Skip to main content

Browse the archive

https://github.com/postgres/postgres
07 April 2024, 13:56:23 UTC
sort by:
Revision Author Date Message Commit Date
eb66ee6 Robert Haas 09 November 2015, 19:53:52 UTC Stamp 9.5beta2. 09 November 2015, 19:54:00 UTC
289da0a Peter Eisentraut 09 November 2015, 15:21:11 UTC Translation updates Source-Git-URL: git://git.postgresql.org/git/pgtranslation/messages.git Source-Git-Hash: cd263526676705b4a8a3a708c9842461c4a2bcc3 09 November 2015, 15:21:11 UTC
90e074b Andres Freund 09 November 2015, 04:08:56 UTC Add paragraph about ON CONFLICT interaction with partitioning. Author: Peter Geoghegan and Andres Freund Discussion: CAM3SWZScpWzQ-7EJC77vwqzZ1GO8GNmURQ1QqDQ3wRn7AbW1Cg@mail.gmail.com, CAHGQGwFUCWwSU7dtc2aRdRk73ztyr_jY5cPOyts+K8xKJ92X4Q@mail.gmail.com Backpatch: 9.5, where UPSERT was introduced 09 November 2015, 05:58:26 UTC
04c0b63 Andres Freund 08 November 2015, 22:01:53 UTC Set replication origin when decoding commit records. By accident the replication origin was not set properly in DecodeCommit(). That's bad because the origin is passed to the output plugins origin filter, and accessible from the output plugin via ReorderBufferTXN->origin_id. Accessing the origin of individual changes worked before the fix, which is why this wasn't notices earlier. Reported-By: Craig Ringer Author: Craig Ringer Discussion: CAMsr+YFhBJLp=qfSz3-J+0P1zLkE8zNXM2otycn20QRMx380gw@mail.gmail.com Backpatch: 9.5, where replication origins where introduced 08 November 2015, 23:03:35 UTC
40c2867 Noah Misch 08 November 2015, 22:40:19 UTC Fix 9.5 version of previous commit to match its log message. 08 November 2015, 22:40:19 UTC
bdb42ba Noah Misch 08 November 2015, 22:28:53 UTC Don't connect() to a wildcard address in test_postmaster_connection(). At least OpenBSD, NetBSD, and Windows don't support it. This repairs pg_ctl for listen_addresses='0.0.0.0' and listen_addresses='::'. Since pg_ctl prefers to test a Unix-domain socket, Windows users are most likely to need this change. Back-patch to 9.1 (all supported versions). This could change pg_ctl interaction with loopback-interface firewall rules. Therefore, in 9.4 and earlier (released branches), activate the change only on known-affected platforms. Reported (bug #13611) and designed by Kondo Yuta. 08 November 2015, 22:29:47 UTC
5daafaf Tom Lane 07 November 2015, 22:09:04 UTC Update 9.5 release notes through today. 07 November 2015, 22:09:04 UTC
ab994cc Tom Lane 07 November 2015, 21:13:49 UTC Rename PQsslAttributes() to PQsslAttributeNames(), and const-ify fully. Per discussion, the original name was a bit misleading, and PQsslAttributeNames() seems more apropos. It's not quite too late to change this in 9.5, so let's change it while we can. Also, make sure that the pointer array is const, not only the pointed-to strings. Minor documentation wordsmithing while at it. Lars Kanis, slight adjustments by me 07 November 2015, 21:13:49 UTC
44fc251 Tom Lane 07 November 2015, 17:43:24 UTC Fix enforcement of restrictions inside regexp lookaround constraints. Lookahead and lookbehind constraints aren't allowed to contain backrefs, and parentheses within them are always considered non-capturing. Or so says the manual. But the regexp parser forgot about these rules once inside a parenthesized subexpression, so that constructs like (\w)(?=(\1)) were accepted (but then not correctly executed --- a case like this acted like (\w)(?=\w), without any enforcement that the two \w's match the same text). And in (?=((foo))) the innermost parentheses would be counted as capturing parentheses, though no text would ever be captured for them. To fix, properly pass down the "type" argument to the recursive invocation of parse(). Back-patch to all supported branches; it was agreed that silent misexecution of such patterns is worse than throwing an error, even though new errors in minor releases are generally not desirable. 07 November 2015, 17:43:24 UTC
695012a Stephen Frost 06 November 2015, 16:18:33 UTC Set include_realm=1 default in parse_hba_line With include_realm=1 being set down in parse_hba_auth_opt, if multiple options are passed on the pg_hba line, such as: host all all 0.0.0.0/0 gss include_realm=0 krb_realm=XYZ.COM We would mistakenly reset include_realm back to 1. Instead, we need to set include_realm=1 up in parse_hba_line, prior to parsing any of the additional options. Discovered by Jeff McCormick during testing. Bug introduced by 9a08841. Back-patch to 9.5 06 November 2015, 16:18:33 UTC
4d86745 Tom Lane 05 November 2015, 23:15:48 UTC Fix erroneous hash calculations in gin_extract_jsonb_path(). The jsonb_path_ops code calculated hash values inconsistently in some cases involving nested arrays and objects. This would result in queries possibly not finding entries that they should find, when using a jsonb_path_ops GIN index for the search. The problem cases involve JSONB values that contain both scalars and sub-objects at the same nesting level, for example an array containing both scalars and sub-arrays. To fix, reset the current stack->hash after processing each value or sub-object, not before; and don't try to be cute about the outermost level's initial hash. Correcting this means that existing jsonb_path_ops indexes may now be inconsistent with the new hash calculation code. The symptom is the same --- searches not finding entries they should find --- but the specific rows affected are likely to be different. Users will need to REINDEX jsonb_path_ops indexes to make sure that all searches work as expected. Per bug #13756 from Daniel Cheng. Back-patch to 9.4 where the faulty logic was introduced. 05 November 2015, 23:15:48 UTC
c98605c Robert Haas 05 November 2015, 17:05:38 UTC Pass extra data to bgworkers, and use this to fix parallel contexts. Up until now, the total amount of data that could be passed to a background worker at startup was one datum, which can be a small as 4 bytes on some systems. That's enough to pass a dsm_handle or an array index, but not much else. Add a bgw_extra flag to the BackgroundWorker struct, allowing up to 128 bytes to be passed to a new worker on any platform. Use this to fix a problem I recently discovered with the parallel context machinery added in 9.5: the master assigns each worker an array index, and each worker subsequently assigns itself an array index, and there's nothing to guarantee that the two sets of indexes match, leading to chaos. Normally, I would not back-patch the change to add bgw_extra, since it is basically a feature addition. However, since 9.5 is still in beta and there seems to be no other sensible way to repair the broken parallel context machinery, back-patch to 9.5. Existing background worker code can ignore the bgw_extra field without a problem, but might need to be recompiled since the structure size has changed. Report and patch by me. Review by Amit Kapila. 05 November 2015, 17:21:00 UTC
1d97b25 Robert Haas 03 November 2015, 19:11:49 UTC Improve comments about abbreviation abort. Peter Geoghegan 03 November 2015, 19:14:15 UTC
fdae4a9 Tom Lane 03 November 2015, 16:57:56 UTC Remove obsolete advice about doubling backslashes in regex escapes. Standard-conforming literals have been the default for long enough that it no longer seems necessary to go out of our way to tell people to write regex escapes illegibly. 03 November 2015, 16:58:03 UTC
f4057cd Tom Lane 03 November 2015, 16:49:21 UTC Code + docs review for unicode linestyle patch. Fix some brain fade in commit a2dabf0e1dda93c8: erroneous variable names in docs, rearrangements that made sentences less clear not more so, undocumented and poorly-chosen-anyway API behaviors of subroutines, bad grammar in error messages, copy-and-paste faults. Albe Laurenz and Tom Lane 03 November 2015, 16:49:21 UTC
fd5ce6b Robert Haas 03 November 2015, 14:12:52 UTC shm_mq: Third attempt at fixing nowait behavior in shm_mq_receive. Commit a1480ec1d3bacb9acb08ec09f22bc25bc033115b purported to fix the problems with commit b2ccb5f4e6c81305386edb34daf7d1d1e1ee112a, but it didn't completely fix them. The problem is that the checks were performed in the wrong order, leading to a race condition. If the sender attached, sent a message, and detached after the receiver called shm_mq_get_sender and before the receiver called shm_mq_counterparty_gone, we'd incorrectly return SHM_MQ_DETACHED before all messages were read. Repair by reversing the order of operations, and add a long comment explaining why this new logic is (hopefully) correct. 03 November 2015, 14:18:26 UTC
67d4738 Kevin Grittner 02 November 2015, 12:26:28 UTC Add RMV to list of commands taking AE lock. Backpatch to 9.3, where it was initially omitted. Craig Ringer, with minor adjustment by Kevin Grittner 02 November 2015, 12:26:28 UTC
50ca917 Kevin Grittner 31 October 2015, 19:42:46 UTC Fix serialization anomalies due to race conditions on INSERT. On insert the CheckForSerializableConflictIn() test was performed before the page(s) which were going to be modified had been locked (with an exclusive buffer content lock). If another process acquired a relation SIReadLock on the heap and scanned to a page on which an insert was going to occur before the page was so locked, a rw-conflict would be missed, which could allow a serialization anomaly to be missed. The window between the check and the page lock was small, so the bug was generally not noticed unless there was high concurrency with multiple processes inserting into the same table. This was reported by Peter Bailis as bug #11732, by Sean Chittenden as bug #13667, and by others. The race condition was eliminated in heap_insert() by moving the check down below the acquisition of the buffer lock, which had been the very next statement. Because of the loop locking and unlocking multiple buffers in heap_multi_insert() a check was added after all inserts were completed. The check before the start of the inserts was left because it might avoid a large amount of work to detect a serialization anomaly before performing the all of the inserts and the related WAL logging. While investigating this bug, other SSI bugs which were even harder to hit in practice were noticed and fixed, an unnecessary check (covered by another check, so redundant) was removed from heap_update(), and comments were improved. Back-patch to all supported branches. Kevin Grittner and Thomas Munro 31 October 2015, 19:42:46 UTC
21e634e Robert Haas 30 October 2015, 11:18:55 UTC doc: security_barrier option is a Boolean, not a string. Mistake introduced by commit 5bd91e3a835b5d5499fee5f49fc7c0c776fe63dd. Hari Babu 30 October 2015, 11:22:18 UTC
7852f73 Robert Haas 30 October 2015, 09:35:33 UTC Fix typo in bgworker.c 30 October 2015, 09:38:27 UTC
9a1a229 Tom Lane 29 October 2015, 22:54:35 UTC Docs: add example clarifying use of nested JSON containment. Show how this can be used in practice to make queries simpler and more flexible. Also, draw an explicit contrast to the existence operator, which doesn't work that way. Peter Geoghegan and Tom Lane 29 October 2015, 22:54:44 UTC
0bc3071 Peter Eisentraut 29 October 2015, 00:23:53 UTC Message style improvements Message style, plurals, quoting, spelling, consistency with similar messages 29 October 2015, 00:23:53 UTC
d17d512 Robert Haas 28 October 2015, 11:19:14 UTC Add missing serial comma, for consistency. Amit Langote, per Etsuro Fujita 28 October 2015, 11:24:51 UTC
e53e2a1 Robert Haas 28 October 2015, 10:44:47 UTC Fix incorrect message in ATWrongRelkindError. Mistake introduced by commit 3bf3ab8c563699138be02f9dc305b7b77a724307. Etsuro Fujita 28 October 2015, 10:49:55 UTC
c569491 Alvaro Herrera 28 October 2015, 02:02:04 UTC Fix secondary expected output for commit_ts test Per red wall in buildfarm 28 October 2015, 02:02:04 UTC
3e9e033 Alvaro Herrera 27 October 2015, 22:03:15 UTC Document BRIN's inclusion opclass framework Backpatch to 9.5 -- this should have been part of b0b7be61337, but we didn't have 38b03caebc5de either at the time. Author: Emre Hasegeli Revised by: Ian Barwick Discussion: http://www.postgresql.org/message-id/CAE2gYzyB39Q9up_-TO6FKhH44pcAM1x6n_Cuj15qKoLoFihUVg@mail.gmail.com http://www.postgresql.org/message-id/562DA711.3020305@2ndquadrant.com 27 October 2015, 22:03:15 UTC
cf42abc Alvaro Herrera 27 October 2015, 21:17:55 UTC Fix BRIN free space computations A bug in the original free space computation made it possible to return a page which wasn't actually able to fit the item. Since the insertion code isn't prepared to deal with PageAddItem failing, a PANIC resulted ("failed to add BRIN tuple [to new page]"). Add a macro to encapsulate the correct computation, and use it in brin_getinsertbuffer's callers before calling that routine, to raise an early error. I became aware of the possiblity of a problem in this area while working on ccc4c074994d734. There's no archived discussion about it, but it's easy to reproduce a problem in the unpatched code with something like CREATE TABLE t (a text); CREATE INDEX ti ON t USING brin (a) WITH (pages_per_range=1); for length in `seq 8000 8196` do psql -f - <<EOF TRUNCATE TABLE t; INSERT INTO t VALUES ('z'), (repeat('a', $length)); EOF done Backpatch to 9.5, where BRIN was introduced. 27 October 2015, 21:17:55 UTC
68cc162 Alvaro Herrera 27 October 2015, 18:06:50 UTC Cleanup commit timestamp module activaction, again Further tweak commit_ts.c so that on a standby the state is completely consistent with what that in the master, rather than behaving differently in the cases that the settings differ. Now in standby and master the module should always be active or inactive in lockstep. Author: Petr Jelínek, with some further tweaks by Álvaro Herrera. Backpatch to 9.5, where commit timestamps were introduced. Discussion: http://www.postgresql.org/message-id/5622BF9D.2010409@2ndquadrant.com 27 October 2015, 18:06:50 UTC
80ae841 Alvaro Herrera 27 October 2015, 16:20:40 UTC Measure string lengths only once Bernd Helmle complained that CreateReplicationSlot() was assigning the same value to the same variable twice, so we could remove one of them. Code inspection reveals that we can actually remove both assignments: according to the author the assignment was there for beauty of the strlen line only, and another possible fix to that is to put the strlen in its own line, so do that. To be consistent within the file, refactor all duplicated strlen() calls, which is what we do elsewhere in the backend anyway. In basebackup.c, snprintf already returns the right length; no need for strlen afterwards. Backpatch to 9.4, where replication slots were introduced, to keep code identical. Some of this is older, but the patch doesn't apply cleanly and it's only of cosmetic value anyway. Discussion: http://www.postgresql.org/message-id/BE2FD71DEA35A2287EA5F018@eje.credativ.lan 27 October 2015, 16:20:40 UTC
44390e3 Robert Haas 23 October 2015, 02:01:11 UTC shm_mq: Repair breakage from previous commit. If the counterparty writes some data into the queue and then detaches, it's wrong to return SHM_MQ_DETACHED right away. If we do that, we fail to read whatever was written. 23 October 2015, 02:03:58 UTC
17b07af Robert Haas 22 October 2015, 21:00:53 UTC Add two missing cases to ATWrongRelkindError. This way, we produce a better error message if someone tries to do something like ALTER INDEX .. ALTER COLUMN .. SET STORAGE. Amit Langote 22 October 2015, 21:04:18 UTC
ac9a016 Robert Haas 22 October 2015, 20:33:30 UTC shm_mq: Fix failure to notice a dead counterparty when nowait is used. The shm_mq mechanism was intended to optionally notice when the process on the other end of the queue fails to attach to the queue. It does this by allowing the user to pass a BackgroundWorkerHandle; if the background worker in question is launched and dies without attaching to the queue, then we know it never will. This logic works OK in blocking mode, but when called with nowait = true we fail to notice that this has happened due to an asymmetry in the logic. Repair. Reported off-list by Rushabh Lathia. Patch by me. 22 October 2015, 20:40:00 UTC
85e30f5 Peter Eisentraut 22 October 2015, 17:59:58 UTC doc: Add advice on updating checkpoint_segments to max_wal_size with suggestion from Michael Paquier 22 October 2015, 18:02:10 UTC
5fb20a5 Tom Lane 20 October 2015, 18:06:24 UTC Fix incorrect translation of minus-infinity datetimes for json/jsonb. Commit bda76c1c8cfb1d11751ba6be88f0242850481733 caused both plus and minus infinity to be rendered as "infinity", which is not only wrong but inconsistent with the pre-9.4 behavior of to_json(). Fix that by duplicating the coding in date_out/timestamp_out/timestamptz_out more closely. Per bug #13687 from Stepan Perlov. Back-patch to 9.4, like the previous commit. In passing, also re-pgindent json.c, since it had gotten a bit messed up by recent patches (and I was already annoyed by indentation-related problems in back-patching this fix ...) 20 October 2015, 18:07:05 UTC
2bfd2fe Peter Eisentraut 20 October 2015, 17:33:39 UTC doc: Move documentation of max_wal_size to better position 20 October 2015, 17:34:11 UTC
b3967f8 Robert Haas 20 October 2015, 15:11:35 UTC Fix incorrect comment in plannodes.h Etsuro Fujita 20 October 2015, 15:12:00 UTC
b06f1f2 Robert Haas 20 October 2015, 13:56:04 UTC Put back ssl_renegotiation_limit parameter, but only allow 0. Per a report from Shay Rojansky, Npgsql sends ssl_renegotiation_limit=0 in the startup packet because it does not support renegotiation; other clients which have not attempted to support renegotiation might well behave similarly. The recent removal of this parameter forces them to break compatibility with either current PostgreSQL versions, or previous ones. Per discussion, the best solution is to accept the parameter but only allow a value of 0. Shay Rojansky, edited a little by me. 20 October 2015, 13:59:39 UTC
ed6c516 Noah Misch 20 October 2015, 04:57:25 UTC Fix back-patch of commit 8e3b4d9d40244c037bbc6e182ea3fabb9347d482. master emits an extra context message compared to 9.5 and earlier. 20 October 2015, 04:57:25 UTC
01a96c7 Noah Misch 20 October 2015, 04:37:22 UTC Eschew "RESET statement_timeout" in tests. Instead, use transaction abort. Given an unlucky bout of latency, the timeout would cancel the RESET itself. Buildfarm members gharial, lapwing, mereswine, shearwater, and sungazer witness that. Back-patch to 9.1 (all supported versions). The query_canceled test still could timeout before entering its subtransaction; for whatever reason, that has yet to happen on the buildfarm. 20 October 2015, 04:37:29 UTC
43e36f8 Tom Lane 19 October 2015, 20:54:53 UTC Fix incorrect handling of lookahead constraints in pg_regprefix(). pg_regprefix was doing nothing with lookahead constraints, which would be fine if it were the right kind of nothing, but it isn't: we have to terminate our search for a fixed prefix, not just pretend the LACON arc isn't there. Otherwise, if the current state has both a LACON outarc and a single plain-color outarc, we'd falsely conclude that the color represents an addition to the fixed prefix, and generate an extracted index condition that restricts the indexscan too much. (See added regression test case.) Terminating the search is conservative: we could traverse the LACON arc (thus assuming that the constraint can be satisfied at runtime) and then examine the outarcs of the linked-to state. But that would be a lot more work than it seems worth, because writing a LACON followed by a single plain character is a pretty silly thing to do. This makes a difference only in rather contrived cases, but it's a bug, so back-patch to all supported branches. 19 October 2015, 20:54:53 UTC
9372614 Michael Meskes 16 October 2015, 15:29:05 UTC Fix order of arguments in ecpg generated typedef command. 18 October 2015, 08:15:18 UTC
6a7a2ee Tom Lane 16 October 2015, 19:52:12 UTC Miscellaneous cleanup of regular-expression compiler. Revert our previous addition of "all" flags to copyins() and copyouts(); they're no longer needed, and were never anything but an unsightly hack. Improve a couple of infelicities in the REG_DEBUG code for dumping the NFA data structure, including adding code to count the total number of states and arcs. Add a couple of missed error checks. Add some more documentation in the README file, and some regression tests illustrating cases that exceeded the state-count limit and/or took unreasonable amounts of time before this set of patches. Back-patch to all supported branches. 16 October 2015, 19:56:01 UTC
e91cfde Tom Lane 16 October 2015, 19:36:17 UTC Improve memory-usage accounting in regular-expression compiler. This code previously counted the number of NFA states it created, and complained if a limit was exceeded, so as to prevent bizarre regex patterns from consuming unreasonable time or memory. That's fine as far as it went, but the code paid no attention to how many arcs linked those states. Since regexes can be contrived that have O(N) states but will need O(N^2) arcs after fixempties() processing, it was still possible to blow out memory, and take a long time doing it too. To fix, modify the bookkeeping to count space used by both states and arcs. I did not bother with including the "color map" in the accounting; it can only grow to a few megabytes, which is not a lot in comparison to what we're allowing for states+arcs (about 150MB on 64-bit machines or half that on 32-bit machines). Looking at some of the larger real-world regexes captured in the Tcl regression test suite suggests that the most that is likely to be needed for regexes found in the wild is under 10MB, so I believe that the current limit has enough headroom to make it okay to keep it as a hard-wired limit. In connection with this, redefine REG_ETOOBIG as meaning "regular expression is too complex"; the previous wording of "nfa has too many states" was already somewhat inapropos because of the error code's use for stack depth overrun, and it was not very user-friendly either. Back-patch to all supported branches. 16 October 2015, 19:56:00 UTC
1bb0fbc Tom Lane 16 October 2015, 19:11:49 UTC Improve performance of pullback/pushfwd in regular-expression compiler. The previous coding would create a new intermediate state every time it wanted to interchange the ordering of two constraint arcs. Certain regex features such as \Y can generate large numbers of parallel constraint arcs, and if we needed to reorder the results of that, we created unreasonable numbers of intermediate states. To improve matters, keep a list of already-created intermediate states associated with the state currently being considered by the outer loop; we can re-use such states to place all the new arcs leading to the same destination or source. I also took the trouble to redefine push() and pull() to have a less risky API: they no longer delete any state or arc that the caller might possibly have a pointer to, except for the specifically-passed constraint arc. This reduces the risk of re-introducing the same type of error seen in the failed patch for CVE-2007-4772. Back-patch to all supported branches. 16 October 2015, 19:56:00 UTC
e9cf3dc Tom Lane 16 October 2015, 18:58:10 UTC Improve performance of fixempties() pass in regular-expression compiler. The previous coding took something like O(N^4) time to fully process a chain of N EMPTY arcs. We can't really do much better than O(N^2) because we have to insert about that many arcs, but we can do lots better than what's there now. The win comes partly from using mergeins() to amortize de-duplication of arcs across multiple source states, and partly from exploiting knowledge of the ordering of arcs for each state to avoid looking at arcs we don't need to consider during the scan. We do have to be a bit careful of the possible reordering of arcs introduced by the sort-merge coding of the previous commit, but that's not hard to deal with. Back-patch to all supported branches. 16 October 2015, 19:56:00 UTC
cff9e06 Tom Lane 16 October 2015, 18:43:17 UTC Fix O(N^2) performance problems in regular-expression compiler. Change the singly-linked in-arc and out-arc lists to be doubly-linked, so that arc deletion is constant time rather than having worst-case time proportional to the number of other arcs on the connected states. Modify the bulk arc transfer operations copyins(), copyouts(), moveins(), moveouts() so that they use a sort-and-merge algorithm whenever there's more than a small number of arcs to be copied or moved. The previous method is O(N^2) in the number of arcs involved, because it performs duplicate checking independently for each copied arc. The new method may change the ordering of existing arcs for the destination state, but nothing really cares about that. Provide another bulk arc copying method mergeins(), which is unused as of this commit but is needed for the next one. It basically is like copyins(), but the source arcs might not all come from the same state. Replace the O(N^2) bubble-sort algorithm used in carcsort() with a qsort() call. These changes greatly improve the performance of regex compilation for large or complex regexes, at the cost of extra space for arc storage during compilation. The original tradeoff was probably fine when it was made, but now we care more about speed and less about memory consumption. Back-patch to all supported branches. 16 October 2015, 19:56:00 UTC
0889e18 Tom Lane 16 October 2015, 18:14:41 UTC Fix regular-expression compiler to handle loops of constraint arcs. It's possible to construct regular expressions that contain loops of constraint arcs (that is, ^ $ AHEAD BEHIND or LACON arcs). There's no use in fully traversing such a loop at execution, since you'd just end up in the same NFA state without having consumed any input. Worse, such a loop leads to infinite looping in the pullback/pushfwd stage of compilation, because we keep pushing or pulling the same constraints around the loop in a vain attempt to move them to the pre or post state. Such looping was previously recognized in CVE-2007-4772; but the fix only handled the case of trivial single-state loops (that is, a constraint arc leading back to its source state) ... and not only that, it was incorrect even for that case, because it broke the admittedly-not-very-clearly-stated API contract of the pull() and push() subroutines. The first two regression test cases added by this commit exhibit patterns that result in assertion failures because of that (though there seem to be no ill effects in non-assert builds). The other new test cases exhibit multi-state constraint loops; in an unpatched build they will run until the NFA state-count limit is exceeded. To fix, remove the code added for CVE-2007-4772, and instead create a general-purpose constraint-loop-breaking phase of regex compilation that executes before we do pullback/pushfwd. Since we never need to traverse a constraint loop fully, we can just break the loop at any chosen spot, if we add clone states that can replicate any sequence of arc transitions that would've traversed just part of the loop. Also add some commentary clarifying why we have to have all these machinations in the first place. This class of problems has been known for some time --- we had a report from Marc Mamin about two years ago, for example, and there are related complaints in the Tcl bug tracker. I had discussed a fix of this kind off-list with Henry Spencer, but didn't get around to doing something about it until the issue was rediscovered by Greg Stark recently. Back-patch to all supported branches. 16 October 2015, 19:56:00 UTC
2288441 Robert Haas 16 October 2015, 18:06:22 UTC Remove cautions about using volatile from spin.h. Commit 0709b7ee72e4bc71ad07b7120acd117265ab51d0 obsoleted this comment but neglected to update it. Thomas Munro 16 October 2015, 18:10:28 UTC
73d71cd Robert Haas 16 October 2015, 15:37:19 UTC Fix a problem with parallel workers being unable to restore role. check_role() tries to verify that the user has permission to become the requested role, but this is inappropriate in a parallel worker, which needs to exactly recreate the master's authorization settings. So skip the check in that case. This fixes a bug in commit 924bcf4f16d54c55310b28f77686608684734f42. 16 October 2015, 15:40:03 UTC
14129d1 Robert Haas 16 October 2015, 15:31:23 UTC Invalidate caches after cranking up a parallel worker transaction. Starting a parallel worker transaction changes our notion of which XIDs are in-progress or committed, and our notion of the current command counter ID. Therefore, our view of these caches prior to starting this transaction may no longer valid. Defend against that by clearing them. This fixes a bug in commit 924bcf4f16d54c55310b28f77686608684734f42. 16 October 2015, 15:33:28 UTC
d43e3ad Robert Haas 16 October 2015, 13:59:57 UTC Tighten up application of parallel mode checks. Commit 924bcf4f16d54c55310b28f77686608684734f42 failed to enforce parallel mode checks during the commit of a parallel worker, because we exited parallel mode prior to ending the transaction so that we could pop the active snapshot. Re-establish parallel mode during parallel worker commit. Without this, it's far too easy for unsafe actions during the pre-commit sequence to crash the server instead of hitting the error checks as intended. Just to be extra paranoid, adjust a couple of the sanity checks in xact.c to check not only IsInParallelMode() but also IsParallelWorker(). 16 October 2015, 14:10:23 UTC
c451eaf Robert Haas 16 October 2015, 13:53:34 UTC Transfer current command counter ID to parallel workers. Commit 924bcf4f16d54c55310b28f77686608684734f42 correctly forbade parallel workers to modify the command counter while in parallel mode, but it inexplicably neglected to actually transfer the current command counter from leader to workers. This can result in the workers seeing a different set of tuples from the leader, which is bad. Repair. 16 October 2015, 13:58:34 UTC
26981d2 Robert Haas 16 October 2015, 13:42:33 UTC Don't send protocol messages to a shm_mq that no longer exists. Commit 2bd9e412f92bc6a68f3e8bcb18e04955cc35001d introduced a mechanism for relaying protocol messages from a background worker to another backend via a shm_mq. However, there was no provision for shutting down the communication channel. Therefore, a protocol message sent late in the shutdown sequence, such as a DEBUG message resulting from cranking up log_min_messages, could crash the server. To fix, install an on_dsm_detach callback that disables sending messages to the shm_mq when the associated DSM is detached. 16 October 2015, 13:49:08 UTC
a93b378 Tom Lane 15 October 2015, 17:46:09 UTC Fix NULL handling in datum_to_jsonb(). The function failed to adhere to its specification that the "tcategory" argument should not be examined when the input value is NULL. This resulted in a crash in some cases. Per bug #13680 from Boyko Yordanov. In passing, re-pgindent some recent changes in jsonb.c, and fix a rather ungrammatical comment. Diagnosis and patch by Michael Paquier, cosmetic changes by me 15 October 2015, 17:46:09 UTC
5043193 Robert Haas 15 October 2015, 17:00:40 UTC Allow FDWs to push down quals without breaking EvalPlanQual rechecks. This fixes a long-standing bug which was discovered while investigating the interaction between the new join pushdown code and the EvalPlanQual machinery: if a ForeignScan appears on the inner side of a paramaterized nestloop, an EPQ recheck would re-return the original tuple even if it no longer satisfied the pushed-down quals due to changed parameter values. This fix adds a new member to ForeignScan and ForeignScanState and a new argument to make_foreignscan, and requires changes to FDWs which push down quals to populate that new argument with a list of quals they have chosen to push down. Therefore, I'm only back-patching to 9.5, even though the bug is not new in 9.5. Etsuro Fujita, reviewed by me and by Kyotaro Horiguchi. 15 October 2015, 17:10:39 UTC
54e07be Alvaro Herrera 15 October 2015, 15:20:15 UTC Fix bogus comments Author: Amit Langote 15 October 2015, 15:20:15 UTC
41179e7 Bruce Momjian 13 October 2015, 22:25:32 UTC -- email subject limit ----------------------------------------- -- gitweb summary limit -------------------------- pg_upgrade: reorder controldata checks to match program output Also improve comment for how float8_pass_by_value is used. Backpatch through 9.5 13 October 2015, 22:25:32 UTC
bf8a361 Robert Haas 13 October 2015, 19:33:07 UTC Improve INSERT .. ON CONFLICT error message. Peter Geoghegan, reviewed by me. 13 October 2015, 19:33:34 UTC
39ac293 Tom Lane 13 October 2015, 15:21:33 UTC On Windows, ensure shared memory handle gets closed if not being used. Postmaster child processes that aren't supposed to be attached to shared memory were not bothering to close the shared memory mapping handle they inherit from the postmaster process. That's mostly harmless, since the handle vanishes anyway when the child process exits -- but the syslogger process, if used, doesn't get killed and restarted during recovery from a backend crash. That meant that Windows doesn't see the shared memory mapping as becoming free, so it doesn't delete it and the postmaster is unable to create a new one, resulting in failure to recover from crashes whenever logging_collector is turned on. Per report from Dmitry Vasilyev. It's a bit astonishing that we'd not figured this out long ago, since it's been broken from the very beginnings of out native Windows support; probably some previously-unexplained trouble reports trace to this. A secondary problem is that on Cygwin (perhaps only in older versions?), exec() may not detach from the shared memory segment after all, in which case these child processes did remain attached to shared memory, posing the risk of an unexpected shared memory clobber if they went off the rails somehow. That may be a long-gone bug, but we can deal with it now if it's still live, by detaching within the infrastructure introduced here to deal with closing the handle. Back-patch to all supported branches. Tom Lane and Amit Kapila 13 October 2015, 15:21:33 UTC
c6ab511 Tom Lane 12 October 2015, 23:49:22 UTC Sigh, need "use Config" as well. This time with some manual testing behind it ... 12 October 2015, 23:49:22 UTC
34557f5 Tom Lane 12 October 2015, 23:35:38 UTC Cause TestLib.pm to define $windows_os in all branches. Back-port of a part of commit 690ed2b76ab91eb79ea04ee2bfbdc8a2693f2a37 that I'd depended on without realizing that it was only added recently. Since it seems entirely likely that other such tests will need to be back-patched in future, providing the flag seems like a better answer than just putting a test in-line. Per buildfarm. 12 October 2015, 23:35:38 UTC
a151a5c Tom Lane 12 October 2015, 22:30:36 UTC Fix "pg_ctl start -w" to test child process status directly. pg_ctl start with -w previously relied on a heuristic that the postmaster would surely always manage to create postmaster.pid within five seconds. Unfortunately, that fails much more often than we would like on some of the slower, more heavily loaded buildfarm members. We have known for quite some time that we could remove the need for that heuristic on Unix by using fork/exec instead of system() to launch the postmaster. This allows us to know the exact PID of the postmaster, which allows near-certain verification that the postmaster.pid file is the one we want and not a leftover, and it also lets us use waitpid() to detect reliably whether the child postmaster has exited or not. What was blocking this change was not wanting to rewrite the Windows version of start_postmaster() to avoid use of CMD.EXE. That's doable in theory but would require fooling about with stdout/stderr redirection, and getting the handling of quote-containing postmaster switches to stay the same might be rather ticklish. However, we realized that we don't have to do that to fix the problem, because we can test whether the shell process has exited as a proxy for whether the postmaster is still alive. That doesn't allow an exact check of the PID in postmaster.pid, but we're no worse off than before in that respect; and we do get to get rid of the heuristic about how long the postmaster might take to create postmaster.pid. On Unix, this change means that a second "pg_ctl start -w" immediately after another such command will now reliably fail, whereas previously it would succeed if done within two seconds of the earlier command. Since that's a saner behavior anyway, it's fine. On Windows, the case can still succeed within the same time window, since pg_ctl can't tell that the earlier postmaster's postmaster.pid isn't the pidfile it is looking for. To ensure stable test results on Windows, we can insert a short sleep into the test script for pg_ctl, ensuring that the existing pidfile looks stale. This hack can be removed if we ever do rewrite start_postmaster(), but that no longer seems like a high-priority thing to do. Back-patch to all supported versions, both because the current behavior is buggy and because we must do that if we want the buildfarm failures to go away. Tom Lane and Michael Paquier 12 October 2015, 22:30:36 UTC
f75c4fc Noah Misch 12 October 2015, 03:53:35 UTC Use JsonbIteratorToken consistently in automatic variable declarations. Many functions stored JsonbIteratorToken values in variables of other integer types. Also, standardize order relative to other declarations. Expect compilers to generate the same code before and after this change. 12 October 2015, 14:10:51 UTC
7109c60 Peter Eisentraut 12 October 2015, 01:44:27 UTC Fix whitespace 12 October 2015, 01:44:50 UTC
2539b9b Noah Misch 12 October 2015, 00:36:07 UTC Make prove_installcheck remove the old log directory, if any. prove_check already has been doing this. Back-patch to 9.4, like the commit that introduced this logging. 12 October 2015, 00:36:23 UTC
a26609e Stephen Frost 09 October 2015, 14:49:10 UTC Handle append_rel_list in expand_security_qual During expand_security_quals, we take the security barrier quals on an RTE and create a subquery which evaluates the quals. During this, we have to replace any variables in the outer query which refer to the original RTE with references to the columns from the subquery. We need to also perform that replacement for any Vars in the append_rel_list. Only backpatching to 9.5 as we only go through this process in 9.4 for auto-updatable security barrier views, which UNION ALL queries aren't. Discovered by Haribabu Kommi Patch by Dean Rasheed 09 October 2015, 14:49:10 UTC
e50431a Tom Lane 09 October 2015, 14:12:03 UTC Fix uninitialized-variable bug. For some reason, neither of the compilers I usually use noticed the uninitialized-variable problem I introduced in commit 7e2a18a9161fee7e. That's hardly a good enough excuse though. Committing with brown paper bag on head. In addition to putting the operations in the right order, move the declaration of "now" inside the loop; there's no need for it to be outside, and that does wake up older gcc enough to notice any similar future problem. Back-patch to 9.4; earlier versions lack the time-to-SIGKILL stanza so there's no bug. 09 October 2015, 14:12:03 UTC
36d4a50 Robert Haas 08 October 2015, 17:21:03 UTC Fix typo in docs. Pallavi Sontakke 08 October 2015, 17:27:02 UTC
48a78d8 Andrew Dunstan 07 October 2015, 21:41:45 UTC Factor out encoding specific tests for json This lets us remove the large alternative results files for the main json and jsonb tests, which makes modifying those tests simpler for committers and patch submitters. Backpatch to 9.4 for jsonb and 9.3 for json. 08 October 2015, 02:19:03 UTC
fc95734 Tom Lane 07 October 2015, 20:12:05 UTC Improve documentation of the role-dropping process. In general one may have to run both REASSIGN OWNED and DROP OWNED to get rid of all the dependencies of a role to be dropped. This was alluded to in the REASSIGN OWNED man page, but not really spelled out in full; and in any case the procedure ought to be documented in a more prominent place than that. Add a section to the "Database Roles" chapter explaining this, and do a bit of wordsmithing in the relevant commands' man pages. 07 October 2015, 20:12:05 UTC
c86555f Bruce Momjian 07 October 2015, 14:30:54 UTC docs: add JSONB containment example of a key and empty object Backpatch through 9.5 07 October 2015, 14:30:54 UTC
9445a1c Bruce Momjian 07 October 2015, 13:42:26 UTC docs: Map operator @> to the proper SGML escape for '>' Backpatch through 9.5 07 October 2015, 13:42:26 UTC
2169e87 Bruce Momjian 07 October 2015, 13:06:49 UTC docs: clarify JSONB operator descriptions No catalog bump as the catalog changes are for SQL operator comments. Backpatch through 9.5 07 October 2015, 13:06:49 UTC
02580df Tom Lane 06 October 2015, 21:15:27 UTC Perform an immediate shutdown if the postmaster.pid file is removed. The postmaster now checks every minute or so (worst case, at most two minutes) that postmaster.pid is still there and still contains its own PID. If not, it performs an immediate shutdown, as though it had received SIGQUIT. The original goal behind this change was to ensure that failed buildfarm runs would get fully cleaned up, even if the test scripts had left a postmaster running, which is not an infrequent occurrence. When the buildfarm script removes a test postmaster's $PGDATA directory, its next check on postmaster.pid will fail and cause it to exit. Previously, manual intervention was often needed to get rid of such orphaned postmasters, since they'd block new test postmasters from obtaining the expected socket address. However, by checking postmaster.pid and not something else, we can provide additional robustness: manual removal of postmaster.pid is a frequent DBA mistake, and now we can at least limit the damage that will ensue if a new postmaster is started while the old one is still alive. Back-patch to all supported branches, since we won't get the desired improvement in buildfarm reliability otherwise. 06 October 2015, 21:15:27 UTC
b96df2c Tom Lane 05 October 2015, 19:09:44 UTC Stamp 9.5beta1. 05 October 2015, 19:09:44 UTC
7d88b3d Bruce Momjian 05 October 2015, 17:38:36 UTC docs: update guidelines on when to use GIN and GiST indexes Report by Tomas Vondra Backpatch through 9.5 05 October 2015, 17:38:36 UTC
d623591 Tom Lane 05 October 2015, 16:44:12 UTC Docs: explain contrib/pg_stat_statements' handling of GC failure. Failure to perform garbage collection now has a user-visible effect, so explain that and explain that reducing pgss_max is the way to prevent it. Per gripe from Andrew Dunstan. 05 October 2015, 16:44:20 UTC
c0f058e Tom Lane 05 October 2015, 16:19:14 UTC Fix insufficiently-portable regression test case. Some of the buildfarm members are evidently miserly enough of stack space to pass the originally-committed form of this test. Increase the requirement 10X to hopefully ensure that it fails as-expected everywhere. Security: CVE-2015-5289 05 October 2015, 16:19:14 UTC
149a8cd Peter Eisentraut 05 October 2015, 14:59:53 UTC Translation updates Source-Git-URL: git://git.postgresql.org/git/pgtranslation/messages.git Source-Git-Hash: 23a52bc86edcd39c3c6b80ee1f7374759c8711f8 05 October 2015, 15:01:07 UTC
808f1bd Tom Lane 05 October 2015, 14:57:15 UTC Last-minute updates for release notes. Add entries for security and not-quite-security issues. Security: CVE-2015-5288, CVE-2015-5289 05 October 2015, 14:57:44 UTC
56805a4 Andres Freund 05 October 2015, 14:09:13 UTC Remove outdated comment about relation level autovacuum freeze limits. The documentation for the autovacuum_multixact_freeze_max_age and autovacuum_freeze_max_age relation level parameters contained: "Note that while you can set autovacuum_multixact_freeze_max_age very small, or even zero, this is usually unwise since it will force frequent vacuuming." which hasn't been true since these options were made relation options, instead of residing in the pg_autovacuum table (834a6da4f7). Remove the outdated sentence. Even the lowered limits from 2596d70 are high enough that this doesn't warrant calling out the risk in the CREATE TABLE docs. Per discussion with Tom Lane and Alvaro Herrera Discussion: 26377.1443105453@sss.pgh.pa.us Backpatch: 9.0- (in parts) 05 October 2015, 14:51:03 UTC
f9bb9c0 Stephen Frost 05 October 2015, 14:14:51 UTC Add regression tests for INSERT/UPDATE+RETURNING This adds regressions tests which are specific to INSERT+RETURNING and UPDATE+RETURNING to ensure that the SELECT policies are added as WithCheckOptions (and should therefore throw an error when the policy is violated). Per suggestion from Andres. Back-patch to 9.5 as the prior commit was. 05 October 2015, 14:14:51 UTC
7bed97d Noah Misch 05 October 2015, 14:06:30 UTC Prevent stack overflow in query-type functions. The tsquery, ltxtquery and query_int data types have a common ancestor. Having acquired check_stack_depth() calls independently, each was missing at least one call. Back-patch to 9.0 (all supported versions). 05 October 2015, 14:06:33 UTC
acf0da1 Noah Misch 05 October 2015, 14:06:29 UTC Prevent stack overflow in container-type functions. A range type can name another range type as its subtype, and a record type can bear a column of another record type. Consequently, functions like range_cmp() and record_recv() are recursive. Functions at risk include operator family members and referents of pg_type regproc columns. Treat as recursive any such function that looks up and calls the same-purpose function for a record column type or the range subtype. Back-patch to 9.0 (all supported versions). An array type's element type is never itself an array type, so array functions are unaffected. Recursion depth proportional to array dimensionality, found in array_dim_to_jsonb(), is fine thanks to MAXDIM. 05 October 2015, 14:06:33 UTC
98f30d2 Noah Misch 05 October 2015, 14:06:29 UTC Prevent stack overflow in json-related functions. Sufficiently-deep recursion heretofore elicited a SIGSEGV. If an application constructs PostgreSQL json or jsonb values from arbitrary user input, application users could have exploited this to terminate all active database connections. That applies to 9.3, where the json parser adopted recursive descent, and later versions. Only row_to_json() and array_to_json() were at risk in 9.2, both in a non-security capacity. Back-patch to 9.2, where the json type was introduced. Oskari Saarenmaa, reviewed by Michael Paquier. Security: CVE-2015-5289 05 October 2015, 14:06:33 UTC
4d67522 Noah Misch 05 October 2015, 14:06:29 UTC pgcrypto: Detect and report too-short crypt() salts. Certain short salts crashed the backend or disclosed a few bytes of backend memory. For existing salt-induced error conditions, emit a message saying as much. Back-patch to 9.0 (all supported versions). Josh Kupershmidt Security: CVE-2015-5288 05 October 2015, 14:06:33 UTC
bd90147 Stephen Frost 05 October 2015, 11:55:11 UTC Apply SELECT policies in INSERT/UPDATE+RETURNING Similar to 7d8db3e, given that INSERT+RETURNING requires SELECT rights on the table, apply the SELECT policies as WCOs to the tuples being inserted. Apply the same logic to UPDATE+RETURNING. Back-patch to 9.5 where RLS was added. 05 October 2015, 11:55:11 UTC
31fb4df Stephen Frost 05 October 2015, 11:38:56 UTC Do not write out WCOs in Query The WithCheckOptions list in Query are only populated during rewrite and do not need to be written out or read in as part of a Query structure. Further, move WithCheckOptions to the bottom and add comments to clarify that it is only populated during rewrite. Back-patch to 9.5 with a catversion bump, as we are still in alpha. 05 October 2015, 11:38:56 UTC
0577821 Andres Freund 05 October 2015, 09:53:43 UTC Re-Align *_freeze_max_age reloption limits with corresponding GUC limits. In 020235a5754 I lowered the autovacuum_*freeze_max_age minimums to allow for easier testing of wraparounds. I did not touch the corresponding per-table limits. While those don't matter for the purpose of wraparound, it seems more consistent to lower them as well. It's noteworthy that the previous reloption lower limit for autovacuum_multixact_freeze_max_age was too high by one magnitude, even before 020235a5754. Discussion: 26377.1443105453@sss.pgh.pa.us Backpatch: back to 9.0 (in parts), like the prior patch 05 October 2015, 09:56:58 UTC
90f334d Stephen Frost 05 October 2015, 01:05:18 UTC ALTER TABLE .. FORCE ROW LEVEL SECURITY To allow users to force RLS to always be applied, even for table owners, add ALTER TABLE .. FORCE ROW LEVEL SECURITY. row_security=off overrides FORCE ROW LEVEL SECURITY, to ensure pg_dump output is complete (by default). Also add SECURITY_NOFORCE_RLS context to avoid data corruption when ALTER TABLE .. FORCE ROW SECURITY is being used. The SECURITY_NOFORCE_RLS security context is used only during referential integrity checks and is only considered in check_enable_rls() after we have already checked that the current user is the owner of the relation (which should always be the case during referential integrity checks). Back-patch to 9.5 where RLS was added. 05 October 2015, 01:05:18 UTC
e78dc6b Tom Lane 04 October 2015, 23:38:00 UTC Release notes for 9.5beta1, 9.4.5, 9.3.10, 9.2.14, 9.1.19, 9.0.23. 04 October 2015, 23:38:00 UTC
39a716d Tom Lane 04 October 2015, 21:58:30 UTC Improve contrib/pg_stat_statements' handling of garbage collection failure. If we can't read the query texts file (whether because out-of-memory, or for some other reason), give up and reset the file to empty, discarding all stored query texts, though not the statistics per se. We used to leave things alone and hope for better luck next time, but the problem is that the file is only going to get bigger and even harder to slurp into memory. Better to do something that will get us out of trouble. Likewise reset the file to empty for any other failure within gc_qtexts(). The previous behavior after a write error was to discard query texts but not do anything to truncate the file, which is just weird. Also, increase the maximum supported file size from MaxAllocSize to MaxAllocHugeSize; this makes it more likely we'll be able to do a garbage collection successfully. Also, fix recalculation of mean_query_len within entry_dealloc() to match the calculation in gc_qtexts(). The previous coding overlooked the possibility of dropped texts (query_len == -1) and would underestimate the mean of the remaining entries in such cases, thus possibly causing excess garbage collection cycles. In passing, add some errdetail to the log entry that complains about insufficient memory to read the query texts file, which after all was Jim Nasby's original complaint. Back-patch to 9.4 where the current handling of query texts was introduced. Peter Geoghegan, rather editorialized upon by me 04 October 2015, 21:58:30 UTC
e5c94c7 Tom Lane 04 October 2015, 19:55:07 UTC Further twiddling of nodeHash.c hashtable sizing calculation. On reflection, the submitted patch didn't really work to prevent the request size from exceeding MaxAllocSize, because of the fact that we'd happily round nbuckets up to the next power of 2 after we'd limited it to max_pointers. The simplest way to enforce the limit correctly is to round max_pointers down to a power of 2 when it isn't one already. (Note that the constraint to INT_MAX / 2, if it were doing anything useful at all, is properly applied after that.) 04 October 2015, 19:55:07 UTC
ca5b42d Tom Lane 04 October 2015, 18:06:40 UTC Fix some issues in new hashtable size calculations in nodeHash.c. Limit the size of the hashtable pointer array to not more than MaxAllocSize, per reports from Kouhei Kaigai and others of "invalid memory alloc request size" failures. There was discussion of allowing the array to get larger than that by using the "huge" palloc API, but so far no proof that that is actually a good idea, and at this point in the 9.5 cycle major changes from old behavior don't seem like the way to go. Fix a rather serious secondary bug in the new code, which was that it didn't ensure nbuckets remained a power of 2 when recomputing it for the multiple-batch case. Clean up sloppy division of labor between ExecHashIncreaseNumBuckets and its sole call site. 04 October 2015, 18:06:51 UTC
544ccf6 Andrew Dunstan 04 October 2015, 17:28:16 UTC Disallow invalid path elements in jsonb_set Null path elements and, where the object is an array, invalid integer elements now cause an error. Incorrect behaviour noted by Thom Brown, patch from Dmitry Dolgov. Backpatch to 9.5 where jsonb_set was introduced 04 October 2015, 17:48:24 UTC
e45f8f8 Peter Eisentraut 04 October 2015, 15:14:28 UTC Group cluster_name and update_process_title settings together 04 October 2015, 16:29:50 UTC
4365d9c Noah Misch 04 October 2015, 00:20:22 UTC Document that row_security is a boolean GUC. Oversight in commit 537bd178c73b1d25938347b17e9e3e62898fc231. Back-patch to 9.5, like that commit. 04 October 2015, 00:20:52 UTC
01ba789 Noah Misch 04 October 2015, 00:19:57 UTC Make BYPASSRLS behave like superuser RLS bypass. Specifically, make its effect independent from the row_security GUC, and make it affect permission checks pertinent to views the BYPASSRLS role owns. The row_security GUC thereby ceases to change successful-query behavior; it can only make a query fail with an error. Back-patch to 9.5, where BYPASSRLS was introduced. 04 October 2015, 00:20:50 UTC
cfddb5d Andres Freund 03 October 2015, 13:29:08 UTC Improve errhint() about replication slot naming restrictions. The existing hint talked about "may only contain letters", but the actual requirement is more strict: only lower case letters are allowed. Reported-By: Rushabh Lathia Author: Rushabh Lathia Discussion: AGPqQf2x50qcwbYOBKzb4x75sO_V3g81ZsA8+Ji9iN5t_khFhQ@mail.gmail.com Backpatch: 9.4-, where replication slots were added 03 October 2015, 13:29:35 UTC
7285d66 Andres Freund 03 October 2015, 13:12:10 UTC Fix several bugs related to ON CONFLICT's EXCLUDED pseudo relation. Four related issues: 1) attnos/varnos/resnos for EXCLUDED were out of sync when a column after one dropped in the underlying relation was referenced. 2) References to whole-row variables (i.e. EXCLUDED.*) lead to errors. 3) It was possible to reference system columns in the EXCLUDED pseudo relations, even though they would not have valid contents. 4) References to EXCLUDED were rewritten by the RLS machinery, as EXCLUDED was treated as if it were the underlying relation. To fix the first two issues, generate the excluded targetlist with dropped columns in mind and add an entry for whole row variables. Instead of unconditionally adding a wholerow entry we could pull up the expression if needed, but doing it unconditionally seems simpler. The wholerow entry is only really needed for ruleutils/EXPLAIN support anyway. The remaining two issues are addressed by changing the EXCLUDED RTE to have relkind = composite. That fits with EXCLUDED not actually being a real relation, and allows to treat it differently in the relevant places. scanRTEForColumn now skips looking up system columns when the RTE has a composite relkind; fireRIRrules() already had a corresponding check, thereby preventing RLS expansion on EXCLUDED. Also add tests for these issues, and improve a few comments around excluded handling in setrefs.c. Reported-By: Peter Geoghegan, Geoff Winkless Author: Andres Freund, Amit Langote, Peter Geoghegan Discussion: CAEzk6fdzJ3xYQZGbcuYM2rBd2BuDkUksmK=mY9UYYDugg_GgZg@mail.gmail.com, CAM3SWZS+CauzbiCEcg-GdE6K6ycHE_Bz6Ksszy8AoixcMHOmsA@mail.gmail.com Backpatch: 9.5, where ON CONFLICT was introduced 03 October 2015, 13:12:50 UTC
back to top