| 9acedf8 | Tom Lane | 09 June 2008, 00:16:58 UTC | tag 7.4.21 | 09 June 2008, 00:16:58 UTC |
| 33266e0 | Tom Lane | 08 June 2008, 22:15:45 UTC | Stamp 7.4.21 (except for configure.in/configure) | 08 June 2008, 22:15:45 UTC |
| ad17600 | Tom Lane | 07 June 2008, 22:11:40 UTC | Update release notes for 8.3.3 et al. | 07 June 2008, 22:11:40 UTC |
| c760d70 | Tom Lane | 06 June 2008, 18:00:09 UTC | Fix pg_get_ruledef() so that negative numeric constants are parenthesized. This is needed because :: casting binds more tightly than minus, so for example -1::integer is not the same as (-1)::integer, and there are cases where the difference is important. In particular this caused a failure in SELECT DISTINCT ... ORDER BY ... where expressions that should have matched were seen as different by the parser; but I suspect that there could be other cases where failure to parenthesize leads to subtler semantic differences in reloaded rules. Per report from Alexandr Popov. | 06 June 2008, 18:00:09 UTC |
| bef8125 | Tom Lane | 06 June 2008, 05:34:03 UTC | Remove link that pre-8.2 doc tools don't support. | 06 June 2008, 05:34:03 UTC |
| c2e3599 | Tom Lane | 06 June 2008, 04:37:07 UTC | tag 7.4.20 | 06 June 2008, 04:37:07 UTC |
| fd3a834 | Tom Lane | 05 June 2008, 23:56:42 UTC | Stamp 7.4.20 (except for configure.in/configure) | 05 June 2008, 23:56:42 UTC |
| ad37d9e | Tom Lane | 05 June 2008, 23:38:03 UTC | Translation updates. | 05 June 2008, 23:38:03 UTC |
| 9245557 | Tom Lane | 04 June 2008, 03:17:01 UTC | Draft release notes for upcoming back-branch updates. | 04 June 2008, 03:17:01 UTC |
| 8b0d594 | Tom Lane | 28 May 2008, 00:46:12 UTC | Improve GRANT documentation to point out that UPDATE and DELETE typically require SELECT privilege as well, since you normally need to read existing column values within such commands. This behavior is according to spec, but we'd never documented it before. Per gripe from Volkan Yazici. | 28 May 2008, 00:46:12 UTC |
| c59eef1 | Tom Lane | 27 May 2008, 21:14:00 UTC | Back-patch the 8.3 fix that prohibits TRUNCATE, CLUSTER, and REINDEX when the current transaction has any open references to the target relation or index (implying it has an active query using the relation). Also back-patch the 8.2 fix that prohibits TRUNCATE and CLUSTER when there are pending AFTER-trigger events. Per suggestion from Heikki. | 27 May 2008, 21:14:00 UTC |
| ea28271 | Tom Lane | 25 May 2008, 21:51:38 UTC | Adjust timestamp regression tests to prevent two low-probability failure cases. Recent buildfarm experience shows that it is sometimes possible to execute several SQL commands in less time than the granularity of Windows' not-very-high-resolution gettimeofday(), leading to a failure because the tests expect the value of now() to change and it doesn't. Also, it was recognized some time ago that the same area of the tests could fail if local midnight passes between the insertion and the checking of the values for 'yesterday', 'tomorrow', etc. Clean all this up per ideas from myself and Greg Stark. There remains a window for failure if the transaction block is entered exactly at local midnight (so that 'now' and 'today' have the same value), but that seems low-probability enough to live with. Since the point of this change is mostly to eliminate buildfarm noise, back-patch to all versions we are still actively testing. | 25 May 2008, 21:51:38 UTC |
| 7cff884 | Magnus Hagander | 13 May 2008, 20:53:54 UTC | Don't try to close negative file descriptors, since this can cause crashes on certain platforms. In particular, the MSVC runtime is known to do this. Fixes bug #4162, reported and diagnosed by Javier Pimas | 13 May 2008, 20:53:54 UTC |
| 7baef60 | Tom Lane | 09 May 2008, 22:38:05 UTC | Fix an ancient oversight in change_varattnos_of_a_node: it neglected to update varoattno along with varattno. This resulted in having Vars that were not seen as equal(), causing inheritance of the "same" constraint from different parent relations to fail. An example is create table pp1 (f1 int check (f1>0)); create table cc1 (f2 text, f3 int) inherits (pp1); create table cc2(f4 float) inherits(pp1,cc1); Backpatch as far as 7.4. (The test case still fails in 7.4, for reasons that I don't feel like investigating at the moment.) This is a backpatch commit only. The fix will be applied in HEAD as part of the upcoming pg_constraint patch. | 09 May 2008, 22:38:05 UTC |
| e29ed89 | Magnus Hagander | 22 April 2008, 09:26:34 UTC | Replace developer FAQ with a reference to the wiki, which is where it now lives (per discussion). Leave the other FAQs alone for now. | 22 April 2008, 09:26:34 UTC |
| b457536 | Magnus Hagander | 21 April 2008, 09:44:54 UTC | Add link to major version release notes at the top of the minor version ones, to make it clear to users just browsing the notes that there are a lot more changes available from whatever version they are at than what's in the minor version release notes. | 21 April 2008, 09:44:54 UTC |
| 29cb46f | Tom Lane | 11 April 2008, 22:53:33 UTC | Fix several datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. While this was okay as far as the datatypes themselves were concerned, it's a problem for the parser because occurrences of the "same" literal might not be recognized as equal by datumIsEqual (and hence not by equal()). It seems sufficient to fix this in the input functions since the only critical use of equal() is in the parser's comparisons of ORDER BY and DISTINCT expressions. Per a trouble report from Marc Cousin. Patch all the way back. Interestingly, array_in did not have the bug before 8.2, which may explain why the issue went unnoticed for so long. | 11 April 2008, 22:53:33 UTC |
| a27b961 | Michael Meskes | 10 April 2008, 10:46:56 UTC | Fixed bug in PGTYPEStimestamp_sub that used pointers instead of the values to substract. | 10 April 2008, 10:46:56 UTC |
| 0bcf763 | Tom Lane | 05 April 2008, 01:59:01 UTC | Defend against JOINs having more than 32K columns altogether. We cannot currently support this because we must be able to build Vars referencing join columns, and varattno is only 16 bits wide. Perhaps this should be improved in future, but considering that it never came up before, I'm not sure the problem is worth much effort. Per bug #4070 from Marcello Ceschia. The problem seems largely academic in 8.0 and 7.4, because they have (different) O(N^2) performance issues with such wide joins, but back-patch all the way anyway. | 05 April 2008, 01:59:01 UTC |
| e409f5f | Tom Lane | 25 March 2008, 19:31:53 UTC | Adjust DatumGetBool macro so that it isn't fooled by garbage in the Datum to the left of the actual bool value. While in most cases there won't be any, our support for old-style user-defined functions violates the C spec to the extent of calling functions that might return char or short through a function pointer declared to return "char *", which we then coerce to Datum. It is not surprising that the result might contain garbage high-order bits ... what is surprising is that we didn't see such cases long ago. Per report from Magnus. This is a back-patch of a change that was made in HEAD almost exactly a year ago. I had refrained from back-patching at the time, but now we find that this is *necessary* for contrib to work with gcc 4.3. | 25 March 2008, 19:31:53 UTC |
| cb59875 | Heikki Linnakangas | 20 March 2008, 10:52:57 UTC | Add the missing cyrillic "Yo" characters ('e' and 'E' with two dots) to the ISO_8859-5 <-> MULE_INTERNAL conversion tables. This was discovered when trying to convert a string containing those characters from ISO_8859-5 to Windows-1251, because we use MULE_INTERNAL/KOI8R as an intermediate encoding between those two. While the missing "Yo" was just an omission in the conversion tables, there are a few other characters like the "Numero" sign ("No" as a single character) that exists in all the other cyrillic encodings (win1251, ISO_8859-5 and cp866), but not in KOI8R. Added comments about that. Patch by Sergey Burladyan. Back-patch to 7.4. | 20 March 2008, 10:52:57 UTC |
| a1453f1 | Tom Lane | 19 March 2008, 02:41:15 UTC | Fix regexp substring matching (substring(string from pattern)) for the corner case where there is a match to the pattern overall but the user has specified a parenthesized subexpression and that subexpression hasn't got a match. An example is substring('foo' from 'foo(bar)?'). This should return NULL, since (bar) isn't matched, but it was mistakenly returning the whole-pattern match instead (ie, 'foo'). Per bug #4044 from Rui Martins. This has been broken since the beginning; patch in all supported versions. The old behavior was sufficiently inconsistent that it's impossible to believe anyone is depending on it. | 19 March 2008, 02:41:15 UTC |
| 0d52d7a | Tom Lane | 12 March 2008, 20:12:48 UTC | Fix LISTEN/NOTIFY race condition reported by Laurent Birtz, by postponing pg_listener modifications commanded by LISTEN and UNLISTEN until the end of the current transaction. This allows us to hold the ExclusiveLock on pg_listener until after commit, with no greater risk of deadlock than there was before. Aside from fixing the race condition, this gets rid of a truly ugly kludge that was there before, namely having to ignore HeapTupleBeingUpdated failures during NOTIFY. There is a small potential incompatibility, which is that if a transaction issues LISTEN or UNLISTEN and then looks into pg_listener before committing, it won't see any resulting row insertion or deletion, where before it would have. It seems unlikely that anyone would be depending on that, though. | 12 March 2008, 20:12:48 UTC |
| 25a87d0 | Alvaro Herrera | 05 March 2008, 21:20:51 UTC | Add support for dlopen on recent NetBSD/MIPS, per Rémi Zara. | 05 March 2008, 21:20:51 UTC |
| 69e676f | Tom Lane | 27 February 2008, 17:45:02 UTC | If RelationBuildDesc() fails to open a critical system index, PANIC with a relevant error message instead of just dumping core. Odd that nobody reported this before Darren Reed. | 27 February 2008, 17:45:02 UTC |
| a45d896 | Tom Lane | 24 February 2008, 05:22:44 UTC | Use our own getopt() and getopt_long() on Solaris, because that platform's versions don't handle long options the way we want. Per Zdenek Kotala. | 24 February 2008, 05:22:44 UTC |
| 8355df5 | Tom Lane | 23 February 2008, 19:24:09 UTC | Avoid trying to print a NULL char pointer in --describe-config. On some platforms this works, but on some it crashes. Zdenek Kotala | 23 February 2008, 19:24:09 UTC |
| bb4b179 | Tom Lane | 11 February 2008, 19:15:00 UTC | Repair VACUUM FULL bug introduced by HOT patch: the original way of calculating a page's initial free space was fine, and should not have been "improved" by letting PageGetHeapFreeSpace do it. VACUUM FULL is going to reclaim LP_DEAD line pointers later, so there is no need for a guard against the page being too full of line pointers, and having one risks rejecting pages that are perfectly good move destinations. This also exposed a second bug, which is that the empty_end_pages logic assumed that any page with no live tuples would get entered into the fraged_pages list automatically (by virtue of having more free space than the threshold in the do_frag calculation). This assumption certainly seems risky when a low fillfactor has been chosen, and even without tunable fillfactor I think it could conceivably fail on a page with many unused line pointers. So fix the code to force do_frag true when notup is true, and patch this part of the fix all the way back. Per report from Tomas Szepe. | 11 February 2008, 19:15:00 UTC |
| d85096c | Tom Lane | 14 January 2008, 18:46:49 UTC | Fix an ancient oversight in libpq's handling of V3-protocol COPY OUT mode: we need to be able to swallow NOTICE messages, and potentially also ParameterStatus messages (although the latter would be a bit weird), without exiting COPY OUT state. Fix it, and adjust the protocol documentation to emphasize the need for this. Per off-list report from Alexander Galler. | 14 January 2008, 18:46:49 UTC |
| ec59b6d | Tom Lane | 06 January 2008, 01:03:46 UTC | A long time ago, Peter pointed out that ruleutils.c didn't dump simple constant ORDER/GROUP BY entries properly: http://archives.postgresql.org/pgsql-hackers/2001-04/msg00457.php The original solution to that was in fact no good, as demonstrated by today's report from Martin Pitt: http://archives.postgresql.org/pgsql-bugs/2008-01/msg00027.php We can't use the column-number-reference format for a constant that is a resjunk targetlist entry, a case that was unfortunately not thought of in the original discussion. What we can do instead (which did not work at the time, but does work in 7.3 and up) is to emit the constant with explicit ::typename decoration, even if it otherwise wouldn't need it. This is sufficient to keep the parser from thinking it's a column number reference, and indeed is probably what the user must have done to get such a thing into the querytree in the first place. | 06 January 2008, 01:03:46 UTC |
| 56a2a41 | Tom Lane | 03 January 2008, 21:42:17 UTC | Stamp release 7.4.19. Security: CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 | 03 January 2008, 21:42:17 UTC |
| 63ee91f | Tom Lane | 03 January 2008, 21:36:15 UTC | Update release notes for security releases. Security: CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 | 03 January 2008, 21:36:15 UTC |
| 1f42e1c | Tom Lane | 03 January 2008, 21:28:55 UTC | The original patch to disallow non-passworded connections to non-superusers failed to cover all the ways in which a connection can be initiated in dblink. Plug the remaining holes. Also, disallow transient connections in functions for which that feature makes no sense (because they are only sensible as part of a sequence of operations on the same connection). Joe Conway Security: CVE-2007-6601 | 03 January 2008, 21:28:55 UTC |
| 230d5cf | Tom Lane | 03 January 2008, 21:25:34 UTC | Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. The purpose of this change is to ensure that user-defined functions used in index definitions cannot acquire the privileges of a superuser account that is performing routine maintenance. While a function used in an index is supposed to be IMMUTABLE and thus not able to do anything very interesting, there are several easy ways around that restriction; and even if we could plug them all, there would remain a risk of reading sensitive information and broadcasting it through a covert channel such as CPU usage. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. Thanks to Itagaki Takahiro for reporting this vulnerability. Security: CVE-2007-6600 | 03 January 2008, 21:25:34 UTC |
| 0776cb2 | Tom Lane | 03 January 2008, 20:49:15 UTC | Fix assorted security-grade bugs in the regex engine. All of these problems are shared with Tcl, since it's their code to begin with, and the patches have been copied from Tcl 8.5.0. Problems: CVE-2007-4769: Inadequate check on the range of backref numbers allows crash due to out-of-bounds read. CVE-2007-4772: Infinite loop in regex optimizer for pattern '($|^)*'. CVE-2007-6067: Very slow optimizer cleanup for regex with a large NFA representation, as well as crash if we encounter an out-of-memory condition during NFA construction. Part of the response to CVE-2007-6067 is to put a limit on the number of states in the NFA representation of a regex. This seems needed even though the within-the-code problems have been corrected, since otherwise the code could try to use very large amounts of memory for a suitably-crafted regex, leading to potential DOS by driving the system into swap, activating a kernel OOM killer, etc. Although there are certainly plenty of ways to drive the system into effective DOS with poorly-written SQL queries, these problems seem worth treating as security issues because many applications might accept regex search patterns from untrustworthy sources. Thanks to Will Drewry of Google for reporting these problems. Patches by Will Drewry and Tom Lane. Security: CVE-2007-4769, CVE-2007-4772, CVE-2007-6067 | 03 January 2008, 20:49:15 UTC |
| bcbaee6 | Tom Lane | 02 January 2008, 22:05:36 UTC | Insert ARST into the list of known timezone abbreviations. | 02 January 2008, 22:05:36 UTC |
| 2fb6911 | Magnus Hagander | 02 January 2008, 19:53:15 UTC | Fix invalid ipv6 address in example. Per doc comment 7211. | 02 January 2008, 19:53:15 UTC |
| 89d4770 | Bruce Momjian | 31 December 2007, 17:27:57 UTC | Provide a more helpful error message when there is an autoconf version mismatch; backpatch. | 31 December 2007, 17:27:57 UTC |
| 11b7097 | Tom Lane | 18 December 2007, 00:04:37 UTC | Make path_recv() and poly_recv() reject paths/polygons containing no points. The zero-point case is sensible so far as the data structure is concerned, so maybe we ought to allow it sometime; but right now the textual input routines for these types don't allow it, and it seems that not all the functions for the types are prepared to cope. Report and patch by Merlin Moncure. | 18 December 2007, 00:04:37 UTC |
| 86f6837 | Peter Eisentraut | 26 November 2007, 12:09:58 UTC | Require a specific Autoconf version, instead of a lower bound only. | 26 November 2007, 12:09:58 UTC |
| d289da2 | Alvaro Herrera | 23 November 2007, 01:48:08 UTC | Fix buggy usage of vsnprintf in PL/Python by removing it altogether, instead relying on stringinfo.c. This fixes a problem reported by Marko Kreen, but I didn't use his patch, per subsequent discussion. | 23 November 2007, 01:48:08 UTC |
| 0e7d9e5 | Tatsuo Ishii | 23 November 2007, 00:39:59 UTC | Fix "Page Layout" table. The second row should be ItemIdData, not ItemPointerData. | 23 November 2007, 00:39:59 UTC |
| 505292e | Teodor Sigaev | 16 November 2007, 17:31:16 UTC | Backpatch: Fix tsvector_out() and tsquery_out() to escape backslesh, add test of that. Patch by Bruce Momjian <bruce@momjian.us> | 16 November 2007, 17:31:16 UTC |
| 8145f00 | Joe Conway | 10 November 2007, 05:02:22 UTC | Have crosstab variants treat NULL rowid as a category in its own right, per suggestion from Tom Lane. This fixes crash-bug reported by Stefan Schwarzer. | 10 November 2007, 05:02:22 UTC |
| fcc3ac1 | Tom Lane | 08 November 2007, 23:23:23 UTC | If an index depends on no columns of its table, give it a dependency on the whole table instead, to ensure that it goes away when the table is dropped. Per bug #3723 from Sam Mason. Backpatch as far as 7.4; AFAICT 7.3 does not have the issue, because it doesn't have general-purpose expression indexes and so there must be at least one column referenced by an index. | 08 November 2007, 23:23:23 UTC |
| ebec2ba | Michael Meskes | 06 November 2007, 08:33:32 UTC | Added missing clause to parser. | 06 November 2007, 08:33:32 UTC |
| ad8e3b3 | Tom Lane | 11 October 2007, 21:28:30 UTC | Ensure that the result of evaluating a function during constant-expression simplification gets detoasted before it is incorporated into a Const node. Otherwise, if an immutable function were to return a TOAST pointer (an unlikely case, but it can be made to happen), we would end up with a plan that depends on the continued existence of the out-of-line toast datum. | 11 October 2007, 21:28:30 UTC |
| d9e961d | Tom Lane | 04 October 2007, 20:45:17 UTC | Keep the planner from failing on "WHERE false AND something IN (SELECT ...)". eval_const_expressions simplifies this to just "WHERE false", but we have already done pull_up_IN_clauses so the IN join will be done, or at least planned, anyway. The trouble case comes when the sub-SELECT is itself a join and we decide to implement the IN by unique-ifying the sub-SELECT outputs: with no remaining reference to the output Vars in WHERE, we won't have propagated the Vars up to the upper join point, leading to "variable not found in subplan target lists" error. Fix by adding an extra scan of in_info_list and forcing all Vars mentioned therein to be propagated up to the IN join point. Per bug report from Miroslav Sulc. | 04 October 2007, 20:45:17 UTC |
| 45cd13c | Teodor Sigaev | 26 September 2007, 10:44:54 UTC | Fix crash of to_tsvector() function on huge input: compareWORD() function didn't return correct result for word position greate than limit. Per report from Stuart Bishop <stuart@stuartbishop.net> | 26 September 2007, 10:44:54 UTC |
| a51302d | Tom Lane | 22 September 2007, 05:36:14 UTC | Fix bogus calculation of potential output string length in translate(). | 22 September 2007, 05:36:14 UTC |
| 0a3b51e | Tom Lane | 16 September 2007, 03:03:55 UTC | Update release notes for last-minute fix. | 16 September 2007, 03:03:55 UTC |
| 11a8925 | Tom Lane | 16 September 2007, 02:38:25 UTC | Fix aboriginal mistake in lazy VACUUM's code for truncating away no-longer-needed pages at the end of a table. We thought we could throw away pages containing HEAPTUPLE_DEAD tuples; but this is not so, because such tuples very likely have index entries pointing at them, and we wouldn't have removed the index entries. The problem only emerges in a somewhat unlikely race condition: the dead tuples have to have been inserted by a transaction that later aborted, and this has to have happened between VACUUM's initial scan of the page and then rechecking it for empty in count_nondeletable_pages. But that timespan will include an index-cleaning pass, so it's not all that hard to hit. This seems to explain a couple of previously unsolved bug reports. | 16 September 2007, 02:38:25 UTC |
| 2f2f9b9 | Marc G. Fournier | 14 September 2007, 23:19:58 UTC | update configure for 7.4.18 | 14 September 2007, 23:19:58 UTC |
| 226b312 | Tom Lane | 14 September 2007, 16:01:03 UTC | Fix markup that doesn't work in back branches. | 14 September 2007, 16:01:03 UTC |
| b75ac35 | Tom Lane | 14 September 2007, 15:51:47 UTC | Minor editorialization on release notes. | 14 September 2007, 15:51:47 UTC |
| 93bba44 | Peter Eisentraut | 13 September 2007, 20:56:32 UTC | Translation updates | 13 September 2007, 20:56:32 UTC |
| 23df997 | Alvaro Herrera | 12 September 2007, 15:16:24 UTC | Fix the database-wide version of CLUSTER to silently skip temp tables of remote sessions, instead of erroring out in the middle of the operation. This is a backpatch of a previous fix applied to CLUSTER to HEAD and 8.2, all the way back that it is relevant to. | 12 September 2007, 15:16:24 UTC |
| 59f7d47 | Bruce Momjian | 11 September 2007, 17:36:45 UTC | Stamp releases 8.2.5, 8.1.10, 8.0.14, 7.4.18, 7.3.20. Update FAQs for 8.2.5. | 11 September 2007, 17:36:45 UTC |
| 465ae00 | Bruce Momjian | 11 September 2007, 17:19:15 UTC | Stamp | 11 September 2007, 17:19:15 UTC |
| 92cb599 | Tom Lane | 29 August 2007, 16:32:05 UTC | Fix aboriginal bug in _tarAddFile(): when complaining that the amount of data read from the temp file didn't match the file length reported by ftello(), the wrong variable's value was printed, and so the message made no sense. Clean up a couple other coding infelicities while at it. | 29 August 2007, 16:32:05 UTC |
| 5a94a5f | Tom Lane | 25 August 2007, 19:08:44 UTC | Fix brain fade in DefineIndex(): it was continuing to access the table's relcache entry after having heap_close'd it. This could lead to misbehavior if a relcache flush wiped out the cache entry meanwhile. In 8.2 there is a very real risk of CREATE INDEX CONCURRENTLY using the wrong relid for locking and waiting purposes. I think the bug is only cosmetic in 8.0 and 8.1, because their transgression is limited to using RelationGetRelationName(rel) in an ereport message immediately after heap_close, and there's no way (except with special debugging options) for a cache flush to occur in that interval. Not quite sure that it's cosmetic in 7.4, but seems best to patch anyway. Found by trying to run the regression tests with CLOBBER_CACHE_ALWAYS enabled. Maybe we should try to do that on a regular basis --- it's awfully slow, but perhaps some fast buildfarm machine could do it once in awhile. | 25 August 2007, 19:08:44 UTC |
| 08e72a6 | Tom Lane | 23 August 2007, 16:16:20 UTC | Fix combo_decrypt() to throw an error for zero-length input when using a padded encryption scheme. Formerly it would try to access res[(unsigned) -1], which resulted in core dumps on 64-bit machines, and was certainly trouble waiting to happen on 32-bit machines (though in at least the known case it was harmless because that byte would be overwritten after return). Per report from Ken Colson; fix by Marko Kreen. | 23 August 2007, 16:16:20 UTC |
| 42110a6 | Tom Lane | 21 August 2007, 02:40:33 UTC | Fix potential access-off-the-end-of-memory in varbit_out(): it fetched the byte after the last full byte of the bit array, regardless of whether that byte was part of the valid data or not. Found by buildfarm testing. Thanks to Stefan Kaltenbrunner for nailing down the cause. | 21 August 2007, 02:40:33 UTC |
| 7824c69 | Neil Conway | 08 August 2007, 18:06:55 UTC | Fix a gradual memory leak in ExecReScanAgg(). Because the aggregation hash table is allocated in a child context of the agg node's memory context, MemoryContextReset() will reset but *not* delete the child context. Since ExecReScanAgg() proceeds to build a new hash table from scratch (in a new sub-context), this results in leaking the header for the previous memory context. Therefore, use MemoryContextResetAndDeleteChildren() instead. Credit: My colleague Sailesh Krishnamurthy at Truviso for isolating the cause of the leak. | 08 August 2007, 18:06:55 UTC |
| b582300 | Tom Lane | 06 August 2007, 01:38:49 UTC | Fix pg_restore to guard against unexpected EOF while reading an archive file. Per report and partial patch from Chad Wagner. | 06 August 2007, 01:38:49 UTC |
| 3ca3c71 | Neil Conway | 02 August 2007, 17:49:01 UTC | Fix a memory leak in tuplestore_end(). Unlikely to be significant during normal operation, but tuplestore_end() ought to do what it claims to do. | 02 August 2007, 17:49:01 UTC |
| c14066a | Tom Lane | 31 July 2007, 19:54:27 UTC | Fix a bug in the original implementation of redundant-join-clause removal: clauses in which one side or the other references both sides of the join cannot be removed as redundant, because that expression won't have been constrained below the join. Per report from Sergey Burladyan. | 31 July 2007, 19:54:27 UTC |
| fab6a86 | Tom Lane | 31 July 2007, 15:50:17 UTC | Fix security definer functions with polymorphic arguments. This case has never worked because fmgr_security_definer() neglected to pass the fn_expr information through. Per report from Viatcheslav Kalinin. | 31 July 2007, 15:50:17 UTC |
| ff392ec | Magnus Hagander | 23 July 2007, 18:10:13 UTC | The proper guaranteed buffer size for errors is INITIAL_EXPBUFFER_SIZE, not PQERRORMSG_LENGTH. Backport only - the proper fix in HEAD is to use PQExpBuffers everywhere. | 23 July 2007, 18:10:13 UTC |
| 83630c8 | Tom Lane | 21 July 2007, 22:12:32 UTC | Fix elog.c to avoid infinite recursion (leading to backend crash) when log_min_error_statement is active and there is some problem in logging the current query string; for example, that it's too long to include in the log message without running out of memory. This problem has existed since the log_min_error_statement feature was introduced. No doubt the reason it wasn't detected long ago is that 8.2 is the first release that defaults log_min_error_statement to less than PANIC level. Per report from Bill Moran. | 21 July 2007, 22:12:32 UTC |
| 6e60607 | Tom Lane | 19 July 2007, 20:34:48 UTC | Make replace(), split_part(), and string_to_array() behave somewhat sanely when handed an invalidly-encoded pattern. The previous coding could get into an infinite loop if pg_mb2wchar_with_len() returned a zero-length string after we'd tested for nonempty pattern; which is exactly what it will do if the string consists only of an incomplete multibyte character. This led to either an out-of-memory error or a backend crash depending on platform. Per report from Wiktor Wodecki. | 19 July 2007, 20:34:48 UTC |
| da15b28 | Tom Lane | 17 July 2007, 01:22:18 UTC | Fix outfuncs.c to dump A_Const nodes representing NULLs correctly. This has been broken since forever, but was not noticed because people seldom look at raw parse trees. AFAIK, no impact on users except that debug_print_parse might fail; but patch it all the way back anyway. Per report from Jeff Ross. | 17 July 2007, 01:22:18 UTC |
| 62ca8db | Joe Conway | 09 July 2007, 01:43:57 UTC | Restrict non-superusers to password authenticated connections to prevent possible escalation of privilege. Provide new SECURITY DEFINER functions with old behavior, but initially REVOKE ALL from public for these functions. Per list discussion and design proposed by Tom Lane. | 09 July 2007, 01:43:57 UTC |
| 2a01e31 | Tom Lane | 02 July 2007, 20:12:21 UTC | Fix failure to restart Postgres when Linux kernel returns EIDRM for shmctl(). This is a Linux kernel bug that apparently exists in every extant kernel version: sometimes shmctl() will fail with EIDRM when EINVAL is correct. We were assuming that EIDRM indicates a possible conflict with pre-existing backends, and refusing to start the postmaster when this happens. Fortunately, there does not seem to be any case where Linux can legitimately return EIDRM (it doesn't track shmem segments in a way that would allow that), so we can get away with just assuming that EIDRM means EINVAL on this platform. Per reports from Michael Fuhr and Jon Lapham --- it's a bit surprising we have not seen more reports, actually. | 02 July 2007, 20:12:21 UTC |
| 4412d39 | Tom Lane | 29 June 2007, 01:52:14 UTC | Fix a passel of ancient bugs in to_char(), including two distinct buffer overruns (neither of which seem likely to be exploitable as security holes, fortunately, since the provoker can't control the data written). One of these is due to choosing to stomp on the output of a called function, which is bad news in any case; make it treat the called functions' results as read-only. Avoid some unnecessary palloc/pfree traffic too; it's not really helpful to free small temporary objects, and again this is presuming more than it ought to about the nature of the results of called functions. Per report from Patrick Welche and additional code-reading by Imad. | 29 June 2007, 01:52:14 UTC |
| d9544b6 | Tom Lane | 20 June 2007, 18:21:39 UTC | transformColumnDefinition failed to complain about create table foo (bar int default null default 3); due to not thinking about the special-case handling of DEFAULT NULL. Problem noticed while investigating bug #3396. | 20 June 2007, 18:21:39 UTC |
| 4ed20db | Tom Lane | 20 June 2007, 18:16:18 UTC | CREATE DOMAIN ... DEFAULT NULL failed because gram.y special-cases DEFAULT NULL and DefineDomain didn't. Bug goes all the way back to original coding of domains. Per bug #3396 from Sergey Burladyan. | 20 June 2007, 18:16:18 UTC |
| 517b078 | Tom Lane | 02 June 2007, 16:41:41 UTC | Fix erroneous error reporting for overlength input in text_date(), text_time(), and text_timetz(). 7.4-vintage bug found by Greg Stark. | 02 June 2007, 16:41:41 UTC |
| 20c031e | Tom Lane | 01 June 2007, 23:43:34 UTC | Fix aboriginal bug in BufFileDumpBuffer that would cause it to write the wrong data when dumping a bufferload that crosses a component-file boundary. This probably has not been seen in the wild because (a) component files are normally 1GB apiece and (b) non-block-aligned buffer usage is relatively rare. But it's fairly easy to reproduce a problem if one reduces RELSEG_SIZE in a test build. Kudos to Kurt Harriman for spotting the bug. | 01 June 2007, 23:43:34 UTC |
| 86b6abe | Peter Eisentraut | 21 May 2007, 15:00:57 UTC | Fix spurious German index entry | 21 May 2007, 15:00:57 UTC |
| 81df147 | Tom Lane | 18 May 2007, 01:20:48 UTC | Remove redundant logging of send failures when SSL is in use. While pqcomm.c had been taught not to do that ages ago, the SSL code was helpfully bleating anyway. Resolves some recent reports such as bug #3266; however the underlying cause of the related bug #2829 is still unclear. | 18 May 2007, 01:20:48 UTC |
| 7ee0498 | Magnus Hagander | 13 May 2007, 16:04:22 UTC | Document that CLUSTER breaks MVCC visibility rules. (Not needed in cvs head, because CLUSTER itself is fixed there) Heikki Linnakangas | 13 May 2007, 16:04:22 UTC |
| e449e19 | Tom Lane | 01 May 2007, 18:54:24 UTC | Fix a thinko in my patch of a couple months ago for bug #3116: it did the wrong thing when inlining polymorphic SQL functions, because it was using the function's declared return type where it should have used the actual result type of the current call. In 8.1 and 8.2 this causes obvious failures even if you don't have assertions turned on; in 8.0 and 7.4 it would only be a problem if the inlined expression were used as an input to a function that did run-time type determination on its inputs. Add a regression test, since this is evidently an under-tested area. | 01 May 2007, 18:54:24 UTC |
| 8dcc675 | Tom Lane | 26 April 2007, 23:25:41 UTC | Fix dynahash.c to suppress hash bucket splits while a hash_seq_search() scan is in progress on the same hashtable. This seems the least invasive way to fix the recently-recognized problem that a split could cause the scan to visit entries twice or (with much lower probability) miss them entirely. The only field-reported problem caused by this is the "failed to re-find shared lock object" PANIC in COMMIT PREPARED reported by Michel Dorochevsky, which was caused by multiply visited entries. However, it seems certain that mdsync() is vulnerable to missing required fsync's due to missed entries, and I am fearful that RelationCacheInitializePhase2() might be at risk as well. Because of that and the generalized hazard presented by this bug, back-patch all the supported branches. Along the way, fix pg_prepared_statement() and pg_cursor() to not assume that the hashtables they are examining will stay static between calls. This is risky regardless of the newly noted dynahash problem, because hash_seq_search() has never promised to cope with deletion of table entries other than the just-returned one. There may be no bug here because the only supported way to call these functions is via ExecMakeTableFunctionResult() which will cycle them to completion before doing anything very interesting, but it seems best to get rid of the assumption. This affects 8.2 and HEAD only, since those functions weren't there earlier. | 26 April 2007, 23:25:41 UTC |
| 414d0d1 | Neil Conway | 23 April 2007, 16:53:13 UTC | Fix newly-introduced documentation typo. | 23 April 2007, 16:53:13 UTC |
| c95bdc9 | PostgreSQL Daemon | 20 April 2007, 15:15:43 UTC | Update configure in for new release Security: hold for release | 20 April 2007, 15:15:43 UTC |
| 9903eaf | Tom Lane | 20 April 2007, 03:28:05 UTC | Fix markup. Security: CVE-2007-2138 | 20 April 2007, 03:28:05 UTC |
| 8294203 | Tom Lane | 20 April 2007, 03:10:51 UTC | Fix markup. Security: CVE-2007-2138 | 20 April 2007, 03:10:51 UTC |
| eaabaa7 | Tom Lane | 20 April 2007, 02:38:46 UTC | Support explicit placement of the temporary-table schema within search_path. This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138 | 20 April 2007, 02:38:46 UTC |
| b8f0a51 | Tom Lane | 19 April 2007, 20:24:36 UTC | Repair PANIC condition in hash indexes when a previous index extension attempt failed (due to lock conflicts or out-of-space). We might have already extended the index's filesystem EOF before failing, causing the EOF to be beyond what the metapage says is the last used page. Hence the invariant maintained by the code needs to be "EOF is at or beyond last used page", not "EOF is exactly the last used page". Problem was created by my patch of 2006-11-19 that attempted to repair bug #2737. Since that was back-patched to 7.4, this needs to be as well. Per report and test case from Vlastimil Krejcir. | 19 April 2007, 20:24:36 UTC |
| f1d934b | Bruce Momjian | 19 April 2007, 13:01:59 UTC | Release wording updates for releases 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19. | 19 April 2007, 13:01:59 UTC |
| d62b0e2 | Bruce Momjian | 19 April 2007, 04:04:30 UTC | Update FAQ to mention most recent release for releases 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19. | 19 April 2007, 04:04:30 UTC |
| f199177 | Bruce Momjian | 19 April 2007, 03:06:37 UTC | Stamp releases 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19. | 19 April 2007, 03:06:37 UTC |
| 9057d27 | Bruce Momjian | 19 April 2007, 02:46:46 UTC | Release note updates for 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19. | 19 April 2007, 02:46:46 UTC |
| 2875fe6 | Peter Eisentraut | 18 April 2007, 21:13:57 UTC | Translation updates | 18 April 2007, 21:13:57 UTC |
| a648d71 | Magnus Hagander | 16 April 2007, 20:15:46 UTC | Don't write timing output in quiet mode. Merlin Moncure | 16 April 2007, 20:15:46 UTC |
| a75602e | Teodor Sigaev | 02 April 2007, 11:43:30 UTC | Fix caching of unsuccessful initialization of parser or configuration. Per report from Listmail <lists@peufeu.com> | 02 April 2007, 11:43:30 UTC |
| a96f58c | Tatsuo Ishii | 26 March 2007, 11:53:50 UTC | Fix pg_wchar_table's maxmblen field of EUC_CN, EUC_TW, MULE_INTERNAL and GB18030. patches from ITAGAKI Takahiro. | 26 March 2007, 11:53:50 UTC |
| 5d9ce92 | Tom Lane | 14 March 2007, 18:49:26 UTC | Fix a longstanding bug in VACUUM FULL's handling of update chains. The code did not expect that a DEAD tuple could follow a RECENTLY_DEAD tuple in an update chain, but because the OldestXmin rule for determining deadness is a simplification of reality, it is possible for this situation to occur (implying that the RECENTLY_DEAD tuple is in fact dead to all observers, but this patch does not attempt to exploit that). The code would follow a chain forward all the way, but then stop before a DEAD tuple when backing up, meaning that not all of the chain got moved. This could lead to copying the chain multiple times (resulting in duplicate copies of the live tuple at its end), or leaving dangling index entries behind (which, aside from generating warnings from later vacuums, creates a risk of wrong query results or bogus duplicate-key errors once the heap slot the index entry points to is repopulated). The fix is to recheck HeapTupleSatisfiesVacuum while following a chain forward, and to stop if a DEAD tuple is reached. Each contiguous group of RECENTLY_DEAD tuples will therefore be copied as a separate chain. The patch also adds a couple of extra sanity checks to verify correct behavior. Per report and test case from Pavan Deolasee. | 14 March 2007, 18:49:26 UTC |
| 9e4e068 | Tom Lane | 06 March 2007, 22:45:41 UTC | Fix oversight in original coding of inline_function(): since check_sql_fn_retval allows binary-compatibility cases, the expression extracted from an inline-able SQL function might have a type that is only binary-compatible with the declared function result type. To avoid possibly changing the semantics of the expression, we should insert a RelabelType node in such cases. This has only been shown to have bad consequences in recent 8.1 and up releases, but I suspect there may be failure cases in the older branches too, so patch it all the way back. Per bug #3116 from Greg Mullane. Along the way, fix an omission in eval_const_expressions_mutator: it failed to copy the relabelformat field when processing a RelabelType. No known observable failures from this, but it definitely isn't intended behavior. | 06 March 2007, 22:45:41 UTC |
