Skip to main content

Browse the archive

https://github.com/postgres/postgres
02 May 2024, 11:03:54 UTC
sort by:
Revision Author Date Message Commit Date
6bd01f0 Tom Lane 03 August 2015, 20:34:55 UTC Stamp 9.5alpha2. 03 August 2015, 20:34:55 UTC
8f43965 Stephen Frost 03 August 2015, 19:32:49 UTC RLS: Keep deny policy when only restrictive exist Only remove the default deny policy when a permissive policy exists (either from the hook or defined by the user). If only restrictive policies exist then no rows will be visible, as restrictive policies shouldn't make rows visible. To address this requirement, a single "USING (true)" permissive policy can be created. Update the test_rls_hooks regression tests to create the necessary "USING (true)" permissive policy. Back-patch to 9.5 where RLS was added. Per discussion with Dean. 03 August 2015, 19:32:58 UTC
58b30d9 Peter Eisentraut 03 August 2015, 18:10:33 UTC Translation updates Source-Git-URL: git://git.postgresql.org/git/pgtranslation/messages.git Source-Git-Hash: 01a9485e7f9d18e1195250ec68634f1d3c9497f6 03 August 2015, 18:10:33 UTC
11daccb Tom Lane 03 August 2015, 16:29:11 UTC Update 9.5 release notes through today. 03 August 2015, 16:29:24 UTC
8f45a58 Joe Conway 03 August 2015, 16:08:01 UTC Fix psql \d output of policies. psql neglected to wrap parenthesis around USING and WITH CHECK expressions -- fixed. Back-patched to 9.5 where RLS policies were introduced. 03 August 2015, 16:08:01 UTC
46e9019 Fujii Masao 03 August 2015, 14:04:41 UTC Make recovery rename tablespace_map to *.old if backup_label is not present. If tablespace_map file is present without backup_label file, there is no use of such file. There is no harm in retaining it, but it is better to get rid of the map file so that we don't have any redundant file in data directory and it will avoid any sort of confusion. It seems prudent though to just rename the file out of the way rather than delete it completely, also we ignore any error that occurs in rename operation as even if map file is present without backup_label file, it is harmless. Back-patch to 9.5 where tablespace_map file was introduced. Amit Kapila, reviewed by Robert Haas, Alvaro Herrera and me. 03 August 2015, 14:05:19 UTC
615b695 Heikki Linnakangas 03 August 2015, 12:23:56 UTC Fix pg_rewind when pg_xlog is a symlink. pg_xlog is often a symlink, typically to a different filesystem. Don't get confused and comlain about by that, and just always pretend that it's a normal directory, even if it's really a symlink. Also add a test case for this. Backpatch to 9.5. 03 August 2015, 12:25:12 UTC
2b917a5 Heikki Linnakangas 03 August 2015, 10:06:47 UTC Clean up pg_rewind regression test script. Since commit 01f6bb4b2, TestLib.pm has exported path to tmp_check directory, so let's use that also for the pg_rewind test clusters etc. Also, in master, the $tempdir_short variable has not been used since commit 13d856e17, which moved the initdb-running code to TestLib.pm. Backpatch to 9.5. 03 August 2015, 10:07:50 UTC
642ae4e Tom Lane 03 August 2015, 04:02:26 UTC Make modules/test_ddl_deparse/.gitignore match its siblings. Not sure why /tmp_check/ was omitted from this one, but even if it isn't really needed right now, it's inconsistent not to include it. 03 August 2015, 04:02:32 UTC
6101524 Tom Lane 03 August 2015, 03:57:32 UTC contrib/isn now needs a .gitignore file. Oversight in commit cb3384a0cb4cf900622b77865f60e31259923079. Back-patch to 9.1, like that commit. 03 August 2015, 03:57:42 UTC
89e80b0 Tom Lane 03 August 2015, 03:49:19 UTC Fix a number of places that produced XX000 errors in the regression tests. It's against project policy to use elog() for user-facing errors, or to omit an errcode() selection for errors that aren't supposed to be "can't happen" cases. Fix all the violations of this policy that result in ERRCODE_INTERNAL_ERROR log entries during the standard regression tests, as errors that can reliably be triggered from SQL surely should be considered user-facing. I also looked through all the files touched by this commit and fixed other nearby problems of the same ilk. I do not claim to have fixed all violations of the policy, just the ones in these files. In a few places I also changed existing ERRCODE choices that didn't seem particularly appropriate; mainly replacing ERRCODE_SYNTAX_ERROR by something more specific. Back-patch to 9.5, but no further; changing ERRCODE assignments in stable branches doesn't seem like a good idea. 03 August 2015, 03:49:19 UTC
c75b1f7 Tom Lane 02 August 2015, 19:48:27 UTC Avoid calling memcpy() with a NULL source pointer and count == 0. As in commit 0a52d378b03b7d5a, avoid doing something that has undefined results according to the C standard, even though in practice there does not seem to be any problem with it. This fixes two places in numeric.c that demonstrably could call memcpy() with such arguments. I looked through that file and didn't see any other places with similar hazards; this is not to claim that there are not such places in other files. Per report from Piotr Stefaniak. Back-patch to 9.5 which is where the previous commit was added. We're more or less setting a precedent that we will not worry about this type of issue in pre-9.5 branches unless someone demonstrates a problem in the field. 02 August 2015, 19:48:51 UTC
ea8385d Heikki Linnakangas 02 August 2015, 19:12:33 UTC Fix output of ISBN-13 numbers beginning with 979. An EAN beginning with 979 (but not 9790 - those are ISMN's) are accepted as ISBN numbers, but they cannot be represented in the old, 10-digit ISBN format. They must be output in the new 13-digit ISBN-13 format. We printed out an incorrect value for those. Also add a regression test, to test this and some other basic functionality of the module. Patch by Fabien Coelho. This fixes bug #13442, reported by B.Z. Backpatch to 9.1, where we started to recognize ISBN-13 numbers. 02 August 2015, 19:12:38 UTC
72697d2 Tom Lane 02 August 2015, 18:54:44 UTC Fix incorrect order of lock file removal and failure to close() sockets. Commit c9b0cbe98bd783e24a8c4d8d8ac472a494b81292 accidentally broke the order of operations during postmaster shutdown: it resulted in removing the per-socket lockfiles after, not before, postmaster.pid. This creates a race-condition hazard for a new postmaster that's started immediately after observing that postmaster.pid has disappeared; if it sees the socket lockfile still present, it will quite properly refuse to start. This error appears to be the explanation for at least some of the intermittent buildfarm failures we've seen in the pg_upgrade test. Another problem, which has been there all along, is that the postmaster has never bothered to close() its listen sockets, but has just allowed them to close at process death. This creates a different race condition for an incoming postmaster: it might be unable to bind to the desired listen address because the old postmaster is still incumbent. This might explain some odd failures we've seen in the past, too. (Note: this is not related to the fact that individual backends don't close their client communication sockets. That behavior is intentional and is not changed by this patch.) Fix by adding an on_proc_exit function that closes the postmaster's ports explicitly, and (in 9.3 and up) reshuffling the responsibility for where to unlink the Unix socket files. Lock file unlinking can stay where it is, but teach it to unlink the lock files in reverse order of creation. 02 August 2015, 18:55:04 UTC
54f23a4 Heikki Linnakangas 02 August 2015, 17:08:10 UTC Fix race condition that lead to WALInsertLock deadlock with commit_delay. If a call to WaitForXLogInsertionsToFinish() returned a value in the middle of a page, and another backend then started to insert a record to the same page, and then you called WaitXLogInsertionsToFinish() again, the second call might return a smaller value than the first call. The problem was in GetXLogBuffer(), which always updated the insertingAt value to the beginning of the requested page, not the actual requested location. Because of that, the second call might return a xlog pointer to the beginning of the page, while the first one returned a later position on the same page. XLogFlush() performs two calls to WaitXLogInsertionsToFinish() in succession, and holds WALWriteLock on the second call, which can deadlock if the second call to WaitXLogInsertionsToFinish() blocks. Reported by Spiros Ioannou. Backpatch to 9.4, where the more scalable WALInsertLock mechanism, and this bug, was introduced. 02 August 2015, 17:08:50 UTC
9074e41 Andres Freund 31 July 2015, 18:50:35 UTC Micro optimize LWLockAttemptLock() a bit. LWLockAttemptLock pointlessly read the lock's state in every loop iteration, even though pg_atomic_compare_exchange_u32() returns the old value. Instead do that only once before the loop iteration. Additionally there's no need to have the expected_state variable, old_state mostly had the same value anyway. Noticed-By: Heikki Linnakangas Backpatch: 9.5, no reason to let the branches diverge at this point 02 August 2015, 16:41:41 UTC
27b7191 Andres Freund 31 July 2015, 18:20:43 UTC Fix issues around the "variable" support in the lwlock infrastructure. The lwlock scalability work introduced two race conditions into the lwlock variable support provided for xlog.c. First, and harmlessly on most platforms, it set/read the variable without the spinlock in some places. Secondly, due to the removal of the spinlock, it was possible that a backend missed changes to the variable's state if it changed in the wrong moment because checking the lock's state, the variable's state and the queuing are not protected by a single spinlock acquisition anymore. To fix first move resetting the variable's from LWLockAcquireWithVar to WALInsertLockRelease, via a new function LWLockReleaseClearVar. That prevents issues around waiting for a variable's value to change when a new locker has acquired the lock, but not yet set the value. Secondly re-check that the variable hasn't changed after enqueing, that prevents the issue that the lock has been released and already re-acquired by the time the woken up backend checks for the lock's state. Reported-By: Jeff Janes Analyzed-By: Heikki Linnakangas Reviewed-By: Heikki Linnakangas Discussion: 5592DB35.2060401@iki.fi Backpatch: 9.5, where the lwlock scalability went in 02 August 2015, 16:41:36 UTC
7968238 Tom Lane 02 August 2015, 00:57:41 UTC Fix some planner issues with degenerate outer join clauses. An outer join clause that didn't actually reference the RHS (perhaps only after constant-folding) could confuse the join order enforcement logic, leading to wrong query results. Also, nested occurrences of such things could trigger an Assertion that on reflection seems incorrect. Per fuzz testing by Andreas Seltenreich. The practical use of such cases seems thin enough that it's not too surprising we've not heard field reports about it. This has been broken for a long time, so back-patch to all active branches. 02 August 2015, 00:57:41 UTC
8dccf03 Tom Lane 01 August 2015, 18:31:46 UTC Teach predtest.c that "foo" implies "foo IS NOT NULL". Per complaint from Peter Holzer. It's useful to cover this special case, since for a boolean variable "foo", earlier parts of the planner will have reduced variants like "foo = true" to just "foo", and thus we may fail to recognize the applicability of a partial index with predicate "foo IS NOT NULL". Back-patch to 9.5, but not further; given the lack of previous complaints this doesn't seem like behavior to change in stable branches. 01 August 2015, 18:31:59 UTC
edf26ed Tom Lane 31 July 2015, 23:26:33 UTC Fix an oversight in checking whether a join with LATERAL refs is legal. In many cases, we can implement a semijoin as a plain innerjoin by first passing the righthand-side relation through a unique-ification step. However, one of the cases where this does NOT work is where the RHS has a LATERAL reference to the LHS; that makes the RHS dependent on the LHS so that unique-ification is meaningless. joinpath.c understood this, and so would not generate any join paths of this kind ... but join_is_legal neglected to check for the case, so it would think that we could do it. The upshot would be a "could not devise a query plan for the given query" failure once we had failed to generate any join paths at all for the bogus join pair. Back-patch to 9.3 where LATERAL was added. 31 July 2015, 23:26:33 UTC
c744619 Noah Misch 31 July 2015, 00:48:41 UTC Consolidate makefile code for setting top_srcdir, srcdir and VPATH. Responsibility was formerly split between Makefile.global and pgxs.mk. As a result of commit b58233c71b93a32fcab7219585cafc25a27eb769, in the PGXS case, these variables were unset while parsing Makefile.global and callees. Inclusion of Makefile.custom did not work from PGXS, and the subtle difference seemed like a recipe for future bugs. Back-patch to 9.4, where that commit first appeared. 31 July 2015, 00:49:18 UTC
71b66e7 Alvaro Herrera 30 July 2015, 18:19:49 UTC Fix volatility marking of commit timestamp functions They are marked stable, but since they act on instantaneous state and it is possible to consult state of transactions as they commit, the results could change mid-query. They need to be marked volatile, and this commit does so. There would normally be a catversion bump here, but this is so much a niche feature and I don't believe there's real damage from the incorrect marking, that I refrained. Backpatch to 9.5, where commit timestamps where introduced. Per note from Fujii Masao. 30 July 2015, 18:19:49 UTC
244c378 Alvaro Herrera 30 July 2015, 18:07:19 UTC Fix broken assertion in BRIN code The code was assuming that any NULL value in scan keys was due to IS NULL or IS NOT NULL, but it turns out to be possible to get them with other operators too, if they are used in contrived-enough ways. Easiest way out of the problem seems to check explicitely for the IS NOT NULL flag, instead of assuming it must be set if the IS NULL flag is not set, when a null scan key is found; if neither flag is set, follow the lead of other index AMs and assume that all indexable operators must be strict, and thus the query is never satisfiable. Also, add a comment to try and lure some future hacker into improving analysis of scan keys in brin. Per report from Andreas Seltenreich; diagnosis by Tom Lane. Backpatch to 9.5. Discussion: http://www.postgresql.org/message-id/20646.1437919632@sss.pgh.pa.us 30 July 2015, 18:07:19 UTC
7be60a2 Joe Conway 30 July 2015, 17:16:49 UTC Improve CREATE FUNCTION doc WRT to LEAKPROOF RLS interaction. Patch by Dean Rasheed. Back-patched to 9.5 where RLS was introduced. 30 July 2015, 17:16:49 UTC
23b5e72 Joe Conway 30 July 2015, 16:38:13 UTC Use appropriate command type when retrieving relation's policies. When retrieving policies, if not working on the root target relation, we actually want the relation's SELECT policies, regardless of the top level query command type. For example in UPDATE t1...FROM t2 we need to apply t1's UPDATE policies and t2's SELECT policies. Previously top level query command type was applied to all relations, which was wrong. Add some regression coverage to ensure we don't violate this principle in the future. Report and patch by Dean Rasheed. Cherry picked from larger refactoring patch and tweaked by me. Back-patched to 9.5 where RLS was introduced. 30 July 2015, 16:38:13 UTC
e91a164 Tom Lane 30 July 2015, 16:11:23 UTC Avoid some zero-divide hazards in the planner. Although I think on all modern machines floating division by zero results in Infinity not SIGFPE, we still don't want infinities running around in the planner's costing estimates; too much risk of that leading to insane behavior. grouping_planner() failed to consider the possibility that final_rel might be known dummy and hence have zero rowcount. (I wonder if it would be better to set a rows estimate of 1 for dummy relations? But at least in the back branches, changing this convention seems like a bad idea, so I'll leave that for another day.) Make certain that get_variable_numdistinct() produces a nonzero result. The case that can be shown to be broken is with stadistinct < 0.0 and small ntuples; we did not prevent the result from rounding to zero. For good luck I applied clamp_row_est() to all the nonconstant return values. In ExecChooseHashTableSize(), Assert that we compute positive nbuckets and nbatch. I know of no reason to think this isn't the case, but it seems like a good safety check. Per reports from Piotr Stefaniak. Back-patch to all active branches. 30 July 2015, 16:11:23 UTC
2e75be6 Heikki Linnakangas 30 July 2015, 11:50:51 UTC Fix calculation of latency of pgbench backslash commands. When we loop back to the top of doCustom after processing a backslash command, we must reset the "now" timestamp, because that's used to calculate the time spent executing the previous command. Report and fix by Fabien Coelho. Backpatch to 9.5, where this was broken. 30 July 2015, 11:51:08 UTC
a664d47 Noah Misch 30 July 2015, 02:49:48 UTC Blacklist xlc 32-bit inlining. Per a suggestion from Tom Lane. Back-patch to 9.0 (all supported versions). While only 9.4 and up have code known to elicit this compiler bug, we were disabling inlining by accident until commit 43d89a23d59c487bc9258fad7a6187864cb8c0c0. 30 July 2015, 02:52:43 UTC
1471c0e Noah Misch 30 July 2015, 02:49:36 UTC Remove redundant "make install" from pg_upgrade test suite. A top-level "make install" includes pg_upgrade since commit 9fa8b0ee90c44c0f97d16bf65e94322988c94864. Back-patch to 9.5, where that commit first appeared. 30 July 2015, 02:52:37 UTC
fdb8ea9 Noah Misch 30 July 2015, 02:48:56 UTC MSVC: Revert most 9.5 changes to pre-9.5 vcregress.pl tests. The reverted changes did not narrow the semantic gap between the MSVC build system and the GNU make build system. For targets old and new that run multiple suites (contribcheck, modulescheck, tapcheck), restore vcregress.pl to mimicking "make -k" rather than the "make -S" default. Lack of "-k" would be more burdensome than lack of "-S". Keep changes reflecting contemporary changes to the GNU make build system, and keep updates to Makefile parsing. Keep the loss of --psqldir in "check" and "ecpgcheck" targets; it had been a no-op when used alongside --temp-install. No log message mentioned any of the reverted changes. Based on a germ by Michael Paquier. Back-patch to 9.5. 30 July 2015, 02:52:00 UTC
95eb4b2 Noah Misch 30 July 2015, 02:48:43 UTC MSVC: Remove duplicate PATH entry in test harness. Back-patch to 9.5, where commit 4cb7d671fddc8855c8def2de51fb23df1c8ac0af introduced it. 30 July 2015, 02:51:31 UTC
f7dca86 Noah Misch 30 July 2015, 02:48:25 UTC MSVC: Future-proof installation file skip logic. This code relied on knowing exactly where in the source tree temporary installations might appear. A reasonable hacker may not think to update this code when adding use of a temporary installation, making it fragile. Observe that commit 9fa8b0ee90c44c0f97d16bf65e94322988c94864 broke it unnoticed, and commit dcae5faccab64776376d354decda0017c648bb53 fixed it unnoticed. Back-patch to 9.5 only; use of temporary installations is unlikely to change in released versions. 30 July 2015, 02:51:26 UTC
43797ed Joe Conway 29 July 2015, 22:41:00 UTC Create new ParseExprKind for use by policy expressions. Policy USING and WITH CHECK expressions were using EXPR_KIND_WHERE for parse analysis, which results in inappropriate ERROR messages when the expression contains unsupported constructs such as aggregates. Create a new ParseExprKind called EXPR_KIND_POLICY and tailor the related messages to fit. Reported by Noah Misch. Reviewed by Dean Rasheed, Alvaro Herrera, and Robert Haas. Back-patch to 9.5 where RLS was introduced. 29 July 2015, 22:41:00 UTC
3ef1a68 Tom Lane 29 July 2015, 17:27:15 UTC Add some test coverage of EvalPlanQual with non-locked tables. A Salesforce colleague of mine griped that the regression tests don't exercise EvalPlanQualFetchRowMarks() and allied routines. Which is a fair complaint. Add test cases that go through the REFERENCE and COPY code paths. Unfortunately we don't have sufficient infrastructure right now to exercise the FDW code path in the isolation tests, but this is surely better than before. 29 July 2015, 17:27:57 UTC
0bfbf14 Joe Conway 29 July 2015, 16:39:28 UTC Add missing post create and alter hooks to policy objects. AlterPolicy() and CreatePolicy() lacked their respective hook invocations. Noted by Noah Misch, review by Dean Rasheed. Back-patch to 9.5 where RLS was introduced. 29 July 2015, 16:39:28 UTC
81191f6 Andres Freund 29 July 2015, 08:14:32 UTC Remove outdated comment in LWLockDequeueSelf's header. Noticed-By: Robert Haas Backpatch: 9.5, where the function was added 29 July 2015, 08:14:32 UTC
6f1789a Heikki Linnakangas 29 July 2015, 07:55:43 UTC Fix typo in comment. Amit Langote 29 July 2015, 07:57:35 UTC
d7f0bb8 Tom Lane 29 July 2015, 00:00:13 UTC Prevent platform-dependent output row ordering in a new test query. Buildfarm indicates this is necessary. 29 July 2015, 00:00:20 UTC
cab2377 Tom Lane 28 July 2015, 23:55:59 UTC Suppress "variable may be used uninitialized" warning. Also re-pgindent, just because I'm a neatnik. 28 July 2015, 23:56:04 UTC
344703b Joe Conway 28 July 2015, 23:24:09 UTC Disallow converting a table to a view if row security is present. When DefineQueryRewrite() is about to convert a table to a view, it checks the table for features unavailable to views. For example, it rejects tables having triggers. It omits to reject tables having relrowsecurity or a pg_policy record. Fix that. To faciliate the repair, invent relation_has_policies() which indicates the presence of policies on a relation even when row security is disabled for that relation. Reported by Noah Misch. Patch by me, review by Stephen Frost. Back-patch to 9.5 where RLS was introduced. 28 July 2015, 23:24:09 UTC
992c9d3 Joe Conway 28 July 2015, 23:01:56 UTC Create a pg_shdepend entry for each role in TO clause of policies. CreatePolicy() and AlterPolicy() omit to create a pg_shdepend entry for each role in the TO clause. Fix this by creating a new shared dependency type called SHARED_DEPENDENCY_POLICY and assigning it to each role. Reported by Noah Misch. Patch by me, reviewed by Alvaro Herrera. Back-patch to 9.5 where RLS was introduced. 28 July 2015, 23:01:56 UTC
28b11bd Tom Lane 28 July 2015, 22:42:59 UTC Update our documentation concerning where to create data directories. Although initdb has long discouraged use of a filesystem mount-point directory as a PG data directory, this point was covered nowhere in the user-facing documentation. Also, with the popularity of pg_upgrade, we really need to recommend that the PG user own not only the data directory but its parent directory too. (Without a writable parent directory, operations such as "mv data data.old" fail immediately. pg_upgrade itself doesn't do that, but wrapper scripts for it often do.) Hence, adjust the "Creating a Database Cluster" section to address these points. I also took the liberty of wordsmithing the discussion of NFS a bit. These considerations aren't by any means new, so back-patch to all supported branches. 28 July 2015, 22:43:33 UTC
40a50a1 Andrew Dunstan 28 July 2015, 21:54:13 UTC Only adjust negative indexes in json_get up to the length of the path. The previous code resulted in memory access beyond the path bounds. The cure is to move it into a code branch that checks the value of lex_level is within the correct bounds. Bug reported and diagnosed by Piotr Stefaniak. 28 July 2015, 21:59:13 UTC
116be6c Tom Lane 28 July 2015, 21:34:00 UTC Reduce chatter from signaling of autovacuum workers. Don't print a WARNING if we get ESRCH from a kill() that's attempting to cancel an autovacuum worker. It's possible (and has been seen in the buildfarm) that the worker is already gone by the time we are able to execute the kill, in which case the failure is harmless. About the only plausible reason for reporting such cases would be to help debug corrupted lock table contents, but this is hardly likely to be the most important symptom if that happens. Moreover issuing a WARNING might scare users more than is warranted. Also, since sending a signal to an autovacuum worker is now entirely a routine thing, and the worker will log the query cancel on its end anyway, reduce the message saying we're doing that from LOG to DEBUG1 level. Very minor cosmetic cleanup as well. Since the main practical reason for doing this is to avoid unnecessary buildfarm failures, back-patch to all active branches. 28 July 2015, 21:34:00 UTC
cfa928f Joe Conway 28 July 2015, 20:21:37 UTC Plug RLS related information leak in pg_stats view. The pg_stats view is supposed to be restricted to only show rows about tables the user can read. However, it sometimes can leak information which could not otherwise be seen when row level security is enabled. Fix that by not showing pg_stats rows to users that would be subject to RLS on the table the row is related to. This is done by creating/using the newly introduced SQL visible function, row_security_active(). Along the way, clean up three call sites of check_enable_rls(). The second argument of that function should only be specified as other than InvalidOid when we are checking as a different user than the current one, as in when querying through a view. These sites were passing GetUserId() instead of InvalidOid, which can cause the function to return incorrect results if the current user has the BYPASSRLS privilege and row_security has been set to OFF. Additionally fix a bug causing RI Trigger error messages to unintentionally leak information when RLS is enabled, and other minor cleanup and improvements. Also add WITH (security_barrier) to the definition of pg_stats. Bumped CATVERSION due to new SQL functions and pg_stats view definition. Back-patch to 9.5 where RLS was introduced. Reported by Yaroslav. Patch by Joe Conway and Dean Rasheed with review and input by Michael Paquier and Stephen Frost. 28 July 2015, 20:21:37 UTC
6087d95 Andres Freund 28 July 2015, 19:39:32 UTC Remove ssl renegotiation support. While postgres' use of SSL renegotiation is a good idea in theory, it turned out to not work well in practice. The specification and openssl's implementation of it have lead to several security issues. Postgres' use of renegotiation also had its share of bugs. Additionally OpenSSL has a bunch of bugs around renegotiation, reported and open for years, that regularly lead to connections breaking with obscure error messages. We tried increasingly complex workarounds to get around these bugs, but we didn't find anything complete. Since these connection breakages often lead to hard to debug problems, e.g. spuriously failing base backups and significant latency spikes when synchronous replication is used, we have decided to change the default setting for ssl renegotiation to 0 (disabled) in the released backbranches and remove it entirely in 9.5 and master. Author: Andres Freund Discussion: 20150624144148.GQ4797@alap3.anarazel.de Backpatch: 9.5 and master, 9.0-9.4 get a different patch 28 July 2015, 20:06:31 UTC
da7db24 Andrew Dunstan 28 July 2015, 20:04:05 UTC Make tap tests store postmaster logs and handle vpaths correctly Given this it is possible that the buildfarm animals running these tests will be able to capture adequate logging to allow diagnosis of failures. 28 July 2015, 20:04:05 UTC
f7cdc51 Tom Lane 28 July 2015, 17:20:39 UTC Remove an unsafe Assert, and explain join_clause_is_movable_into() better. join_clause_is_movable_into() is approximate, in the sense that it might sometimes return "false" when actually it would be valid to push the given join clause down to the specified level. This is okay ... but there was an Assert in get_joinrel_parampathinfo() that's only safe if the answers are always exact. Comment out the Assert, and add a bunch of commentary to clarify what's going on. Per fuzz testing by Andreas Seltenreich. The added regression test is a pretty silly query, but it's based on his crasher example. Back-patch to 9.2 where the faulty logic was introduced. 28 July 2015, 17:21:13 UTC
fa4a4df Andrew Dunstan 28 July 2015, 16:22:21 UTC Improve logging of TAP tests. Create a log file for each test run. Stdout and stderr of the test script, as well as any subprocesses run as part of the test, are redirected to the log file. This makes it a lot easier to debug test failures. Also print the test output (ok 12 - ... messages) to the log file, and the command line of any external programs executed with the system_or_bail and run_log functions. This makes it a lot easier to debug failing tests. Modify some of the pg_ctl and other command invocations to not use 'silent' or 'quiet' options, and don't redirect output to /dev/null, so that you get all the information in the log instead. In the passing, construct some command lines in a way that works if $tempdir contains quote-characters. I haven't systematically gone through all of them or tested that, so I don't know if this is enough to make that work. pg_rewind tests had a custom mechanism for creating a similar log file. Use the new generic facility instead. Michael Paquier and Heikki Linnakangas. This is a backpatch of Heikki's commit 1ea06203b82b98b5098808667f6ba652181ef5b2. 28 July 2015, 16:22:21 UTC
beebb25 Heikki Linnakangas 28 July 2015, 06:05:46 UTC Another attempt at fixing memory leak in xlogreader. max_block_id is also reset between reading records. Michael Paquier 28 July 2015, 06:09:00 UTC
510aad3 Joe Conway 28 July 2015, 03:24:27 UTC Fix pg_dump output of policies. pg_dump neglected to wrap parenthesis around USING and WITH CHECK expressions -- fixed. Reported by Noah Misch. 28 July 2015, 03:24:27 UTC
5d179a2 Stephen Frost 27 July 2015, 20:48:26 UTC Improve RLS handling in copy.c To avoid a race condition where the relation being COPY'd could be changed into a view or otherwise modified, keep the original lock on the relation. Further, fully qualify the relation when building the query up. Also remove the poorly thought-out Assert() and check the entire relationOids list as, post-RLS, there can certainly be multiple relations involved and the planner does not guarantee their ordering. Per discussion with Noah and Andres. Back-patch to 9.5 where RLS was introduced. 27 July 2015, 20:49:07 UTC
cb0bb53 Tom Lane 27 July 2015, 20:29:14 UTC Further code review for pg_stat_ssl patch. Fix additional bogosity in commit 9029f4b37406b21a. Include the BackendSslStatusBuffer in the BackendStatusShmemSize calculation, avoid ugly and error-prone casts to char* and back, put related code stanzas into a consistent order (and fix a couple of previous instances of that sin). All cosmetic except for the size oversight. 27 July 2015, 20:29:25 UTC
f3cf8b6 Tom Lane 27 July 2015, 19:58:46 UTC Fix pointer-arithmetic thinko in pg_stat_ssl patch. Nasty memory-stomp bug in commit 9029f4b37406b21a. It's not apparent how this survived even cursory testing :-(. Per report from Peter Holzer. 27 July 2015, 19:59:00 UTC
1b7f125 Heikki Linnakangas 27 July 2015, 18:48:51 UTC Don't assume that 'char' is signed. On some platforms, notably ARM and PowerPC, 'char' is unsigned by default. This fixes an assertion failure at WAL replay on such platforms. Reported by Noah Misch. Backpatch to 9.5, where this was broken. 27 July 2015, 18:51:49 UTC
d09c873 Heikki Linnakangas 27 July 2015, 17:38:44 UTC Fix memory leaks in pg_rewind. Several PQclear() calls were missing. Originally reported by Vladimir Borodin in the pg_rewind github project, patch by Michael Paquier. 27 July 2015, 17:39:12 UTC
9c88e06 Heikki Linnakangas 27 July 2015, 15:54:09 UTC Don't assume that PageIsEmpty() returns true on an all-zeros page. It does currently, and I don't see us changing that any time soon, but we don't make that assumption anywhere else. Per Tom Lane's suggestion. Backpatch to 9.2, like the previous patch that added this assumption. 27 July 2015, 15:54:27 UTC
03a0a35 Heikki Linnakangas 27 July 2015, 15:27:27 UTC Fix memory leak in xlogreader facility. XLogReaderFree failed to free the per-block data buffers, when they happened to not be used by the latest read WAL record. Michael Paquier. Backpatch to 9.5, where the per-block buffers were added. 27 July 2015, 15:30:27 UTC
202aea6 Heikki Linnakangas 27 July 2015, 09:30:26 UTC Reuse all-zero pages in GIN. In GIN, an all-zeros page would be leaked forever, and never reused. Just add them to the FSM in vacuum, and they will be reinitialized when grabbed from the FSM. On master and 9.5, attempting to access the page's opaque struct also caused an assertion failure, although that was otherwise harmless. Reported by Jeff Janes. Backpatch to all supported versions. 27 July 2015, 09:31:05 UTC
2fa8ba3 Heikki Linnakangas 27 July 2015, 09:28:21 UTC Fix handling of all-zero pages in SP-GiST vacuum. SP-GiST initialized an all-zeros page at vacuum, but that was not WAL-logged, which is not safe. You might get a torn page write, when it gets flushed to disk, and end-up with a half-initialized index page. To fix, leave it in the all-zeros state, and add it to the FSM. It will be initialized when reused. Also don't set the page-deleted flag when recycling an empty page. That was also not WAL-logged, and a torn write of that would cause the page to have an invalid checksum. Backpatch to 9.2, where SP-GiST indexes were added. 27 July 2015, 09:31:05 UTC
6a0a388 Heikki Linnakangas 27 July 2015, 09:24:27 UTC Avoid calling PageGetSpecialPointer() on an all-zeros page. That was otherwise harmless, but tripped the new assertion in PageGetSpecialPointer(). Reported by Amit Langote. Backpatch to 9.5, where the assertion was added. 27 July 2015, 09:31:05 UTC
dd20a97 Heikki Linnakangas 27 July 2015, 08:46:11 UTC Remove false comment about speculative insertion. There is no full discussion of speculative insertions in the executor README. There is a high-level explanation in execIndexing.c, but it doesn't seem necessary to refer it from here. Peter Geoghegan 27 July 2015, 08:46:33 UTC
8fb61e0 Tom Lane 26 July 2015, 21:44:27 UTC Fix oversight in flattening of subqueries with empty FROM. I missed a restriction that commit f4abd0241de20d5d6a79b84992b9e88603d44134 should have enforced: we can't pull up an empty-FROM subquery if it's under an outer join, because then we'd need to wrap its output columns in PlaceHolderVars. As the code currently stands, the PHVs end up with empty relid sets, which doesn't work (and is correctly caught by an Assert). It's possible that this could be fixed by assigning the PHVs the relid sets of the parent FromExpr/JoinExpr, but getting that to work is more complication than I care to add right now; indeed it's likely that we'll never bother, since pulling up empty-FROM subqueries is a rather marginal optimization anyway. Per report from Andreas Seltenreich. Back-patch to 9.5 where the faulty code was added. 26 July 2015, 21:44:27 UTC
7481c6c Tom Lane 26 July 2015, 20:19:08 UTC Make entirely-dummy appendrels get marked as such in set_append_rel_size. The planner generally expects that the estimated rowcount of any relation is at least one row, *unless* it has been proven empty by constraint exclusion or similar mechanisms, which is marked by installing a dummy path as the rel's cheapest path (cf. IS_DUMMY_REL). When I split up allpaths.c's processing of base rels into separate set_base_rel_sizes and set_base_rel_pathlists steps, the intention was that dummy rels would get marked as such during the "set size" step; this is what justifies an Assert in indxpath.c's get_loop_count that other relations should either be dummy or have positive rowcount. Unfortunately I didn't get that quite right for append relations: if all the child rels have been proven empty then set_append_rel_size would come up with a rowcount of zero, which is correct, but it didn't then do set_dummy_rel_pathlist. (We would have ended up with the right state after set_append_rel_pathlist, but that's too late, if we generate indexpaths for some other rel first.) In addition to fixing the actual bug, I installed an Assert enforcing this convention in set_rel_size; that then allows simplification of a couple of now-redundant tests for zero rowcount in set_append_rel_size. Also, to cover the possibility that third-party FDWs have been careless about not returning a zero rowcount estimate, apply clamp_row_est to whatever an FDW comes up with as the rows estimate. Per report from Andreas Seltenreich. Back-patch to 9.2. Earlier branches did not have the separation between set_base_rel_sizes and set_base_rel_pathlists steps, so there was no intermediate state where an appendrel would have had inconsistent rowcount and pathlist. It's possible that adding the Assert to set_rel_size would be a good idea in older branches too; but since they're not under development any more, it's likely not worth the trouble. 26 July 2015, 20:19:08 UTC
13d0053 Andres Freund 26 July 2015, 16:20:41 UTC Check the relevant index element in ON CONFLICT unique index inference. ON CONFLICT unique index inference had a thinko that could affect cases where the user-supplied inference clause required that an attribute match a particular (user specified) collation and/or opclass. infer_collation_opclass_match() has to check for opclass and/or collation matches and that the attribute is in the list of attributes or expressions known to be in the definition of the index under consideration. The bug was that these two conditions weren't necessarily evaluated for the same index attribute. Author: Peter Geoghegan Discussion: CAM3SWZR4uug=WvmGk7UgsqHn2MkEzy9YU-+8jKGO4JPhesyeWg@mail.gmail.com Backpatch: 9.5, where ON CONFLICT was introduced 26 July 2015, 16:20:48 UTC
b17ae36 Andres Freund 26 July 2015, 14:37:49 UTC Fix flattening of nested grouping sets. Previously nested grouping set specifications accidentally weren't flattened, but instead contained the nested specification as a element in the outer list. Fix this by, as actually documented in comments, concatenating the nested set specification into the outer one. Also add tests to prevent this from breaking again. Author: Andrew Gierth, with tests from Jeevan Chalke Reported-By: Jeevan Chalke Discussion: CAM2+6=V5YvuxB+EyN4iH=GbD-XTA435TCNvnDFSD--YvXs+pww@mail.gmail.com Backpatch: 9.5, where grouping sets were introduced 26 July 2015, 14:53:13 UTC
29e4455 Andres Freund 26 July 2015, 13:56:26 UTC Allow to push down clauses from HAVING to WHERE when grouping sets are used. Previously we disallowed pushing down quals to WHERE in the presence of grouping sets. That's overly restrictive. We now instead copy quals to WHERE if applicable, leaving the one in HAVING in place. That's because, at that stage of the planning process, it's nontrivial to determine if it's safe to remove the one in HAVING. Author: Andrew Gierth Discussion: 874mkt3l59.fsf@news-spur.riddles.org.uk Backpatch: 9.5, where grouping sets were introduced. This isn't exactly a bugfix, but it seems better to keep the branches in sync at this point. 26 July 2015, 14:53:13 UTC
3500d1c Andres Freund 26 July 2015, 13:34:29 UTC Recognize GROUPING() as a aggregate expression. Previously GROUPING() was not recognized as a aggregate expression, erroneously allowing the planner to move it from HAVING to WHERE. Author: Jeevan Chalke Reviewed-By: Andrew Gierth Discussion: CAM2+6=WG9omG5rFOMAYBweJxmpTaapvVp5pCeMrE6BfpCwr4Og@mail.gmail.com Backpatch: 9.5, where grouping sets were introduced 26 July 2015, 14:53:13 UTC
65b86c1 Andres Freund 26 July 2015, 13:17:44 UTC Build column mapping for grouping sets in all required cases. The previous coding frequently failed to fail because for one it's unusual to have rollup clauses with one column, and for another sometimes the wrong mapping didn't cause obvious problems. Author: Jeevan Chalke Reviewed-By: Andrew Gierth Discussion: CAM2+6=W=9=hQOipH0HAPbkun3Z3TFWij_EiHue0_6UX=oR=1kw@mail.gmail.com Backpatch: 9.5, where grouping sets were introduced 26 July 2015, 14:53:12 UTC
60624f4 Joe Conway 26 July 2015, 00:46:33 UTC Improve markup for row_security. Wrap the literals on, off, force, and BYPASSRLS with appropriate markup. Per Kevin Grittner. 26 July 2015, 00:46:33 UTC
d5b132b Tom Lane 25 July 2015, 23:42:32 UTC Dodge portability issue (apparent compiler bug) in new tablesample code. Some of the older OS X critters in the buildfarm are failing regression, with symptoms showing that a request for 100% sampling in BERNOULLI or SYSTEM methods actually gets only around 50% of the table. gdb revealed that the computation of the "cutoff" number was producing 0x7FFFFFFF rather than the expected 0x100000000. Inspecting the assembly code, it looks like gcc is trying to use lrint() instead of rint() and then fumbling the conversion from long double to uint64. This seems like a clear compiler bug, but assigning the intermediate result into a plain double variable works around it, so let's just do that. (Another idea would be to give up one bit of hash width so that we don't need to use a uint64 cutoff, but let's see if this is enough.) 25 July 2015, 23:42:44 UTC
0801245 Andrew Dunstan 25 July 2015, 21:14:36 UTC Restore use of zlib default compression in pg_dump directory mode. This was broken by commit 0e7e355f27302b62af3e1add93853ccd45678443 and friends, which ignored the fact that gzopen() will treat "-1" in the mode argument as an invalid character, which it ignores, and a flag for compression level 1. Now, when this value is encountered no compression level flag is passed to gzopen, leaving it to use the zlib default. Also, enforce the documented allowed range for pg_dump's -Z option, namely 0 .. 9, and remove some consequently dead code from pg_backup_tar.c. Problem reported by Marc Mamin. Backpatch to 9.1, like the patch that introduced the bug. 25 July 2015, 21:15:32 UTC
62005e9 Tom Lane 25 July 2015, 20:37:12 UTC Some platforms now need contrib/tsm_system_time to be linked with libm. Buildfarm member hornet, at least, seems to want -lm in the link command. Probably this is due to the just-added use of isnan(). 25 July 2015, 20:37:22 UTC
8722186 Tom Lane 25 July 2015, 19:58:14 UTC In pg_ctl, report unexpected failure to stat() the postmaster.pid file. Any error other than ENOENT is a bit suspicious here, and perhaps should not be grounds for assuming the postmaster has failed. For the moment though, just report it, and don't change the behavior otherwise. The intent is mainly to try to determine why we are seeing intermittent failures in this area on some buildfarm members. Back-patch to 9.5 where some of these failures have happened. 25 July 2015, 19:58:14 UTC
68c3549 Tom Lane 25 July 2015, 19:46:26 UTC Update oidjoins regression test for 9.5. New FK relationships for pg_transform. Also findoidjoins now detects a few relationships it didn't before for pre-existing catalogs, as a result of new regression tests leaving entries in those catalogs that weren't there before. 25 July 2015, 19:46:26 UTC
6fcb337 Tom Lane 25 July 2015, 18:39:00 UTC Redesign tablesample method API, and do extensive code review. The original implementation of TABLESAMPLE modeled the tablesample method API on index access methods, which wasn't a good choice because, without specialized DDL commands, there's no way to build an extension that can implement a TSM. (Raw inserts into system catalogs are not an acceptable thing to do, because we can't undo them during DROP EXTENSION, nor will pg_upgrade behave sanely.) Instead adopt an API more like procedural language handlers or foreign data wrappers, wherein the only SQL-level support object needed is a single handler function identified by having a special return type. This lets us get rid of the supporting catalog altogether, so that no custom DDL support is needed for the feature. Adjust the API so that it can support non-constant tablesample arguments (the original coding assumed we could evaluate the argument expressions at ExecInitSampleScan time, which is undesirable even if it weren't outright unsafe), and discourage sampling methods from looking at invisible tuples. Make sure that the BERNOULLI and SYSTEM methods are genuinely repeatable within and across queries, as required by the SQL standard, and deal more honestly with methods that can't support that requirement. Make a full code-review pass over the tablesample additions, and fix assorted bugs, omissions, infelicities, and cosmetic issues (such as failure to put the added code stanzas in a consistent ordering). Improve EXPLAIN's output of tablesample plans, too. Back-patch to 9.5 so that we don't have to support the original API in production. 25 July 2015, 18:39:00 UTC
7d4240d Joe Conway 24 July 2015, 19:56:25 UTC Make RLS work with UPDATE ... WHERE CURRENT OF UPDATE ... WHERE CURRENT OF would not work in conjunction with RLS. Arrange to allow the CURRENT OF expression to be pushed down. Issue noted by Peter Geoghegan. Patch by Dean Rasheed. Back patch to 9.5 where RLS was introduced. 24 July 2015, 19:56:25 UTC
016f28a Andrew Dunstan 24 July 2015, 13:40:46 UTC Fix treatment of nulls in jsonb_agg and jsonb_object_agg The wrong is_null flag was being passed to datum_to_json. Also, null object key values are not permitted, and this was not being checked for. Add regression tests covering these cases, and also add those tests to the json set, even though it was doing the right thing. Fixes bug #13514, initially diagnosed by Tom Lane. 24 July 2015, 13:47:27 UTC
bb0203f Andres Freund 24 July 2015, 09:48:53 UTC Fix bug around assignment expressions containing indirections. Handling of assigned-to expressions with indirection (e.g. set f1[1] = 3) was broken for ON CONFLICT DO UPDATE. The problem was that ParseState was consulted to determine if an INSERT-appropriate or UPDATE-appropriate behavior should be used when transforming expressions with indirections. When the wrong path was taken the old row was substituted with NULL, leading to wrong results.. To fix remove p_is_update and only use p_is_insert to decide how to transform the assignment expression, and uset p_is_insert while parsing the on conflict statement. This isn't particularly pretty, but it's not any worse than before. Author: Peter Geoghegan, slightly edited by me Discussion: CAM3SWZS8RPvA=KFxADZWw3wAHnnbxMxDzkEC6fNaFc7zSm411w@mail.gmail.com Backpatch: 9.5, where the feature was introduced 24 July 2015, 09:52:22 UTC
fbf8dc2 Andrew Dunstan 23 July 2015, 13:44:20 UTC Redirect install output of make check into a log file dbf2ec1a changed make check so that the installation logs get directed to stdout and stderr. Per discussion on -hackers, this patch restores saving it to a file. It is now saved in /tmp_install/log, which is created once per invocation of any make target doing regression tests. Along the way, add a missing /log/ entry to test_ddl_deparse's .gitignore. Michael Paquier. 23 July 2015, 13:53:46 UTC
a9b3a22 Heikki Linnakangas 22 July 2015, 22:30:07 UTC Fix off-by-one error in calculating subtrans/multixact truncation point. If there were no subtransactions (or multixacts) active, we would calculate the oldestxid == next xid. That's correct, but if next XID happens to be on the next pg_subtrans (pg_multixact) page, the page does not exist yet, and SimpleLruTruncate will produce an "apparent wraparound" warning. The warning is harmless in this case, but looks very alarming to users. Backpatch to all supported versions. Patch and analysis by Thomas Munro. 22 July 2015, 22:30:07 UTC
41ae3b7 Tom Lane 22 July 2015, 00:03:58 UTC Fix add_rte_to_flat_rtable() for recent feature additions. The TABLESAMPLE and row security patches each overlooked this function, though their errors of omission were opposite: RLS failed to zero out the securityQuals field, leading to wasteful copying of useless expression trees in finished plans, while TABLESAMPLE neglected to add a comment saying that it intentionally *isn't* deleting the tablesample subtree. There probably should be a similar comment about ctename, too. Back-patch as appropriate. 22 July 2015, 00:03:58 UTC
35ac618 Tom Lane 21 July 2015, 17:38:24 UTC Fix some oversights in BRIN patch. Remove HeapScanDescData.rs_initblock, which wasn't being used for anything in the final version of the patch. Fix IndexBuildHeapScan so that it supports syncscan again; the patch broke synchronous scanning for index builds by forcing rs_startblk to zero even when the caller did not care about that and had asked for syncscan. Add some commentary and usage defenses to heap_setscanlimits(). Fix heapam so that asking for rs_numblocks == 0 does what you would reasonably expect. As coded it amounted to requesting a whole-table scan, because those "--x <= 0" tests on an unsigned variable would behave surprisingly. 21 July 2015, 17:38:24 UTC
29f171c Andrew Dunstan 21 July 2015, 13:53:16 UTC Fix location of output logs of pg_regress initdb.log and postmaster.log were moved to within the temporary instance path by commit dcae5fa. This directory now gets removed at the end of the run of pg_regress when there are no failures found, which makes analysis of after-run issues difficult in some cases, and reduces the output verbosity of the buildfarm after a run. Fix by Michael Paquier Backpatch to 9.5 21 July 2015, 13:57:50 UTC
d6ec181 Alvaro Herrera 21 July 2015, 11:20:53 UTC Fix omission of OCLASS_TRANSFORM in object_classes[] This was forgotten in cac76582053e (and its fixup ad89a5d115). Since it seems way too easy to miss this, this commit also introduces a mechanism to enforce that the array is consistent with the enum. Problem reported independently by Robert Haas and Jaimin Pan. Patches proposed by Jaimin Pan, Jim Nasby, Michael Paquier and myself, though I didn't use any of these and instead went with a cleaner approach suggested by Tom Lane. Backpatch to 9.5. Discussion: https://www.postgresql.org/message-id/CA+Tgmoa6SgDaxW_n_7SEhwBAc=mniYga+obUj5fmw4rU9_mLvA@mail.gmail.com https://www.postgresql.org/message-id/29788.1437411581@sss.pgh.pa.us 21 July 2015, 11:20:53 UTC
e015c3e Heikki Linnakangas 20 July 2015, 13:02:28 UTC Sanity-check that a page zeroed by redo routine is marked with WILL_INIT. There was already a sanity-check in the other direction: if a page was marked with WILL_INIT, it had to be initialized by the redo routine. It's not strictly necessary for correctness that a page is marked with WILL_INIT if it's going to be initialized at redo, but it's a missed optimization if nothing else. Fix a few instances of this issue in SP-GiST, where a block in WAL record was not marked with WILL_INIT, but was in fact always initialized at redo. We were creating a full-page image of the page unnecessarily in those cases. Backpatch to 9.5, where the new WILL_INIT flag was added. 20 July 2015, 19:34:18 UTC
869eb84 Alvaro Herrera 20 July 2015, 16:47:15 UTC Don't handle PUBLIC/NONE separately Since those role specifiers are checked in the grammar, there's no need for the old checks to remain in place after 31eae6028ec. Remove them. Backpatch to 9.5. Noted and patch by Jeevan Chalke 20 July 2015, 16:47:15 UTC
691c32f Alvaro Herrera 20 July 2015, 13:37:17 UTC Improve tab-completion for DROP POLICY Backpatch to 9.5. Author: Pavel Stěhule 20 July 2015, 13:37:17 UTC
b0b6f8d Alvaro Herrera 20 July 2015, 12:18:08 UTC Fix (some of) pltcl memory usage As reported by Bill Parker, PL/Tcl did not validate some malloc() calls against NULL return. Fix by using palloc() in a new long-lived memory context instead. This allows us to simplify error handling too, by simply deleting the memory context instead of doing retail frees. There's still a lot that could be done to improve PL/Tcl's memory handling ... This is pretty ancient, so backpatch all the way back. Author: Michael Paquier and Álvaro Herrera Discussion: https://www.postgresql.org/message-id/CAFrbyQwyLDYXfBOhPfoBGqnvuZO_Y90YgqFM11T2jvnxjLFmqw@mail.gmail.com 20 July 2015, 12:18:08 UTC
38b03ca Alvaro Herrera 20 July 2015, 10:16:40 UTC Improve BRIN documentation somewhat This removes some info about support procedures being used, which was obsoleted by commit db5f98ab4f, as well as add some more documentation on how to create new opclasses using the Minmax infrastructure. (Hopefully we can get something similar for Inclusion as well.) In passing, fix some obsolete mentions of "mmtuples" in source code comments. Backpatch to 9.5, where BRIN was introduced. 20 July 2015, 10:16:40 UTC
b2f01a7 Alvaro Herrera 20 July 2015, 09:59:31 UTC Fix mis-merge in previous commit 20 July 2015, 09:59:31 UTC
f1f3434 Alvaro Herrera 20 July 2015, 09:20:40 UTC Add some comments to test_ddl_deparse and a README Per comments from Heikki Linnakangas. Backpatch to 9.5, where this module was introduced. 20 July 2015, 09:20:40 UTC
e66e319 Heikki Linnakangas 20 July 2015, 07:19:22 UTC Handle AT_ReAddComment in test_ddl_deparse, and add a catch-all default. In the passing, also move AT_ReAddComment to more logical position in the enum, after all the Constraint-related subcommands. This fixes a compiler warning, added by commit e42375fc. Backpatch to 9.5, like that patch. 20 July 2015, 07:27:01 UTC
0ed1e57 Andrew Dunstan 19 July 2015, 17:19:38 UTC Remove dead code. Defect noticed by Coverity. 19 July 2015, 17:20:45 UTC
fd735e9 Tom Lane 18 July 2015, 15:47:13 UTC Make WaitLatchOrSocket's timeout detection more robust. In the previous coding, timeout would be noticed and reported only when poll() or socket() returned zero (or the equivalent behavior on Windows). Ordinarily that should work well enough, but it seems conceivable that we could get into a state where poll() always returns a nonzero value --- for example, if it is noticing a condition on one of the file descriptors that we do not think is reason to exit the loop. If that happened, we'd be in a busy-wait loop that would fail to terminate even when the timeout expires. We can make this more robust at essentially no cost, by deciding to exit of our own accord if we compute a zero or negative time-remaining-to-wait. Previously the code noted this but just clamped the time-remaining to zero, expecting that we'd detect timeout on the next loop iteration. Back-patch to 9.2. While 9.1 had a version of WaitLatchOrSocket, it was primitive compared to later versions, and did not guarantee reliable detection of timeouts anyway. (Essentially, this is a refinement of commit 3e7fdcffd6f77187, which was back-patched only as far as 9.2.) 18 July 2015, 15:47:13 UTC
d27fad7 Andrew Dunstan 18 July 2015, 14:09:04 UTC Enable transforms modules to build and test on Cygwin. This still doesn't work correctly with Python 3, but I am committing this so we can get Cygwin buildfarm members building with Python 2. 18 July 2015, 14:11:33 UTC
0beef5a Andrew Dunstan 18 July 2015, 01:08:03 UTC Release note compatibility item Note that json and jsonb extraction operators no longer consider a negative subscript to be invalid. 18 July 2015, 01:08:03 UTC
89ddd29 Andrew Dunstan 18 July 2015, 00:56:13 UTC Support JSON negative array subscripts everywhere Previously, there was an inconsistency across json/jsonb operators that operate on datums containing JSON arrays -- only some operators supported negative array count-from-the-end subscripting. Specifically, only a new-to-9.5 jsonb deletion operator had support (the new "jsonb - integer" operator). This inconsistency seemed likely to be counter-intuitive to users. To fix, allow all places where the user can supply an integer subscript to accept a negative subscript value, including path-orientated operators and functions, as well as other extraction operators. This will need to be called out as an incompatibility in the 9.5 release notes, since it's possible that users are relying on certain established extraction operators changed here yielding NULL in the event of a negative subscript. For the json type, this requires adding a way of cheaply getting the total JSON array element count ahead of time when parsing arrays with a negative subscript involved, necessitating an ad-hoc lex and parse. This is followed by a "conversion" from a negative subscript to its equivalent positive-wise value using the count. From there on, it's as if a positive-wise value was originally provided. Note that there is still a minor inconsistency here across jsonb deletion operators. Unlike the aforementioned new "-" deletion operator that accepts an integer on its right hand side, the new "#-" path orientated deletion variant does not throw an error when it appears like an array subscript (input that could be recognized by as an integer literal) is being used on an object, which is wrong-headed. The reason for not being stricter is that it could be the case that an object pair happens to have a key value that looks like an integer; in general, these two possibilities are impossible to differentiate with rhs path text[] argument elements. However, we still don't allow the "#-" path-orientated deletion operator to perform array-style subscripting. Rather, we just return the original left operand value in the event of a negative subscript (which seems analogous to how the established "jsonb/json #> text[]" path-orientated operator may yield NULL in the event of an invalid subscript). In passing, make SetArrayPath() stricter about not accepting cases where there is trailing non-numeric garbage bytes rather than a clean NUL byte. This means, for example, that strings like "10e10" are now not accepted as an array subscript of 10 by some new-to-9.5 path-orientated jsonb operators (e.g. the new #- operator). Finally, remove dead code for jsonb subscript deletion; arguably, this should have been done in commit b81c7b409. Peter Geoghegan and Andrew Dunstan 18 July 2015, 01:06:39 UTC
9a5f369 Tom Lane 17 July 2015, 19:53:10 UTC Repair mishandling of cached cast-expression trees in plpgsql. In commit 1345cc67bbb014209714af32b5681b1e11eaf964, I introduced caching of expressions representing type-cast operations into plpgsql. However, I supposed that I could cache both the expression trees and the evaluation state trees derived from them for the life of the session. This doesn't work, because we execute the expressions in plpgsql's simple_eval_estate, which has an ecxt_per_query_memory that is only transaction-lifespan. Therefore we can end up putting pointers into the evaluation state tree that point to transaction-lifespan memory; in particular this happens if the cast expression calls a SQL-language function, as reported by Geoff Winkless. The minimum-risk fix seems to be to treat the state trees the same way we do for "simple expression" trees in plpgsql, ie create them in the simple_eval_estate's ecxt_per_query_memory, which means recreating them once per transaction. Since I had to introduce bookkeeping overhead for that anyway, I bought back some of the added cost by sharing the read-only expression trees across all functions in the session, instead of using a per-function table as originally. The simple-expression bookkeeping takes care of the recursive-usage risk that I was concerned about avoiding before. At some point we should take a harder look at how all this works, and see if we can't reduce the amount of tree reinitialization needed. But that won't happen for 9.5. 17 July 2015, 19:53:10 UTC
eb3b93b Noah Misch 17 July 2015, 07:01:14 UTC AIX: Test the -qlonglong option before use. xlc provides "long long" unconditionally at C99-compatible language levels, and this option provokes a warning. The warning interferes with "configure" tests that fail in response to any warning. Notably, before commit 85a2a8903f7e9151793308d0638621003aded5ae, it interfered with the test for -qnoansialias. Back-patch to 9.0 (all supported versions). 17 July 2015, 07:01:29 UTC
back to top