https://github.com/postgres/postgres
- HEAD
- refs/heads/REL2_0B
- refs/heads/REL6_4
- refs/heads/REL6_5_PATCHES
- refs/heads/REL7_0_PATCHES
- refs/heads/REL7_1_STABLE
- refs/heads/REL7_2_STABLE
- refs/heads/REL7_3_STABLE
- refs/heads/REL7_4_STABLE
- refs/heads/REL8_0_STABLE
- refs/heads/REL8_1_STABLE
- refs/heads/REL8_2_STABLE
- refs/heads/REL8_3_STABLE
- refs/heads/REL8_4_STABLE
- refs/heads/REL8_5_ALPHA1_BRANCH
- refs/heads/REL8_5_ALPHA2_BRANCH
- refs/heads/REL8_5_ALPHA3_BRANCH
- refs/heads/REL9_0_ALPHA4_BRANCH
- refs/heads/REL9_0_ALPHA5_BRANCH
- refs/heads/REL9_0_STABLE
- refs/heads/REL9_1_STABLE
- refs/heads/REL9_2_STABLE
- refs/heads/REL9_3_STABLE
- refs/heads/REL9_4_STABLE
- refs/heads/REL9_5_STABLE
- refs/heads/REL9_6_STABLE
- refs/heads/REL_10_STABLE
- refs/heads/REL_11_STABLE
- refs/heads/REL_12_STABLE
- refs/heads/REL_13_STABLE
- refs/heads/REL_14_STABLE
- refs/heads/REL_15_STABLE
- refs/heads/REL_16_STABLE
- refs/heads/Release_1_0_3
- refs/heads/WIN32_DEV
- refs/heads/ecpg_big_bison
- refs/heads/master
- refs/tags/PG95-1_01
- refs/tags/PG95-1_08
- refs/tags/PG95-1_09
- refs/tags/REL2_0
- refs/tags/REL6_1
- refs/tags/REL6_1_1
- refs/tags/REL6_2
- refs/tags/REL6_2_1
- refs/tags/REL6_3
- refs/tags/REL6_3_2
- refs/tags/REL6_4_2
- refs/tags/REL6_5
- refs/tags/REL6_5_1
- refs/tags/REL6_5_2
- refs/tags/REL6_5_3
- refs/tags/REL7_0
- refs/tags/REL7_0_2
- refs/tags/REL7_0_3
- refs/tags/REL7_1
- refs/tags/REL7_1_1
- refs/tags/REL7_1_2
- refs/tags/REL7_1_3
- refs/tags/REL7_1_BETA
- refs/tags/REL7_1_BETA2
- refs/tags/REL7_1_BETA3
- refs/tags/REL7_2
- refs/tags/REL7_2_1
- refs/tags/REL7_2_2
- refs/tags/REL7_2_3
- refs/tags/REL7_2_4
- refs/tags/REL7_2_5
- refs/tags/REL7_2_6
- refs/tags/REL7_2_7
- refs/tags/REL7_2_8
- refs/tags/REL7_2_BETA1
- refs/tags/REL7_2_BETA2
- refs/tags/REL7_2_BETA3
- refs/tags/REL7_2_BETA4
- refs/tags/REL7_2_BETA5
- refs/tags/REL7_2_RC1
- refs/tags/REL7_2_RC2
- refs/tags/REL7_3
- refs/tags/REL7_3_1
- refs/tags/REL7_3_10
- refs/tags/REL7_3_11
- refs/tags/REL7_3_12
- refs/tags/REL7_3_13
- refs/tags/REL7_3_14
- refs/tags/REL7_3_15
- refs/tags/REL7_3_16
- refs/tags/REL7_3_17
- refs/tags/REL7_3_18
- refs/tags/REL7_3_19
- refs/tags/REL7_3_2
- refs/tags/REL7_3_20
- refs/tags/REL7_3_21
- refs/tags/REL7_3_3
- refs/tags/REL7_3_4
- refs/tags/REL7_3_5
- refs/tags/REL7_3_6
- refs/tags/REL7_3_7
- refs/tags/REL7_3_8
- refs/tags/REL7_3_9
- refs/tags/REL7_4
- refs/tags/REL7_4_1
- refs/tags/REL7_4_10
- refs/tags/REL7_4_11
- refs/tags/REL7_4_12
- refs/tags/REL7_4_13
- refs/tags/REL7_4_14
- refs/tags/REL7_4_15
- refs/tags/REL7_4_16
- refs/tags/REL7_4_17
- refs/tags/REL7_4_18
- refs/tags/REL7_4_19
- refs/tags/REL7_4_2
- refs/tags/REL7_4_20
- refs/tags/REL7_4_21
- refs/tags/REL7_4_22
- refs/tags/REL7_4_23
- refs/tags/REL7_4_24
- refs/tags/REL7_4_25
- refs/tags/REL7_4_26
- refs/tags/REL7_4_27
- refs/tags/REL7_4_28
- refs/tags/REL7_4_29
- refs/tags/REL7_4_3
- refs/tags/REL7_4_30
- refs/tags/REL7_4_4
- refs/tags/REL7_4_5
- refs/tags/REL7_4_6
- refs/tags/REL7_4_7
- refs/tags/REL7_4_8
- refs/tags/REL7_4_9
- refs/tags/REL7_4_BETA1
- refs/tags/REL7_4_BETA2
- refs/tags/REL7_4_BETA3
- refs/tags/REL7_4_BETA4
- refs/tags/REL7_4_BETA5
- refs/tags/REL7_4_RC1
- refs/tags/REL7_4_RC2
- refs/tags/REL8_0_0
- refs/tags/REL8_0_0BETA1
- refs/tags/REL8_0_0BETA2
- refs/tags/REL8_0_0BETA3
- refs/tags/REL8_0_0BETA4
- refs/tags/REL8_0_0BETA5
- refs/tags/REL8_0_0RC1
- refs/tags/REL8_0_0RC2
- refs/tags/REL8_0_0RC3
- refs/tags/REL8_0_0RC4
- refs/tags/REL8_0_0RC5
- refs/tags/REL8_0_1
- refs/tags/REL8_0_10
- refs/tags/REL8_0_11
- refs/tags/REL8_0_12
- refs/tags/REL8_0_13
- refs/tags/REL8_0_14
- refs/tags/REL8_0_15
- refs/tags/REL8_0_16
- refs/tags/REL8_0_17
- refs/tags/REL8_0_18
- refs/tags/REL8_0_19
- refs/tags/REL8_0_2
- refs/tags/REL8_0_20
- refs/tags/REL8_0_21
- refs/tags/REL8_0_22
- refs/tags/REL8_0_23
- refs/tags/REL8_0_24
- refs/tags/REL8_0_25
- refs/tags/REL8_0_26
- refs/tags/REL8_0_3
- refs/tags/REL8_0_4
- refs/tags/REL8_0_5
- refs/tags/REL8_0_6
- refs/tags/REL8_0_7
- refs/tags/REL8_0_8
- refs/tags/REL8_0_9
- refs/tags/REL8_1_0
- refs/tags/REL8_1_0BETA1
- refs/tags/REL8_1_0BETA2
- refs/tags/REL8_1_0BETA3
- refs/tags/REL8_1_0BETA4
- refs/tags/REL8_1_0RC1
- refs/tags/REL8_1_1
- refs/tags/REL8_1_10
- refs/tags/REL8_1_11
- refs/tags/REL8_1_12
- refs/tags/REL8_1_13
- refs/tags/REL8_1_14
- refs/tags/REL8_1_15
- refs/tags/REL8_1_16
- refs/tags/REL8_1_17
- refs/tags/REL8_1_18
- refs/tags/REL8_1_19
- refs/tags/REL8_1_2
- refs/tags/REL8_1_20
- refs/tags/REL8_1_21
- refs/tags/REL8_1_22
- refs/tags/REL8_1_23
- refs/tags/REL8_1_3
- refs/tags/REL8_1_4
- refs/tags/REL8_1_5
- refs/tags/REL8_1_6
- refs/tags/REL8_1_7
- refs/tags/REL8_1_8
- refs/tags/REL8_1_9
- refs/tags/REL8_2_0
- refs/tags/REL8_2_1
- refs/tags/REL8_2_10
- refs/tags/REL8_2_11
- refs/tags/REL8_2_12
- refs/tags/REL8_2_13
- refs/tags/REL8_2_14
- refs/tags/REL8_2_15
- refs/tags/REL8_2_16
- refs/tags/REL8_2_17
- refs/tags/REL8_2_18
- refs/tags/REL8_2_19
- refs/tags/REL8_2_2
- refs/tags/REL8_2_20
- refs/tags/REL8_2_21
- refs/tags/REL8_2_22
- refs/tags/REL8_2_23
- refs/tags/REL8_2_3
- refs/tags/REL8_2_4
- refs/tags/REL8_2_5
- refs/tags/REL8_2_6
- refs/tags/REL8_2_7
- refs/tags/REL8_2_8
- refs/tags/REL8_2_9
- refs/tags/REL8_2_BETA1
- refs/tags/REL8_2_BETA2
- refs/tags/REL8_2_BETA3
- refs/tags/REL8_2_RC1
- refs/tags/REL8_3_0
- refs/tags/REL8_3_1
- refs/tags/REL8_3_10
- refs/tags/REL8_3_11
- refs/tags/REL8_3_12
- refs/tags/REL8_3_13
- refs/tags/REL8_3_14
- refs/tags/REL8_3_15
- refs/tags/REL8_3_16
- refs/tags/REL8_3_17
- refs/tags/REL8_3_18
- refs/tags/REL8_3_19
- refs/tags/REL8_3_2
- refs/tags/REL8_3_20
- refs/tags/REL8_3_21
- refs/tags/REL8_3_22
- refs/tags/REL8_3_23
- refs/tags/REL8_3_3
- refs/tags/REL8_3_4
- refs/tags/REL8_3_5
- refs/tags/REL8_3_6
- refs/tags/REL8_3_7
- refs/tags/REL8_3_8
- refs/tags/REL8_3_9
- refs/tags/REL8_3_BETA1
- refs/tags/REL8_3_BETA2
- refs/tags/REL8_3_BETA3
- refs/tags/REL8_3_BETA4
- refs/tags/REL8_3_RC1
- refs/tags/REL8_3_RC2
- refs/tags/REL8_4_0
- refs/tags/REL8_4_1
- refs/tags/REL8_4_10
- refs/tags/REL8_4_11
- refs/tags/REL8_4_12
- refs/tags/REL8_4_13
- refs/tags/REL8_4_14
- refs/tags/REL8_4_15
- refs/tags/REL8_4_16
- refs/tags/REL8_4_17
- refs/tags/REL8_4_18
- refs/tags/REL8_4_19
- refs/tags/REL8_4_2
- refs/tags/REL8_4_20
- refs/tags/REL8_4_21
- refs/tags/REL8_4_22
- refs/tags/REL8_4_3
- refs/tags/REL8_4_4
- refs/tags/REL8_4_5
- refs/tags/REL8_4_6
- refs/tags/REL8_4_7
- refs/tags/REL8_4_8
- refs/tags/REL8_4_9
- refs/tags/REL8_4_BETA1
- refs/tags/REL8_4_BETA2
- refs/tags/REL8_4_RC1
- refs/tags/REL8_4_RC2
- refs/tags/REL8_5_ALPHA1
- refs/tags/REL8_5_ALPHA2
- refs/tags/REL8_5_ALPHA3
- refs/tags/REL9_0_0
- refs/tags/REL9_0_1
- refs/tags/REL9_0_10
- refs/tags/REL9_0_11
- refs/tags/REL9_0_12
- refs/tags/REL9_0_13
- refs/tags/REL9_0_14
- refs/tags/REL9_0_15
- refs/tags/REL9_0_16
- refs/tags/REL9_0_17
- refs/tags/REL9_0_18
- refs/tags/REL9_0_19
- refs/tags/REL9_0_2
- refs/tags/REL9_0_20
- refs/tags/REL9_0_21
- refs/tags/REL9_0_22
- refs/tags/REL9_0_23
- refs/tags/REL9_0_3
- refs/tags/REL9_0_4
- refs/tags/REL9_0_5
- refs/tags/REL9_0_6
- refs/tags/REL9_0_7
- refs/tags/REL9_0_8
- refs/tags/REL9_0_9
- refs/tags/REL9_0_ALPHA4
- refs/tags/REL9_0_ALPHA5
- refs/tags/REL9_0_BETA1
- refs/tags/REL9_0_BETA2
- refs/tags/REL9_0_BETA3
- refs/tags/REL9_0_BETA4
- refs/tags/REL9_0_RC1
- refs/tags/REL9_1_0
- refs/tags/REL9_1_1
- refs/tags/REL9_1_10
- refs/tags/REL9_1_11
- refs/tags/REL9_1_12
- refs/tags/REL9_1_13
- refs/tags/REL9_1_14
- refs/tags/REL9_1_15
- refs/tags/REL9_1_16
- refs/tags/REL9_1_17
- refs/tags/REL9_1_18
- refs/tags/REL9_1_19
- refs/tags/REL9_1_2
- refs/tags/REL9_1_20
- refs/tags/REL9_1_21
- refs/tags/REL9_1_22
- refs/tags/REL9_1_23
- refs/tags/REL9_1_24
- refs/tags/REL9_1_3
- refs/tags/REL9_1_4
- refs/tags/REL9_1_5
- refs/tags/REL9_1_6
- refs/tags/REL9_1_7
- refs/tags/REL9_1_8
- refs/tags/REL9_1_9
- refs/tags/REL9_1_ALPHA1
- refs/tags/REL9_1_ALPHA2
- refs/tags/REL9_1_ALPHA3
- refs/tags/REL9_1_ALPHA4
- refs/tags/REL9_1_ALPHA5
- refs/tags/REL9_1_BETA1
- refs/tags/REL9_1_BETA2
- refs/tags/REL9_1_BETA3
- refs/tags/REL9_1_RC1
- refs/tags/REL9_2_0
- refs/tags/REL9_2_1
- refs/tags/REL9_2_10
- refs/tags/REL9_2_11
- refs/tags/REL9_2_12
- refs/tags/REL9_2_13
- refs/tags/REL9_2_14
- refs/tags/REL9_2_15
- refs/tags/REL9_2_16
- refs/tags/REL9_2_17
- refs/tags/REL9_2_18
- refs/tags/REL9_2_19
- refs/tags/REL9_2_2
- refs/tags/REL9_2_20
- refs/tags/REL9_2_21
- refs/tags/REL9_2_22
- refs/tags/REL9_2_23
- refs/tags/REL9_2_24
- refs/tags/REL9_2_3
- refs/tags/REL9_2_4
- refs/tags/REL9_2_5
- refs/tags/REL9_2_6
- refs/tags/REL9_2_7
- refs/tags/REL9_2_8
- refs/tags/REL9_2_9
- refs/tags/REL9_2_BETA1
- refs/tags/REL9_2_BETA2
- refs/tags/REL9_2_BETA3
- refs/tags/REL9_2_BETA4
- refs/tags/REL9_2_RC1
- refs/tags/REL9_3_0
- refs/tags/REL9_3_1
- refs/tags/REL9_3_10
- refs/tags/REL9_3_11
- refs/tags/REL9_3_12
- refs/tags/REL9_3_13
- refs/tags/REL9_3_14
- refs/tags/REL9_3_15
- refs/tags/REL9_3_16
- refs/tags/REL9_3_17
- refs/tags/REL9_3_18
- refs/tags/REL9_3_19
- refs/tags/REL9_3_2
- refs/tags/REL9_3_20
- refs/tags/REL9_3_21
- refs/tags/REL9_3_22
- refs/tags/REL9_3_23
- refs/tags/REL9_3_24
- refs/tags/REL9_3_25
- refs/tags/REL9_3_3
- refs/tags/REL9_3_4
- refs/tags/REL9_3_5
- refs/tags/REL9_3_6
- refs/tags/REL9_3_7
- refs/tags/REL9_3_8
- refs/tags/REL9_3_9
- refs/tags/REL9_3_BETA1
- refs/tags/REL9_3_BETA2
- refs/tags/REL9_3_RC1
- refs/tags/REL9_4_0
- refs/tags/REL9_4_1
- refs/tags/REL9_4_10
- refs/tags/REL9_4_11
- refs/tags/REL9_4_12
- refs/tags/REL9_4_13
- refs/tags/REL9_4_14
- refs/tags/REL9_4_15
- refs/tags/REL9_4_16
- refs/tags/REL9_4_17
- refs/tags/REL9_4_18
- refs/tags/REL9_4_19
- refs/tags/REL9_4_2
- refs/tags/REL9_4_20
- refs/tags/REL9_4_21
- refs/tags/REL9_4_22
- refs/tags/REL9_4_23
- refs/tags/REL9_4_24
- refs/tags/REL9_4_25
- refs/tags/REL9_4_26
- refs/tags/REL9_4_3
- refs/tags/REL9_4_4
- refs/tags/REL9_4_5
- refs/tags/REL9_4_6
- refs/tags/REL9_4_7
- refs/tags/REL9_4_8
- refs/tags/REL9_4_9
- refs/tags/REL9_4_BETA1
- refs/tags/REL9_4_BETA2
- refs/tags/REL9_4_BETA3
- refs/tags/REL9_4_RC1
- refs/tags/REL9_5_0
- refs/tags/REL9_5_1
- refs/tags/REL9_5_10
- refs/tags/REL9_5_11
- refs/tags/REL9_5_12
- refs/tags/REL9_5_13
- refs/tags/REL9_5_14
- refs/tags/REL9_5_15
- refs/tags/REL9_5_16
- refs/tags/REL9_5_17
- refs/tags/REL9_5_18
- refs/tags/REL9_5_19
- refs/tags/REL9_5_2
- refs/tags/REL9_5_20
- refs/tags/REL9_5_21
- refs/tags/REL9_5_22
- refs/tags/REL9_5_23
- refs/tags/REL9_5_24
- refs/tags/REL9_5_25
- refs/tags/REL9_5_3
- refs/tags/REL9_5_4
- refs/tags/REL9_5_5
- refs/tags/REL9_5_6
- refs/tags/REL9_5_7
- refs/tags/REL9_5_8
- refs/tags/REL9_5_9
- refs/tags/REL9_5_ALPHA1
- refs/tags/REL9_5_ALPHA2
- refs/tags/REL9_5_BETA1
- refs/tags/REL9_5_BETA2
- refs/tags/REL9_5_RC1
- refs/tags/REL9_6_0
- refs/tags/REL9_6_1
- refs/tags/REL9_6_10
- refs/tags/REL9_6_11
- refs/tags/REL9_6_12
- refs/tags/REL9_6_13
- refs/tags/REL9_6_14
- refs/tags/REL9_6_15
- refs/tags/REL9_6_16
- refs/tags/REL9_6_17
- refs/tags/REL9_6_18
- refs/tags/REL9_6_19
- refs/tags/REL9_6_2
- refs/tags/REL9_6_20
- refs/tags/REL9_6_21
- refs/tags/REL9_6_22
- refs/tags/REL9_6_23
- refs/tags/REL9_6_24
- refs/tags/REL9_6_3
- refs/tags/REL9_6_4
- refs/tags/REL9_6_5
- refs/tags/REL9_6_6
- refs/tags/REL9_6_7
- refs/tags/REL9_6_8
- refs/tags/REL9_6_9
- refs/tags/REL9_6_BETA1
- refs/tags/REL9_6_BETA2
- refs/tags/REL9_6_BETA3
- refs/tags/REL9_6_BETA4
- refs/tags/REL9_6_RC1
- refs/tags/REL_10_0
- refs/tags/REL_10_1
- refs/tags/REL_10_10
- refs/tags/REL_10_11
- refs/tags/REL_10_12
- refs/tags/REL_10_13
- refs/tags/REL_10_14
- refs/tags/REL_10_15
- refs/tags/REL_10_16
- refs/tags/REL_10_17
- refs/tags/REL_10_18
- refs/tags/REL_10_19
- refs/tags/REL_10_2
- refs/tags/REL_10_20
- refs/tags/REL_10_21
- refs/tags/REL_10_22
- refs/tags/REL_10_23
- refs/tags/REL_10_3
- refs/tags/REL_10_4
- refs/tags/REL_10_5
- refs/tags/REL_10_6
- refs/tags/REL_10_7
- refs/tags/REL_10_8
- refs/tags/REL_10_9
- refs/tags/REL_10_BETA1
- refs/tags/REL_10_BETA2
- refs/tags/REL_10_BETA3
- refs/tags/REL_10_BETA4
- refs/tags/REL_10_RC1
- refs/tags/REL_11_0
- refs/tags/REL_11_1
- refs/tags/REL_11_10
- refs/tags/REL_11_11
- refs/tags/REL_11_12
- refs/tags/REL_11_13
- refs/tags/REL_11_14
- refs/tags/REL_11_15
- refs/tags/REL_11_16
- refs/tags/REL_11_17
- refs/tags/REL_11_18
- refs/tags/REL_11_19
- refs/tags/REL_11_2
- refs/tags/REL_11_20
- refs/tags/REL_11_21
- refs/tags/REL_11_22
- refs/tags/REL_11_3
- refs/tags/REL_11_4
- refs/tags/REL_11_5
- refs/tags/REL_11_6
- refs/tags/REL_11_7
- refs/tags/REL_11_8
- refs/tags/REL_11_9
- refs/tags/REL_11_BETA1
- refs/tags/REL_11_BETA2
- refs/tags/REL_11_BETA3
- refs/tags/REL_11_BETA4
- refs/tags/REL_11_RC1
- refs/tags/REL_12_0
- refs/tags/REL_12_1
- refs/tags/REL_12_10
- refs/tags/REL_12_11
- refs/tags/REL_12_12
- refs/tags/REL_12_13
- refs/tags/REL_12_14
- refs/tags/REL_12_15
- refs/tags/REL_12_16
- refs/tags/REL_12_17
- refs/tags/REL_12_18
- refs/tags/REL_12_2
- refs/tags/REL_12_3
- refs/tags/REL_12_4
- refs/tags/REL_12_5
- refs/tags/REL_12_6
- refs/tags/REL_12_7
- refs/tags/REL_12_8
- refs/tags/REL_12_9
- refs/tags/REL_12_BETA1
- refs/tags/REL_12_BETA2
- refs/tags/REL_12_BETA3
- refs/tags/REL_12_BETA4
- refs/tags/REL_12_RC1
- refs/tags/REL_13_0
- refs/tags/REL_13_1
- refs/tags/REL_13_10
- refs/tags/REL_13_11
- refs/tags/REL_13_12
- refs/tags/REL_13_13
- refs/tags/REL_13_14
- refs/tags/REL_13_2
- refs/tags/REL_13_3
- refs/tags/REL_13_4
- refs/tags/REL_13_5
- refs/tags/REL_13_6
- refs/tags/REL_13_7
- refs/tags/REL_13_8
- refs/tags/REL_13_9
- refs/tags/REL_13_BETA1
- refs/tags/REL_13_BETA2
- refs/tags/REL_13_BETA3
- refs/tags/REL_13_RC1
- refs/tags/REL_14_0
- refs/tags/REL_14_1
- refs/tags/REL_14_10
- refs/tags/REL_14_11
- refs/tags/REL_14_2
- refs/tags/REL_14_3
- refs/tags/REL_14_4
- refs/tags/REL_14_5
- refs/tags/REL_14_6
- refs/tags/REL_14_7
- refs/tags/REL_14_8
- refs/tags/REL_14_9
- refs/tags/REL_14_BETA1
- refs/tags/REL_14_BETA2
- refs/tags/REL_14_BETA3
- refs/tags/REL_14_RC1
- refs/tags/REL_15_0
- refs/tags/REL_15_1
- refs/tags/REL_15_2
- refs/tags/REL_15_3
- refs/tags/REL_15_4
- refs/tags/REL_15_5
- refs/tags/REL_15_6
- refs/tags/REL_15_BETA1
- refs/tags/REL_15_BETA2
- refs/tags/REL_15_BETA3
- refs/tags/REL_15_BETA4
- refs/tags/REL_15_RC1
- refs/tags/REL_15_RC2
- refs/tags/REL_16_0
- refs/tags/REL_16_1
- refs/tags/REL_16_2
- refs/tags/REL_16_BETA1
- refs/tags/REL_16_BETA2
- refs/tags/REL_16_BETA3
- refs/tags/REL_16_RC1
- refs/tags/Release_1_0_2
- refs/tags/Release_2_0
- refs/tags/Release_2_0_0
- refs/tags/release-6-3
No releases to show
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.
Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
| Revision | Author | Date | Message | Commit Date |
|---|---|---|---|---|
| c689dac | Marc G. Fournier | 01 October 2010, 13:39:44 UTC | Tag 8.0.26 | 01 October 2010, 13:39:44 UTC |
| 8d7694b | Tom Lane | 30 September 2010, 21:22:23 UTC | Use a separate interpreter for each calling SQL userid in plperl and pltcl. There are numerous methods by which a Perl or Tcl function can subvert the behavior of another such function executed later; for example, by redefining standard functions or operators called by the target function. If the target function is SECURITY DEFINER, or is called by such a function, this means that any ordinary SQL user with Perl or Tcl language usage rights can do essentially anything with the privileges of the target function's owner. To close this security hole, create a separate Perl or Tcl interpreter for each SQL userid under which plperl or pltcl functions are executed within a session. However, all plperlu or pltclu functions run within a session still share a single interpreter, since they all execute at the trust level of a database superuser anyway. Note: this change results in a functionality loss when libperl has been built without the "multiplicity" option: it's no longer possible to call plperl functions under different userids in one session, since such a libperl can't support multiple interpreters in one process. However, such a libperl already failed to support concurrent use of plperl and plperlu, so it's likely that few people use such versions with Postgres. Security: CVE-2010-3433 | 30 September 2010, 21:22:23 UTC |
| ee54ffd | Peter Eisentraut | 30 September 2010, 19:13:05 UTC | Translation updates for 8.0.26 | 30 September 2010, 19:13:05 UTC |
| 5da1406 | Tom Lane | 30 September 2010, 18:27:58 UTC | Update release notes for releases 9.0.1, 8.4.5, 8.3.12, 8.2.18, 8.1.22, 8.0.26, and 7.4.30. | 30 September 2010, 18:27:58 UTC |
| 46286d6 | Tom Lane | 25 September 2010, 19:57:05 UTC | Further fixes to the pg_get_expr() security fix in back branches. It now emerges that the JDBC driver expects to be able to use pg_get_expr() on an output of a sub-SELECT. So extend the check logic to be able to recurse into a sub-SELECT to see if the argument is ultimately coming from an appropriate column. Per report from Thomas Kellerer. | 25 September 2010, 20:53:26 UTC |
| 74515dc | Tom Lane | 24 September 2010, 17:48:41 UTC | Still more .gitignore cleanup. Fix overly-enthusiastic ignores, as identified by git ls-files -i --exclude-standard | 24 September 2010, 17:48:41 UTC |
| d75acf5 | Robert Haas | 24 September 2010, 02:00:26 UTC | Add contrib/xml2/pgxml.sql to .gitignore Kevin Grittner | 24 September 2010, 02:08:32 UTC |
| 1ea2c83 | Tom Lane | 23 September 2010, 20:53:47 UTC | Prevent show_session_authorization from crashing when session_authorization hasn't been set. The only known case where this can happen is when show_session_authorization is invoked in an autovacuum process, which is possible if an index function calls it, as for example in bug #5669 from Andrew Geery. We could perhaps try to return a sensible value, such as the name of the cluster-owning superuser; but that seems like much more trouble than the case is worth, and in any case it could create new possible failure modes. Simply returning an empty string seems like the most appropriate fix. Back-patch to all supported versions, even those before autovacuum, just in case there's another way to provoke this crash. | 23 September 2010, 20:53:47 UTC |
| 4c73b3d | Tom Lane | 23 September 2010, 06:33:03 UTC | More fixes for libpq's .gitignore file. The previous patches failed to cover a lot of symlinks that are only added in platform-specific cases. Make the lists match what's in the Makefile for each branch. | 23 September 2010, 02:33:37 UTC |
| 78fa6f0 | Tom Lane | 23 September 2010, 00:22:59 UTC | Do some copy-editing on the Git usage docs. | 23 September 2010, 00:22:59 UTC |
| 699474f | Tom Lane | 22 September 2010, 22:26:33 UTC | Fix documentation gitignore for pre-9.0 doc build methods. | 22 September 2010, 22:26:33 UTC |
| f887652 | Tom Lane | 22 September 2010, 21:22:22 UTC | Some more gitignore cleanups: cover contrib and PL regression test outputs. Also do some further work in the back branches, where quite a bit wasn't covered by Magnus' original back-patch. | 22 September 2010, 21:22:22 UTC |
| da49d16 | Magnus Hagander | 22 September 2010, 18:48:49 UTC | Remove anonymous cvs instructions, and replace them with instructions for git. Change other references from cvs to git as well. | 22 September 2010, 18:48:49 UTC |
| 92458c2 | Magnus Hagander | 22 September 2010, 10:57:19 UTC | Convert cvsignore to gitignore, and add .gitignore for build targets. | 22 September 2010, 10:57:19 UTC |
| 4c2eb2d | Tom Lane | 21 September 2010, 18:43:24 UTC | Back-patch replacement of README.CVS with README.git. In older branches, also git-ify the "make distdir" rule. | 21 September 2010, 18:43:24 UTC |
| 042a08c | Tom Lane | 26 August 2010, 19:59:29 UTC | Update time zone data files to tzdata release 2010l: DST law changes in Egypt and Palestine. Added new names for two Micronesian timezones: Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over Pacific/Ponape. Historical corrections for Finland. | 26 August 2010, 19:59:29 UTC |
| 6107aa8 | Tom Lane | 26 August 2010, 18:55:19 UTC | Fix ExecMakeTableFunctionResult to verify that all rows returned by a SRF returning "record" actually do have the same rowtype. This is needed because the parser can't realistically enforce that they will all have the same typmod, as seen in a recent example from David Wheeler. Back-patch to 8.0, which is as far back as we have the notion of RECORD subtypes being distinguished by typmod. Wheeler's example depends on 8.4-and-up features, but I suspect there may be ways to provoke similar failures before 8.4. | 26 August 2010, 18:55:19 UTC |
| e4b0858 | Peter Eisentraut | 25 August 2010, 19:37:30 UTC | Catch null pointer returns from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr This is reproducibly possible in Python 2.7 if the user turned PendingDeprecationWarning into an error, but it's theoretically also possible in earlier versions in case of exceptional conditions. backpatched to 8.0 | 25 August 2010, 19:37:30 UTC |
| e8b4a23 | Tom Lane | 16 August 2010, 17:33:22 UTC | Arrange to fsync the contents of lockfiles (both postmaster.pid and the socket lockfile) when writing them. The lack of an fsync here may well explain two different reports we've seen of corrupted lockfile contents, which doesn't particularly bother the running server but can prevent a new server from starting if the old one crashes. Per suggestion from Alvaro. Back-patch to all supported versions. | 16 August 2010, 17:33:22 UTC |
| 4d1dd8d | Tom Lane | 16 August 2010, 00:06:54 UTC | Fix psql's copy of utf2ucs() to match the backend's copy exactly; in particular, propagate a fix in the test to see whether a UTF8 character has length 4 bytes. This is likely of little real-world consequence because 5-or-more-byte UTF8 sequences are not supported by Postgres nor seen anywhere in the wild, but still we may as well get it right. Problem found by Joseph Adams. Bug is aboriginal, so back-patch all the way. | 16 August 2010, 00:06:54 UTC |
| 019e2f4 | Robert Haas | 11 August 2010, 19:04:09 UTC | Fix one more incorrect errno definition in the ECPG manual. Again, back-patch all the way to 7.4. | 11 August 2010, 19:04:09 UTC |
| 815f242 | Robert Haas | 11 August 2010, 18:52:58 UTC | Fix incorrect errno definitions in ECPG manual. ecpgerrno.h hasn't materially changed since PostgreSQL 7.4, so this has been wrong for a very long time. Back-patch all the way. Satoshi Nagayasu | 11 August 2010, 18:52:58 UTC |
| d3e41cb | Tom Lane | 09 August 2010, 18:51:02 UTC | Fix incorrect logic in plpgsql for cleanup after evaluation of non-simple expressions. We need to deal with this when handling subscripts in an array assignment, and also when catching an exception. In an Assert-enabled build these omissions led to Assert failures, but I think in a normal build the only consequence would be short-term memory leakage; which may explain why this wasn't reported from the field long ago. Back-patch to all supported versions. 7.4 doesn't have exceptions, but otherwise these bugs go all the way back. Heikki Linnakangas and Tom Lane | 09 August 2010, 18:51:02 UTC |
| 1eef280 | Tom Lane | 30 July 2010, 17:57:25 UTC | Improved version of patch to protect pg_get_expr() against misuse: look through join alias Vars to avoid breaking join queries, and move the test to someplace where it will catch more possible ways of calling a function. We still ought to throw away the whole thing in favor of a data-type-based solution, but that's not feasible in the back branches. Completion of back-port of my patch of yesterday. | 30 July 2010, 17:57:25 UTC |
| 8e21bf5 | Tom Lane | 29 July 2010, 19:24:05 UTC | Fix another longstanding problem in copy_relation_data: it was blithely assuming that a local char[] array would be aligned on at least a word boundary. There are architectures on which that is pretty much guaranteed to NOT be the case ... and those arches also don't like non-aligned memory accesses, meaning that log_newpage() would crash if it ever got invoked. Even on Intel-ish machines there's a potential for a large performance penalty from doing I/O to an inadequately aligned buffer. So palloc it instead. Backpatch to 8.0 --- 7.4 doesn't have this code. | 29 July 2010, 19:24:05 UTC |
| 3137b49 | Robert Haas | 29 July 2010, 16:15:47 UTC | Fix possible page corruption by ALTER TABLE .. SET TABLESPACE. If a zeroed page is present in the heap, ALTER TABLE .. SET TABLESPACE will set the LSN and TLI while copying it, which is wrong, and heap_xlog_newpage() will do the same thing during replay, so the corruption propagates to any standby. Note, however, that the bug can't be demonstrated unless archiving is enabled, since in that case we skip WAL logging altogether, and the LSN/TLI are not set. Back-patch to 8.0; prior releases do not have tablespaces. Analysis and patch by Jeff Davis. Adjustments for back-branches and minor wordsmithing by me. | 29 July 2010, 16:15:47 UTC |
| 5a54266 | Peter Eisentraut | 27 July 2010, 18:54:29 UTC | Spelling fix | 27 July 2010, 18:54:29 UTC |
| b26ed35 | Robert Haas | 23 July 2010, 00:43:52 UTC | Avoid deep recursion when assigning XIDs to multiple levels of subxacts. Backpatch to 8.0. Andres Freund, with cleanup and adjustment for older branches by me. | 23 July 2010, 00:43:52 UTC |
| b239670 | Heikki Linnakangas | 13 July 2010, 09:03:11 UTC | Oops, in the previous fix to prevent a cursor that's being used in a FOR loop from being dropped, I missed subtransaction cleanup. Pinned portals must be dropped at subtransaction cleanup just as they are at main transaction cleanup. Per bug #5556 by Robert Walker. Backpatch to 8.0, 7.4 didn't have subtransactions. | 13 July 2010, 09:03:11 UTC |
| b8accd6 | Tom Lane | 09 July 2010, 22:58:17 UTC | Avoid an Assert failure in deconstruct_array() by making get_attstatsslot() use the actual element type of the array it's disassembling, rather than trusting the type OID passed in by its caller. This is needed because sometimes the planner passes in a type OID that's only binary-compatible with the target column's type, rather than being an exact match. Per an example from Bernd Helmle. Possibly we should refactor get_attstatsslot/free_attstatsslot to not expect the caller to supply type ID data at all, but for now I'll just do the minimum-change fix. Back-patch to 7.4. Bernd's test case only crashes back to 8.0, but since these subroutines are the same in 7.4, I suspect there may be variant cases that would crash 7.4 as well. | 09 July 2010, 22:58:17 UTC |
| 8bed5e2 | Tom Lane | 08 July 2010, 00:14:33 UTC | Fix "cannot handle unplanned sub-select" error that can occur when a sub-select contains a join alias reference that expands into an expression containing another sub-select. Per yesterday's report from Merlin Moncure and subsequent off-list investigation. Back-patch to 7.4. Older versions didn't attempt to flatten sub-selects in ways that would trigger this problem. | 08 July 2010, 00:14:33 UTC |
| c778f89 | Heikki Linnakangas | 05 July 2010, 09:27:49 UTC | The previous fix in CVS HEAD and 8.4 for handling the case where a cursor being used in a PL/pgSQL FOR loop is closed was inadequate, as Tom Lane pointed out. The bug affects FOR statement variants too, because you can close an implicitly created cursor too by guessing the "<unnamed portal X>" name created for it. To fix that, "pin" the portal to prevent it from being dropped while it's being used in a PL/pgSQL FOR loop. Backpatch all the way to 7.4 which is the oldest supported version. | 05 July 2010, 09:27:49 UTC |
| 971e110 | Tom Lane | 03 July 2010, 04:03:39 UTC | Fix assorted misstatements and poor wording in the descriptions of the I/O formats for geometric types. Per bug #5536 from Jon Strait, and my own testing. Back-patch to all supported branches, since this doco has been wrong right along -- we certainly haven't changed the I/O behavior of these types in many years. | 03 July 2010, 04:03:39 UTC |
| 6ec7b0b | Robert Haas | 01 July 2010, 14:10:42 UTC | Allow ALTER TABLE .. SET TABLESPACE to be interrupted. Backpatch to 8.0, where tablespaces were introduced. Guillaume Lelarge | 01 July 2010, 14:10:42 UTC |
| 8f36605 | Heikki Linnakangas | 30 June 2010, 18:11:32 UTC | stringToNode() and deparse_expression_pretty() crash on invalid input, but we have nevertheless exposed them to users via pg_get_expr(). It would be too much maintenance effort to rigorously check the input, so put a hack in place instead to restrict pg_get_expr() so that the argument must come from one of the system catalog columns known to contain valid expressions. Per report from Rushabh Lathia. Backpatch to 7.4 which is the oldest supported version at the moment. | 30 June 2010, 18:11:32 UTC |
| 221f4de | Tom Lane | 15 June 2010, 19:04:52 UTC | Fix dblink_build_sql_insert() and related functions to handle dropped columns correctly. In passing, get rid of some dead logic in the underlying get_sql_insert() etc functions --- there is no caller that will pass null value-arrays to them. Per bug report from Robert Voinea. | 15 June 2010, 19:04:52 UTC |
| 943676c | Tom Lane | 15 June 2010, 16:22:51 UTC | Consolidate and improve checking of key-column-attnum arguments for dblink_build_sql_insert() and related functions. In particular, be sure to reject references to dropped and out-of-range column numbers. The numbers are still interpreted as physical column numbers, though, for backward compatibility. This patch replaces Joe's patch of 2010-02-03, which handled only some aspects of the problem. | 15 June 2010, 16:22:51 UTC |
| c83c22d | Tom Lane | 14 June 2010, 20:50:04 UTC | Rearrange dblink's dblink_build_sql_insert() and related routines to open and lock the target relation just once per SQL function call. The original coding obtained and released lock several times per call. Aside from saving a not-insignificant number of cycles, this eliminates possible race conditions if someone tries to modify the relation's schema concurrently. Also centralize locking and permission-checking logic. Problem noted while investigating a trouble report from Robert Voinea --- his problem is still to be fixed, though. | 14 June 2010, 20:50:04 UTC |
| 2e5a61f | Itagaki Takahiro | 10 June 2010, 00:41:23 UTC | Fix incorrect change in dblink introduced by the previous commit "Fix connection leak in dblink". | 10 June 2010, 00:41:23 UTC |
| 63a6014 | Itagaki Takahiro | 09 June 2010, 01:00:32 UTC | Fix connection leak in dblink when dblink_connect() or dblink_connect_u() end with "duplicate connection name" errors. Backported to release 7.4. | 09 June 2010, 01:00:32 UTC |
| 9d1f441 | Itagaki Takahiro | 03 June 2010, 09:45:47 UTC | Fix dblink to treat connection names longer than NAMEDATALEN-2 (62 bytes). Now long names are adjusted with truncate_identifier() and NOTICE messages are raised if names are actually truncated. Backported to release 8.0. | 03 June 2010, 09:45:47 UTC |
| de57ea1 | Tom Lane | 27 May 2010, 19:20:16 UTC | Change ps_status.c to explicitly track the current logical length of ps_buffer. This saves cycles in get_ps_display() on many popular platforms, and more importantly ensures that get_ps_display() will correctly return an empty string if init_ps_display() hasn't been called yet. Per trouble report from Ray Stell, in which log_line_prefix %i produced junk early in backend startup. Back-patch to 8.0. 7.4 doesn't have %i and its version of get_ps_display() makes no pretense of avoiding pad junk anyhow. | 27 May 2010, 19:20:16 UTC |
| 34025d8 | Andrew Dunstan | 17 May 2010, 20:46:12 UTC | > Follow up a visit from the style police. | 17 May 2010, 20:46:12 UTC |
| edf3df6 | Robert Haas | 16 May 2010, 03:55:55 UTC | Fix longstanding typo in V1 calling conventions documentation. Erik Rijkers | 16 May 2010, 03:55:55 UTC |
| 8be5f6e | Tom Lane | 15 May 2010, 18:11:35 UTC | Improve documentation of pg_restore's -l and -L switches to point out their interactions with filtering switches, such as -n and -t. Per a complaint from Russell Smith. | 15 May 2010, 18:11:35 UTC |
| 8a5b8ae | Marc G. Fournier | 14 May 2010, 03:38:45 UTC | tag 8.0.25 | 14 May 2010, 03:38:45 UTC |
| 250956f | Tom Lane | 13 May 2010, 21:27:35 UTC | Update release notes with security issues. Security: CVE-2010-1169, CVE-2010-1170 | 13 May 2010, 21:27:35 UTC |
| fdce453 | Tom Lane | 13 May 2010, 19:16:45 UTC | Use an entity instead of non-ASCII letter. Thom Brown | 13 May 2010, 19:16:45 UTC |
| ef4e44a | Tom Lane | 13 May 2010, 18:29:45 UTC | Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless that is a regular table or view owned by a superuser. This prevents a trojan horse attack whereby any unprivileged SQL user could create such a table and insert code into it that would then get executed in other users' sessions whenever they call pltcl functions. Worse yet, because the code was automatically loaded into both the "normal" and "safe" interpreters at first use, the attacker could execute unrestricted Tcl code in the "normal" interpreter without there being any pltclu functions anywhere, or indeed anyone else using pltcl at all: installing pltcl is sufficient to open the hole. Change the initialization logic so that the "unknown" code is only loaded into an interpreter when the interpreter is first really used. (That doesn't add any additional security in this particular context, but it seems a prudent change, and anyway the former behavior violated the principle of least astonishment.) Security: CVE-2010-1170 | 13 May 2010, 18:29:45 UTC |
| e089e04 | Andrew Dunstan | 13 May 2010, 16:44:03 UTC | Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is fundamentally insecure. Instead apply an opmask to the whole interpreter that imposes restrictions on unsafe operations. These restrictions are much harder to subvert than is Safe.pm, since there is no container to be broken out of. Backported to release 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of the two interpreters model for plperl and plperlu adopted in release 8.2. In versions 8.0 and up, the use of Perl's POSIX module to undo its locale mangling on Windows has become insecure with these changes, so it is replaced by our own routine, which is also faster. Nice side effects of the changes include that it is now possible to use perl's "strict" pragma in a natural way in plperl, and that perl's $a and $b variables now work as expected in sort routines, and that function compilation is significantly faster. Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and Alexey Klyukin. Security: CVE-2010-1169 | 13 May 2010, 16:44:03 UTC |
| 2824dd4 | Peter Eisentraut | 13 May 2010, 07:11:54 UTC | Translation update | 13 May 2010, 07:11:54 UTC |
| e6deec6 | Tom Lane | 12 May 2010, 23:27:58 UTC | Preliminary release notes for releases 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, 7.4.29. | 12 May 2010, 23:27:58 UTC |
| 8290b43 | Tom Lane | 11 May 2010, 23:02:04 UTC | Update time zone data files to tzdata release 2010j: DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia. Historical corrections for Taiwan. | 11 May 2010, 23:02:04 UTC |
| 350c7f2 | Tom Lane | 08 May 2010, 16:40:45 UTC | Work around a subtle portability problem in use of printf %s format. Depending on which spec you read, field widths and precisions in %s may be counted either in bytes or characters. Our code was assuming bytes, which is wrong at least for glibc's implementation, and in any case libc might have a different idea of the prevailing encoding than we do. Hence, for portable results we must avoid using anything more complex than just "%s" unless the string to be printed is known to be all-ASCII. This patch fixes the cases I could find, including the psql formatting failure reported by Hernan Gonzalez. In HEAD only, I also added comments to some places where it appears safe to continue using "%.*s". | 08 May 2010, 16:40:45 UTC |
| f9a60d1 | Tom Lane | 05 May 2010, 22:19:31 UTC | Fix psql to not go into infinite recursion when expanding a variable that refers to itself (directly or indirectly). Instead, print a message when recursion is detected, and don't expand the repeated reference. Per bug #5448 from Francis Markham. Back-patch to 8.0. Although the issue exists in 7.4 as well, it seems impractical to fix there because of the lack of any state stack that could be used to track active expansions. | 05 May 2010, 22:19:31 UTC |
| 923b447 | Tom Lane | 05 May 2010, 02:55:11 UTC | Fix backpatching error in recent patch for ALTER USER f RESET ALL behavior. The argument list for array_set() changed in 8.2 (in connection with allowing nulls in arrays) but the newer argument list was used in the patches applied to 8.1 and 8.0 branches. The patch for 7.4 was OK though. Per compiler warnings. | 05 May 2010, 02:55:11 UTC |
| 8073cd2 | Tom Lane | 01 May 2010, 22:47:08 UTC | Add code to InternalIpcMemoryCreate() to handle the case where shmget() returns EINVAL for an existing shared memory segment. Although it's not terribly sensible, that behavior does meet the POSIX spec because EINVAL is the appropriate error code when the existing segment is smaller than the requested size, and the spec explicitly disclaims any particular ordering of error checks. Moreover, it does in fact happen on OS X and probably other BSD-derived kernels. (We were able to talk NetBSD into changing their code, but purging that behavior from the wild completely seems unlikely to happen.) We need to distinguish collision with a pre-existing segment from invalid size request in order to behave sensibly, so it's worth some extra code here to get it right. Per report from Gavin Kistner and subsequent investigation. Back-patch to all supported versions, since any of them could get used with a kernel having the debatable behavior. | 01 May 2010, 22:47:08 UTC |
| 0920c29 | Tom Lane | 30 April 2010, 19:16:19 UTC | Fix multiple memory leaks in PLy_spi_execute_fetch_result: it would leak memory if the result had zero rows, and also if there was any sort of error while converting the result tuples into Python data. Reported and partially fixed by Andres Freund. Back-patch to all supported versions. Note: I haven't tested the 7.4 fix. 7.4's configure check for python is so obsolete it doesn't work on my current machines :-(. The logic change is pretty straightforward though. | 30 April 2010, 19:16:19 UTC |
| 7c853ee | Andrew Dunstan | 03 April 2010, 17:55:07 UTC | Sync perl's ppport.h on all branches back to 7.4 with recent update on HEAD, ensuring we can build older branches with modern Perl installations. | 03 April 2010, 17:55:07 UTC |
| 9d76c53 | Tom Lane | 02 April 2010, 16:17:24 UTC | Ensure that contrib/pgstattuple functions respond to cancel interrupts reasonably promptly, by adding CHECK_FOR_INTERRUPTS in the per-page loops. Tatsuhito Kasahara | 02 April 2010, 16:17:24 UTC |
| d07f594 | Alvaro Herrera | 25 March 2010, 14:45:51 UTC | Prevent ALTER USER f RESET ALL from removing the settings that were put there by a superuser -- "ALTER USER f RESET setting" already disallows removing such a setting. Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database owner that's not superuser. | 25 March 2010, 14:45:51 UTC |
| 75d4be8 | Tom Lane | 20 March 2010, 00:58:38 UTC | Clear error_context_stack and debug_query_string at the beginning of proc_exit, so that we won't try to attach any context printouts to messages that get emitted while exiting. Per report from Dennis Koegel, the context functions won't necessarily work after we've started shutting down the backend, and it seems possible that debug_query_string could be pointing at freed storage as well. The context information doesn't seem particularly relevant to such messages anyway, so there's little lost by suppressing it. Back-patch to all supported branches. I can only demonstrate a crash with log_disconnections messages back to 8.1, but the risk seems real in 8.0 and before anyway. | 20 March 2010, 00:58:38 UTC |
| 6434d08 | Magnus Hagander | 17 March 2010, 18:04:09 UTC | Typo fixes. Fujii Masao | 17 March 2010, 18:04:09 UTC |
| 115c90b | Marc G. Fournier | 12 March 2010, 03:59:00 UTC | tag 8.0.24, not .23 | 12 March 2010, 03:59:00 UTC |
| c15c8fb | Tom Lane | 10 March 2010, 01:59:15 UTC | Preliminary release notes for releases 8.4.3, 8.3.10, 8.2.16, 8.1.20, 8.0.24, 7.4.28. | 10 March 2010, 01:59:15 UTC |
| 02db782 | Tom Lane | 09 March 2010, 22:35:25 UTC | Use SvROK(sv) rather than directly checking SvTYPE(sv) == SVt_RV in plperl. The latter is considered unwarranted chumminess with the implementation, and can lead to crashes with recent Perl versions. Report and fix by Tim Bunce. Back-patch to all versions containing the questionable coding pattern. | 09 March 2010, 22:35:25 UTC |
| 0303f04 | Alvaro Herrera | 09 March 2010, 14:32:28 UTC | Update time zone data files to tzdata release 2010d: DST law changes in Fiji, Samoa, Chile; corrections to recent changes in Paraguay and Bangladesh. | 09 March 2010, 14:32:28 UTC |
| 098a8a4 | Magnus Hagander | 08 March 2010, 12:39:10 UTC | Add missing space in example. Tim Landscheidt | 08 March 2010, 12:39:10 UTC |
| 37cfda0 | Tom Lane | 08 March 2010, 01:18:53 UTC | Update time zone data files to tzdata release 2010c: DST law changes in Bangladesh, Mexico, Paraguay. | 08 March 2010, 01:18:53 UTC |
| cc2f4e0 | Tom Lane | 06 March 2010, 00:46:18 UTC | When reading pg_hba.conf and similar files, do not treat @file as an inclusion unless (1) the @ isn't quoted and (2) the filename isn't empty. This guards against unexpectedly treating usernames or other strings in "flat files" as inclusion requests, as seen in a recent trouble report from Ed L. The empty-filename case would be guaranteed to misbehave anyway, because our subsequent path-munging behavior results in trying to read the directory containing the current input file. I think this might finally explain the report at http://archives.postgresql.org/pgsql-bugs/2004-05/msg00132.php of a crash after printing "authentication file token too long, skipping", since I was able to duplicate that message (though not a crash) on a platform where stdio doesn't refuse to read directories. We never got far in investigating that problem, but now I'm suspicious that the trigger condition was an @ in the flat password file. Back-patch to all active branches since the problem can be demonstrated in all branches except HEAD. The test case, creating a user named "@", doesn't cause a problem in HEAD since we got rid of the flat password file. Nonetheless it seems like a good idea to not consider quoted @ as a file inclusion spec, so I changed HEAD too. | 06 March 2010, 00:46:18 UTC |
| 1b8fe53 | Tom Lane | 03 March 2010, 20:31:41 UTC | Fix a couple of places that would loop forever if attempts to read a stdio file set ferror() but never set feof(). This is known to be the case for recent glibc when trying to read a directory as a file, and might be true for other platforms/cases too. Per report from Ed L. (There is more that we ought to do about his report, but this is one easily identifiable issue.) | 03 March 2010, 20:31:41 UTC |
| a15fa97 | Tom Lane | 03 March 2010, 19:10:52 UTC | Make contrib/xml2 use core xml.c's error handler, when available (that is, in versions >= 8.3). The core code is more robust and efficient than what was there before, and this also reduces risks involved in swapping different libxml error handler settings. Before 8.3, there is still some risk of problems if add-on modules such as Perl invoke libxml without setting their own error handler. Given the lack of reports I'm not sure there's a risk in practice, so I didn't take the step of actually duplicating the core code into older contrib/xml2 branches. Instead I just tweaked the existing code to ensure it didn't leave a dangling pointer to short-lived memory when throwing an error. | 03 March 2010, 19:10:52 UTC |
| 727af2a | Tom Lane | 01 March 2010, 18:08:41 UTC | Fix contrib/xml2 so regression test still works when it's built without libxslt. This involves modifying the module to have a stable ABI, that is, the xslt_process() function still exists even without libxslt. It throws a runtime error if called, but doesn't prevent executing the CREATE FUNCTION call. This is a good thing anyway to simplify cross-version upgrades. | 01 March 2010, 18:08:41 UTC |
| 8a37a03 | Tom Lane | 01 March 2010, 05:17:08 UTC | Remove xmlCleanupParser calls from contrib/xml2. These are unnecessary and probably dangerous. I don't see any immediate risk situations in the core XML support or contrib/xml2 itself, but there could be issues with external uses of libxml2, and in any case it's an accident waiting to happen. | 01 March 2010, 05:17:08 UTC |
| 5cdd478 | Tom Lane | 01 March 2010, 03:41:29 UTC | Back-patch today's memory management fixups in contrib/xml2. Prior to 8.3, these changes are not critical for compatibility with core Postgres, since core had no libxml2 calls then. However there is still a risk if contrib/xml2 is used along with libxml2 functionality in Perl or other loadable modules. So back-patch to all versions. Also back-patch addition of regression tests. I'm not sure how many of the cases are interesting without the interaction with core xml code, but a silly regression test is still better than none at all. | 01 March 2010, 03:41:29 UTC |
| 118e1cb | Tom Lane | 25 February 2010, 23:45:04 UTC | Back-patch addition of ssl_renegotiation_limit into 7.4 through 8.1. | 25 February 2010, 23:45:04 UTC |
| 739898d | Itagaki Takahiro | 19 February 2010, 01:09:02 UTC | Fix STOP WAL LOCATION in backup history files no to return the next segment of XLOG_BACKUP_END record even if the the record is placed at a segment boundary. Furthermore the previous implementation could return nonexistent segment file name when the boundary is in segments that has "FE" suffix; We never use segments with "FF" suffix. Backpatch to 8.0, where hot backup was introduced. Reported by Fujii Masao. | 19 February 2010, 01:09:02 UTC |
| 7925085 | Tom Lane | 18 February 2010, 23:50:41 UTC | Volatile-ize all five places where we expect a PG_TRY block to restore old memory context in plpython. Before only one of them was marked volatile, but per report from Zdenek Kotala, some compilers do the wrong thing here. | 18 February 2010, 23:50:41 UTC |
| e2a2990 | Tom Lane | 12 February 2010, 19:38:15 UTC | Don't choke when exec_move_row assigns a synthesized null to a column that happens to be composite itself. Per bug #5314 from Oleg Serov. Backpatch to 8.0 --- 7.4 has got too many other shortcomings in composite-type support to make this worth worrying about in that branch. | 12 February 2010, 19:38:15 UTC |
| 7a1c615 | Joe Conway | 03 February 2010, 23:02:17 UTC | Check to ensure the number of primary key fields supplied does not exceed the total number of non-dropped source table fields for dblink_build_sql_*(). Addresses bug report from Rushabh Lathia. Backpatch all the way to the 7.3 branch. | 03 February 2010, 23:02:17 UTC |
| c7ddee0 | Tom Lane | 01 February 2010, 02:46:01 UTC | Change regexp engine's ccondissect/crevdissect routines to perform DFA matching before recursing instead of after. The DFA match eliminates unworkable midpoint choices a lot faster than the recursive check, in most cases, so doing it first can speed things up; particularly in pathological cases such as recently exhibited by Michael Glaesemann. In addition, apply some cosmetic changes that were applied upstream (in the Tcl project) at the same time, in order to sync with upstream version 1.15 of regexec.c. Upstream apparently intends to backpatch this, so I will too. The pathological behavior could be unpleasant if encountered in the field, which seems to justify any risk of introducing new bugs. Tom Lane, reviewed by Donal K. Fellows of Tcl project | 01 February 2010, 02:46:01 UTC |
| 3255ea0 | Tom Lane | 30 January 2010, 20:10:22 UTC | Avoid performing encoding conversion on command tag strings during EndCommand. Since all current and foreseeable future command tags will be pure ASCII, there is no need to do conversion on them. This saves a few cycles and also avoids polluting otherwise-pristine subtransaction memory contexts, which is the cause of the backend memory leak exhibited in bug #5302. (Someday we'll probably want to have a better method of determining whether subtransaction contexts need to be kept around, but today is not that day.) Backpatch to 8.0. The cycle-shaving aspect of this would work in 7.4 too, but without subtransactions the memory-leak aspect doesn't apply, so it doesn't seem worth touching 7.4. | 30 January 2010, 20:10:22 UTC |
| c4c29e0 | Tom Lane | 25 January 2010, 01:58:48 UTC | Apply Tcl_Init() to the "hold" interpreter created by pltcl. You might think this is unnecessary since that interpreter is never used to run code --- but it turns out that's wrong. As of Tcl 8.5, the "clock" command (alone among builtin Tcl commands) is partially implemented by loaded-on-demand Tcl code, which means that it fails if there's not unknown-command support, and also that it's impossible to run it directly in a safe interpreter. The way they get around the latter is that Tcl_CreateSlave() automatically sets up an alias command that forwards any execution of "clock" in a safe slave interpreter to its parent interpreter. Thus, when attempting to execute "clock" in trusted pltcl, the command actually executes in the "hold" interpreter, where it will fail if unknown-command support hasn't been introduced by sourcing the standard init.tcl script, which is done by Tcl_Init(). (This is a pretty dubious design decision on the Tcl boys' part, if you ask me ... but they didn't.) Back-patch all the way. It's not clear that anyone would try to use ancient versions of pltcl with a recent Tcl, but it's not clear they wouldn't, either. Also add a regression test using "clock", in branches that have regression test support for pltcl. Per recent trouble report from Kyle Bateman. | 25 January 2010, 01:58:48 UTC |
| ce95d0f | Tom Lane | 24 January 2010, 21:50:09 UTC | Fix assorted core dumps and Assert failures that could occur during AbortTransaction or AbortSubTransaction, when trying to clean up after an error that prevented (sub)transaction start from completing: * access to TopTransactionResourceOwner that might not exist * assert failure in AtEOXact_GUC, if AtStart_GUC not called yet * assert failure or core dump in AfterTriggerEndSubXact, if AfterTriggerBeginSubXact not called yet Per testing by injecting elog(ERROR) at successive steps in StartTransaction and StartSubTransaction. It's not clear whether all of these cases could really occur in the field, but at least one of them is easily exposed by simple stress testing, as per my accidental discovery yesterday. | 24 January 2010, 21:50:09 UTC |
| 34d7ef6 | Tom Lane | 07 January 2010, 19:53:39 UTC | Make bit/varbit substring() treat any negative length as meaning "all the rest of the string". The previous coding treated only -1 that way, and would produce an invalid result value for other negative values. We ought to fix it so that 2-parameter bit substring() is a different C function and the 3-parameter form throws error for negative length, but that takes a pg_proc change which is impractical in the back branches; and in any case somebody might be relying on -1 working this way. So just do this as a back-patchable fix. | 07 January 2010, 19:53:39 UTC |
| 2714d78 | Tom Lane | 12 December 2009, 19:25:10 UTC | Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits. This has been wrong since I first wrote that code for 8.0 :-(. Kudos to Roman Kononov for being the first to notice, though I didn't use his patch. Per bug #5237. | 12 December 2009, 19:25:10 UTC |
| f061928 | Marc G. Fournier | 10 December 2009, 03:21:32 UTC | tag 8.0.23 | 10 December 2009, 03:21:32 UTC |
| 69b3052 | Tom Lane | 10 December 2009, 00:31:59 UTC | Update release notes for releases 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, 7.4.27. | 10 December 2009, 00:31:59 UTC |
| a3a2626 | Tom Lane | 09 December 2009, 21:58:56 UTC | Prevent indirect security attacks via changing session-local state within an allegedly immutable index function. It was previously recognized that we had to prevent such a function from executing SET/RESET ROLE/SESSION AUTHORIZATION, or it could trivially obtain the privileges of the session user. However, since there is in general no privilege checking for changes of session-local state, it is also possible for such a function to change settings in a way that might subvert later operations in the same session. Examples include changing search_path to cause an unexpected function to be called, or replacing an existing prepared statement with another one that will execute a function of the attacker's choosing. The present patch secures VACUUM, ANALYZE, and CREATE INDEX/REINDEX against these threats, which are the same places previously deemed to need protection against the SET ROLE issue. GUC changes are still allowed, since there are many useful cases for that, but we prevent security problems by forcing a rollback of any GUC change after completing the operation. Other cases are handled by throwing an error if any change is attempted; these include temp table creation, closing a cursor, and creating or deleting a prepared statement. (In 7.4, the infrastructure to roll back GUC changes doesn't exist, so we settle for rejecting changes of "search_path" in these contexts.) Original report and patch by Gurjeet Singh, additional analysis by Tom Lane. Security: CVE-2009-4136 | 09 December 2009, 21:58:56 UTC |
| e27495f | Magnus Hagander | 09 December 2009, 06:37:13 UTC | Reject certificates with embedded NULLs in the commonName field. This stops attacks where an attacker would put <attack>\0<propername> in the field and trick the validation code that the certificate was for <attack>. This is a very low risk attack since it reuqires the attacker to trick the CA into issuing a certificate with an incorrect field, and the common PostgreSQL deployments are with private CAs, and not external ones. Also, default mode in 8.4 does not do any name validation, and is thus also not vulnerable - but the higher security modes are. Backpatch all the way. Even though versions 8.3.x and before didn't have certificate name validation support, they still exposed this field for the user to perform the validation in the application code, and there is no way to detect this problem through that API. Security: CVE-2009-4034 | 09 December 2009, 06:37:13 UTC |
| 17d1e65 | Tom Lane | 09 December 2009, 00:36:40 UTC | Update time zone data files to tzdata release 2009s: DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria. Also historical corrections for Hong Kong. | 09 December 2009, 00:36:40 UTC |
| 0828a2a | Peter Eisentraut | 08 December 2009, 21:57:00 UTC | Translation updates | 08 December 2009, 21:57:00 UTC |
| 72f5c58 | Heikki Linnakangas | 03 December 2009, 11:04:13 UTC | Fix bug in temporary file management with subtransactions. A cursor opened in a subtransaction stays open even if the subtransaction is aborted, so any temporary files related to it must stay alive as well. With the patch, we use ResourceOwners to track open temporary files and don't automatically close them at subtransaction end (though in the normal case temporary files are registered with the subtransaction resource owner and will therefore be closed). At end of top transaction, we still check that there's no temporary files marked as close-at-end-of-transaction open, but that's now just a debugging cross-check as the resource owner cleanup should've closed them already. | 03 December 2009, 11:04:13 UTC |
| 6bd8a54 | Tom Lane | 02 December 2009, 17:41:53 UTC | Ignore attempts to set "application_name" in the connection startup packet. This avoids a useless connection retry and complaint in the postmaster log when receiving a connection from 8.5 or later libpq. Backpatch in all supported branches, but of course *not* HEAD. | 02 December 2009, 17:41:53 UTC |
| a816296 | Tom Lane | 10 November 2009, 23:12:52 UTC | Do not build psql's flex module on its own, but instead include it in mainloop.c. This ensures that postgres_fe.h is read before including any system headers, which is necessary to avoid problems on some platforms where we make nondefault selections of feature macros for stdio.h or other headers. We have had this policy for flex modules in the backend for many years, but for some reason it was not applied to psql. Per trouble report from Alexandra Roy and diagnosis by Albe Laurenz. | 10 November 2009, 23:12:52 UTC |
| 5804f4b | Alvaro Herrera | 10 November 2009, 18:01:27 UTC | Fix longstanding problems in VACUUM caused by untimely interruptions In VACUUM FULL, an interrupt after the initial transaction has been recorded as committed can cause postmaster to restart with the following error message: PANIC: cannot abort transaction NNNN, it was already committed This problem has been reported many times. In lazy VACUUM, an interrupt after the table has been truncated by lazy_truncate_heap causes other backends' relcache to still point to the removed pages; this can cause future INSERT and UPDATE queries to error out with the following error message: could not read block XX of relation 1663/NNN/MMMM: read only 0 of 8192 bytes The window to this race condition is extremely narrow, but it has been seen in the wild involving a cancelled autovacuum process. The solution for both problems is to inhibit interrupts in both operations until after the respective transactions have been committed. It's not a complete solution, because the transaction could theoretically be aborted by some other error, but at least fixes the most common causes of both problems. | 10 November 2009, 18:01:27 UTC |
| 4276fe3 | Peter Eisentraut | 03 November 2009, 07:53:58 UTC | Fix obscure segfault condition in PL/Python In PLy_output(), when the elog() call in the TRY branch throws an exception (this can happen when a statement timeout kicks in, for example), the PyErr_SetString() call in the CATCH branch can cause a segfault, because the Py_XDECREF(so) call before it releases memory that is still used by the sv variable that PyErr_SetString() uses as argument, because sv points into memory owned by so. Backpatched back to 8.0, where this code was introduced. I also threw in a couple of volatile declarations for variables that are used before and after the TRY. I don't think they caused the crash that I observed, but they could become issues. | 03 November 2009, 07:53:58 UTC |
| 73b4c2b | Tom Lane | 30 October 2009, 20:59:16 UTC | Make the overflow guards in ExecChooseHashTableSize be more protective. The original coding ensured nbuckets and nbatch didn't exceed INT_MAX, which while not insane on its own terms did nothing to protect subsequent code like "palloc(nbatch * sizeof(BufFile *))". Since enormous join size estimates might well be planner error rather than reality, it seems best to constrain the initial sizes to be not more than work_mem/sizeof(pointer), thus ensuring the allocated arrays don't exceed work_mem. We will allow nbatch to get bigger than that during subsequent ExecHashIncreaseNumBatches calls, but we should still guard against integer overflow in those palloc requests. Per bug #5145 from Bernt Marius Johnsen. Although the given test case only seems to fail back to 8.2, previous releases have variants of this issue, so patch all supported branches. | 30 October 2009, 20:59:16 UTC |
| b9d803b | Tom Lane | 27 October 2009, 20:15:04 UTC | Fix AfterTriggerSaveEvent to use a test and elog, not just Assert, to check that it's called within an AfterTriggerBeginQuery/AfterTriggerEndQuery pair. The RI cascade triggers suppress that overhead on the assumption that they are always run non-deferred, so it's possible to violate the condition if someone mistakenly changes pg_trigger to mark such a trigger deferred. We don't really care about supporting that, but throwing an error instead of crashing seems desirable. Per report from Marcelo Costa. | 27 October 2009, 20:15:04 UTC |
| 0407c83 | Tom Lane | 16 October 2009, 22:09:08 UTC | Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message. Instead, deal with however many messages there are, and don't throw error for PAM_ERROR_MSG and PAM_TEXT_INFO messages. This logic is borrowed from openssh 5.2p1, which hopefully has seen more real-world PAM usage than we have. Per bug #5121 from Ryan Douglas, which turned out to be caused by the conv_proc being called with zero messages. Apparently that is normal behavior given the combination of Linux pam_krb5 with MS Active Directory as the domain controller. Patch all the way back, since this code has been essentially untouched since 7.4. (Surprising we've not heard complaints before.) | 16 October 2009, 22:09:08 UTC |
