Skip to main content

Browse the archive

https://github.com/postgres/postgres
02 May 2024, 11:03:54 UTC
sort by:
Revision Author Date Message Commit Date
c89eec5 Marc G. Fournier 10 December 2009, 03:15:17 UTC tag 8.1.19 10 December 2009, 03:15:17 UTC
ce07e3f Tom Lane 10 December 2009, 00:31:52 UTC Update release notes for releases 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, 7.4.27. 10 December 2009, 00:31:52 UTC
613981b Tom Lane 09 December 2009, 21:58:44 UTC Prevent indirect security attacks via changing session-local state within an allegedly immutable index function. It was previously recognized that we had to prevent such a function from executing SET/RESET ROLE/SESSION AUTHORIZATION, or it could trivially obtain the privileges of the session user. However, since there is in general no privilege checking for changes of session-local state, it is also possible for such a function to change settings in a way that might subvert later operations in the same session. Examples include changing search_path to cause an unexpected function to be called, or replacing an existing prepared statement with another one that will execute a function of the attacker's choosing. The present patch secures VACUUM, ANALYZE, and CREATE INDEX/REINDEX against these threats, which are the same places previously deemed to need protection against the SET ROLE issue. GUC changes are still allowed, since there are many useful cases for that, but we prevent security problems by forcing a rollback of any GUC change after completing the operation. Other cases are handled by throwing an error if any change is attempted; these include temp table creation, closing a cursor, and creating or deleting a prepared statement. (In 7.4, the infrastructure to roll back GUC changes doesn't exist, so we settle for rejecting changes of "search_path" in these contexts.) Original report and patch by Gurjeet Singh, additional analysis by Tom Lane. Security: CVE-2009-4136 09 December 2009, 21:58:44 UTC
d585483 Magnus Hagander 09 December 2009, 06:37:17 UTC Reject certificates with embedded NULLs in the commonName field. This stops attacks where an attacker would put <attack>\0<propername> in the field and trick the validation code that the certificate was for <attack>. This is a very low risk attack since it reuqires the attacker to trick the CA into issuing a certificate with an incorrect field, and the common PostgreSQL deployments are with private CAs, and not external ones. Also, default mode in 8.4 does not do any name validation, and is thus also not vulnerable - but the higher security modes are. Backpatch all the way. Even though versions 8.3.x and before didn't have certificate name validation support, they still exposed this field for the user to perform the validation in the application code, and there is no way to detect this problem through that API. Security: CVE-2009-4034 09 December 2009, 06:37:17 UTC
8510e7e Tom Lane 09 December 2009, 00:36:29 UTC Update time zone data files to tzdata release 2009s: DST law changes in Antarctica, Argentina, Bangladesh, Fiji, Novokuznetsk, Pakistan, Palestine, Samoa, Syria. Also historical corrections for Hong Kong. 09 December 2009, 00:36:29 UTC
f1f6a48 Peter Eisentraut 08 December 2009, 21:58:30 UTC Translation updates 08 December 2009, 21:58:30 UTC
b9c44be Heikki Linnakangas 03 December 2009, 11:04:03 UTC Fix bug in temporary file management with subtransactions. A cursor opened in a subtransaction stays open even if the subtransaction is aborted, so any temporary files related to it must stay alive as well. With the patch, we use ResourceOwners to track open temporary files and don't automatically close them at subtransaction end (though in the normal case temporary files are registered with the subtransaction resource owner and will therefore be closed). At end of top transaction, we still check that there's no temporary files marked as close-at-end-of-transaction open, but that's now just a debugging cross-check as the resource owner cleanup should've closed them already. 03 December 2009, 11:04:03 UTC
532ae85 Tom Lane 02 December 2009, 17:41:46 UTC Ignore attempts to set "application_name" in the connection startup packet. This avoids a useless connection retry and complaint in the postmaster log when receiving a connection from 8.5 or later libpq. Backpatch in all supported branches, but of course *not* HEAD. 02 December 2009, 17:41:46 UTC
c63dbff Heikki Linnakangas 23 November 2009, 09:59:21 UTC Fix an old bug in multixact and two-phase commit. Prepared transactions can be part of multixacts, so allocate a slot for each prepared transaction in the "oldest member" array in multixact.c. On PREPARE TRANSACTION, transfer the oldest member value from the current backends slot to the prepared xact slot. Also save and recover the value from the 2pc state file. The symptom of the bug was that after a transaction prepared, a shared lock still held by the prepared transaction was sometimes ignored by other transactions. Fix back to 8.1, where both 2PC and multixact were introduced. 23 November 2009, 09:59:21 UTC
fd20a34 Tom Lane 10 November 2009, 23:12:44 UTC Do not build psql's flex module on its own, but instead include it in mainloop.c. This ensures that postgres_fe.h is read before including any system headers, which is necessary to avoid problems on some platforms where we make nondefault selections of feature macros for stdio.h or other headers. We have had this policy for flex modules in the backend for many years, but for some reason it was not applied to psql. Per trouble report from Alexandra Roy and diagnosis by Albe Laurenz. 10 November 2009, 23:12:44 UTC
0b9ed72 Alvaro Herrera 10 November 2009, 18:01:11 UTC Fix longstanding problems in VACUUM caused by untimely interruptions In VACUUM FULL, an interrupt after the initial transaction has been recorded as committed can cause postmaster to restart with the following error message: PANIC: cannot abort transaction NNNN, it was already committed This problem has been reported many times. In lazy VACUUM, an interrupt after the table has been truncated by lazy_truncate_heap causes other backends' relcache to still point to the removed pages; this can cause future INSERT and UPDATE queries to error out with the following error message: could not read block XX of relation 1663/NNN/MMMM: read only 0 of 8192 bytes The window to this race condition is extremely narrow, but it has been seen in the wild involving a cancelled autovacuum process. The solution for both problems is to inhibit interrupts in both operations until after the respective transactions have been committed. It's not a complete solution, because the transaction could theoretically be aborted by some other error, but at least fixes the most common causes of both problems. 10 November 2009, 18:01:11 UTC
1ef3f3c Peter Eisentraut 03 November 2009, 08:12:46 UTC Fix obscure segfault condition in PL/Python In PLy_output(), when the elog() call in the TRY branch throws an exception (this can happen when a statement timeout kicks in, for example), the PyErr_SetString() call in the CATCH branch can cause a segfault, because the Py_XDECREF(so) call before it releases memory that is still used by the sv variable that PyErr_SetString() uses as argument, because sv points into memory owned by so. Backpatched back to 8.0, where this code was introduced. I also threw in a couple of volatile declarations for variables that are used before and after the TRY. I don't think they caused the crash that I observed, but they could become issues. 03 November 2009, 08:12:46 UTC
3a2e457 Tom Lane 30 October 2009, 20:59:10 UTC Make the overflow guards in ExecChooseHashTableSize be more protective. The original coding ensured nbuckets and nbatch didn't exceed INT_MAX, which while not insane on its own terms did nothing to protect subsequent code like "palloc(nbatch * sizeof(BufFile *))". Since enormous join size estimates might well be planner error rather than reality, it seems best to constrain the initial sizes to be not more than work_mem/sizeof(pointer), thus ensuring the allocated arrays don't exceed work_mem. We will allow nbatch to get bigger than that during subsequent ExecHashIncreaseNumBatches calls, but we should still guard against integer overflow in those palloc requests. Per bug #5145 from Bernt Marius Johnsen. Although the given test case only seems to fail back to 8.2, previous releases have variants of this issue, so patch all supported branches. 30 October 2009, 20:59:10 UTC
08dd656 Tom Lane 27 October 2009, 20:14:56 UTC Fix AfterTriggerSaveEvent to use a test and elog, not just Assert, to check that it's called within an AfterTriggerBeginQuery/AfterTriggerEndQuery pair. The RI cascade triggers suppress that overhead on the assumption that they are always run non-deferred, so it's possible to violate the condition if someone mistakenly changes pg_trigger to mark such a trigger deferred. We don't really care about supporting that, but throwing an error instead of crashing seems desirable. Per report from Marcelo Costa. 27 October 2009, 20:14:56 UTC
53c8f77 Tom Lane 16 October 2009, 22:09:01 UTC Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message. Instead, deal with however many messages there are, and don't throw error for PAM_ERROR_MSG and PAM_TEXT_INFO messages. This logic is borrowed from openssh 5.2p1, which hopefully has seen more real-world PAM usage than we have. Per bug #5121 from Ryan Douglas, which turned out to be caused by the conv_proc being called with zero messages. Apparently that is normal behavior given the combination of Linux pam_krb5 with MS Active Directory as the domain controller. Patch all the way back, since this code has been essentially untouched since 7.4. (Surprising we've not heard complaints before.) 16 October 2009, 22:09:01 UTC
469301e Heikki Linnakangas 08 October 2009, 04:46:52 UTC Fix off-by-one bug in bitncmp(): When comparing a number of bits divisible by 8, bitncmp() may dereference a pointer one byte out of bounds. Chris Mikkelson (bug #5101) 08 October 2009, 04:46:52 UTC
595f274 Tom Lane 02 October 2009, 18:13:32 UTC Fix erroneous handling of shared dependencies (ie dependencies on roles) in CREATE OR REPLACE FUNCTION. The original code would update pg_shdepend as if a new function was being created, even if it wasn't, with two bad consequences: pg_shdepend might record the wrong owner for the function, and any dependencies for roles mentioned in the function's ACL would be lost. The fix is very easy: just don't touch pg_shdepend at all when doing a function replacement. Also update the CREATE FUNCTION reference page, which never explained exactly what changes and doesn't change in a function replacement. In passing, fix the CREATE VIEW reference page similarly; there's no code bug there, but the docs didn't say what happens. 02 October 2009, 18:13:32 UTC
fa99095 Andrew Dunstan 28 September 2009, 17:30:04 UTC Convert a perl array to a postgres array when returned by Set Returning Functions as well as non SRFs. Backpatch to 8.1 where these facilities were introduced. with a little help from Abhijit Menon-Sen. 28 September 2009, 17:30:04 UTC
ece0f72 Tom Lane 26 September 2009, 18:25:21 UTC Fix RelationCacheInitializePhase2 (Phase3, in HEAD) to cope with the possibility of shared-inval messages causing a relcache flush while it tries to fill in missing data in preloaded relcache entries. There are actually two distinct failure modes here: 1. The flush could delete the next-to-be-processed cache entry, causing the subsequent hash_seq_search calls to go off into the weeds. This is the problem reported by Michael Brown, and I believe it also accounts for bug #5074. The simplest fix is to restart the hashtable scan after we've read any new data from the catalogs. It appears that pre-8.4 branches have not suffered from this failure, because by chance there were no other catalogs sharing the same hash chains with the catalogs that RelationCacheInitializePhase2 had work to do for. However that's obviously pretty fragile, and it seems possible that derivative versions with additional system catalogs might be vulnerable, so I'm back-patching this part of the fix anyway. 2. The flush could delete the *current* cache entry, in which case the pointer to the newly-loaded data would end up being stored into an already-deleted Relation struct. As long as it was still deleted, the only consequence would be some leaked space in CacheMemoryContext. But it seems possible that the Relation struct could already have been recycled, in which case this represents a hard-to-reproduce clobber of cached data structures, with unforeseeable consequences. The fix here is to pin the entry while we work on it. In passing, also change RelationCacheInitializePhase2 to Assert that formrdesc() set up the relation's cached TupleDesc (rd_att) with the correct type OID and hasoids values. This is more appropriate than silently updating the values, because the original tupdesc might already have been copied into the catcache. However this part of the patch is not in HEAD because it fails due to some questionable recent changes in formrdesc :-(. That will be cleaned up in a subsequent patch. 26 September 2009, 18:25:21 UTC
0f9f9ed Tom Lane 08 September 2009, 04:25:54 UTC Remove outside-the-scanner references to "yyleng". It seems the flex developers have decided to change yyleng from int to size_t. This has already happened in the latest release of OS X, and will start happening elsewhere once the next release of flex appears. Rather than trying to divine how it's declared in any particular build, let's just remove the one existing not-very-necessary external usage. Back-patch to all supported branches; not so much because users in the field are likely to care about building old branches with cutting-edge flex, as to keep OSX-based buildfarm members from having problems with old branches. 08 September 2009, 04:25:54 UTC
164a8ff Marc G. Fournier 04 September 2009, 02:59:54 UTC Tag 8.1.18 04 September 2009, 02:59:54 UTC
230f752 Tom Lane 03 September 2009, 22:14:25 UTC Final updates of release notes for 8.4.1, 8.3.8, 8.2.14, 8.1.18, 8.0.22, 7.4.26. 03 September 2009, 22:14:25 UTC
0ed2edf Tom Lane 03 September 2009, 22:08:45 UTC Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer functions. This extends the previous patch that forbade SETting these variables inside security-definer functions. RESET is equally a security hole, since it would allow regaining privileges of the caller; furthermore it can trigger Assert failures and perhaps other internal errors, since the code is not expecting these variables to change in such contexts. The previous patch did not cover this case because assign hooks don't really have enough information, so move the responsibility for preventing this into guc.c. Problem discovered by Heikki Linnakangas. Security: no CVE assigned yet, extends CVE-2007-6600 03 September 2009, 22:08:45 UTC
54e070b Peter Eisentraut 03 September 2009, 19:08:57 UTC Translation updates 03 September 2009, 19:08:57 UTC
003e546 Tom Lane 03 September 2009, 04:45:04 UTC Update time zone data files to tzdata release 2009l: DST law changes in Egypt, Mauritius, Bangladesh. 03 September 2009, 04:45:04 UTC
67e2f2b Tom Lane 02 September 2009, 02:41:20 UTC Fix pg_ctl's readfile() to not go into infinite loop on an empty file (could happen if either postgresql.conf or postmaster.opts is empty). It's been broken since the C version was written for 8.0, so patch all the way back. initdb's copy of the function is broken in the same way, but it's less important there since the input files should never be empty. Patch that in HEAD only, and also fix some cosmetic differences that crept into that copy of the function. Per report from Corry Haines and Jeff Davis. 02 September 2009, 02:41:20 UTC
4c46c3f Bruce Momjian 27 August 2009, 01:27:00 UTC Update release notes for 7.4.26, 8.0.22, 8.1.18, 8.2.14, 8.3.8, 8.4.1. 27 August 2009, 01:27:00 UTC
f735f47 Tom Lane 24 August 2009, 16:18:36 UTC Fix inclusions of readline/editline header files so that we only attempt to #include the version of history.h that is in the same directory as the readline.h we are using. This avoids problems in some scenarios where both readline and editline are installed. Report and patch by Zdenek Kotala. 24 August 2009, 16:18:36 UTC
ed398d1 Tom Lane 18 August 2009, 21:23:42 UTC Fix overflow for INTERVAL 'x ms' where x is more than a couple million, and integer datetimes are in use. Per bug report from Hubert Depesz Lubaczewski. Alex Hunsaker 18 August 2009, 21:23:42 UTC
83108d1 Bruce Momjian 15 August 2009, 20:22:59 UTC Remove tabs from SGML. 15 August 2009, 20:22:59 UTC
076abaf Andrew Dunstan 10 August 2009, 02:39:16 UTC Re-add documentation for --no-readline option of psql, mistakenly removed a decade ago. Backpatch to release 7.4. 10 August 2009, 02:39:16 UTC
0e5dffd Tom Lane 07 August 2009, 20:16:35 UTC Try to defend against the possibility that libpq is still in COPY_IN state when we reach the post-COPY "pump it dry" error recovery code that was added 2006-11-24. Per a report from Neil Best, there is at least one code path in which this occurs, leading to an infinite loop in code that's supposed to be making it more robust not less so. A reasonable response seems to be to call PQputCopyEnd() again, so let's try that. Back-patch to all versions that contain the cleanup loop. 07 August 2009, 20:16:35 UTC
a0381f2 Tom Lane 29 July 2009, 15:57:39 UTC Fix a thinko introduced into CountActiveBackends by a recent patch: we should ignore NULL array entries, not non-NULL ones. This had the effect of disabling commit_delay, and could have caused a crash in the rare race condition the patch was intended to fix. Bug report and diagnosis by Jeff Janes, in bug #4952. 29 July 2009, 15:57:39 UTC
b99751a Tom Lane 10 July 2009, 00:32:23 UTC Fix xslt_process() to ensure that it inserts a NULL terminator after the last pair of parameter name/value strings, even when there are MAXPARAMS of them. Aboriginal bug in contrib/xml2, noted while studying bug #4912 (though I'm not sure whether there's something else involved in that report). This might be thought a security issue, since it's a potential backend crash; but considering that untrustworthy users shouldn't be allowed to get their hands on xslt_process() anyway, it's probably not worth getting excited about. 10 July 2009, 00:32:23 UTC
c36aab4 Heikki Linnakangas 06 July 2009, 19:12:06 UTC Fix ancient bug in handling of to_char modifier 'TH', when used with HH. In what seems like an oversight, we used to treat 'TH' the same as lowercase 'th', but only with HH/HH12. 06 July 2009, 19:12:06 UTC
df97d16 Tom Lane 23 June 2009, 16:25:22 UTC Fix an ancient error in dist_ps (distance from point to line segment), which a number of other geometric operators also depend on. It miscalculated the slope of the perpendicular to the given line segment anytime that slope was other than 0, infinite, or +/-1. In some cases the error would be masked because the true closest point on the line segment was one of its endpoints rather than the intersection point, but in other cases it could give an arbitrarily bad answer. Per bug #4872 from Nick Roosevelt. Bug goes clear back to Berkeley days, so patch all supported branches. Make a couple of cosmetic adjustments while at it. 23 June 2009, 16:25:22 UTC
7c78f14 Tom Lane 11 June 2009, 17:46:01 UTC Update time zone data files to tzdata release 2009i: DST law changes in Bangladesh, Egypt, Jordan, Pakistan. 11 June 2009, 17:46:01 UTC
aeb5537 Peter Eisentraut 10 June 2009, 19:00:37 UTC Improve capitalization and punctuation in recently added GiST message. 10 June 2009, 19:00:37 UTC
a9492ff Tom Lane 10 June 2009, 16:31:49 UTC Fix cash_in() to behave properly in locales where frac_digits is zero, eg Japan. Report and fix by Itagaki Takahiro. Also fix CASHDEBUG printout format for branches with 64-bit money type, and some minor comment cleanup. Back-patch to 7.4, because it's broken all the way back. 10 June 2009, 16:31:49 UTC
b345271 Andrew Dunstan 05 June 2009, 20:32:41 UTC Adjust recent PERL_SYS_INIT3 call to avoid platforms where it might fail, and to remove compilation warning. Backpatch the release 7.4 05 June 2009, 20:32:41 UTC
64a4c69 Andrew Dunstan 04 June 2009, 16:00:49 UTC Initialise perl library as documented in perl API. Backpatch to release 7.4. 04 June 2009, 16:00:49 UTC
18b185c Heikki Linnakangas 19 May 2009, 08:30:24 UTC Update relpages and reltuples estimates in stand-alone ANALYZE, even if there's no analyzable attributes or indexes. We also used to report 0 live and dead tuples for such tables, which messed with autovacuum threshold calculations. This fixes bug #4812 reported by George Su. Backpatch back to 8.1. 19 May 2009, 08:30:24 UTC
5379bf7 Tom Lane 03 May 2009, 23:13:56 UTC Fix pg_resetxlog to remove archive status files along with WAL segment files. Fujii Masao 03 May 2009, 23:13:56 UTC
f8d10e5 Tom Lane 02 May 2009, 20:17:57 UTC Split the release notes into a separate file for each (active) major branch, as per my recent proposal. release.sgml itself is now just a stub that should change rarely; ideally, only once per major release to add a new include line. Most editing work will occur in the release-N.N.sgml files. To update a back branch for a minor release, just copy the appropriate release-N.N.sgml file(s) into the back branch. This commit doesn't change the end-product documentation at all, only the source layout. However, it makes it easy to start omitting ancient information from newer branches' documentation, should we ever decide to do that. 02 May 2009, 20:17:57 UTC
d2d9bd0 Tom Lane 01 May 2009, 19:29:27 UTC When checking for datetime field overflow, we should allow a fractional-second part that rounds up to exactly 1.0 second. The previous coding rejected input like "00:12:57.9999999999999999999999999999", with the exact number of nines needed to cause failure varying depending on float-timestamp option and possibly on platform. Obviously this should round up to the next integral second, if we don't have enough precision to distinguish the value from that. Per bug #4789 from Robert Kruus. In passing, fix a missed check for fractional seconds in one copy of the "is it greater than 24:00:00" code. Broken all the way back, so patch all the way back. 01 May 2009, 19:29:27 UTC
3204d56 Tom Lane 25 April 2009, 16:45:19 UTC Fix the handling of sub-SELECTs appearing in the arguments of an outer-level aggregate function. By definition, such a sub-SELECT cannot reference any variables of query levels between itself and the aggregate's semantic level (else the aggregate would've been assigned to that lower level instead). So the correct, most efficient implementation is to treat the sub-SELECT as being a sub-select of that outer query level, not the level the aggregate syntactically appears in. Not doing so also confuses the heck out of our parameter-passing logic, as illustrated in bug report from Daniel Grace. Fortunately, we were already copying the whole Aggref expression up to the outer query level, so all that's needed is to delay SS_process_sublinks processing of the sub-SELECT until control returns to the outer level. This has been broken since we introduced spec-compliant treatment of outer aggregates in 7.4; so patch all the way back. 25 April 2009, 16:45:19 UTC
7c43408 Bruce Momjian 25 April 2009, 15:53:42 UTC Remove HELIOS Software GmbH name and copyright from AIX dynloader files, per approval from Helmut Tschemernjak, President. Only back branches; files removed from CVS HEAD. 25 April 2009, 15:53:42 UTC
e0ec95d Magnus Hagander 15 April 2009, 18:58:30 UTC Remove beer-ware license from crypt-md5.c, per approval from Poul-Henning Kamp. This makes the file the same standard 2-clause BSD as the rest of PostgreSQL. 15 April 2009, 18:58:30 UTC
c549ca9 Tom Lane 09 April 2009, 20:51:04 UTC Update time zone data files to tzdata release 2009e: DST law changes in Argentina/San_Luis, Cuba, Jordan (historical correction only), Morocco, Palestine, Syria, Tunisia. 09 April 2009, 20:51:04 UTC
00a0df5 Teodor Sigaev 07 April 2009, 17:46:37 UTC Fix 'all at one page bug' in picksplit method of R-tree emulation. Add defense from buggy user-defined picksplit to GiST. 07 April 2009, 17:46:37 UTC
5525d26 Tom Lane 07 April 2009, 15:54:16 UTC Defend against non-ASCII letters in fuzzystrmatch code. The functions still don't behave very sanely for multibyte encodings, but at least they won't be indexing off the ends of static arrays. 07 April 2009, 15:54:16 UTC
bb11b0e Tom Lane 04 April 2009, 04:53:51 UTC Rewrite interval_hash() so that the hashcodes are equal for values that interval_eq() considers equal. I'm not sure how that fundamental requirement escaped us through multiple revisions of this hash function, but there it is; it's been wrong since interval_hash was first written for PG 7.1. Per bug #4748 from Roman Kononov. Backpatch to all supported releases. This patch changes the contents of hash indexes for interval columns. That's no particular problem for PG 8.4, since we've broken on-disk compatibility of hash indexes already; but it will require a migration warning note in the next minor releases of all existing branches: "if you have any hash indexes on columns of type interval, REINDEX them after updating". 04 April 2009, 04:53:51 UTC
af4ebb2 Tom Lane 31 March 2009, 22:56:05 UTC Fix contrib/pgstattuple and contrib/pageinspect to prevent attempts to read temporary tables of other sessions; that is unsafe because of the way our buffer management works. Per report from Stuart Bishop. This is redundant with the bufmgr.c checks in HEAD, but not at all redundant in the back branches. 31 March 2009, 22:56:05 UTC
7daa32d Magnus Hagander 31 March 2009, 18:58:26 UTC Don't crash initdb when we fail to get the current username. Give an error message and exit instead, like we do elsewhere... Per report from Wez Furlong and Robert Treat. 31 March 2009, 18:58:26 UTC
199d8bb Heikki Linnakangas 31 March 2009, 05:18:47 UTC Fix a rare race condition when commit_siblings > 0 and a transaction commits at the same instant as a new backend is spawned. Since CountActiveBackends() doesn't hold ProcArrayLock, it needs to be prepared for the case that a pointer at the end of the proc array is still NULL even though numProcs says it should be valid, since it doesn't hold ProcArrayLock. Backpatch to 8.1. 8.0 and earlier had this right, but it was broken in the split of PGPROC and sinval shared memory arrays. Per report and proposal by Marko Kreen. 31 March 2009, 05:18:47 UTC
a6ecfd4 Heikki Linnakangas 27 March 2009, 14:59:46 UTC Fix tab completion of ANALYZE VERBOSE <tab>. It was previously confused with EXPLAIN ANALYZE VERBOSE. Greg Sabino Mullane, reformatted by myself. Backpatch to 8.1, where the bug was introduced. 27 March 2009, 14:59:46 UTC
8f332cf Tom Lane 25 March 2009, 15:03:30 UTC Fix old thinko in pgp.h: the idea is to declare some named enum types, not global variables of anonymous enum types. This didn't actually hurt much because most linkers will just merge the duplicated definitions ... but some will complain. Per bug #4731 from Ceriel Jacobs. Backpatch to 8.1 --- the declarations don't exist before that. 25 March 2009, 15:03:30 UTC
023c537 Marc G. Fournier 13 March 2009, 02:22:05 UTC tag 8.1.17 13 March 2009, 02:22:05 UTC
05940d3 Tom Lane 12 March 2009, 22:36:20 UTC Update back-branch release notes. 12 March 2009, 22:36:20 UTC
6578c68 Tom Lane 12 March 2009, 00:53:48 UTC Fix core dump due to null-pointer dereference in to_char() when datetime format codes are misapplied to a numeric argument. (The code still produces a pretty bogus error message in such cases, but I'll settle for stopping the crash for now.) Per bug #4700 from Sergey Burladyan. Problem exists in all supported branches, so patch all the way back. In HEAD, also clean up some ugly coding in the nearby cache management code. 12 March 2009, 00:53:48 UTC
2723d92 Heikki Linnakangas 05 March 2009, 14:28:52 UTC Add MUST (Mauritius Island Summer Time) to the list of known abbreviations. Mauritius began using DST in the summer 2008-2009; the Olson library has been updated already. Xavier Bugaud 05 March 2009, 14:28:52 UTC
9a8644a Tom Lane 04 March 2009, 22:08:40 UTC Put back our old workaround for machines that declare cbrt() in math.h but fail to provide the function itself. Not sure how we escaped testing anything later than 7.3 on such cases, but they still exist, as per André Volpato's report about AIX 5.3. 04 March 2009, 22:08:40 UTC
38da220 Tom Lane 03 March 2009, 00:17:29 UTC Ooops ... fix some confusion between gettext() and _() in my previous patch. This has moved around in past releases, so just copying-and-pasting from HEAD didn't work as intended. 03 March 2009, 00:17:29 UTC
010953d Tom Lane 02 March 2009, 21:19:05 UTC When we are in error recursion trouble, arrange to suppress translation and encoding conversion of any elog/ereport message being sent to the frontend. This generalizes a patch that I put in last October, which suppressed translation of only specific messages known to be associated with recursive can't-translate-the-message behavior. As shown in bug #4680, we need a more general answer in order to have some hope of coping with broken encoding conversion setups. This approach seems a good deal less klugy anyway. Patch in all supported branches. 02 March 2009, 21:19:05 UTC
38a0507 Tom Lane 28 February 2009, 18:50:08 UTC Fix buffer allocations in encoding conversion routines so that they won't fail on zero-length inputs. This isn't an issue in normal use because the conversion infrastructure skips calling the converters for empty strings. However a problem was created by yesterday's patch to check whether the right conversion function is supplied in CREATE CONVERSION. The most future-proof fix seems to be to make the converters safe for this corner case. 28 February 2009, 18:50:08 UTC
c2ffb26 Heikki Linnakangas 27 February 2009, 16:35:42 UTC In CREATE CONVERSION, test that the given function is a valid conversion function for the specified source and destination encodings. We do that by calling the function with an empty string. If it can't perform the requested conversion, it will throw an error. Backport to 7.4 - 8.3. Per bug report #4680 by Denis Afonin. 27 February 2009, 16:35:42 UTC
1a5b7b0 Heikki Linnakangas 27 February 2009, 10:27:53 UTC Set isnull for errm and sqlstate local variables when they're free'd. Because they are out of scope for any code after that anyway, leaving isnull true should be harmless. However, PL/pgSQL Debugger doesn't seem to care about the scoping and crashed, per report by Robert Walker (bug #4635). And it's good to be tidy for debugging purposes too. Fix in 8.3, 8.2 and 8.1 branches, CVS HEAD was fixed earlier already. Analysis and fix by Ashesh Vashi and Dave Page. 27 February 2009, 10:27:53 UTC
f970cc9 Tom Lane 25 February 2009, 18:00:22 UTC Fix an old problem in decompilation of CASE constructs: the ruleutils.c code looks for a CaseTestExpr to figure out what the parser did, but it failed to consider the possibility that an implicit coercion might be inserted above the CaseTestExpr. This could result in an Assert failure in some cases (but correct results if Asserts weren't enabled), or an "unexpected CASE WHEN clause" error in other cases. Per report from Alan Li. Back-patch to 8.1; problem doesn't exist before that because CASE was implemented differently. 25 February 2009, 18:00:22 UTC
ebce90a Tom Lane 24 February 2009, 01:39:10 UTC Repair a longstanding bug in CLUSTER and the rewriting variants of ALTER TABLE: if the command is executed by someone other than the table owner (eg, a superuser) and the table has a toast table, the toast table's pg_type row ends up with the wrong typowner, ie, the command issuer not the table owner. This is quite harmless for most purposes, since no interesting permissions checks consult the pg_type row. However, it could lead to unexpected failures if one later tries to drop the role that issued the command (in 8.1 or 8.2), or strange warnings from pg_dump afterwards (in 8.3 and up, which will allow the DROP ROLE because we don't create a "redundant" owner dependency for table rowtypes). Problem identified by Cott Lang. Back-patch to 8.1. The problem is actually far older --- the CLUSTER variant can be demonstrated in 7.0 --- but it's mostly cosmetic before 8.1 because we didn't track ownership dependencies before 8.1. Also, fixing it before 8.1 would require changing the call signature of heap_create_with_catalog(), which seems to carry a nontrivial risk of breaking add-on modules. 24 February 2009, 01:39:10 UTC
55a19fa Marc G. Fournier 30 January 2009, 03:18:18 UTC tagging 8.1.16 30 January 2009, 03:18:18 UTC
998a372 Tom Lane 30 January 2009, 00:38:02 UTC Update back-branch release notes. 30 January 2009, 00:38:02 UTC
8403e19 Peter Eisentraut 29 January 2009, 22:05:39 UTC Translation updates 29 January 2009, 22:05:39 UTC
16c8250 Tom Lane 29 January 2009, 20:00:24 UTC Update time zone data files to tzdata release 2009a: introduces Asia/Kathmandu as the preferred spelling of that zone name, corrects historical DST information for Switzerland and Cuba. 29 January 2009, 20:00:24 UTC
7eed9ca Tom Lane 29 January 2009, 19:24:37 UTC Replace argument-checking Asserts with regular test-and-elog checks in all encoding conversion functions. These are not can't-happen cases because it's possible to create a conversion with the wrong conversion function for the specified encoding pair. That would lead to an Assert crash in an Assert-enabled build, or incorrect conversion otherwise, neither of which is desirable. This would be a DOS issue if production databases were customarily built with asserts enabled, but fortunately that's not so. Per an observation by Heikki. Back-patch to all supported branches. 29 January 2009, 19:24:37 UTC
53759b0 Magnus Hagander 28 January 2009, 15:06:53 UTC Go over all OpenSSL return values and make sure we compare them to the documented API value. The previous code got it right as it's implemented, but accepted too much/too little compared to the API documentation. Per comment from Zdenek Kotala. 28 January 2009, 15:06:53 UTC
74f933a Alvaro Herrera 20 January 2009, 12:17:29 UTC Fix erroneous memory context switch in autovacuum, which was returning to a context long after it had been destroyed. Per problem report from Justin Pasher. Patch by Tom Lane and me. 8.3 and later do not have this bug, because this code has been restructured for unrelated reasons. In 8.2 it does not manifest as a crash, but it still seems safer fixing it nonetheless. 20 January 2009, 12:17:29 UTC
8bdcdd2 Teodor Sigaev 16 January 2009, 12:08:13 UTC Fix uninitialized variables in get_covers 16 January 2009, 12:08:13 UTC
c3bf525 Teodor Sigaev 16 January 2009, 12:06:35 UTC Sync output of tsearch2 regression test 16 January 2009, 12:06:35 UTC
ff25ee0 Teodor Sigaev 15 January 2009, 18:05:04 UTC Fix generation of too long headline with ShortWords. Per http://archives.postgresql.org/pgsql-hackers/2008-09/msg01088.php 15 January 2009, 18:05:04 UTC
a828324 Teodor Sigaev 15 January 2009, 18:04:42 UTC Fix URL generation in headline. Only tag lexeme will be replaced by space. Per http://archives.postgresql.org/pgsql-bugs/2008-12/msg00013.php 15 January 2009, 18:04:42 UTC
076b64f Bruce Momjian 09 January 2009, 01:46:35 UTC Update release notes for 8.3.5, 8.2.11, and 8.1.15 to mention the need to reindex GiST indexes: If you were running a previous 8.X.X release, REINDEX all GiST indexes after the upgrade. 09 January 2009, 01:46:35 UTC
943b6b8 Tom Lane 06 January 2009, 17:27:50 UTC Remove references to pgsql-ports and pgsql-patches mailing lists from various documentation, since those lists are now dead/deprecated. Point to pgsql-bugs and/or pgsql-hackers as appropriate. 06 January 2009, 17:27:50 UTC
fcd3890 Heikki Linnakangas 06 January 2009, 14:55:56 UTC Fix logic in lazy vacuum to decide if it's worth trying to truncate the heap. If the table was smaller than REL_TRUNCATE_FRACTION (= 16) pages, we always tried to acquire AccessExclusiveLock on it even if there was no empty pages at the end. Report by Simon Riggs. Back-patch all the way to 7.4. 06 January 2009, 14:55:56 UTC
b27de22 Tom Lane 01 December 2008, 17:06:41 UTC Ensure that the contents of a holdable cursor don't depend on out-of-line toasted values, since those could get dropped once the cursor's transaction is over. Per bug #4553 from Andrew Gierth. Back-patch as far as 8.1. The bug actually exists back to 7.4 when holdable cursors were introduced, but this patch won't work before 8.1 without significant adjustments. Given the lack of field complaints, it doesn't seem worth the work (and risk of introducing new bugs) to try to make a patch for the older branches. 01 December 2008, 17:06:41 UTC
d7d81aa Tom Lane 12 November 2008, 23:08:55 UTC In predtest.c, install a limit on the number of branches we will process in AND, OR, or equivalent clauses: if there are too many (more than 100) just exit without proving anything. This ensures that we don't spend O(N^2) time trying (and most likely failing) to prove anything about very long IN lists and similar cases. Also, install a couple of CHECK_FOR_INTERRUPTS calls to ensure that a long proof attempt can be interrupted. Per gripe from Sergey Konoplev. Back-patch the whole patch to 8.2 and just the CHECK_FOR_INTERRUPTS addition to 8.1. (The rest of the patch doesn't apply cleanly, and since 8.1 doesn't show the complained-of behavior anyway, it doesn't seem necessary to work hard on it.) 12 November 2008, 23:08:55 UTC
e820678 Andrew Dunstan 12 November 2008, 00:01:17 UTC Detect and error out on inability to get proper linkage information required for plperl, usually due to absence of perl ExtUtils::Embed module. Backpatch as far as 8.1. 12 November 2008, 00:01:17 UTC
d8ca7ff Marc G. Fournier 31 October 2008, 02:49:03 UTC tag 8.1.15 31 October 2008, 02:49:03 UTC
09df79e Tom Lane 30 October 2008, 22:23:11 UTC Update back-branch release notes. 30 October 2008, 22:23:11 UTC
7266a78 Peter Eisentraut 30 October 2008, 19:23:08 UTC Translation updates 30 October 2008, 19:23:08 UTC
11b6ddd Tom Lane 30 October 2008, 13:17:16 UTC Update time zone data files to tzdata release 2008i (DST law changes in Argentina, Brazil, Mauritius, Syria). 30 October 2008, 13:17:16 UTC
b0a29b6 Peter Eisentraut 30 October 2008, 12:24:19 UTC Missing space in error message 30 October 2008, 12:24:19 UTC
1b0c30f Tom Lane 27 October 2008, 19:37:42 UTC Install a more robust solution for the problem of infinite error-processing recursion when we are unable to convert a localized error message to the client's encoding. We've been over this ground before, but as reported by Ibrar Ahmed, it still didn't work in the case of conversion failures for the conversion-failure message itself :-(. Fix by installing a "circuit breaker" that disables attempts to localize this message once we get into recursion trouble. Patch all supported branches, because it is in fact broken in all of them; though I had to add some missing translations to the older branches in order to expose the failure in the particular test case I was using. 27 October 2008, 19:37:42 UTC
f4d4bc8 Tom Lane 25 October 2008, 03:32:58 UTC Fix an old bug in after-trigger handling: AfterTriggerEndQuery took the address of afterTriggers->query_stack[afterTriggers->query_depth] and hung onto it through all its firings of triggers. However, if a trigger causes sufficiently many nested query executions, query_stack will get repalloc'd bigger, leaving AfterTriggerEndQuery --- and hence afterTriggerInvokeEvents --- using a stale pointer. So far as I can find, the only consequence of this error is to stomp on a couple of words of already-freed memory; which would lead to a failure only if that chunk had already gotten re-allocated for something else. So it's hard to exhibit a simple failure case, but this is surely a bug. I noticed this while working on my recent patch to reduce pending-trigger space usage. The present patch is mighty ugly, because it requires making afterTriggerInvokeEvents know about all the possible event lists it might get called on. Fortunately, this is only needed in back branches because CVS HEAD avoids the problem in a different way: afterTriggerInvokeEvents only touches the passed AfterTriggerEventList pointer once at startup. Back branches are stable enough that wiring in knowledge of all possible call usages doesn't seem like a killer problem. Back-patch to 8.0. 7.4's trigger code is completely different and doesn't seem to have the problem (it doesn't even use repalloc). 25 October 2008, 03:32:58 UTC
b5f5c89 Teodor Sigaev 22 October 2008, 12:56:25 UTC Fix GiST's killing tuple: GISTScanOpaque->curpos wasn't correctly set. As result, killtuple() marks as dead wrong tuple on page. Bug was introduced by me while fixing possible duplicates during GiST index scan. 22 October 2008, 12:56:25 UTC
feb4596 Teodor Sigaev 17 October 2008, 17:41:16 UTC Fix small bug in headline generation. Patch from Sushant Sinha <sushant354@gmail.com> http://archives.postgresql.org/pgsql-hackers/2008-07/msg00785.php 17 October 2008, 17:41:16 UTC
95402c3 Tom Lane 16 October 2008, 13:23:41 UTC Fix SPI_getvalue and SPI_getbinval to range-check the given attribute number according to the TupleDesc's natts, not the number of physical columns in the tuple. The previous coding would do the wrong thing in cases where natts is different from the tuple's column count: either incorrectly report error when it should just treat the column as null, or actually crash due to indexing off the end of the TupleDesc's attribute array. (The second case is probably not possible in modern PG versions, due to more careful handling of inheritance cases than we once had. But it's still a clear lack of robustness here.) The incorrect error indication is ignored by all callers within the core PG distribution, so this bug has no symptoms visible within the core code, but it might well be an issue for add-on packages. So patch all the way back. 16 October 2008, 13:23:41 UTC
3b25d16 Tom Lane 10 October 2008, 21:46:56 UTC Fix COPY documentation to not imply that HEADER can be used outside CSV mode. Per gripe from Bill Thoen. 10 October 2008, 21:46:56 UTC
77aa915 Michael Meskes 10 October 2008, 12:19:32 UTC Optional arguments should be optional. 10 October 2008, 12:19:32 UTC
3e5ed16 Tom Lane 09 October 2008, 16:35:25 UTC Fix overly tense optimization of PLpgSQL_func_hashkey: we must represent the isTrigger state explicitly, not rely on nonzero-ness of trigrelOid to indicate trigger-hood, because trigrelOid will be left zero when compiling for validation. The (useless) function hash entry built by the validator was able to match an ordinary non-trigger call later in the same session, thereby bypassing the check that is supposed to prevent such a call. Per report from Alvaro. It might be worth suppressing the useless hash entry altogether, but that's a bigger change than I want to consider back-patching. Back-patch to 8.0. 7.4 doesn't have the problem because it doesn't have validation mode. 09 October 2008, 16:35:25 UTC
1abe8ea Heikki Linnakangas 07 October 2008, 11:16:01 UTC When a relation is moved to another tablespace, we can't assume that we can use the old relfilenode in the new tablespace. There might be another relation in the new tablespace with the same relfilenode, so we must generate a fresh relfilenode in the new tablespace. The 8.3 patch to let deleted relation files linger as zero-length files until the next checkpoint made this more obvious: moving a relation from one table space another, and then back again, caused a collision with the lingering file. Back-patch to 8.1. The issue is present in 8.0 as well, but it doesn't seem worth fixing there, because we didn't have protection from OID collisions after OID wraparound before 8.1. Report by Guillaume Lelarge. 07 October 2008, 11:16:01 UTC
back to top