Skip to main content

Browse the archive

https://github.com/postgres/postgres
07 April 2024, 13:56:23 UTC
sort by:
Revision Author Date Message Commit Date
4d836f3 Marc G. Fournier 14 December 2010, 03:03:33 UTC Tag 8.2.19. 14 December 2010, 03:03:33 UTC
9410262 Tom Lane 14 December 2010, 01:22:09 UTC Update release notes for releases 9.0.2, 8.4.6, 8.3.13, 8.2.19, and 8.1.23. 14 December 2010, 01:23:41 UTC
8c25a94 Peter Eisentraut 13 December 2010, 20:31:56 UTC Translation updates for release 8.2.19 13 December 2010, 20:31:56 UTC
3727116 Tom Lane 13 December 2010, 17:41:57 UTC Update time zone data files to tzdata release 2010o: DST law changes in Fiji and Samoa. Historical corrections for Hong Kong. 13 December 2010, 17:43:26 UTC
8b77981 Tom Lane 09 December 2010, 01:01:29 UTC Force default wal_sync_method to be fdatasync on Linux. Recent versions of the Linux system header files cause xlogdefs.h to believe that open_datasync should be the default sync method, whereas formerly fdatasync was the default on Linux. open_datasync is a bad choice, first because it doesn't actually outperform fdatasync (in fact the reverse), and second because we try to use O_DIRECT with it, causing failures on certain filesystems (e.g., ext4 with data=journal option). This part of the patch is largely per a proposal from Marti Raudsepp. More extensive changes are likely to follow in HEAD, but this is as much change as we want to back-patch. Also clean up confusing code and incorrect documentation surrounding the fsync_writethrough option. Those changes shouldn't result in any actual behavioral change, but I chose to back-patch them anyway to keep the branches looking similar in this area. In 9.0 and HEAD, also do some copy-editing on the WAL Reliability documentation section. Back-patch to all supported branches, since any of them might get used on modern Linux versions. 09 December 2010, 01:01:29 UTC
5271c3c Tom Lane 07 December 2010, 03:56:07 UTC Add a stack overflow check to copyObject(). There are some code paths, such as SPI_execute(), where we invoke copyObject() on raw parse trees before doing parse analysis on them. Since the bison grammar is capable of building heavily nested parsetrees while itself using only minimal stack depth, this means that copyObject() can be the front-line function that hits stack overflow before anything else does. Accordingly, it had better have a check_stack_depth() call. I did a bit of performance testing and found that this slows down copyObject() by only a few percent, so the hit ought to be negligible in the context of complete processing of a query. Per off-list report from Toshihide Katayama. Back-patch to all supported branches. 07 December 2010, 03:56:07 UTC
b0e2092 Tom Lane 01 December 2010, 05:53:39 UTC Prevent inlining a SQL function with multiple OUT parameters. There were corner cases in which the planner would attempt to inline such a function, which would result in a failure at runtime due to loss of information about exactly what the result record type is. Fix by disabling inlining when the function's recorded result type is RECORD. There might be some sub-cases where inlining could still be allowed, but this is a simple and backpatchable fix, so leave refinements for another day. Per bug #5777 from Nate Carson. Back-patch to all supported branches. 8.1 happens to avoid a core-dump here, but it still does the wrong thing. 01 December 2010, 05:53:39 UTC
cfb6ac6 Tom Lane 26 November 2010, 20:21:08 UTC Fix significant memory leak in contrib/xml2 functions. Most of the functions that execute XPath queries leaked the data structures created by libxml2. This memory would not be recovered until end of session, so it mounts up pretty quickly in any serious use of the feature. Per report from Pavel Stehule, though this isn't his patch. Back-patch to all supported branches. 26 November 2010, 20:21:08 UTC
eaf0766 Itagaki Takahiro 25 November 2010, 11:12:20 UTC Don't raise "identifier will be truncated" messages in dblink except creating new connections. 25 November 2010, 11:15:02 UTC
edc2114 Heikki Linnakangas 16 November 2010, 09:02:11 UTC The GiST scan algorithm uses LSNs to detect concurrent pages splits, but temporary indexes are not WAL-logged. We used a constant LSN for temporary indexes, on the assumption that we don't need to worry about concurrent page splits in temporary indexes because they're only visible to the current session. But that assumption is wrong, it's possible to insert rows and split pages in the same session, while a scan is in progress. For example, by opening a cursor and fetching some rows, and INSERTing new rows before fetching some more. Fix by generating fake increasing LSNs, used in place of real LSNs in temporary GiST indexes. 16 November 2010, 09:25:43 UTC
0c6c5b8 Tom Lane 15 November 2010, 19:27:12 UTC Fix aboriginal mistake in plpython's set-returning-function support. We must stay in the function's SPI context until done calling the iterator that returns the set result. Otherwise, any attempt to invoke SPI features in the python code called by the iterator will malfunction. Diagnosis and patch by Jan Urbanski, per bug report from Jean-Baptiste Quenot. Back-patch to 8.2; there was no support for SRFs in previous versions of plpython. 15 November 2010, 19:27:12 UTC
e642ca7 Robert Haas 15 November 2010, 02:27:34 UTC Fix bug in cube picksplit algorithm. Alexander Korotkov 15 November 2010, 02:29:10 UTC
ef35f36 Tom Lane 13 November 2010, 05:35:08 UTC Add missing outfuncs.c support for struct InhRelation. This is needed to support debug_print_parse, per report from Jon Nelson. Cursory testing via the regression tests suggests we aren't missing anything else. 13 November 2010, 05:35:08 UTC
c26bc69 Tom Lane 12 November 2010, 20:14:51 UTC Fix old oversight in const-simplification of COALESCE() expressions. Once we have found a non-null constant argument, there is no need to examine additional arguments of the COALESCE. The previous coding got it right only if the constant was in the first argument position; otherwise it tried to simplify following arguments too, leading to unexpected behavior like this: regression=# select coalesce(f1, 42, 1/0) from int4_tbl; ERROR: division by zero It's a minor corner case, but a bug is a bug, so back-patch all the way. 12 November 2010, 20:18:54 UTC
3ef6ea3 Heikki Linnakangas 11 November 2010, 17:21:49 UTC Fix bug introduced by the recent patch to check that the checkpoint redo location read from backup label file can be found: wasShutdown was set incorrectly when a backup label file was found. Jeff Davis, with a little tweaking by me. 11 November 2010, 17:31:55 UTC
1a6b439 Tom Lane 10 November 2010, 21:51:39 UTC Fix line_construct_pm() for the case of "infinite" (DBL_MAX) slope. This code was just plain wrong: what you got was not a line through the given point but a line almost indistinguishable from the Y-axis, although not truly vertical. The only caller that tries to use this function with m == DBL_MAX is dist_ps_internal for the case where the lseg is horizontal; it would end up producing the distance from the given point to the place where the lseg's line crosses the Y-axis. That function is used by other operators too, so there are several operators that could compute wrong distances from a line segment to something else. Per bug #5745 from jindiax. Back-patch to all supported branches. 10 November 2010, 21:54:44 UTC
2ff82b6 Tom Lane 09 November 2010, 16:28:18 UTC Repair memory leakage while ANALYZE-ing complex index expressions. The general design of memory management in Postgres is that intermediate results computed by an expression are not freed until the end of the tuple cycle. For expression indexes, ANALYZE has to re-evaluate each expression for each of its sample rows, and it wasn't bothering to free intermediate results until the end of processing of that index. This could lead to very substantial leakage if the intermediate results were large, as in a recent example from Jakub Ouhrabka. Fix by doing ResetExprContext for each sample row. This necessitates adding a datumCopy step to ensure that the final expression value isn't recycled too. Some quick testing suggests that this change adds at worst about 10% to the time needed to analyze a table with an expression index; which is annoying, but seems a tolerable price to pay to avoid unexpected out-of-memory problems. Back-patch to all supported branches. 09 November 2010, 16:47:29 UTC
50eac30 Tom Lane 07 November 2010, 02:59:26 UTC Add support for detecting register-stack overrun on IA64. Per recent investigation, the register stack can grow faster than the regular stack depending on compiler and choice of options. To avoid crashes we must check both stacks in check_stack_depth(). Back-patch to all supported versions. 07 November 2010, 02:59:26 UTC
c4a2bd1 Tom Lane 03 November 2010, 17:42:19 UTC Reduce recursion depth in recently-added regression test. Some buildfarm members fail the test with the original depth of 10 levels, apparently because they are running at the minimum max_stack_depth setting of 100kB and using ~ 10k per recursion level. While it might be interesting to try to figure out why they're eating so much stack, it isn't likely that any fix for that would be back-patchable. So just change the test to recurse only 5 levels. The extra levels don't prove anything correctness-wise anyway. 03 November 2010, 17:42:19 UTC
6b1952b Tom Lane 02 November 2010, 21:15:29 UTC Ensure an index that uses a whole-row Var still depends on its table. We failed to record any dependency on the underlying table for an index declared like "create index i on t (foo(t.*))". This would create trouble if the table were dropped without previously dropping the index. To fix, simplify some overly-cute code in index_create(), accepting the possibility that sometimes the whole-table dependency will be redundant. Also document this hazard in dependency.c. Per report from Kevin Grittner. In passing, prevent a core dump in pg_get_indexdef() if the index's table can't be found. I came across this while experimenting with Kevin's example. Not sure it's a real issue when the catalogs aren't corrupt, but might as well be cautious. Back-patch to all supported versions. 02 November 2010, 21:15:29 UTC
2487e8d Tom Lane 28 October 2010, 17:01:23 UTC Fix plpgsql's handling of "simple" expression evaluation. In general, expression execution state trees aren't re-entrantly usable, since functions can store private state information in them. For efficiency reasons, plpgsql tries to cache and reuse state trees for "simple" expressions. It can get away with that most of the time, but it can fail if the state tree is dirty from a previous failed execution (as in an example from Alvaro) or is being used recursively (as noted by me). Fix by tracking whether a state tree is in use, and falling back to the "non-simple" code path if so. This results in a pretty considerable speed hit when the non-simple path is taken, but the available alternatives seem even more unpleasant because they add overhead in the simple path. Per idea from Heikki. Back-patch to all supported branches. 28 October 2010, 17:01:23 UTC
49b5aba Heikki Linnakangas 26 October 2010, 18:15:42 UTC Before removing backup_label and irrevocably changing pg_control file, check that WAL file containing the checkpoint redo-location can be found. This avoids making the cluster irrecoverable if the redo location is in an earlie WAL file than the checkpoint record. Report, analysis and patch by Jeff Davis, with small changes by me. 26 October 2010, 18:41:32 UTC
77f8685 Heikki Linnakangas 20 October 2010, 19:20:33 UTC If pk is NULL, the backend would segfault when accessing ->algo and the following NULL check was never reached. This problem was found by Coccinelle (null_ref.cocci from coccicheck). Marti Raudsepp 20 October 2010, 19:25:22 UTC
2f4b149 Tom Lane 20 October 2010, 04:55:15 UTC Fix ecpg test building process to not generate *.dSYM junk on Macs. The trick is to not try to build executables directly from .c files, but to always build the intermediate .o files. For obscure reasons, Darwin's version of gcc will leave debug cruft behind in the first case but not the second. Per complaint from Robert Haas. 20 October 2010, 04:55:15 UTC
4b67d83 Tom Lane 11 October 2010, 23:05:04 UTC Fix assorted bugs in GIN's WAL replay logic. The original coding was quite sloppy about handling the case where XLogReadBuffer fails (because the page has since been deleted). This would result in either "bad buffer id: 0" or an Assert failure during replay, if indeed the page were no longer there. In a couple of places it also neglected to check whether the change had already been applied, which would probably result in corrupted index contents. I believe that bug #5703 is an instance of the first problem. These issues could show up without replication, but only if you were unfortunate enough to crash between modification of a GIN index and the next checkpoint. Back-patch to 8.2, which is as far back as GIN has WAL support. 11 October 2010, 23:05:04 UTC
469a17f Robert Haas 08 October 2010, 13:15:17 UTC Warn that views can be safely used to hide columns, but not rows. 08 October 2010, 13:16:41 UTC
d8014f9 Tom Lane 03 October 2010, 00:02:52 UTC Behave correctly if INSERT ... VALUES is decorated with additional clauses. In versions 8.2 and up, the grammar allows attaching ORDER BY, LIMIT, FOR UPDATE, or WITH to VALUES, and hence to INSERT ... VALUES. But the special-case code for VALUES in transformInsertStmt() wasn't expecting any of those, and just ignored them, leading to unexpected results. Rather than complicate the special-case path, just ensure that the presence of any of those clauses makes us treat the query as if it had a general SELECT. Per report from Hitoshi Harada. 03 October 2010, 00:02:52 UTC
61318f3 Marc G. Fournier 01 October 2010, 13:37:09 UTC Tag 8.2.18 01 October 2010, 13:37:09 UTC
7203065 Tom Lane 30 September 2010, 21:21:30 UTC Use a separate interpreter for each calling SQL userid in plperl and pltcl. There are numerous methods by which a Perl or Tcl function can subvert the behavior of another such function executed later; for example, by redefining standard functions or operators called by the target function. If the target function is SECURITY DEFINER, or is called by such a function, this means that any ordinary SQL user with Perl or Tcl language usage rights can do essentially anything with the privileges of the target function's owner. To close this security hole, create a separate Perl or Tcl interpreter for each SQL userid under which plperl or pltcl functions are executed within a session. However, all plperlu or pltclu functions run within a session still share a single interpreter, since they all execute at the trust level of a database superuser anyway. Note: this change results in a functionality loss when libperl has been built without the "multiplicity" option: it's no longer possible to call plperl functions under different userids in one session, since such a libperl can't support multiple interpreters in one process. However, such a libperl already failed to support concurrent use of plperl and plperlu, so it's likely that few people use such versions with Postgres. Security: CVE-2010-3433 30 September 2010, 21:21:30 UTC
c70a05b Peter Eisentraut 30 September 2010, 19:19:17 UTC Translation updates for 8.2.18 30 September 2010, 19:19:17 UTC
a3f1f0d Tom Lane 30 September 2010, 18:27:46 UTC Update release notes for releases 9.0.1, 8.4.5, 8.3.12, 8.2.18, 8.1.22, 8.0.26, and 7.4.30. 30 September 2010, 18:27:46 UTC
9c2ba6a Magnus Hagander 16 September 2010, 20:37:18 UTC Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on Win32, since it can happen when a process fails to start when the system is under high load. Per several bug reports and many peoples investigation. Back-patch to 8.2, since testing shows no issues even though the "deadman-switch" does not exist in this version. 29 September 2010, 14:18:41 UTC
2c875a1 Tom Lane 25 September 2010, 19:57:05 UTC Further fixes to the pg_get_expr() security fix in back branches. It now emerges that the JDBC driver expects to be able to use pg_get_expr() on an output of a sub-SELECT. So extend the check logic to be able to recurse into a sub-SELECT to see if the argument is ultimately coming from an appropriate column. Per report from Thomas Kellerer. 25 September 2010, 20:20:50 UTC
9825ad9 Tom Lane 24 September 2010, 17:48:34 UTC Still more .gitignore cleanup. Fix overly-enthusiastic ignores, as identified by git ls-files -i --exclude-standard 24 September 2010, 17:48:34 UTC
1c5e3be Robert Haas 24 September 2010, 02:00:26 UTC Add contrib/xml2/pgxml.sql to .gitignore Kevin Grittner 24 September 2010, 02:08:29 UTC
f356b3b Tom Lane 23 September 2010, 20:53:37 UTC Prevent show_session_authorization from crashing when session_authorization hasn't been set. The only known case where this can happen is when show_session_authorization is invoked in an autovacuum process, which is possible if an index function calls it, as for example in bug #5669 from Andrew Geery. We could perhaps try to return a sensible value, such as the name of the cluster-owning superuser; but that seems like much more trouble than the case is worth, and in any case it could create new possible failure modes. Simply returning an empty string seems like the most appropriate fix. Back-patch to all supported versions, even those before autovacuum, just in case there's another way to provoke this crash. 23 September 2010, 20:53:37 UTC
4e60212 Tom Lane 23 September 2010, 23:34:56 UTC Avoid sharing subpath list structure when flattening nested AppendRels. In some situations the original coding led to corrupting the child AppendRel's subpaths list, effectively adding other members of the parent's list to it. This was usually masked because we never made any further use of the child's list, but given the right combination of circumstances, we could do so. The visible symptom would be a relation getting scanned twice, as in bug #5673 from David Schmitt. Backpatch to 8.2, which is as far back as the risky coding appears. The example submitted by David only fails in 8.4 and later, but I'm not convinced that there aren't any even-more-obscure cases where 8.2 and 8.3 would fail. 23 September 2010, 19:42:08 UTC
3f9c2d4 Tom Lane 23 September 2010, 02:32:46 UTC More fixes for libpq's .gitignore file. The previous patches failed to cover a lot of symlinks that are only added in platform-specific cases. Make the lists match what's in the Makefile for each branch. 23 September 2010, 02:32:46 UTC
5a932fd Tom Lane 23 September 2010, 00:22:51 UTC Do some copy-editing on the Git usage docs. 23 September 2010, 00:22:51 UTC
2972f83 Tom Lane 22 September 2010, 22:26:24 UTC Fix documentation gitignore for pre-9.0 doc build methods. 22 September 2010, 22:26:24 UTC
b49092d Tom Lane 22 September 2010, 21:27:44 UTC Another gitignore straggler. 22 September 2010, 21:27:44 UTC
4b00e13 Tom Lane 22 September 2010, 21:22:14 UTC Some more gitignore cleanups: cover contrib and PL regression test outputs. Also do some further work in the back branches, where quite a bit wasn't covered by Magnus' original back-patch. 22 September 2010, 21:23:10 UTC
c206794 Magnus Hagander 22 September 2010, 19:49:15 UTC Add gitignore files for ecpg regression tests. Backpatch to 8.2 as that's how far the structure looks the same. 22 September 2010, 19:49:15 UTC
adbe80f Magnus Hagander 22 September 2010, 18:10:39 UTC Remove anonymous cvs instructions, and replace them with instructions for git. Change other references from cvs to git as well. 22 September 2010, 18:10:39 UTC
1f2378b Magnus Hagander 22 September 2010, 10:57:14 UTC Convert cvsignore to gitignore, and add .gitignore for build targets. 22 September 2010, 10:57:14 UTC
6dbcf17 Tom Lane 21 September 2010, 18:43:16 UTC Back-patch replacement of README.CVS with README.git. In older branches, also git-ify the "make distdir" rule. 21 September 2010, 18:43:16 UTC
a7cdd11 Tom Lane 02 September 2010, 03:17:13 UTC Fix up flushing of composite-type typcache entries to be driven directly by SI invalidation events, rather than indirectly through the relcache. In the previous coding, we had to flush a composite-type typcache entry whenever we discarded the corresponding relcache entry. This caused problems at least when testing with RELCACHE_FORCE_RELEASE, as shown in recent report from Jeff Davis, and might result in real-world problems given the kind of unexpected relcache flush that that test mechanism is intended to model. The new coding decouples relcache and typcache management, which is a good thing anyway from a structural perspective. The cost is that we have to search the typcache linearly to find entries that need to be flushed. There are a couple of ways we could avoid that, but at the moment it's not clear it's worth any extra trouble, because the typcache contains very few entries in typical operation. Back-patch to 8.2, the same as some other recent fixes in this general area. The patch could be carried back to 8.0 with some additional work, but given that it's only hypothetical whether we're fixing any problem observable in the field, it doesn't seem worth the work now. 02 September 2010, 03:17:13 UTC
30b9371 Tom Lane 30 August 2010, 19:51:46 UTC Back-port into 8.2 an old fix to ensure that BYTE_ORDER gets set correctly on 64-bit Intel Solaris. Per my proposal yesterday, 8.2 is where we will start considering this platform supported. While this patch itself could easily go into older branches, there's not a huge amount of point unless we also make some significantly-more-invasive changes in the spinlock support. 30 August 2010, 19:51:46 UTC
a5c025c Tom Lane 29 August 2010, 19:33:43 UTC Reduce PANIC to ERROR in some occasionally-reported btree failure cases. This patch changes _bt_split() and _bt_pagedel() to throw a plain ERROR, rather than PANIC, for several cases that are reported from the field from time to time: * right sibling's left-link doesn't match; * PageAddItem failure during _bt_split(); * parent page's next child isn't right sibling during _bt_pagedel(). In addition the error messages for these cases have been made a bit more verbose, with additional values included. The original motivation for PANIC here was to capture core dumps for subsequent analysis. But with so many users whose platforms don't capture core dumps by default, or who are unprepared to analyze them anyway, it's hard to justify a forced database restart when we can fairly easily detect the problems before we've reached the critical sections where PANIC would be necessary. It is not currently known whether the reports of these messages indicate well-hidden bugs in Postgres, or are a result of storage-level malfeasance; the latter possibility suggests that we ought to try to be more robust even if there is a bug here that's ultimately found. Backpatch to 8.2. The code before that is sufficiently different that it doesn't seem worth the trouble to back-port further. 29 August 2010, 19:33:43 UTC
e825498 Tom Lane 29 August 2010, 15:19:35 UTC Remove obsolete remark that PQprepare() is more flexible than PREPARE. Spotted by Dmitriy Igrishin. Back-patch to 8.2, which is when the PREPARE statement was improved to allow parameter types to be omitted. 29 August 2010, 15:19:35 UTC
3f8e6c4 Tom Lane 26 August 2010, 19:59:15 UTC Update time zone data files to tzdata release 2010l: DST law changes in Egypt and Palestine. Added new names for two Micronesian timezones: Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over Pacific/Ponape. Historical corrections for Finland. 26 August 2010, 19:59:15 UTC
89af2fe Tom Lane 26 August 2010, 18:55:06 UTC Fix ExecMakeTableFunctionResult to verify that all rows returned by a SRF returning "record" actually do have the same rowtype. This is needed because the parser can't realistically enforce that they will all have the same typmod, as seen in a recent example from David Wheeler. Back-patch to 8.0, which is as far back as we have the notion of RECORD subtypes being distinguished by typmod. Wheeler's example depends on 8.4-and-up features, but I suspect there may be ways to provoke similar failures before 8.4. 26 August 2010, 18:55:06 UTC
b64f3bc Peter Eisentraut 25 August 2010, 19:37:39 UTC Catch null pointer returns from PyCObject_AsVoidPtr and PyCObject_FromVoidPtr This is reproducibly possible in Python 2.7 if the user turned PendingDeprecationWarning into an error, but it's theoretically also possible in earlier versions in case of exceptional conditions. backpatched to 8.0 25 August 2010, 19:37:39 UTC
f7f92b3 Tom Lane 16 August 2010, 17:33:12 UTC Arrange to fsync the contents of lockfiles (both postmaster.pid and the socket lockfile) when writing them. The lack of an fsync here may well explain two different reports we've seen of corrupted lockfile contents, which doesn't particularly bother the running server but can prevent a new server from starting if the old one crashes. Per suggestion from Alvaro. Back-patch to all supported versions. 16 August 2010, 17:33:12 UTC
c22e53d Tom Lane 16 August 2010, 00:06:42 UTC Fix psql's copy of utf2ucs() to match the backend's copy exactly; in particular, propagate a fix in the test to see whether a UTF8 character has length 4 bytes. This is likely of little real-world consequence because 5-or-more-byte UTF8 sequences are not supported by Postgres nor seen anywhere in the wild, but still we may as well get it right. Problem found by Joseph Adams. Bug is aboriginal, so back-patch all the way. 16 August 2010, 00:06:42 UTC
7f325c6 Robert Haas 11 August 2010, 19:03:56 UTC Fix one more incorrect errno definition in the ECPG manual. Again, back-patch all the way to 7.4. 11 August 2010, 19:03:56 UTC
385c84c Robert Haas 11 August 2010, 18:52:43 UTC Fix incorrect errno definitions in ECPG manual. ecpgerrno.h hasn't materially changed since PostgreSQL 7.4, so this has been wrong for a very long time. Back-patch all the way. Satoshi Nagayasu 11 August 2010, 18:52:43 UTC
06421ec Tom Lane 09 August 2010, 18:50:45 UTC Fix incorrect logic in plpgsql for cleanup after evaluation of non-simple expressions. We need to deal with this when handling subscripts in an array assignment, and also when catching an exception. In an Assert-enabled build these omissions led to Assert failures, but I think in a normal build the only consequence would be short-term memory leakage; which may explain why this wasn't reported from the field long ago. Back-patch to all supported versions. 7.4 doesn't have exceptions, but otherwise these bugs go all the way back. Heikki Linnakangas and Tom Lane 09 August 2010, 18:50:45 UTC
415cf7d Peter Eisentraut 06 August 2010, 20:08:58 UTC Fix indexterm spelling 06 August 2010, 20:08:58 UTC
bd707d3 Tom Lane 30 July 2010, 17:57:12 UTC Improved version of patch to protect pg_get_expr() against misuse: look through join alias Vars to avoid breaking join queries, and move the test to someplace where it will catch more possible ways of calling a function. We still ought to throw away the whole thing in favor of a data-type-based solution, but that's not feasible in the back branches. Completion of back-port of my patch of yesterday. 30 July 2010, 17:57:12 UTC
a0ad1d1 Tom Lane 29 July 2010, 19:23:51 UTC Fix another longstanding problem in copy_relation_data: it was blithely assuming that a local char[] array would be aligned on at least a word boundary. There are architectures on which that is pretty much guaranteed to NOT be the case ... and those arches also don't like non-aligned memory accesses, meaning that log_newpage() would crash if it ever got invoked. Even on Intel-ish machines there's a potential for a large performance penalty from doing I/O to an inadequately aligned buffer. So palloc it instead. Backpatch to 8.0 --- 7.4 doesn't have this code. 29 July 2010, 19:23:51 UTC
fb28d26 Robert Haas 29 July 2010, 16:15:18 UTC Fix possible page corruption by ALTER TABLE .. SET TABLESPACE. If a zeroed page is present in the heap, ALTER TABLE .. SET TABLESPACE will set the LSN and TLI while copying it, which is wrong, and heap_xlog_newpage() will do the same thing during replay, so the corruption propagates to any standby. Note, however, that the bug can't be demonstrated unless archiving is enabled, since in that case we skip WAL logging altogether, and the LSN/TLI are not set. Back-patch to 8.0; prior releases do not have tablespaces. Analysis and patch by Jeff Davis. Adjustments for back-branches and minor wordsmithing by me. 29 July 2010, 16:15:18 UTC
44b16a2 Tom Lane 28 July 2010, 04:51:21 UTC Fix potential failure when hashing the output of a subplan that produces a pass-by-reference datatype with a nontrivial projection step. We were using the same memory context for the projection operation as for the temporary context used by the hashtable routines in execGrouping.c. However, the hashtable routines feel free to reset their temp context at any time, which'd lead to destroying input data that was still needed. Report and diagnosis by Tao Ma. Back-patch to 8.1, where the problem was introduced by the changes that allowed us to work with "virtual" tuples instead of materializing intermediate tuple values everywhere. The earlier code looks quite similar, but it doesn't suffer the problem because the data gets copied into another context as a result of having to materialize ExecProject's output tuple. 28 July 2010, 04:51:21 UTC
e836579 Peter Eisentraut 27 July 2010, 18:55:22 UTC Spelling fix 27 July 2010, 18:55:22 UTC
9bdd3b8 Peter Eisentraut 26 July 2010, 20:29:56 UTC Fix grammar backpatched to 8.1 26 July 2010, 20:29:56 UTC
90e1546 Magnus Hagander 23 July 2010, 13:53:30 UTC Backpatch reservation of shared memory region during backend startup on Windows, so that memory allocated by starting third party DLLs doesn't end up conflicting. The same functionality has been in 8.3 and 8.4 for almost a year, and seems to have solved some of the more common shared memory errors on Windows. 23 July 2010, 13:53:30 UTC
ae1b65b Robert Haas 23 July 2010, 00:43:35 UTC Avoid deep recursion when assigning XIDs to multiple levels of subxacts. Backpatch to 8.0. Andres Freund, with cleanup and adjustment for older branches by me. 23 July 2010, 00:43:35 UTC
49d7a64 Heikki Linnakangas 13 July 2010, 09:02:53 UTC Oops, in the previous fix to prevent a cursor that's being used in a FOR loop from being dropped, I missed subtransaction cleanup. Pinned portals must be dropped at subtransaction cleanup just as they are at main transaction cleanup. Per bug #5556 by Robert Walker. Backpatch to 8.0, 7.4 didn't have subtransactions. 13 July 2010, 09:02:53 UTC
371a142 Tom Lane 09 July 2010, 22:58:07 UTC Avoid an Assert failure in deconstruct_array() by making get_attstatsslot() use the actual element type of the array it's disassembling, rather than trusting the type OID passed in by its caller. This is needed because sometimes the planner passes in a type OID that's only binary-compatible with the target column's type, rather than being an exact match. Per an example from Bernd Helmle. Possibly we should refactor get_attstatsslot/free_attstatsslot to not expect the caller to supply type ID data at all, but for now I'll just do the minimum-change fix. Back-patch to 7.4. Bernd's test case only crashes back to 8.0, but since these subroutines are the same in 7.4, I suspect there may be variant cases that would crash 7.4 as well. 09 July 2010, 22:58:07 UTC
473c29e Tom Lane 08 July 2010, 00:14:22 UTC Fix "cannot handle unplanned sub-select" error that can occur when a sub-select contains a join alias reference that expands into an expression containing another sub-select. Per yesterday's report from Merlin Moncure and subsequent off-list investigation. Back-patch to 7.4. Older versions didn't attempt to flatten sub-selects in ways that would trigger this problem. 08 July 2010, 00:14:22 UTC
9e3a7f5 Heikki Linnakangas 05 July 2010, 09:27:36 UTC The previous fix in CVS HEAD and 8.4 for handling the case where a cursor being used in a PL/pgSQL FOR loop is closed was inadequate, as Tom Lane pointed out. The bug affects FOR statement variants too, because you can close an implicitly created cursor too by guessing the "<unnamed portal X>" name created for it. To fix that, "pin" the portal to prevent it from being dropped while it's being used in a PL/pgSQL FOR loop. Backpatch all the way to 7.4 which is the oldest supported version. 05 July 2010, 09:27:36 UTC
03795ff Tom Lane 03 July 2010, 04:03:27 UTC Fix assorted misstatements and poor wording in the descriptions of the I/O formats for geometric types. Per bug #5536 from Jon Strait, and my own testing. Back-patch to all supported branches, since this doco has been wrong right along -- we certainly haven't changed the I/O behavior of these types in many years. 03 July 2010, 04:03:27 UTC
245adea Robert Haas 01 July 2010, 14:11:23 UTC Allow ALTER TABLE .. SET TABLESPACE to be interrupted. Backpatch to 8.0, where tablespaces were introduced. Guillaume Lelarge 01 July 2010, 14:11:23 UTC
578a0d3 Heikki Linnakangas 30 June 2010, 18:11:04 UTC stringToNode() and deparse_expression_pretty() crash on invalid input, but we have nevertheless exposed them to users via pg_get_expr(). It would be too much maintenance effort to rigorously check the input, so put a hack in place instead to restrict pg_get_expr() so that the argument must come from one of the system catalog columns known to contain valid expressions. Per report from Rushabh Lathia. Backpatch to 7.4 which is the oldest supported version at the moment. 30 June 2010, 18:11:04 UTC
b12ca1d Robert Haas 22 June 2010, 11:36:44 UTC Deprecate the use of => as an operator name. In HEAD, emit a warning when an operator named => is defined. In both HEAD and the backbranches (except in 8.2, where contrib modules do not have documentation), document that hstore's text => text operator may be removed in a future release, and encourage the use of the hstore(text, text) function instead. This function only exists in HEAD (previously, it was called tconvert), so backpatch it back to 8.2, when hstore was added. Per discussion. 22 June 2010, 11:36:44 UTC
0a55760 Tom Lane 15 June 2010, 19:04:34 UTC Fix dblink_build_sql_insert() and related functions to handle dropped columns correctly. In passing, get rid of some dead logic in the underlying get_sql_insert() etc functions --- there is no caller that will pass null value-arrays to them. Per bug report from Robert Voinea. 15 June 2010, 19:04:34 UTC
7ea5d1c Tom Lane 15 June 2010, 16:22:39 UTC Consolidate and improve checking of key-column-attnum arguments for dblink_build_sql_insert() and related functions. In particular, be sure to reject references to dropped and out-of-range column numbers. The numbers are still interpreted as physical column numbers, though, for backward compatibility. This patch replaces Joe's patch of 2010-02-03, which handled only some aspects of the problem. 15 June 2010, 16:22:39 UTC
ecb23d8 Tom Lane 14 June 2010, 20:49:51 UTC Rearrange dblink's dblink_build_sql_insert() and related routines to open and lock the target relation just once per SQL function call. The original coding obtained and released lock several times per call. Aside from saving a not-insignificant number of cycles, this eliminates possible race conditions if someone tries to modify the relation's schema concurrently. Also centralize locking and permission-checking logic. Problem noted while investigating a trouble report from Robert Voinea --- his problem is still to be fixed, though. 14 June 2010, 20:49:51 UTC
7bd31c6 Itagaki Takahiro 09 June 2010, 00:59:54 UTC Fix connection leak in dblink when dblink_connect() or dblink_connect_u() end with "duplicate connection name" errors. Backported to release 7.4. 09 June 2010, 00:59:54 UTC
fe940c6 Teodor Sigaev 07 June 2010, 15:15:16 UTC Add missed function dblink_connect_u(text[,text]) to uninstall script 07 June 2010, 15:15:16 UTC
472f2dc Itagaki Takahiro 03 June 2010, 09:43:04 UTC Fix dblink to treat connection names longer than NAMEDATALEN-2 (62 bytes). Now long names are adjusted with truncate_identifier() and NOTICE messages are raised if names are actually truncated. Backported to release 8.0. 03 June 2010, 09:43:04 UTC
b723b17 Tom Lane 27 May 2010, 19:19:58 UTC Change ps_status.c to explicitly track the current logical length of ps_buffer. This saves cycles in get_ps_display() on many popular platforms, and more importantly ensures that get_ps_display() will correctly return an empty string if init_ps_display() hasn't been called yet. Per trouble report from Ray Stell, in which log_line_prefix %i produced junk early in backend startup. Back-patch to 8.0. 7.4 doesn't have %i and its version of get_ps_display() makes no pretense of avoiding pad junk anyhow. 27 May 2010, 19:19:58 UTC
dcb7b4a Magnus Hagander 20 May 2010, 14:13:15 UTC Change the "N. Central Asia Standard Time" timezone to map to Asia/Novosibirsk on Windows. Microsoft changed the behaviour of this zone in the timezone update from KB976098. The zones differ in handling of DST, and the old zone was just removed. Noted by Dmitry Funk 20 May 2010, 14:13:15 UTC
de92494 Andrew Dunstan 17 May 2010, 20:46:28 UTC > Follow up a visit from the style police. 17 May 2010, 20:46:28 UTC
23336cf Robert Haas 16 May 2010, 03:56:11 UTC Fix longstanding typo in V1 calling conventions documentation. Erik Rijkers 16 May 2010, 03:56:11 UTC
0c72b59 Tom Lane 15 May 2010, 18:11:25 UTC Improve documentation of pg_restore's -l and -L switches to point out their interactions with filtering switches, such as -n and -t. Per a complaint from Russell Smith. 15 May 2010, 18:11:25 UTC
868de68 Marc G. Fournier 14 May 2010, 03:32:06 UTC tag 8.2.17 14 May 2010, 03:32:06 UTC
c96fa41 Andrew Dunstan 13 May 2010, 21:34:55 UTC Fix MSVC builds for recent plperl changes. Go back to version 8.2, which is where we started supporting MSVC builds. Security: CVE-2010-1169 13 May 2010, 21:34:55 UTC
05b75b9 Tom Lane 13 May 2010, 21:27:22 UTC Update release notes with security issues. Security: CVE-2010-1169, CVE-2010-1170 13 May 2010, 21:27:22 UTC
4b1558a Tom Lane 13 May 2010, 19:16:32 UTC Use an entity instead of non-ASCII letter. Thom Brown 13 May 2010, 19:16:32 UTC
650d950 Tom Lane 13 May 2010, 18:29:31 UTC Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless that is a regular table or view owned by a superuser. This prevents a trojan horse attack whereby any unprivileged SQL user could create such a table and insert code into it that would then get executed in other users' sessions whenever they call pltcl functions. Worse yet, because the code was automatically loaded into both the "normal" and "safe" interpreters at first use, the attacker could execute unrestricted Tcl code in the "normal" interpreter without there being any pltclu functions anywhere, or indeed anyone else using pltcl at all: installing pltcl is sufficient to open the hole. Change the initialization logic so that the "unknown" code is only loaded into an interpreter when the interpreter is first really used. (That doesn't add any additional security in this particular context, but it seems a prudent change, and anyway the former behavior violated the principle of least astonishment.) Security: CVE-2010-1170 13 May 2010, 18:29:31 UTC
64a42a2 Andrew Dunstan 13 May 2010, 16:43:14 UTC Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is fundamentally insecure. Instead apply an opmask to the whole interpreter that imposes restrictions on unsafe operations. These restrictions are much harder to subvert than is Safe.pm, since there is no container to be broken out of. Backported to release 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of the two interpreters model for plperl and plperlu adopted in release 8.2. In versions 8.0 and up, the use of Perl's POSIX module to undo its locale mangling on Windows has become insecure with these changes, so it is replaced by our own routine, which is also faster. Nice side effects of the changes include that it is now possible to use perl's "strict" pragma in a natural way in plperl, and that perl's $a and $b variables now work as expected in sort routines, and that function compilation is significantly faster. Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and Alexey Klyukin. Security: CVE-2010-1169 13 May 2010, 16:43:14 UTC
a68abca Magnus Hagander 13 May 2010, 14:16:45 UTC Fix some spelling errors. Thom Brown 13 May 2010, 14:16:45 UTC
5a00d89 Peter Eisentraut 13 May 2010, 07:32:39 UTC Translation update 13 May 2010, 07:32:39 UTC
8404aba Tom Lane 12 May 2010, 23:27:43 UTC Preliminary release notes for releases 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, 7.4.29. 12 May 2010, 23:27:43 UTC
b603cdf Tom Lane 11 May 2010, 23:01:49 UTC Update time zone data files to tzdata release 2010j: DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia. Historical corrections for Taiwan. 11 May 2010, 23:01:49 UTC
2defc1c Tom Lane 11 May 2010, 22:37:12 UTC Add PKST to the default set of timezone abbreviations. Per discussion, if we have PKT in there then PKST should be too. Also, fix mistaken claim that these abbrevs are not known to zic. 11 May 2010, 22:37:12 UTC
2759410 Tom Lane 08 May 2010, 16:40:31 UTC Work around a subtle portability problem in use of printf %s format. Depending on which spec you read, field widths and precisions in %s may be counted either in bytes or characters. Our code was assuming bytes, which is wrong at least for glibc's implementation, and in any case libc might have a different idea of the prevailing encoding than we do. Hence, for portable results we must avoid using anything more complex than just "%s" unless the string to be printed is known to be all-ASCII. This patch fixes the cases I could find, including the psql formatting failure reported by Hernan Gonzalez. In HEAD only, I also added comments to some places where it appears safe to continue using "%.*s". 08 May 2010, 16:40:31 UTC
e7a0379 Tom Lane 05 May 2010, 22:19:18 UTC Fix psql to not go into infinite recursion when expanding a variable that refers to itself (directly or indirectly). Instead, print a message when recursion is detected, and don't expand the repeated reference. Per bug #5448 from Francis Markham. Back-patch to 8.0. Although the issue exists in 7.4 as well, it seems impractical to fix there because of the lack of any state stack that could be used to track active expansions. 05 May 2010, 22:19:18 UTC
7bab4d1 Tom Lane 01 May 2010, 22:46:50 UTC Add code to InternalIpcMemoryCreate() to handle the case where shmget() returns EINVAL for an existing shared memory segment. Although it's not terribly sensible, that behavior does meet the POSIX spec because EINVAL is the appropriate error code when the existing segment is smaller than the requested size, and the spec explicitly disclaims any particular ordering of error checks. Moreover, it does in fact happen on OS X and probably other BSD-derived kernels. (We were able to talk NetBSD into changing their code, but purging that behavior from the wild completely seems unlikely to happen.) We need to distinguish collision with a pre-existing segment from invalid size request in order to behave sensibly, so it's worth some extra code here to get it right. Per report from Gavin Kistner and subsequent investigation. Back-patch to all supported versions, since any of them could get used with a kernel having the debatable behavior. 01 May 2010, 22:46:50 UTC
back to top