Skip to main content

Browse the archive

https://github.com/postgres/postgres
07 April 2024, 13:56:23 UTC
sort by:
Revision Author Date Message Commit Date
96ae23a Andrew Dunstan 02 March 2010, 15:44:03 UTC Backpatch MSVC build fix for XSLT 02 March 2010, 15:44:03 UTC
d46f100 Heikki Linnakangas 01 March 2010, 21:27:32 UTC Fix translation of strings in psql \d output (translation in headers worked, but not in cells). 01 March 2010, 21:27:32 UTC
62f5ade Heikki Linnakangas 01 March 2010, 20:55:53 UTC Fix numericlocale psql option when used with a null string and latex and troff formats; a null string must not be formatted as a numeric. The more exotic formats latex and troff also incorrectly formatted all strings as numerics when numericlocale was on. Backpatch to 8.1 where numericlocale option was added. This fixes bug #5355 reported by Andy Lester. 01 March 2010, 20:55:53 UTC
b0c8b3d Tom Lane 01 March 2010, 18:08:07 UTC Fix contrib/xml2 so regression test still works when it's built without libxslt. This involves modifying the module to have a stable ABI, that is, the xslt_process() function still exists even without libxslt. It throws a runtime error if called, but doesn't prevent executing the CREATE FUNCTION call. This is a good thing anyway to simplify cross-version upgrades. 01 March 2010, 18:08:07 UTC
5ea32f5 Tom Lane 01 March 2010, 05:16:40 UTC Remove xmlCleanupParser calls from contrib/xml2. These are unnecessary and probably dangerous. I don't see any immediate risk situations in the core XML support or contrib/xml2 itself, but there could be issues with external uses of libxml2, and in any case it's an accident waiting to happen. 01 March 2010, 05:16:40 UTC
8748dc3 Tom Lane 01 March 2010, 03:41:04 UTC Back-patch today's memory management fixups in contrib/xml2. Prior to 8.3, these changes are not critical for compatibility with core Postgres, since core had no libxml2 calls then. However there is still a risk if contrib/xml2 is used along with libxml2 functionality in Perl or other loadable modules. So back-patch to all versions. Also back-patch addition of regression tests. I'm not sure how many of the cases are interesting without the interaction with core xml code, but a silly regression test is still better than none at all. 01 March 2010, 03:41:04 UTC
a7ac5c6 Tom Lane 25 February 2010, 21:00:03 UTC Allow predicate_refuted_by() to deduce that NOT A refutes A. We had originally made the stronger assumption that NOT A refutes any B if B implies A, but this fails in three-valued logic, because we need to prove B is false not just that it's not true. However the logic does go through if B is equal to A. Recognizing this limited case is enough to handle examples that arise when we have simplified "bool_var = true" or "bool_var = false" to just "bool_var" or "NOT bool_var". If we had not done that simplification then the btree-operator proof logic would have been able to prove that the expressions were contradictory, but only for identical expressions being compared to the constants; so handling identical A and B covers all the same cases. The motivation for doing this is to avoid unexpected asymmetrical behavior when a partitioned table uses a boolean partitioning column, as in today's gripe from Dominik Sander. Back-patch to 8.2, which is as far back as predicate_refuted_by attempts to do anything at all with NOTs. 25 February 2010, 21:00:03 UTC
5ea449e Magnus Hagander 25 February 2010, 13:26:26 UTC Add configuration parameter ssl_renegotiation_limit to control how often we do SSL session key renegotiation. Can be set to 0 to disable renegotiation completely, which is required if a broken SSL library is used (broken patches to CVE-2009-3555 a known cause) or when using a client library that can't do renegotiation. 25 February 2010, 13:26:26 UTC
29667c8 Tom Lane 24 February 2010, 18:02:30 UTC Allow zero-dimensional (ie, empty) arrays in contrib/ltree operations. The main motivation for changing this is bug #4921, in which it's pointed out that it's no longer safe to apply ltree operations to the result of ARRAY(SELECT ...) if the sub-select might return no rows. Before 8.3, the ARRAY() construct would return NULL, which might or might not be helpful but at least it wouldn't result in an error. Now it returns an empty array which results in a failure for no good reason, since the ltree operations are all perfectly capable of dealing with zero-element arrays. As far as I can find, these ltree functions are the only places where zero array dimensionality is rejected unnecessarily. Back-patch to 8.3 to prevent behavioral regression of queries that worked in older releases. 24 February 2010, 18:02:30 UTC
7379835 Alvaro Herrera 24 February 2010, 14:11:40 UTC Remove stray semicolon, per report from strk 24 February 2010, 14:11:40 UTC
c740350 Robert Haas 19 February 2010, 23:55:52 UTC Remove incorrect statement that PostgreSQL 8.4 has no default parameters. Tom Lane already removed this from HEAD as par of the plpgsql variable resolution behavior patch, but this part of his patch also applies to 8.4. 19 February 2010, 23:55:52 UTC
472e29b Itagaki Takahiro 19 February 2010, 01:04:39 UTC Fix STOP WAL LOCATION in backup history files no to return the next segment of XLOG_BACKUP_END record even if the the record is placed at a segment boundary. Furthermore the previous implementation could return nonexistent segment file name when the boundary is in segments that has "FE" suffix; We never use segments with "FF" suffix. Backpatch to 8.0, where hot backup was introduced. Reported by Fujii Masao. 19 February 2010, 01:04:39 UTC
d1b9b0c Tom Lane 18 February 2010, 23:50:12 UTC Volatile-ize all five places where we expect a PG_TRY block to restore old memory context in plpython. Before only one of them was marked volatile, but per report from Zdenek Kotala, some compilers do the wrong thing here. 18 February 2010, 23:50:12 UTC
a8d1624 Tom Lane 18 February 2010, 22:43:39 UTC Provide some rather hokey ways for EXPLAIN to print FieldStore and assignment ArrayRef expressions that are not in the immediate context of an INSERT or UPDATE targetlist. Such cases never arise in stored rules, so ruleutils.c hadn't tried to handle them. However, they do occur in the targetlists of plans derived from such statements, and now that EXPLAIN VERBOSE tries to print targetlists, we need some way to deal with the case. I chose to represent an assignment ArrayRef as "array[subscripts] := source", which is fairly reasonable and doesn't omit any information. However, FieldStore is problematic because the planner will fold multiple assignments to fields of the same composite column into one FieldStore, resulting in a structure that is hard to understand at all, let alone display comprehensibly. So in that case I punted and just made it print the source expression(s). Backpatch to 8.4 --- the lack of functionality exists in older releases, but doesn't seem to be important for lack of anything that would call it. 18 February 2010, 22:43:39 UTC
dfb3bc0 Tom Lane 18 February 2010, 18:41:55 UTC Fix ExecEvalArrayRef to pass down the old value of the array element or slice being assigned to, in case the expression to be assigned is a FieldStore that would need to modify that value. The need for this was foreseen some time ago, but not implemented then because we did not have arrays of composites. Now we do, but the point evidently got overlooked in that patch. Net result is that updating a field of an array element doesn't work right, as illustrated if you try the new regression test on an unpatched backend. Noted while experimenting with EXPLAIN VERBOSE, which has also got some issues in this area. Backpatch to 8.3, where arrays of composites were introduced. 18 February 2010, 18:41:55 UTC
85a646a Tom Lane 18 February 2010, 03:06:53 UTC Force READY portals into FAILED state when a transaction or subtransaction is aborted, if they were created within the failed xact. This prevents ExecutorEnd from being run on them, which is a good idea because they may contain references to tables or other objects that no longer exist. In particular this is hazardous when auto_explain is active, but it's really rather surprising that nobody has seen an issue with this before. I'm back-patching this to 8.4, since that's the first version that contains auto_explain or an ExecutorEnd hook, but I wonder whether we shouldn't back-patch further. 18 February 2010, 03:06:53 UTC
ef7604f Tom Lane 17 February 2010, 01:48:51 UTC Prevent #option dump from crashing on FORI statement with null step. Reported by Pavel. 17 February 2010, 01:48:51 UTC
1f2aeca Greg Stark 16 February 2010, 00:01:35 UTC revert prior patch to fsync directories until portability problems exposed by build farm can be sorted out 16 February 2010, 00:01:35 UTC
36e1ed0 Greg Stark 14 February 2010, 17:50:47 UTC Make CREATE DATABASE safe against losing whole files by fsyncing the directory and not just the individual files. Back-patch to 8.1 -- before that we just called "cp -r" and never fsynced anything anyways. 14 February 2010, 17:50:47 UTC
d1e0eb3 Tom Lane 14 February 2010, 01:01:40 UTC Ooops, let's get the non-null vs null bit right ... 14 February 2010, 01:01:40 UTC
9908950 Tom Lane 14 February 2010, 00:48:20 UTC Document the behavior of STRICT VARIADIC functions. 14 February 2010, 00:48:20 UTC
45c17a7 Tom Lane 12 February 2010, 19:37:43 UTC Don't choke when exec_move_row assigns a synthesized null to a column that happens to be composite itself. Per bug #5314 from Oleg Serov. Backpatch to 8.0 --- 7.4 has got too many other shortcomings in composite-type support to make this worth worrying about in that branch. 12 February 2010, 19:37:43 UTC
f723139 Andrew Dunstan 12 February 2010, 04:32:02 UTC Free reference in correct Perl context. Backpatch to release 8.2. Patch from Tim Bunce. 12 February 2010, 04:32:02 UTC
23eec89 Heikki Linnakangas 09 February 2010, 20:31:35 UTC Fix bug in GIN WAL redo cleanup function: don't free fake relcache entry while it's still being used. Backpatch to 8.4, where the fake relcache method was introduced. 09 February 2010, 20:31:35 UTC
94d36cb Heikki Linnakangas 08 February 2010, 20:00:55 UTC Remove obsolete comment about 'fsm' argument, which isn't an argument anymore. 08 February 2010, 20:00:55 UTC
d0483ae Bruce Momjian 05 February 2010, 19:34:57 UTC Properly document that OVER and WINDOW are Postgres reserved words. 05 February 2010, 19:34:57 UTC
14b2235 Joe Conway 03 February 2010, 23:01:23 UTC Check to ensure the number of primary key fields supplied does not exceed the total number of non-dropped source table fields for dblink_build_sql_*(). Addresses bug report from Rushabh Lathia. Backpatch all the way to the 7.3 branch. 03 February 2010, 23:01:23 UTC
4204ff3 Tom Lane 03 February 2010, 06:36:16 UTC Forgot to back-patch CLUSTER test fix to 8.4. 03 February 2010, 06:36:16 UTC
8f13ee6 Tom Lane 02 February 2010, 19:12:34 UTC CLUSTER specified the wrong namespace when renaming toast tables of temporary relations (they don't live in pg_toast). This caused an Assert failure in assert-enabled builds. So far as I can see, in a non-assert build it would only have messed up the checks for conflicting names, so a failure would be quite improbable but perhaps not impossible. 02 February 2010, 19:12:34 UTC
9fd5fb8 Bruce Momjian 02 February 2010, 18:52:06 UTC Remove copyright mention of Andrew Yu, per author's permission. Backpatch to 8.4.X. 02 February 2010, 18:52:06 UTC
3c8a652 Tom Lane 01 February 2010, 02:45:35 UTC Change regexp engine's ccondissect/crevdissect routines to perform DFA matching before recursing instead of after. The DFA match eliminates unworkable midpoint choices a lot faster than the recursive check, in most cases, so doing it first can speed things up; particularly in pathological cases such as recently exhibited by Michael Glaesemann. In addition, apply some cosmetic changes that were applied upstream (in the Tcl project) at the same time, in order to sync with upstream version 1.15 of regexec.c. Upstream apparently intends to backpatch this, so I will too. The pathological behavior could be unpleasant if encountered in the field, which seems to justify any risk of introducing new bugs. Tom Lane, reviewed by Donal K. Fellows of Tcl project 01 February 2010, 02:45:35 UTC
97bcf34 Magnus Hagander 31 January 2010, 17:16:29 UTC Fix race condition in win32 signal handling. There was a race condition where the receiving pipe could be closed by the child thread if the main thread was pre-empted before it got a chance to create a new one, and the dispatch thread ran to completion during that time. One symptom of this is that rows in pg_listener could be dropped under heavy load. Analysis and original patch by Radu Ilie, with some small modifications by Magnus Hagander. 31 January 2010, 17:16:29 UTC
b7445b6 Tom Lane 30 January 2010, 20:09:59 UTC Avoid performing encoding conversion on command tag strings during EndCommand. Since all current and foreseeable future command tags will be pure ASCII, there is no need to do conversion on them. This saves a few cycles and also avoids polluting otherwise-pristine subtransaction memory contexts, which is the cause of the backend memory leak exhibited in bug #5302. (Someday we'll probably want to have a better method of determining whether subtransaction contexts need to be kept around, but today is not that day.) Backpatch to 8.0. The cycle-shaving aspect of this would work in 7.4 too, but without subtransactions the memory-leak aspect doesn't apply, so it doesn't seem worth touching 7.4. 30 January 2010, 20:09:59 UTC
1ff05d0 Tom Lane 30 January 2010, 18:59:58 UTC Fix memory leakage introduced into print_aligned_text by 8.4 changes (failure to free col_lineptrs[] array elements) and exacerbated in the current devel cycle (failure to free "wrap"). This resulted in moderate bloat of psql over long script runs. Noted while testing bug #5302, although what the reporter was complaining of was backend-side leakage. 30 January 2010, 18:59:58 UTC
96b0da6 Tom Lane 25 January 2010, 01:58:19 UTC Apply Tcl_Init() to the "hold" interpreter created by pltcl. You might think this is unnecessary since that interpreter is never used to run code --- but it turns out that's wrong. As of Tcl 8.5, the "clock" command (alone among builtin Tcl commands) is partially implemented by loaded-on-demand Tcl code, which means that it fails if there's not unknown-command support, and also that it's impossible to run it directly in a safe interpreter. The way they get around the latter is that Tcl_CreateSlave() automatically sets up an alias command that forwards any execution of "clock" in a safe slave interpreter to its parent interpreter. Thus, when attempting to execute "clock" in trusted pltcl, the command actually executes in the "hold" interpreter, where it will fail if unknown-command support hasn't been introduced by sourcing the standard init.tcl script, which is done by Tcl_Init(). (This is a pretty dubious design decision on the Tcl boys' part, if you ask me ... but they didn't.) Back-patch all the way. It's not clear that anyone would try to use ancient versions of pltcl with a recent Tcl, but it's not clear they wouldn't, either. Also add a regression test using "clock", in branches that have regression test support for pltcl. Per recent trouble report from Kyle Bateman. 25 January 2010, 01:58:19 UTC
5244ed4 Tom Lane 24 January 2010, 21:49:31 UTC Fix assorted core dumps and Assert failures that could occur during AbortTransaction or AbortSubTransaction, when trying to clean up after an error that prevented (sub)transaction start from completing: * access to TopTransactionResourceOwner that might not exist * assert failure in AtEOXact_GUC, if AtStart_GUC not called yet * assert failure or core dump in AfterTriggerEndSubXact, if AfterTriggerBeginSubXact not called yet Per testing by injecting elog(ERROR) at successive steps in StartTransaction and StartSubTransaction. It's not clear whether all of these cases could really occur in the field, but at least one of them is easily exposed by simple stress testing, as per my accidental discovery yesterday. 24 January 2010, 21:49:31 UTC
18cba6e Tom Lane 23 January 2010, 21:29:06 UTC Insert CHECK_FOR_INTERRUPTS calls into loops in dbsize.c, to ensure that the various disk-size-reporting functions will respond to query cancel reasonably promptly even in very large databases. Per report from Kevin Grittner. 23 January 2010, 21:29:06 UTC
5f60895 Tom Lane 20 January 2010, 23:12:15 UTC Well, the systemtap guys moved the goalposts again: with the latest version, we *must* generate probes.o or the dtrace probes don't work. Revert our workaround for their previous bug. Details at https://bugzilla.redhat.com/show_bug.cgi?id=557266 20 January 2010, 23:12:15 UTC
3fc333d Tom Lane 19 January 2010, 18:39:26 UTC When doing a parallel restore, we must guard against out-of-range dependency dump IDs, because the array we're using is sized according to the highest dump ID actually defined in the archive file. In a partial dump there could be references to higher dump IDs that weren't dumped. Treat these the same as references to in-range IDs that weren't dumped. (The whole thing is a bit scary because the missing objects might have been part of dependency chains, which we won't know about. Not much we can do though --- throwing an error is probably overreaction.) Also, reject parallel restore with pre-1.8 archive version (made by pre-8.0 pg_dump). In these old versions the dependency entries are OIDs, not dump IDs, and we don't have enough information to interpret them. Per bug #5288 from Jon Erdman. 19 January 2010, 18:39:26 UTC
dcd647d Tom Lane 18 January 2010, 18:17:52 UTC Fix an oversight in convert_EXISTS_sublink_to_join: we can't convert an EXISTS that contains a WITH clause. This would usually lead to a "could not find CTE" error later in planning, because the WITH wouldn't get processed at all. Noted while playing with an example from Ken Marshall. 18 January 2010, 18:17:52 UTC
59dbd54 Teodor Sigaev 18 January 2010, 11:53:10 UTC Fix incorrect comparison of scan key in GIN. Per report from Vyacheslav Kalinin <vka@mgcp.com> 18 January 2010, 11:53:10 UTC
524d357 Tom Lane 18 January 2010, 02:30:30 UTC Fix portalmem.c to avoid keeping a dangling pointer to a cached plan list after it's released its reference count for the cached plan. There are code paths that might try to examine the plan list before noticing that the portal is already in aborted state. Report and diagnosis by Tatsuo Ishii, though this isn't exactly his proposed patch. 18 January 2010, 02:30:30 UTC
69273fb Magnus Hagander 16 January 2010, 20:38:57 UTC Fix spelling error, noticed by Thomas Shinnick 16 January 2010, 20:38:57 UTC
903352f Tom Lane 16 January 2010, 19:50:38 UTC Re-order configure tests to reflect the fact that the code generated for posix_fadvise and other file-related functions can depend on _LARGEFILE_SOURCE and/or _FILE_OFFSET_BITS. Per report from Robert Treat. Back-patch to 8.4. This has been wrong all along, but we weren't really using posix_fadvise in anger before, and AC_FUNC_FSEEKO seems to mask the issue well enough for that function. 16 January 2010, 19:50:38 UTC
06f6234 Tom Lane 13 January 2010, 23:07:15 UTC When loading critical system indexes into the relcache, ensure we lock the underlying catalog not only the index itself. Otherwise, if the cache load process touches the catalog (which will happen for many though not all of these indexes), we are locking index before parent table, which can result in a deadlock against processes that are trying to lock them in the normal order. Per today's failure on buildfarm member gothic_moth; it's surprising the problem hadn't been identified before. Back-patch to 8.2. Earlier releases didn't have the issue because they didn't try to lock these indexes during load (instead assuming that they couldn't change schema at all during multiuser operation). 13 January 2010, 23:07:15 UTC
e245c91 Tom Lane 13 January 2010, 16:57:03 UTC Fix bug #5269: ResetPlanCache mustn't invalidate cached utility statements, especially not ROLLBACK. ROLLBACK might need to be executed in an already aborted transaction, when there is no safe way to revalidate the plan. But in general there's no point in marking utility statements invalid, since they have no plans in the normal sense of the word; so we might as well work a bit harder here to avoid future revalidation cycles. Back-patch to 8.4, where the bug was introduced. 13 January 2010, 16:57:03 UTC
cc398df Tom Lane 12 January 2010, 18:12:26 UTC Fix relcache reload mechanism to be more robust in the face of errors occurring during a reload, such as query-cancel. Instead of zeroing out an existing relcache entry and rebuilding it in place, build a new relcache entry, then swap its contents with the old one, then free the new entry. This avoids problems with code believing that a previously obtained pointer to a cache entry must still reference a valid entry, as seen in recent failures on buildfarm member jaguar. (jaguar is using CLOBBER_CACHE_ALWAYS which raises the probability of failure substantially, but the problem could occur in the field without that.) The previous design was okay when it was made, but subtransactions and the ResourceOwner mechanism make it unsafe now. Also, make more use of the already existing rd_isvalid flag, so that we remember that the entry requires rebuilding even if the first attempt fails. Back-patch as far as 8.2. Prior versions have enough issues around relcache reload anyway (due to inadequate locking) that fixing this one doesn't seem worthwhile. 12 January 2010, 18:12:26 UTC
bfa084f Tom Lane 11 January 2010, 15:31:12 UTC Improve ExecEvalVar's handling of whole-row variables in cases where the rowtype contains dropped columns. Sometimes the input tuple will be formed from a select targetlist in which dropped columns are filled with a NULL of an arbitrary type (the planner typically uses INT4, since it can't tell what type the dropped column really was). So we need to relax the rowtype compatibility check to not insist on physical compatibility if the actual column value is NULL. In principle we might need to do this for functions returning composite types, too (see tupledesc_match()). In practice there doesn't seem to be a bug there, probably because the function will be using the same cached rowtype descriptor as the caller. Fixing that code path would require significant rearrangement, so I left it alone for now. Per complaint from Filip Rembialkowski. 11 January 2010, 15:31:12 UTC
48eb3e6 Magnus Hagander 10 January 2010, 15:54:14 UTC Update Windows installation notes. pginstaller isn't used anymore, in favor of the one-click installers. Make it clear that we support Windows 2000 and newer with the native port, instead of first saying we support NT4 and then saying we don't. 10 January 2010, 15:54:14 UTC
6e41745 Michael Meskes 08 January 2010, 09:22:44 UTC Backported fix for protecting ecpg against applications freeing strings to 8.4. 08 January 2010, 09:22:44 UTC
ac7fc99 Tom Lane 07 January 2010, 19:53:16 UTC Make bit/varbit substring() treat any negative length as meaning "all the rest of the string". The previous coding treated only -1 that way, and would produce an invalid result value for other negative values. We ought to fix it so that 2-parameter bit substring() is a different C function and the 3-parameter form throws error for negative length, but that takes a pg_proc change which is impractical in the back branches; and in any case somebody might be relying on -1 working this way. So just do this as a back-patchable fix. 07 January 2010, 19:53:16 UTC
ed62e74 Tom Lane 07 January 2010, 00:25:18 UTC Alter the configure script to fail immediately if the C compiler does not provide a working 64-bit integer datatype. As recently noted, we've been broken on such platforms since early in the 8.4 development cycle. Since it took nearly two years for anyone to even notice, it seems that the rationale for continuing to support such platforms has reached the point of non-existence. Rather than thrashing around to try to make it work again, we'll just admit up front that this no longer works. Back-patch to 8.4 since that branch is also broken. We should go around to remove INT64_IS_BUSTED support, but just in HEAD, so that seems like material for a separate commit. 07 January 2010, 00:25:18 UTC
c5afcf9 Tom Lane 05 January 2010, 23:25:44 UTC Add support for doing FULL JOIN ON FALSE. While this is really a rather peculiar variant of UNION ALL, and so wouldn't likely get written directly as-is, it's possible for it to arise as a result of simplification of less-obviously-silly queries. In particular, now that we can do flattening of subqueries that have constant outputs and are underneath an outer join, it's possible for the case to result from simplification of queries of the type exhibited in bug #5263. Back-patch to 8.4 to avoid a functionality regression for this type of query. 05 January 2010, 23:25:44 UTC
1c0f0d9 Magnus Hagander 01 January 2010, 14:57:19 UTC Make the win32 putenv() override update *all* present versions of the MSVCRxx runtime, not just the current + Visual Studio 6 (MSVCRT). Clearly there can be an almost unlimited number of runtimes loaded at the same time. Per report from Hiroshi Inoue 01 January 2010, 14:57:19 UTC
cae9c0d Heikki Linnakangas 30 December 2009, 08:37:23 UTC Reset minRecoveryPoint at checkpoints, so that we don't uselessly update it in the control file at crash recovery following an archive recovery. Per Fujii Masao and subsequent discussion. 30 December 2009, 08:37:23 UTC
eb63765 Tom Lane 30 December 2009, 03:45:53 UTC Set errno to zero before invoking SSL_read or SSL_write. It appears that at least in some Windows versions, these functions are capable of returning a failure indication without setting errno. That puts us into an infinite loop if the previous value happened to be EINTR. Per report from Brendan Hill. Back-patch to 8.2. We could take it further back, but since this is only known to be an issue on Windows and we don't support Windows before 8.2, it does not seem worth the trouble. 30 December 2009, 03:45:53 UTC
b1ffbae Heikki Linnakangas 29 December 2009, 17:41:09 UTC Previous fix for temporary file management broke returning a set from PL/pgSQL function within an exception handler. Make sure we use the right resource owner when we create the tuplestore to hold returned tuples. Simplify tuplestore API so that the caller doesn't need to be in the right memory context when calling tuplestore_put* functions. tuplestore.c automatically switches to the memory context used when the tuplestore was created. Tuplesort was already modified like this earlier. This patch also removes the now useless MemoryContextSwitch calls from callers. Report by Aleksei on pgsql-bugs on Dec 22 2009. Backpatch to 8.1, like the previous patch that broke this. 29 December 2009, 17:41:09 UTC
f46b971 Tom Lane 24 December 2009, 17:52:11 UTC Fix wrong WAL info value generated when gistContinueInsert() performs an index page split. This would result in index corruption, or even more likely an error during WAL replay, if we were unlucky enough to crash during end-of-recovery cleanup after having completed an incomplete GIST insertion. Yoichi Hirai 24 December 2009, 17:52:11 UTC
a1ffb01 Heikki Linnakangas 23 December 2009, 12:24:16 UTC Always pass catalog id to the options validator function specified in CREATE FOREIGN DATA WRAPPER. Arguably it wasn't a bug because the documentation said that it's passed the catalog ID or zero, but surely we should provide it when it's known. And there isn't currently any scenario where it's not known, and I can't imagine having one in the future either, so better remove the "or zero" escape hatch and always pass a valid catalog ID. Backpatch to 8.4. Martin Pihlak 23 December 2009, 12:24:16 UTC
7826bd4 Tom Lane 16 December 2009, 22:24:19 UTC Avoid a premature coercion failure in transformSetOperationTree() when presented with an UNKNOWN-type Var, which can happen in cases where an unknown literal appeared in a subquery. While many such cases will fail later on anyway in the planner, there are some cases where the planner is able to flatten the query and replace the Var by the constant before it has to coerce the union column to the final type. I had added this check in 8.4 to provide earlier/better error detection, but it causes a regression for some cases that worked OK before. Fix by not making the check if the input node is UNKNOWN type and not a Const or Param. If it isn't going to work, it will fail anyway at plan time, with the only real loss being inability to provide an error cursor. Per gripe from Britt Piehler. In passing, rename a couple of variables to remove confusion from an inner scope masking the same variable names in an outer scope. 16 December 2009, 22:24:19 UTC
e5fddc5 Tom Lane 14 December 2009, 02:16:04 UTC Fix a bug introduced when set-returning SQL functions were made inline-able: we have to cope with the possibility that the declared result rowtype contains dropped columns. This fails in 8.4, as per bug #5240. While at it, be more paranoid about inserting binary coercions when inlining. The pre-8.4 code did not really need to worry about that because it could not inline at all in any case where an added coercion could change the behavior of the function's statement. However, when inlining a SRF we allow sorting, grouping, and set-ops such as UNION. In these cases, modifying one of the targetlist entries that the sort/group/setop depends on could conceivably change the behavior of the function's statement --- so don't inline when such a case applies. 14 December 2009, 02:16:04 UTC
e266863 Tom Lane 12 December 2009, 19:24:44 UTC Fix integer-to-bit-string conversions to handle the first fractional byte correctly when the output bit width is wider than the given integer by something other than a multiple of 8 bits. This has been wrong since I first wrote that code for 8.0 :-(. Kudos to Roman Kononov for being the first to notice, though I didn't use his patch. Per bug #5237. 12 December 2009, 19:24:44 UTC
5cc7c13 Marc G. Fournier 10 December 2009, 02:56:56 UTC tag for 8.4.2 10 December 2009, 02:56:56 UTC
743ffa5 Robert Haas 10 December 2009, 01:54:21 UTC Fix levenshtein with costs. The previous code multiplied by the cost in only 3 of the 7 relevant locations. Marcin Mank, slightly adjusted by me. 10 December 2009, 01:54:21 UTC
e8df357 Tom Lane 10 December 2009, 00:31:24 UTC Update release notes for releases 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, 7.4.27. 10 December 2009, 00:31:24 UTC
42ba393 Tom Lane 09 December 2009, 21:58:04 UTC Prevent indirect security attacks via changing session-local state within an allegedly immutable index function. It was previously recognized that we had to prevent such a function from executing SET/RESET ROLE/SESSION AUTHORIZATION, or it could trivially obtain the privileges of the session user. However, since there is in general no privilege checking for changes of session-local state, it is also possible for such a function to change settings in a way that might subvert later operations in the same session. Examples include changing search_path to cause an unexpected function to be called, or replacing an existing prepared statement with another one that will execute a function of the attacker's choosing. The present patch secures VACUUM, ANALYZE, and CREATE INDEX/REINDEX against these threats, which are the same places previously deemed to need protection against the SET ROLE issue. GUC changes are still allowed, since there are many useful cases for that, but we prevent security problems by forcing a rollback of any GUC change after completing the operation. Other cases are handled by throwing an error if any change is attempted; these include temp table creation, closing a cursor, and creating or deleting a prepared statement. (In 7.4, the infrastructure to roll back GUC changes doesn't exist, so we settle for rejecting changes of "search_path" in these contexts.) Original report and patch by Gurjeet Singh, additional analysis by Tom Lane. Security: CVE-2009-4136 09 December 2009, 21:58:04 UTC
a493b42 Magnus Hagander 09 December 2009, 16:16:45 UTC Update size references in installation instructions to be a bit more up-to-date with current versions. 09 December 2009, 16:16:45 UTC
1ac3651 Magnus Hagander 09 December 2009, 06:37:29 UTC Reject certificates with embedded NULLs in the commonName field. This stops attacks where an attacker would put <attack>\0<propername> in the field and trick the validation code that the certificate was for <attack>. This is a very low risk attack since it reuqires the attacker to trick the CA into issuing a certificate with an incorrect field, and the common PostgreSQL deployments are with private CAs, and not external ones. Also, default mode in 8.4 does not do any name validation, and is thus also not vulnerable - but the higher security modes are. Backpatch all the way. Even though versions 8.3.x and before didn't have certificate name validation support, they still exposed this field for the user to perform the validation in the application code, and there is no way to detect this problem through that API. Security: CVE-2009-4034 09 December 2009, 06:37:29 UTC
e37487d Tom Lane 09 December 2009, 00:35:59 UTC Update time zone data files to tzdata release 2009s: DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria. Also historical corrections for Hong Kong. 09 December 2009, 00:35:59 UTC
7a2afa1 Peter Eisentraut 08 December 2009, 22:22:17 UTC Translation updates 08 December 2009, 22:22:17 UTC
fd1b31f Magnus Hagander 08 December 2009, 20:08:37 UTC Fix a couple of broken links to third-party sites. 08 December 2009, 20:08:37 UTC
652dad6 Magnus Hagander 08 December 2009, 19:22:49 UTC Replace broken link to custom local gettext package with one to the main GNU site for gettext. 08 December 2009, 19:22:49 UTC
8c5a1d9 Magnus Hagander 07 December 2009, 19:20:01 UTC Update CVS documentation to be more current and add documentation about git mirror. Remove information about cvsup and documentation that's more about cvs than our use of cvs. Backpatch to 8.4 so we get the git information up on the website as soon as possible. 07 December 2009, 19:20:01 UTC
d1c5bdf Heikki Linnakangas 03 December 2009, 11:03:35 UTC Fix bug in temporary file management with subtransactions. A cursor opened in a subtransaction stays open even if the subtransaction is aborted, so any temporary files related to it must stay alive as well. With the patch, we use ResourceOwners to track open temporary files and don't automatically close them at subtransaction end (though in the normal case temporary files are registered with the subtransaction resource owner and will therefore be closed). At end of top transaction, we still check that there's no temporary files marked as close-at-end-of-transaction open, but that's now just a debugging cross-check as the resource owner cleanup should've closed them already. 03 December 2009, 11:03:35 UTC
e461436 Tom Lane 02 December 2009, 17:41:07 UTC Ignore attempts to set "application_name" in the connection startup packet. This avoids a useless connection retry and complaint in the postmaster log when receiving a connection from 8.5 or later libpq. Backpatch in all supported branches, but of course *not* HEAD. 02 December 2009, 17:41:07 UTC
b382cbb Tom Lane 30 November 2009, 16:38:40 UTC Avoid core dump on empty thesaurus dictionary. Per report from Robert Gravsjö. 30 November 2009, 16:38:40 UTC
1962ec6 Tom Lane 29 November 2009, 21:02:22 UTC Fix session-lifespan memory leak when a plperl function is redefined: we have to tell Perl it can release its compiled copy of the function text. Noted by Alexey Klyukin. Back-patch to 8.2 --- the problem exists further back, but this patch won't work without modification, and it's probably not worth the trouble. 29 November 2009, 21:02:22 UTC
2164a24 Michael Meskes 27 November 2009, 16:11:50 UTC Remove */ characters from declare cursor statements before putting them into a comment. 27 November 2009, 16:11:50 UTC
7c605d5 Peter Eisentraut 24 November 2009, 19:21:04 UTC Fix syntax in extract() examples Author: Erik Rijkers <er@xs4all.nl> 24 November 2009, 19:21:04 UTC
5e4b869 Heikki Linnakangas 23 November 2009, 09:58:51 UTC Fix an old bug in multixact and two-phase commit. Prepared transactions can be part of multixacts, so allocate a slot for each prepared transaction in the "oldest member" array in multixact.c. On PREPARE TRANSACTION, transfer the oldest member value from the current backends slot to the prepared xact slot. Also save and recover the value from the 2pc state file. The symptom of the bug was that after a transaction prepared, a shared lock still held by the prepared transaction was sometimes ignored by other transactions. Fix back to 8.1, where both 2PC and multixact were introduced. 23 November 2009, 09:58:51 UTC
1e925f4 Tom Lane 21 November 2009, 05:44:12 UTC Refactor ecpg grammar so that it uses the core grammar's unreserved_keyword list, minus a few specific words that have to be treated specially. This replaces a hard-wired list of keywords that would have needed manual maintenance, and was not getting it. The 8.4 coding was already missing these words, causing ecpg to incorrectly treat them as reserved words: CALLED, CATALOG, DEFINER, ENUM, FOLLOWING, INVOKER, OPTIONS, PARTITION, PRECEDING, RANGE, SECURITY, SERVER, UNBOUNDED, WRAPPER. In HEAD we were additionally missing COMMENTS, FUNCTIONS, SEQUENCES, TABLES. Per gripe from Bosco Rama. 21 November 2009, 05:44:12 UTC
00d144d Tom Lane 20 November 2009, 20:54:20 UTC Fix display and dumping of UPDATE OR TRUNCATE triggers (a bizarre combination maybe, but we should get it right). Bug noted while reviewing TRIGGER WHEN patch. Already fixed in HEAD. 20 November 2009, 20:54:20 UTC
cd5c42d Peter Eisentraut 19 November 2009, 22:05:49 UTC Typo: dump -> restore fixed in 8.4 and 8.5 Author: Guillaume Lelarge <guillaume@lelarge.info> 19 November 2009, 22:05:49 UTC
2951f8f Tom Lane 19 November 2009, 02:45:40 UTC Fix memory leak in syslogger: logfile_rotate() would leak a copy of the output filename if CSV logging was enabled and only one of the two possible output files got rotated during a particular call (which would, in fact, typically be the case during a size-based rotation). This would amount to about MAXPGPATH (1KB) per rotation, and it's been there since the CSV code was put in, so it's surprising that nobody noticed it before. Per bug #5196 from Thomas Poindessous. 19 November 2009, 02:45:40 UTC
1ec6548 Tom Lane 16 November 2009, 18:04:47 UTC While doing the final setrefs.c pass over a plan tree, try to match up non-Var sort/group expressions using ressortgroupref labels instead of depending entirely on equal()-ity of the upper node's tlist expressions to the lower node's. This avoids emitting the wrong outputs in cases where there are textually identical volatile sort/group expressions, as for example select distinct random(),random() from generate_series(1,10); Per report from Andrew Gierth. Backpatch to 8.4. Arguably this is wrong all the way back, but the only known case where there's an observable problem is when using hash aggregation to implement DISTINCT, which is new as of 8.4. So for the moment I'll refrain from backpatching further. 16 November 2009, 18:04:47 UTC
4272c87 Peter Eisentraut 15 November 2009, 13:55:42 UTC Make text search parser accept underscores in XML attributes (bug #5075) 15 November 2009, 13:55:42 UTC
8467f3c Magnus Hagander 14 November 2009, 15:39:45 UTC Add inheritable ACE when creating a restricted token for execution on Win32. Also refactor the code around it to be more clear. Jesse Morris 14 November 2009, 15:39:45 UTC
30137bd Heikki Linnakangas 13 November 2009, 19:48:26 UTC A better fix for the "ARRAY[...]::domain" problem. The previous patch worked, but the transformed ArrayExpr claimed to have a return type of "domain", even though the domain constraint was only checked by the enclosing CoerceToDomain node. With this fix, the ArrayExpr is correctly labeled with the base type of the domain. Per gripe by Tom Lane. 13 November 2009, 19:48:26 UTC
959af88 Heikki Linnakangas 13 November 2009, 16:09:20 UTC When you do "ARRAY[...]::domain", where domain is a domain over an array type, we need to check domain constraints. We used to do it correctly, but 8.4 introduced a separate code path for the "ARRAY[]::arraytype" case to infer the type of an empty ARRAY construct from the cast target, and forgot to take domains into account. Per report from Florian G. Pflug. 13 November 2009, 16:09:20 UTC
66ad0b3 Teodor Sigaev 13 November 2009, 11:17:22 UTC Fix multicolumn GIN's wrong results with fastupdate enabled. User-defined consistent functions believes the check array contains at least one true element which was not a true for scanning pending list. Per report from Yury Don <yura@vpcit.ru> 13 November 2009, 11:17:22 UTC
7a6aa85 Tom Lane 10 November 2009, 23:12:21 UTC Do not build psql's flex module on its own, but instead include it in mainloop.c. This ensures that postgres_fe.h is read before including any system headers, which is necessary to avoid problems on some platforms where we make nondefault selections of feature macros for stdio.h or other headers. We have had this policy for flex modules in the backend for many years, but for some reason it was not applied to psql. Per trouble report from Alexandra Roy and diagnosis by Albe Laurenz. 10 November 2009, 23:12:21 UTC
83d4698 Alvaro Herrera 10 November 2009, 18:00:30 UTC Fix longstanding problems in VACUUM caused by untimely interruptions In VACUUM FULL, an interrupt after the initial transaction has been recorded as committed can cause postmaster to restart with the following error message: PANIC: cannot abort transaction NNNN, it was already committed This problem has been reported many times. In lazy VACUUM, an interrupt after the table has been truncated by lazy_truncate_heap causes other backends' relcache to still point to the removed pages; this can cause future INSERT and UPDATE queries to error out with the following error message: could not read block XX of relation 1663/NNN/MMMM: read only 0 of 8192 bytes The window to this race condition is extremely narrow, but it has been seen in the wild involving a cancelled autovacuum process. The solution for both problems is to inhibit interrupts in both operations until after the respective transactions have been committed. It's not a complete solution, because the transaction could theoretically be aborted by some other error, but at least fixes the most common causes of both problems. 10 November 2009, 18:00:30 UTC
2c61405 Tom Lane 05 November 2009, 04:38:35 UTC Allow binary-coercible cases in ri_HashCompareOp; there are some such cases that are not handled by find_coercion_pathway, notably composite->RECORD. Now that 8.4 supports composites as primary keys, it's worth dealing with this case. 05 November 2009, 04:38:35 UTC
7433359 Heikki Linnakangas 04 November 2009, 12:51:36 UTC Disable triggering failover with a signal in pg_standby on Windows, because Windows doesn't do signal processing like other platforms do. It never really worked, but recent changes to the signal handling made it crash. This fixes bug #4961. Patch by Fujii Masao. 04 November 2009, 12:51:36 UTC
59052a5 Peter Eisentraut 03 November 2009, 08:59:16 UTC Fix obscure segfault condition in PL/Python In PLy_output(), when the elog() call in the TRY branch throws an exception (this can happen when a statement timeout kicks in, for example), the PyErr_SetString() call in the CATCH branch can cause a segfault, because the Py_XDECREF(so) call before it releases memory that is still used by the sv variable that PyErr_SetString() uses as argument, because sv points into memory owned by so. Backpatched back to 8.0, where this code was introduced. I also threw in a couple of volatile declarations for variables that are used before and after the TRY. I don't think they caused the crash that I observed, but they could become issues. 03 November 2009, 08:59:16 UTC
01adc8a Tom Lane 01 November 2009, 22:31:02 UTC Dept of second thoughts: after studying index_getnext() a bit more I realize that it can scribble on scan->xs_ctup.t_self while following HOT chains, so we can't rely on that to stay valid between hashgettuple() calls. Introduce a private variable in HashScanOpaque, instead. 01 November 2009, 22:31:02 UTC
891e225 Tom Lane 01 November 2009, 21:25:33 UTC Fix two serious bugs introduced into hash indexes by the 8.4 patch that made hash indexes keep entries sorted by hash value. First, the original plans for concurrency assumed that insertions would happen only at the end of a page, which is no longer true; this could cause scans to transiently fail to find index entries in the presence of concurrent insertions. We can compensate by teaching scans to re-find their position after re-acquiring read locks. Second, neither the bucket split nor the bucket compaction logic had been fixed to preserve hashvalue ordering, so application of either of those processes could lead to permanent corruption of an index, in the sense that searches might fail to find entries that are present. This patch fixes the split and compaction logic to preserve hashvalue ordering, but it cannot do anything about pre-existing corruption. We will need to recommend reindexing all hash indexes in the 8.4.2 release notes. To buy back the performance loss hereby induced in split and compaction, fix them to use PageIndexMultiDelete instead of retail PageIndexDelete operations. We might later want to do something with qsort'ing the page contents rather than doing a binary search for each insertion, but that seemed more invasive than I cared to risk in a back-patch. Per bug #5157 from Jeff Janes and subsequent investigation. 01 November 2009, 21:25:33 UTC
f175aed Tom Lane 31 October 2009, 18:12:05 UTC Ensure the previous Perl interpreter selection is restored upon exit from plperl_call_handler, in both the normal and error-exit paths. Per report from Alexey Klyukin. 31 October 2009, 18:12:05 UTC
3f5a482 Tom Lane 30 October 2009, 20:58:51 UTC Make the overflow guards in ExecChooseHashTableSize be more protective. The original coding ensured nbuckets and nbatch didn't exceed INT_MAX, which while not insane on its own terms did nothing to protect subsequent code like "palloc(nbatch * sizeof(BufFile *))". Since enormous join size estimates might well be planner error rather than reality, it seems best to constrain the initial sizes to be not more than work_mem/sizeof(pointer), thus ensuring the allocated arrays don't exceed work_mem. We will allow nbatch to get bigger than that during subsequent ExecHashIncreaseNumBatches calls, but we should still guard against integer overflow in those palloc requests. Per bug #5145 from Bernt Marius Johnsen. Although the given test case only seems to fail back to 8.2, previous releases have variants of this issue, so patch all supported branches. 30 October 2009, 20:58:51 UTC
4b53f16 Tom Lane 28 October 2009, 18:10:00 UTC Fix \df to re-allow regexp special characters in the function name pattern. This has always worked, up until somebody's thinko here: http://archives.postgresql.org/pgsql-committers/2009-04/msg00233.php Per bug #5143 from Piotr Wolinski. 28 October 2009, 18:10:00 UTC
back to top