| c302ed9 | Marc G. Fournier | 14 May 2010, 03:20:06 UTC | tag 8.4.4 | 14 May 2010, 03:20:06 UTC |
| 5328277 | Andrew Dunstan | 13 May 2010, 21:33:55 UTC | Fix MSVC builds for recent plperl changes. Go back to version 8.2, which is where we started supporting MSVC builds. Security: CVE-2010-1169 | 13 May 2010, 21:33:55 UTC |
| 9d4e01c | Tom Lane | 13 May 2010, 21:27:08 UTC | Update release notes with security issues. Security: CVE-2010-1169, CVE-2010-1170 | 13 May 2010, 21:27:08 UTC |
| 0554358 | Tom Lane | 13 May 2010, 19:16:21 UTC | Use an entity instead of non-ASCII letter. Thom Brown | 13 May 2010, 19:16:21 UTC |
| 099aff0 | Tom Lane | 13 May 2010, 18:54:23 UTC | Use "TOAST table" in place of the vague, not-used-elsewhere phrase "supplementary storage table". | 13 May 2010, 18:54:23 UTC |
| a5389c1 | Tom Lane | 13 May 2010, 18:29:19 UTC | Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless that is a regular table or view owned by a superuser. This prevents a trojan horse attack whereby any unprivileged SQL user could create such a table and insert code into it that would then get executed in other users' sessions whenever they call pltcl functions. Worse yet, because the code was automatically loaded into both the "normal" and "safe" interpreters at first use, the attacker could execute unrestricted Tcl code in the "normal" interpreter without there being any pltclu functions anywhere, or indeed anyone else using pltcl at all: installing pltcl is sufficient to open the hole. Change the initialization logic so that the "unknown" code is only loaded into an interpreter when the interpreter is first really used. (That doesn't add any additional security in this particular context, but it seems a prudent change, and anyway the former behavior violated the principle of least astonishment.) Security: CVE-2010-1170 | 13 May 2010, 18:29:19 UTC |
| bfdfc4e | Andrew Dunstan | 13 May 2010, 16:40:36 UTC | Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is fundamentally insecure. Instead apply an opmask to the whole interpreter that imposes restrictions on unsafe operations. These restrictions are much harder to subvert than is Safe.pm, since there is no container to be broken out of. Backported to release 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of the two interpreters model for plperl and plperlu adopted in release 8.2. In versions 8.0 and up, the use of Perl's POSIX module to undo its locale mangling on Windows has become insecure with these changes, so it is replaced by our own routine, which is also faster. Nice side effects of the changes include that it is now possible to use perl's "strict" pragma in a natural way in plperl, and that perl's $a and $b variables now work as expected in sort routines, and that function compilation is significantly faster. Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and Alexey Klyukin. Security: CVE-2010-1169 | 13 May 2010, 16:40:36 UTC |
| 08c3330 | Magnus Hagander | 13 May 2010, 14:16:58 UTC | Fix some spelling errors. Thom Brown | 13 May 2010, 14:16:58 UTC |
| df17169 | Peter Eisentraut | 13 May 2010, 10:50:20 UTC | Translation update | 13 May 2010, 10:50:20 UTC |
| a4da7e2 | Tom Lane | 12 May 2010, 23:27:26 UTC | Preliminary release notes for releases 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25, 7.4.29. | 12 May 2010, 23:27:26 UTC |
| 48b7151 | Tom Lane | 11 May 2010, 23:01:33 UTC | Update time zone data files to tzdata release 2010j: DST law changes in Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia. Historical corrections for Taiwan. | 11 May 2010, 23:01:33 UTC |
| fa3d0dd | Tom Lane | 11 May 2010, 22:36:58 UTC | Add PKST to the default set of timezone abbreviations. Per discussion, if we have PKT in there then PKST should be too. Also, fix mistaken claim that these abbrevs are not known to zic. | 11 May 2010, 22:36:58 UTC |
| f6f3286 | Tom Lane | 11 May 2010, 16:42:33 UTC | Cause the archiver process to adopt new postgresql.conf settings (particularly archive_command) as soon as possible, namely just before issuing a new call of archive_command, even when there is a backlog of files to be archived. The original coding would only absorb new settings after clearing the backlog and returning to the outer loop. Per discussion. Back-patch to 8.3. The logic in prior versions is a bit different and it doesn't seem worth taking any risks of breaking it. | 11 May 2010, 16:42:33 UTC |
| 871a608 | Itagaki Takahiro | 11 May 2010, 04:56:37 UTC | Set per-function GUC settings during validating the function. Now validators work properly even when the settings contain parameters that affect behavior of the function, like search_path. Reported by Erwin Brandstetter. | 11 May 2010, 04:56:37 UTC |
| e0ed3d2 | Tom Lane | 09 May 2010, 18:17:52 UTC | Suppress signed-vs-unsigned-char warning. | 09 May 2010, 18:17:52 UTC |
| 191c52a | Tom Lane | 08 May 2010, 16:40:03 UTC | Work around a subtle portability problem in use of printf %s format. Depending on which spec you read, field widths and precisions in %s may be counted either in bytes or characters. Our code was assuming bytes, which is wrong at least for glibc's implementation, and in any case libc might have a different idea of the prevailing encoding than we do. Hence, for portable results we must avoid using anything more complex than just "%s" unless the string to be printed is known to be all-ASCII. This patch fixes the cases I could find, including the psql formatting failure reported by Hernan Gonzalez. In HEAD only, I also added comments to some places where it appears safe to continue using "%.*s". | 08 May 2010, 16:40:03 UTC |
| aa4a0e6 | Michael Meskes | 07 May 2010, 19:38:17 UTC | ECPG connect routine only checked for NULL to find empty parameters, but user and password can also be "". | 07 May 2010, 19:38:17 UTC |
| 25c1396 | Tom Lane | 05 May 2010, 22:19:05 UTC | Fix psql to not go into infinite recursion when expanding a variable that refers to itself (directly or indirectly). Instead, print a message when recursion is detected, and don't expand the repeated reference. Per bug #5448 from Francis Markham. Back-patch to 8.0. Although the issue exists in 7.4 as well, it seems impractical to fix there because of the lack of any state stack that could be used to track active expansions. | 05 May 2010, 22:19:05 UTC |
| e761afa | Heikki Linnakangas | 05 May 2010, 15:13:25 UTC | Fix incorrect parameter tag in docs, spotted by KOIZUMI Satoru. | 05 May 2010, 15:13:25 UTC |
| 62938d6 | Tom Lane | 02 May 2010, 22:28:11 UTC | Fix replay of XLOG_HEAP_NEWPAGE WAL records to pay attention to the forknum field of the WAL record. The previous coding always wrote to the main fork, resulting in data corruption if the page was meant to go into a non-default fork. At present, the only operation that can produce such WAL records is ALTER TABLE/INDEX SET TABLESPACE when executed with archive_mode = on. Data corruption would be observed on standby slaves, and could occur on the master as well if a database crash and recovery occurred after committing the ALTER and before the next checkpoint. Per report from Gordon Shannon. Back-patch to 8.4; the problem doesn't exist in earlier branches because we didn't have a concept of multiple relation forks then. | 02 May 2010, 22:28:11 UTC |
| 3d94d77 | Tom Lane | 01 May 2010, 22:46:36 UTC | Add code to InternalIpcMemoryCreate() to handle the case where shmget() returns EINVAL for an existing shared memory segment. Although it's not terribly sensible, that behavior does meet the POSIX spec because EINVAL is the appropriate error code when the existing segment is smaller than the requested size, and the spec explicitly disclaims any particular ordering of error checks. Moreover, it does in fact happen on OS X and probably other BSD-derived kernels. (We were able to talk NetBSD into changing their code, but purging that behavior from the wild completely seems unlikely to happen.) We need to distinguish collision with a pre-existing segment from invalid size request in order to behave sensibly, so it's worth some extra code here to get it right. Per report from Gavin Kistner and subsequent investigation. Back-patch to all supported versions, since any of them could get used with a kernel having the debatable behavior. | 01 May 2010, 22:46:36 UTC |
| b814c65 | Tom Lane | 30 April 2010, 19:15:51 UTC | Fix multiple memory leaks in PLy_spi_execute_fetch_result: it would leak memory if the result had zero rows, and also if there was any sort of error while converting the result tuples into Python data. Reported and partially fixed by Andres Freund. Back-patch to all supported versions. Note: I haven't tested the 7.4 fix. 7.4's configure check for python is so obsolete it doesn't work on my current machines :-(. The logic change is pretty straightforward though. | 30 April 2010, 19:15:51 UTC |
| a696df1 | Robert Haas | 18 April 2010, 23:59:55 UTC | Provide better guidance for adjusting shared_buffers. This change was previously committed to HEAD, but the consensus seems to be in favor of back-patching it. I'm only backpatching as far as 8.3.X, however, because it's not clear to me to what degree this advice applies to older branches, and in any case our first advice to anyone attempting to tune those versions is likely to be "upgrade". | 18 April 2010, 23:59:55 UTC |
| b2bc12a | Heikki Linnakangas | 16 April 2010, 09:51:54 UTC | On Windows, syslogger runs in two threads. The main thread processes config reload and rotation signals, and a helper thread reads messages from the pipe and writes them to the log file. However, server code isn't generally thread-safe, so if both try to do e.g palloc()/pfree() at the same time, bad things will happen. To fix that, use a critical section (which is like a mutex) to enforce that only one the threads are active at a time. | 16 April 2010, 09:51:54 UTC |
| 9df6127 | Tom Lane | 15 April 2010, 21:05:11 UTC | Fix psql's \copy to not insert spaces around dots and commas in the text of the SELECT query in \copy (SELECT ...) commands. This is unnecessary and breaks numeric literals, as seen in bug #5411 from Vitalii Tymchyshyn. This change has already been made in passing in HEAD; backpatch to 8.2 through 8.4 (earlier releases don't have COPY (SELECT ...) at all). | 15 April 2010, 21:05:11 UTC |
| b6953bc | Peter Eisentraut | 15 April 2010, 20:47:47 UTC | IP port -> TCP port backpatched to 8.1, where this first appeared | 15 April 2010, 20:47:47 UTC |
| acbee0e | Tom Lane | 14 April 2010, 23:52:16 UTC | Fix plpgsql's exec_eval_expr() to ensure it returns a sane type OID even when the expression is a query that returns no rows. So far as I can tell, the only caller that actually fails when a garbage OID is returned is exec_stmt_case(), which is new in 8.4 --- in all other cases, we might make a useless trip through casting logic, but we won't fail since the isnull flag will be set. Hence, backpatch only to 8.4, just in case there are apps out there that aren't expecting an error to be thrown if the query returns more or less than one column. (Which seems unlikely, since the error would be thrown if the query ever did return a row; but it's possible there's some never-exercised code out there.) Per report from Mario Splivalo. | 14 April 2010, 23:52:16 UTC |
| b090207 | Tom Lane | 14 April 2010, 21:31:20 UTC | Fix a problem introduced by my patch of 2010-01-12 that revised the way relcache reload works. In the patched code, a relcache entry in process of being rebuilt doesn't get unhooked from the relcache hash table; which means that if a cache flush occurs due to sinval queue overrun while we're rebuilding it, the entry could get blown away by RelationCacheInvalidate, resulting in crash or misbehavior. Fix by ensuring that an entry being rebuilt has positive refcount, so it won't be seen as a target for removal if a cache flush occurs. (This will mean that the entry gets rebuilt twice in such a scenario, but that's okay.) It appears that the problem can only arise within a transaction that has previously reassigned the relfilenode of a pre-existing table, via TRUNCATE or a similar operation. Per bug #5412 from Rusty Conover. Back-patch to 8.2, same as the patch that introduced the problem. I think that the failure can't actually occur in 8.2, since it lacks the rd_newRelfilenodeSubid optimization, but let's make it work like the later branches anyway. Patch by Heikki, slightly editorialized on by me. | 14 April 2010, 21:31:20 UTC |
| 0e1acba | Magnus Hagander | 09 April 2010, 11:50:03 UTC | Clean up inconsistent commas | 09 April 2010, 11:50:03 UTC |
| 2896cbd | Magnus Hagander | 09 April 2010, 11:46:12 UTC | Update list of Windows timezones we try to match localized names against to one that's up to date with Windows 2003R2. | 09 April 2010, 11:46:12 UTC |
| f93f913 | Magnus Hagander | 08 April 2010, 11:26:06 UTC | Proceed to look for the next timezone when matching a localized Windows timezone name where the information in the registry is incomplete, instead of aborting. This fixes cases when the registry information is incomplete for a timezone that is alphabetically before the one that is in use. Per report from Alexander Forschner | 08 April 2010, 11:26:06 UTC |
| 547e636 | Magnus Hagander | 06 April 2010, 20:35:17 UTC | Log the actual timezone name that we fail to look up the values for in case the registry data doesn't follow the format we expect, to facilitate debugging. | 06 April 2010, 20:35:17 UTC |
| e440412 | Andrew Dunstan | 03 April 2010, 17:53:55 UTC | Sync perl's ppport.h on all branches back to 7.4 with recent update on HEAD, ensuring we can build older branches with modern Perl installations. | 03 April 2010, 17:53:55 UTC |
| 0926c76 | Tom Lane | 02 April 2010, 16:16:57 UTC | Ensure that contrib/pgstattuple functions respond to cancel interrupts reasonably promptly, by adding CHECK_FOR_INTERRUPTS in the per-page loops. Tatsuhito Kasahara | 02 April 2010, 16:16:57 UTC |
| b0a3d7e | Heikki Linnakangas | 01 April 2010, 20:12:28 UTC | Don't pass an invalid file handle to dup2(). That causes a crash on Windows, thanks to a feature in CRT called Parameter Validation. Backpatch to 8.2, which is the oldest version supported on Windows. In 8.2 and 8.3 also backpatch the earlier change to use DEVNULL instead of NULL_DEV #define for a /dev/null-like device. NULL_DEV was hard-coded to "/dev/null" regardless of platform, which didn't work on Windows, while DEVNULL works on all platforms. Restarting syslogger didn't work on Windows on versions 8.3 and below because of that. | 01 April 2010, 20:12:28 UTC |
| 9b69647 | Tom Lane | 30 March 2010, 21:58:18 UTC | Fix "constraint_exclusion = partition" logic so that it will also attempt constraint exclusion on an inheritance set that is the target of an UPDATE or DELETE query. Per gripe from Marc Cousin. Back-patch to 8.4 where the feature was introduced. | 30 March 2010, 21:58:18 UTC |
| 3c6dc48 | Tom Lane | 25 March 2010, 15:50:15 UTC | Fix ginint4_queryextract() to actually do what it was intended to do for an unsatisfiable query, such as indexcol && empty_array. It should return -1 to tell GIN no scan is required; but silly typo disabled the logic for that, resulting in unnecessary "GIN indexes do not support whole-index scans" error. Per bug report from Jeff Trout. Back-patch to 8.3 where the logic was introduced. | 25 March 2010, 15:50:15 UTC |
| 08729b4 | Alvaro Herrera | 25 March 2010, 14:44:51 UTC | Prevent ALTER USER f RESET ALL from removing the settings that were put there by a superuser -- "ALTER USER f RESET setting" already disallows removing such a setting. Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database owner that's not superuser. | 25 March 2010, 14:44:51 UTC |
| 505efe9 | Tom Lane | 24 March 2010, 17:05:51 UTC | Fix thinko in log message for "sameuser" ident map mismatch: the provided and authenticated usernames were swapped. Reported by Bryan Henderson in bug #5386. Also clean up poorly-maintained header comment for this function. | 24 March 2010, 17:05:51 UTC |
| e679564 | Tom Lane | 20 March 2010, 00:58:14 UTC | Clear error_context_stack and debug_query_string at the beginning of proc_exit, so that we won't try to attach any context printouts to messages that get emitted while exiting. Per report from Dennis Koegel, the context functions won't necessarily work after we've started shutting down the backend, and it seems possible that debug_query_string could be pointing at freed storage as well. The context information doesn't seem particularly relevant to such messages anyway, so there's little lost by suppressing it. Back-patch to all supported branches. I can only demonstrate a crash with log_disconnections messages back to 8.1, but the risk seems real in 8.0 and before anyway. | 20 March 2010, 00:58:14 UTC |
| f870ab0 | Tom Lane | 19 March 2010, 22:54:49 UTC | Modify error context callback functions to not assume that they can fetch catalog entries via SearchSysCache and related operations. Although, at the time that these callbacks are called by elog.c, we have not officially aborted the current transaction, it still seems rather risky to initiate any new catalog fetches. In all these cases the needed information is readily available in the caller and so it's just a matter of a bit of extra notation to pass it to the callback. Per crash report from Dennis Koegel. I've concluded that the real fix for his problem is to clear the error context stack at entry to proc_exit, but it still seems like a good idea to make the callbacks a bit less fragile for other cases. Backpatch to 8.4. We could go further back, but the patch doesn't apply cleanly. In the absence of proof that this fixes something and isn't just paranoia, I'm not going to expend the effort. | 19 March 2010, 22:54:49 UTC |
| 555b5a2 | Tom Lane | 18 March 2010, 15:29:51 UTC | Fix missing parentheses for current_query(), per bug #5378. Also make a couple other minor editorial improvements. | 18 March 2010, 15:29:51 UTC |
| 9c563b6 | Heikki Linnakangas | 18 March 2010, 09:18:54 UTC | Fix bug in %r handling in recovery_end_command, it always came out as 0 because InRedo was cleared before recovery_end_command was executed. Also, always take ControlFileLock when reading checkpoint location for %r. That didn't matter before, but in 8.4 bgwriter is active during recovery and can modify the control file concurrently. | 18 March 2010, 09:18:54 UTC |
| c487a95 | Magnus Hagander | 17 March 2010, 18:04:29 UTC | Typo fixes. Fujii Masao | 17 March 2010, 18:04:29 UTC |
| 3c1e84a | Tom Lane | 17 March 2010, 15:55:55 UTC | Fix incorrect example in CREATE INDEX reference page, per Josh Kupershmidt. Also fix and uncomment an old example of creating a GIST index, and make a couple of other minor editorial adjustments. | 17 March 2010, 15:55:55 UTC |
| d6c7c7c | Marc G. Fournier | 12 March 2010, 03:23:23 UTC | tag 8.4.3 | 12 March 2010, 03:23:23 UTC |
| bfc04a9 | Alvaro Herrera | 11 March 2010, 21:53:53 UTC | Improve PL/Perl documentation of database access functions. (Backpatch to 8.4 of a patch previously applied by Bruce Momjian to CVS HEAD) Alexey Klyukin | 11 March 2010, 21:53:53 UTC |
| eb9954e | Tom Lane | 11 March 2010, 21:47:25 UTC | Add missing reset of need_initialization in reloptions code. This resulted in useless extra work during every call of parseRelOptions, but no bad effects other than that. Noted by Alvaro. | 11 March 2010, 21:47:25 UTC |
| 2875cd2 | Tom Lane | 11 March 2010, 18:43:32 UTC | Sync timezone code with tzcode 2010c from the Olson group. This fixes some corner cases that come up in certain timezones (apparently, only those with lots and lots of distinct TZ transition rules, as far as I can gather from a quick scan of their archives). Per suggestion from Jeevan Chalke. Back-patch to 8.4. Possibly we need to push this into earlier releases as well, but I'm hesitant to update them to the 64-bit tzcode without more thought and testing. | 11 March 2010, 18:43:32 UTC |
| 1b84d0f | Tom Lane | 10 March 2010, 01:58:24 UTC | Preliminary release notes for releases 8.4.3, 8.3.10, 8.2.16, 8.1.20, 8.0.24, 7.4.28. | 10 March 2010, 01:58:24 UTC |
| b943a8c | Tom Lane | 09 March 2010, 22:34:49 UTC | Use SvROK(sv) rather than directly checking SvTYPE(sv) == SVt_RV in plperl. The latter is considered unwarranted chumminess with the implementation, and can lead to crashes with recent Perl versions. Report and fix by Tim Bunce. Back-patch to all versions containing the questionable coding pattern. | 09 March 2010, 22:34:49 UTC |
| c076698 | Alvaro Herrera | 09 March 2010, 14:28:46 UTC | Update time zone data files to tzdata release 2010d: DST law changes in Fiji, Samoa, Chile; corrections to recent changes in Paraguay and Bangladesh. | 09 March 2010, 14:28:46 UTC |
| b5cf5df | Bruce Momjian | 09 March 2010, 01:10:23 UTC | Return proper exit code (3) from psql when ON_ERROR_STOP=on and --single-transaction are both used and the failure happens in commit, e.g. failed deferred trigger. Also properly free BEGIN/COMMIT result structures from --single-transaction. Per report from Dominic Bevacqua | 09 March 2010, 01:10:23 UTC |
| 2bf64bc | Michael Meskes | 08 March 2010, 13:07:00 UTC | Backport fix from HEAD that makes ecpglib give the right SQLSTATE if the connection disappears. | 08 March 2010, 13:07:00 UTC |
| b98e532 | Magnus Hagander | 08 March 2010, 12:39:51 UTC | Add missing space in example. Tim Landscheidt | 08 March 2010, 12:39:51 UTC |
| 5277419 | Magnus Hagander | 08 March 2010, 10:01:24 UTC | Require hostname to be set when using GSSAPI authentication. Without it, the GSSAPI libraries crash. Noted by Zdenek Kotala | 08 March 2010, 10:01:24 UTC |
| 12eaac7 | Magnus Hagander | 08 March 2010, 09:57:35 UTC | Disallow gssapi authentication on local connections, since it requires a hostname to function. Noted by Zdenek Kotala | 08 March 2010, 09:57:35 UTC |
| e22bc44 | Tom Lane | 08 March 2010, 01:18:18 UTC | Update time zone data files to tzdata release 2010c: DST law changes in Bangladesh, Mexico, Paraguay. | 08 March 2010, 01:18:18 UTC |
| f2c458e | Tom Lane | 06 March 2010, 23:10:50 UTC | Fix warning messages in restrict_and_check_grant() to include the column name when warning about column-level privileges. This is more useful than before and makes the apparent duplication complained of by Piyush Newe not so duplicate. Also fix lack of quote marks in a related message text. Back-patch to 8.4, where column-level privileges were introduced. Stephen Frost | 06 March 2010, 23:10:50 UTC |
| d192b38 | Tom Lane | 06 March 2010, 00:45:55 UTC | When reading pg_hba.conf and similar files, do not treat @file as an inclusion unless (1) the @ isn't quoted and (2) the filename isn't empty. This guards against unexpectedly treating usernames or other strings in "flat files" as inclusion requests, as seen in a recent trouble report from Ed L. The empty-filename case would be guaranteed to misbehave anyway, because our subsequent path-munging behavior results in trying to read the directory containing the current input file. I think this might finally explain the report at http://archives.postgresql.org/pgsql-bugs/2004-05/msg00132.php of a crash after printing "authentication file token too long, skipping", since I was able to duplicate that message (though not a crash) on a platform where stdio doesn't refuse to read directories. We never got far in investigating that problem, but now I'm suspicious that the trigger condition was an @ in the flat password file. Back-patch to all active branches since the problem can be demonstrated in all branches except HEAD. The test case, creating a user named "@", doesn't cause a problem in HEAD since we got rid of the flat password file. Nonetheless it seems like a good idea to not consider quoted @ as a file inclusion spec, so I changed HEAD too. | 06 March 2010, 00:45:55 UTC |
| ba8df78 | Heikki Linnakangas | 04 March 2010, 09:40:01 UTC | Fix IsBinaryCoercible to not confuse a cast using in/out functions with binary compatibility. Backpatch to 8.4 where INOUT casts were introduced. | 04 March 2010, 09:40:01 UTC |
| fe9a5f2 | Tom Lane | 03 March 2010, 20:31:16 UTC | Fix a couple of places that would loop forever if attempts to read a stdio file set ferror() but never set feof(). This is known to be the case for recent glibc when trying to read a directory as a file, and might be true for other platforms/cases too. Per report from Ed L. (There is more that we ought to do about his report, but this is one easily identifiable issue.) | 03 March 2010, 20:31:16 UTC |
| cad1ddf | Heikki Linnakangas | 03 March 2010, 20:10:42 UTC | Fix pg_dump of ACLs of foreign servers. The command to grant/revoke privileges of foreign servers is "GRANT ... ON *FOREIGN* SERVER ...". | 03 March 2010, 20:10:42 UTC |
| 40c5457 | Tom Lane | 03 March 2010, 19:10:29 UTC | Make contrib/xml2 use core xml.c's error handler, when available (that is, in versions >= 8.3). The core code is more robust and efficient than what was there before, and this also reduces risks involved in swapping different libxml error handler settings. Before 8.3, there is still some risk of problems if add-on modules such as Perl invoke libxml without setting their own error handler. Given the lack of reports I'm not sure there's a risk in practice, so I didn't take the step of actually duplicating the core code into older contrib/xml2 branches. Instead I just tweaked the existing code to ensure it didn't leave a dangling pointer to short-lived memory when throwing an error. | 03 March 2010, 19:10:29 UTC |
| 3c93c3a | Tom Lane | 03 March 2010, 17:29:53 UTC | Export xml.c's libxml-error-handling support so that contrib/xml2 can use it too, instead of duplicating the functionality (badly). I renamed xml_init to pg_xml_init, because the former seemed just a bit too generic to be safe as a global symbol. I considered likewise renaming xml_ereport to pg_xml_ereport, but felt that the reference to ereport probably made it sufficiently PG-centric already. | 03 March 2010, 17:29:53 UTC |
| b4631ca | Andrew Dunstan | 03 March 2010, 03:29:02 UTC | Make iconv work like other optional libraries for MSVC. | 03 March 2010, 03:29:02 UTC |
| 97843b3 | Andrew Dunstan | 02 March 2010, 23:51:17 UTC | Add missing library and include dir for XSLT in MSVC builds | 02 March 2010, 23:51:17 UTC |
| 104813c | Andrew Dunstan | 02 March 2010, 18:16:16 UTC | Do not run regression tests for contrib/xml2 on MSVC unless building with XML | 02 March 2010, 18:16:16 UTC |
| 96ae23a | Andrew Dunstan | 02 March 2010, 15:44:03 UTC | Backpatch MSVC build fix for XSLT | 02 March 2010, 15:44:03 UTC |
| d46f100 | Heikki Linnakangas | 01 March 2010, 21:27:32 UTC | Fix translation of strings in psql \d output (translation in headers worked, but not in cells). | 01 March 2010, 21:27:32 UTC |
| 62f5ade | Heikki Linnakangas | 01 March 2010, 20:55:53 UTC | Fix numericlocale psql option when used with a null string and latex and troff formats; a null string must not be formatted as a numeric. The more exotic formats latex and troff also incorrectly formatted all strings as numerics when numericlocale was on. Backpatch to 8.1 where numericlocale option was added. This fixes bug #5355 reported by Andy Lester. | 01 March 2010, 20:55:53 UTC |
| b0c8b3d | Tom Lane | 01 March 2010, 18:08:07 UTC | Fix contrib/xml2 so regression test still works when it's built without libxslt. This involves modifying the module to have a stable ABI, that is, the xslt_process() function still exists even without libxslt. It throws a runtime error if called, but doesn't prevent executing the CREATE FUNCTION call. This is a good thing anyway to simplify cross-version upgrades. | 01 March 2010, 18:08:07 UTC |
| 5ea32f5 | Tom Lane | 01 March 2010, 05:16:40 UTC | Remove xmlCleanupParser calls from contrib/xml2. These are unnecessary and probably dangerous. I don't see any immediate risk situations in the core XML support or contrib/xml2 itself, but there could be issues with external uses of libxml2, and in any case it's an accident waiting to happen. | 01 March 2010, 05:16:40 UTC |
| 8748dc3 | Tom Lane | 01 March 2010, 03:41:04 UTC | Back-patch today's memory management fixups in contrib/xml2. Prior to 8.3, these changes are not critical for compatibility with core Postgres, since core had no libxml2 calls then. However there is still a risk if contrib/xml2 is used along with libxml2 functionality in Perl or other loadable modules. So back-patch to all versions. Also back-patch addition of regression tests. I'm not sure how many of the cases are interesting without the interaction with core xml code, but a silly regression test is still better than none at all. | 01 March 2010, 03:41:04 UTC |
| a7ac5c6 | Tom Lane | 25 February 2010, 21:00:03 UTC | Allow predicate_refuted_by() to deduce that NOT A refutes A. We had originally made the stronger assumption that NOT A refutes any B if B implies A, but this fails in three-valued logic, because we need to prove B is false not just that it's not true. However the logic does go through if B is equal to A. Recognizing this limited case is enough to handle examples that arise when we have simplified "bool_var = true" or "bool_var = false" to just "bool_var" or "NOT bool_var". If we had not done that simplification then the btree-operator proof logic would have been able to prove that the expressions were contradictory, but only for identical expressions being compared to the constants; so handling identical A and B covers all the same cases. The motivation for doing this is to avoid unexpected asymmetrical behavior when a partitioned table uses a boolean partitioning column, as in today's gripe from Dominik Sander. Back-patch to 8.2, which is as far back as predicate_refuted_by attempts to do anything at all with NOTs. | 25 February 2010, 21:00:03 UTC |
| 5ea449e | Magnus Hagander | 25 February 2010, 13:26:26 UTC | Add configuration parameter ssl_renegotiation_limit to control how often we do SSL session key renegotiation. Can be set to 0 to disable renegotiation completely, which is required if a broken SSL library is used (broken patches to CVE-2009-3555 a known cause) or when using a client library that can't do renegotiation. | 25 February 2010, 13:26:26 UTC |
| 29667c8 | Tom Lane | 24 February 2010, 18:02:30 UTC | Allow zero-dimensional (ie, empty) arrays in contrib/ltree operations. The main motivation for changing this is bug #4921, in which it's pointed out that it's no longer safe to apply ltree operations to the result of ARRAY(SELECT ...) if the sub-select might return no rows. Before 8.3, the ARRAY() construct would return NULL, which might or might not be helpful but at least it wouldn't result in an error. Now it returns an empty array which results in a failure for no good reason, since the ltree operations are all perfectly capable of dealing with zero-element arrays. As far as I can find, these ltree functions are the only places where zero array dimensionality is rejected unnecessarily. Back-patch to 8.3 to prevent behavioral regression of queries that worked in older releases. | 24 February 2010, 18:02:30 UTC |
| 7379835 | Alvaro Herrera | 24 February 2010, 14:11:40 UTC | Remove stray semicolon, per report from strk | 24 February 2010, 14:11:40 UTC |
| c740350 | Robert Haas | 19 February 2010, 23:55:52 UTC | Remove incorrect statement that PostgreSQL 8.4 has no default parameters. Tom Lane already removed this from HEAD as par of the plpgsql variable resolution behavior patch, but this part of his patch also applies to 8.4. | 19 February 2010, 23:55:52 UTC |
| 472e29b | Itagaki Takahiro | 19 February 2010, 01:04:39 UTC | Fix STOP WAL LOCATION in backup history files no to return the next segment of XLOG_BACKUP_END record even if the the record is placed at a segment boundary. Furthermore the previous implementation could return nonexistent segment file name when the boundary is in segments that has "FE" suffix; We never use segments with "FF" suffix. Backpatch to 8.0, where hot backup was introduced. Reported by Fujii Masao. | 19 February 2010, 01:04:39 UTC |
| d1b9b0c | Tom Lane | 18 February 2010, 23:50:12 UTC | Volatile-ize all five places where we expect a PG_TRY block to restore old memory context in plpython. Before only one of them was marked volatile, but per report from Zdenek Kotala, some compilers do the wrong thing here. | 18 February 2010, 23:50:12 UTC |
| a8d1624 | Tom Lane | 18 February 2010, 22:43:39 UTC | Provide some rather hokey ways for EXPLAIN to print FieldStore and assignment ArrayRef expressions that are not in the immediate context of an INSERT or UPDATE targetlist. Such cases never arise in stored rules, so ruleutils.c hadn't tried to handle them. However, they do occur in the targetlists of plans derived from such statements, and now that EXPLAIN VERBOSE tries to print targetlists, we need some way to deal with the case. I chose to represent an assignment ArrayRef as "array[subscripts] := source", which is fairly reasonable and doesn't omit any information. However, FieldStore is problematic because the planner will fold multiple assignments to fields of the same composite column into one FieldStore, resulting in a structure that is hard to understand at all, let alone display comprehensibly. So in that case I punted and just made it print the source expression(s). Backpatch to 8.4 --- the lack of functionality exists in older releases, but doesn't seem to be important for lack of anything that would call it. | 18 February 2010, 22:43:39 UTC |
| dfb3bc0 | Tom Lane | 18 February 2010, 18:41:55 UTC | Fix ExecEvalArrayRef to pass down the old value of the array element or slice being assigned to, in case the expression to be assigned is a FieldStore that would need to modify that value. The need for this was foreseen some time ago, but not implemented then because we did not have arrays of composites. Now we do, but the point evidently got overlooked in that patch. Net result is that updating a field of an array element doesn't work right, as illustrated if you try the new regression test on an unpatched backend. Noted while experimenting with EXPLAIN VERBOSE, which has also got some issues in this area. Backpatch to 8.3, where arrays of composites were introduced. | 18 February 2010, 18:41:55 UTC |
| 85a646a | Tom Lane | 18 February 2010, 03:06:53 UTC | Force READY portals into FAILED state when a transaction or subtransaction is aborted, if they were created within the failed xact. This prevents ExecutorEnd from being run on them, which is a good idea because they may contain references to tables or other objects that no longer exist. In particular this is hazardous when auto_explain is active, but it's really rather surprising that nobody has seen an issue with this before. I'm back-patching this to 8.4, since that's the first version that contains auto_explain or an ExecutorEnd hook, but I wonder whether we shouldn't back-patch further. | 18 February 2010, 03:06:53 UTC |
| ef7604f | Tom Lane | 17 February 2010, 01:48:51 UTC | Prevent #option dump from crashing on FORI statement with null step. Reported by Pavel. | 17 February 2010, 01:48:51 UTC |
| 1f2aeca | Greg Stark | 16 February 2010, 00:01:35 UTC | revert prior patch to fsync directories until portability problems exposed by build farm can be sorted out | 16 February 2010, 00:01:35 UTC |
| 36e1ed0 | Greg Stark | 14 February 2010, 17:50:47 UTC | Make CREATE DATABASE safe against losing whole files by fsyncing the directory and not just the individual files. Back-patch to 8.1 -- before that we just called "cp -r" and never fsynced anything anyways. | 14 February 2010, 17:50:47 UTC |
| d1e0eb3 | Tom Lane | 14 February 2010, 01:01:40 UTC | Ooops, let's get the non-null vs null bit right ... | 14 February 2010, 01:01:40 UTC |
| 9908950 | Tom Lane | 14 February 2010, 00:48:20 UTC | Document the behavior of STRICT VARIADIC functions. | 14 February 2010, 00:48:20 UTC |
| 45c17a7 | Tom Lane | 12 February 2010, 19:37:43 UTC | Don't choke when exec_move_row assigns a synthesized null to a column that happens to be composite itself. Per bug #5314 from Oleg Serov. Backpatch to 8.0 --- 7.4 has got too many other shortcomings in composite-type support to make this worth worrying about in that branch. | 12 February 2010, 19:37:43 UTC |
| f723139 | Andrew Dunstan | 12 February 2010, 04:32:02 UTC | Free reference in correct Perl context. Backpatch to release 8.2. Patch from Tim Bunce. | 12 February 2010, 04:32:02 UTC |
| 23eec89 | Heikki Linnakangas | 09 February 2010, 20:31:35 UTC | Fix bug in GIN WAL redo cleanup function: don't free fake relcache entry while it's still being used. Backpatch to 8.4, where the fake relcache method was introduced. | 09 February 2010, 20:31:35 UTC |
| 94d36cb | Heikki Linnakangas | 08 February 2010, 20:00:55 UTC | Remove obsolete comment about 'fsm' argument, which isn't an argument anymore. | 08 February 2010, 20:00:55 UTC |
| d0483ae | Bruce Momjian | 05 February 2010, 19:34:57 UTC | Properly document that OVER and WINDOW are Postgres reserved words. | 05 February 2010, 19:34:57 UTC |
| 14b2235 | Joe Conway | 03 February 2010, 23:01:23 UTC | Check to ensure the number of primary key fields supplied does not exceed the total number of non-dropped source table fields for dblink_build_sql_*(). Addresses bug report from Rushabh Lathia. Backpatch all the way to the 7.3 branch. | 03 February 2010, 23:01:23 UTC |
| 4204ff3 | Tom Lane | 03 February 2010, 06:36:16 UTC | Forgot to back-patch CLUSTER test fix to 8.4. | 03 February 2010, 06:36:16 UTC |
| 8f13ee6 | Tom Lane | 02 February 2010, 19:12:34 UTC | CLUSTER specified the wrong namespace when renaming toast tables of temporary relations (they don't live in pg_toast). This caused an Assert failure in assert-enabled builds. So far as I can see, in a non-assert build it would only have messed up the checks for conflicting names, so a failure would be quite improbable but perhaps not impossible. | 02 February 2010, 19:12:34 UTC |
| 9fd5fb8 | Bruce Momjian | 02 February 2010, 18:52:06 UTC | Remove copyright mention of Andrew Yu, per author's permission. Backpatch to 8.4.X. | 02 February 2010, 18:52:06 UTC |
| 3c8a652 | Tom Lane | 01 February 2010, 02:45:35 UTC | Change regexp engine's ccondissect/crevdissect routines to perform DFA matching before recursing instead of after. The DFA match eliminates unworkable midpoint choices a lot faster than the recursive check, in most cases, so doing it first can speed things up; particularly in pathological cases such as recently exhibited by Michael Glaesemann. In addition, apply some cosmetic changes that were applied upstream (in the Tcl project) at the same time, in order to sync with upstream version 1.15 of regexec.c. Upstream apparently intends to backpatch this, so I will too. The pathological behavior could be unpleasant if encountered in the field, which seems to justify any risk of introducing new bugs. Tom Lane, reviewed by Donal K. Fellows of Tcl project | 01 February 2010, 02:45:35 UTC |
| 97bcf34 | Magnus Hagander | 31 January 2010, 17:16:29 UTC | Fix race condition in win32 signal handling. There was a race condition where the receiving pipe could be closed by the child thread if the main thread was pre-empted before it got a chance to create a new one, and the dispatch thread ran to completion during that time. One symptom of this is that rows in pg_listener could be dropped under heavy load. Analysis and original patch by Radu Ilie, with some small modifications by Magnus Hagander. | 31 January 2010, 17:16:29 UTC |
