PG 7.1. Per bug #4748 from Roman Kononov. Backpatch to all supported releases. This patch changes the contents of hash indexes for interval columns. That's no particular problem for PG 8.4, since we've broken on-disk compatibility of hash indexes already; but it will require a migration warning note in the next minor releases of all existing branches: "if you have any hash indexes on columns of type interval, REINDEX them after updating". 04 April 2009, 04:53:58 UTC
8d1c2ca Tom Lane 31 March 2009, 22:56:18 UTC Fix contrib/pgstattuple and contrib/pageinspect to prevent attempts to read temporary tables of other sessions; that is unsafe because of the way our buffer management works. Per report from Stuart Bishop. This is redundant with the bufmgr.c checks in HEAD, but not at all redundant in the back branches. 31 March 2009, 22:56:18 UTC
9350a4c Magnus Hagander 31 March 2009, 18:58:20 UTC Don't crash initdb when we fail to get the current username. Give an error message and exit instead, like we do elsewhere... Per report from Wez Furlong and Robert Treat. 31 March 2009, 18:58:20 UTC
d60fdd2 Marc G. Fournier 13 March 2009, 02:30:37 UTC tag 8.0.21 13 March 2009, 02:30:37 UTC
d92059f Tom Lane 12 March 2009, 22:36:33 UTC Update back-branch release notes. 12 March 2009, 22:36:33 UTC
c62b17c Tom Lane 12 March 2009, 00:53:56 UTC Fix core dump due to null-pointer dereference in to_char() when datetime format codes are misapplied to a numeric argument. (The code still produces a pretty bogus error message in such cases, but I'll settle for stopping the crash for now.) Per bug #4700 from Sergey Burladyan. Problem exists in all supported branches, so patch all the way back. In HEAD, also clean up some ugly coding in the nearby cache management code. 12 March 2009, 00:53:56 UTC
feee205 Heikki Linnakangas 05 March 2009, 14:29:12 UTC Add MUST (Mauritius Island Summer Time) to the list of known abbreviations. Mauritius began using DST in the summer 2008-2009; the Olson library has been updated already. Xavier Bugaud 05 March 2009, 14:29:12 UTC
3694e3e Tom Lane 04 March 2009, 22:08:46 UTC Put back our old workaround for machines that declare cbrt() in math.h but fail to provide the function itself. Not sure how we escaped testing anything later than 7.3 on such cases, but they still exist, as per André Volpato's report about AIX 5.3. 04 March 2009, 22:08:46 UTC
d2fda36 Tom Lane 03 March 2009, 00:17:36 UTC Ooops ... fix some confusion between gettext() and _() in my previous patch. This has moved around in past releases, so just copying-and-pasting from HEAD didn't work as intended. 03 March 2009, 00:17:36 UTC
40df3ef Tom Lane 02 March 2009, 21:19:14 UTC When we are in error recursion trouble, arrange to suppress translation and encoding conversion of any elog/ereport message being sent to the frontend. This generalizes a patch that I put in last October, which suppressed translation of only specific messages known to be associated with recursive can't-translate-the-message behavior. As shown in bug #4680, we need a more general answer in order to have some hope of coping with broken encoding conversion setups. This approach seems a good deal less klugy anyway. Patch in all supported branches. 02 March 2009, 21:19:14 UTC
5f1f0db Tom Lane 28 February 2009, 18:50:14 UTC Fix buffer allocations in encoding conversion routines so that they won't fail on zero-length inputs. This isn't an issue in normal use because the conversion infrastructure skips calling the converters for empty strings. However a problem was created by yesterday's patch to check whether the right conversion function is supplied in CREATE CONVERSION. The most future-proof fix seems to be to make the converters safe for this corner case. 28 February 2009, 18:50:14 UTC
64deed0 Heikki Linnakangas 27 February 2009, 16:35:47 UTC In CREATE CONVERSION, test that the given function is a valid conversion function for the specified source and destination encodings. We do that by calling the function with an empty string. If it can't perform the requested conversion, it will throw an error. Backport to 7.4 - 8.3. Per bug report #4680 by Denis Afonin. 27 February 2009, 16:35:47 UTC
287e6ac Marc G. Fournier 30 January 2009, 04:59:15 UTC commit first then tag 8.0.20 30 January 2009, 04:59:15 UTC
e4f5645 Tom Lane 30 January 2009, 00:38:14 UTC Update back-branch release notes. 30 January 2009, 00:38:14 UTC
4919f74 Peter Eisentraut 29 January 2009, 22:04:05 UTC Translation updates 29 January 2009, 22:04:05 UTC
fba3896 Tom Lane 29 January 2009, 20:00:32 UTC Update time zone data files to tzdata release 2009a: introduces Asia/Kathmandu as the preferred spelling of that zone name, corrects historical DST information for Switzerland and Cuba. 29 January 2009, 20:00:32 UTC
7612c1d Tom Lane 29 January 2009, 19:25:01 UTC Replace argument-checking Asserts with regular test-and-elog checks in all encoding conversion functions. These are not can't-happen cases because it's possible to create a conversion with the wrong conversion function for the specified encoding pair. That would lead to an Assert crash in an Assert-enabled build, or incorrect conversion otherwise, neither of which is desirable. This would be a DOS issue if production databases were customarily built with asserts enabled, but fortunately that's not so. Per an observation by Heikki. Back-patch to all supported branches. 29 January 2009, 19:25:01 UTC
5ecd9dc Magnus Hagander 28 January 2009, 15:06:51 UTC Go over all OpenSSL return values and make sure we compare them to the documented API value. The previous code got it right as it's implemented, but accepted too much/too little compared to the API documentation. Per comment from Zdenek Kotala. 28 January 2009, 15:06:51 UTC
473b40d Teodor Sigaev 16 January 2009, 12:09:30 UTC Fix uninitialized variables in get_covers 16 January 2009, 12:09:30 UTC
b7394a6 Teodor Sigaev 15 January 2009, 18:17:12 UTC Fix URL generation in headline. Only tag lexeme will be replaced by space. Per http://archives.postgresql.org/pgsql-bugs/2008-12/msg00013.php 15 January 2009, 18:17:12 UTC
696dbd8 Teodor Sigaev 15 January 2009, 18:16:52 UTC Fix generation of too long headline with ShortWords. Per http://archives.postgresql.org/pgsql-hackers/2008-09/msg01088.php 15 January 2009, 18:16:52 UTC
0cdeea0 Tom Lane 06 January 2009, 17:28:01 UTC Remove references to pgsql-ports and pgsql-patches mailing lists from various documentation, since those lists are now dead/deprecated. Point to pgsql-bugs and/or pgsql-hackers as appropriate. 06 January 2009, 17:28:01 UTC
fea5ec5 Heikki Linnakangas 06 January 2009, 14:56:03 UTC Fix logic in lazy vacuum to decide if it's worth trying to truncate the heap. If the table was smaller than REL_TRUNCATE_FRACTION (= 16) pages, we always tried to acquire AccessExclusiveLock on it even if there was no empty pages at the end. Report by Simon Riggs. Back-patch all the way to 7.4. 06 January 2009, 14:56:03 UTC
d297635 Marc G. Fournier 31 October 2008, 02:54:50 UTC tag for 8.0.19 31 October 2008, 02:54:50 UTC
f1ac413 Tom Lane 30 October 2008, 22:23:25 UTC Update back-branch release notes. 30 October 2008, 22:23:25 UTC
60278b1 Peter Eisentraut 30 October 2008, 19:21:26 UTC Translation updates 30 October 2008, 19:21:26 UTC
ed0f09a Tom Lane 30 October 2008, 13:17:23 UTC Update time zone data files to tzdata release 2008i (DST law changes in Argentina, Brazil, Mauritius, Syria). 30 October 2008, 13:17:23 UTC
28faad5 Peter Eisentraut 30 October 2008, 12:16:32 UTC Missing space in error message 30 October 2008, 12:16:32 UTC
d24efb8 Tom Lane 27 October 2008, 19:37:48 UTC Install a more robust solution for the problem of infinite error-processing recursion when we are unable to convert a localized error message to the client's encoding. We've been over this ground before, but as reported by Ibrar Ahmed, it still didn't work in the case of conversion failures for the conversion-failure message itself :-(. Fix by installing a "circuit breaker" that disables attempts to localize this message once we get into recursion trouble. Patch all supported branches, because it is in fact broken in all of them; though I had to add some missing translations to the older branches in order to expose the failure in the particular test case I was using. 27 October 2008, 19:37:48 UTC
b1b2140 Tom Lane 25 October 2008, 03:33:05 UTC Fix an old bug in after-trigger handling: AfterTriggerEndQuery took the address of afterTriggers->query_stack[afterTriggers->query_depth] and hung onto it through all its firings of triggers. However, if a trigger causes sufficiently many nested query executions, query_stack will get repalloc'd bigger, leaving AfterTriggerEndQuery --- and hence afterTriggerInvokeEvents --- using a stale pointer. So far as I can find, the only consequence of this error is to stomp on a couple of words of already-freed memory; which would lead to a failure only if that chunk had already gotten re-allocated for something else. So it's hard to exhibit a simple failure case, but this is surely a bug. I noticed this while working on my recent patch to reduce pending-trigger space usage. The present patch is mighty ugly, because it requires making afterTriggerInvokeEvents know about all the possible event lists it might get called on. Fortunately, this is only needed in back branches because CVS HEAD avoids the problem in a different way: afterTriggerInvokeEvents only touches the passed AfterTriggerEventList pointer once at startup. Back branches are stable enough that wiring in knowledge of all possible call usages doesn't seem like a killer problem. Back-patch to 8.0. 7.4's trigger code is completely different and doesn't seem to have the problem (it doesn't even use repalloc). 25 October 2008, 03:33:05 UTC
12956db Teodor Sigaev 17 October 2008, 17:42:32 UTC Fix small bug in headline generation. Patch from Sushant Sinha <sushant354@gmail.com> http://archives.postgresql.org/pgsql-hackers/2008-07/msg00785.php 17 October 2008, 17:42:32 UTC
4a59796 Tom Lane 16 October 2008, 13:23:49 UTC Fix SPI_getvalue and SPI_getbinval to range-check the given attribute number according to the TupleDesc's natts, not the number of physical columns in the tuple. The previous coding would do the wrong thing in cases where natts is different from the tuple's column count: either incorrectly report error when it should just treat the column as null, or actually crash due to indexing off the end of the TupleDesc's attribute array. (The second case is probably not possible in modern PG versions, due to more careful handling of inheritance cases than we once had. But it's still a clear lack of robustness here.) The incorrect error indication is ignored by all callers within the core PG distribution, so this bug has no symptoms visible within the core code, but it might well be an issue for add-on packages. So patch all the way back. 16 October 2008, 13:23:49 UTC
back to top