1. 04 Aug, 2017 5 commits
    • Peter Eisentraut's avatar
      Message style improvements · 26d40ada
      Peter Eisentraut authored
      26d40ada
    • Robert Haas's avatar
      hash: Increase the number of possible overflow bitmaps by 8x. · 620b49a1
      Robert Haas authored
      Per a report from AP, it's not that hard to exhaust the supply of
      bitmap pages if you create a table with a hash index and then insert a
      few billion rows - and then you start getting errors when you try to
      insert additional rows.  In the particular case reported by AP,
      there's another fix that we can make to improve recycling of overflow
      pages, which is another way to avoid the error, but there may be other
      cases where this problem happens and that fix won't help.  So let's
      buy ourselves as much headroom as we can without rearchitecting
      anything.
      
      The comments claim that the old limit was 64GB, but it was really
      only 32GB, because we didn't use all the bits in the page for bitmap
      bits - only the largest power of 2 that could fit after deducting
      space for the page header and so forth.  Thus, we have 4kB per page
      for bitmap bits, not 8kB.  The new limit is thus actually 8 times the
      old *real* limit but only 4 times the old *purported* limit.
      
      Since this breaks on-disk compatibility, bump HASH_VERSION.  We've
      already done this earlier in this release cycle, so this doesn't cause
      any incremental inconvenience for people using pg_upgrade from
      releases prior to v10.  However, users who use pg_upgrade to reach
      10beta3 or later from 10beta2 or earlier will need to REINDEX any hash
      indexes again.
      
      Amit Kapila and Robert Haas
      
      Discussion: http://postgr.es/m/20170704105728.mwb72jebfmok2nm2@zip.com.au
      620b49a1
    • Tom Lane's avatar
      Apply ALTER ... SET NOT NULL recursively in ALTER ... ADD PRIMARY KEY. · c30f1770
      Tom Lane authored
      If you do ALTER COLUMN SET NOT NULL against an inheritance parent table,
      it will recurse to mark all the child columns as NOT NULL as well.  This
      is necessary for consistency: if the column is labeled NOT NULL then
      reading it should never produce nulls.
      
      However, that didn't happen in the case where ALTER ... ADD PRIMARY KEY
      marks a target column NOT NULL that wasn't before.  That was questionable
      from the beginning, and now Tushar Ahuja points out that it can lead to
      dump/restore failures in some cases.  So let's make that case recurse too.
      
      Although this is meant to fix a bug, it's enough of a behavioral change
      that I'm pretty hesitant to back-patch, especially in view of the lack
      of similar field complaints.  It doesn't seem to be too late to put it
      into v10 though.
      
      Michael Paquier, editorialized on slightly by me
      
      Discussion: https://postgr.es/m/b8794d6a-38f0-9d7c-ad4b-e85adf860fc9@enterprisedb.com
      c30f1770
    • Tom Lane's avatar
      Disallow SSL session tickets. · 97d3a0b0
      Tom Lane authored
      We don't actually support session tickets, since we do not create an SSL
      session identifier.  But it seems that OpenSSL will issue a session ticket
      on-demand anyway, which will then fail when used.  This results in
      reconnection failures when using ticket-aware client-side SSL libraries
      (such as the Npgsql .NET driver), as reported by Shay Rojansky.
      
      To fix, just tell OpenSSL not to issue tickets.  At some point in the
      far future, we might consider enabling tickets instead.  But the security
      implications of that aren't entirely clear; and besides it would have
      little benefit except for very short-lived database connections, which is
      Something We're Bad At anyhow.  It would take a lot of other work to get
      to a point where that would really be an exciting thing to do.
      
      While at it, also tell OpenSSL not to use a session cache.  This doesn't
      really do anything, since a backend would never populate the cache anyway,
      but it might gain some micro-efficiencies and/or reduce security
      exposures.
      
      Patch by me, per discussion with Heikki Linnakangas and Shay Rojansky.
      Back-patch to all supported versions.
      
      Discussion: https://postgr.es/m/CADT4RqBU8N-csyZuzaook-c795dt22Zcwg1aHWB6tfVdAkodZA@mail.gmail.com
      97d3a0b0
    • Peter Eisentraut's avatar
      Further unify ROLE and USER command grammar rules · b3744812
      Peter Eisentraut authored
      ALTER USER ... SET did not support all the syntax variants of ALTER ROLE
      ...  SET.  Fix that, and to avoid further deviations of this kind, unify
      many the grammar rules for ROLE/USER/GROUP commands.
      Reported-by: default avatarPavel Golub <pavel@microolap.com>
      b3744812
  2. 03 Aug, 2017 8 commits
  3. 02 Aug, 2017 7 commits
    • Alvaro Herrera's avatar
      Fix pg_dump's errno checking for zlib I/O · 4d57e838
      Alvaro Herrera authored
      Some error reports were reporting strerror(errno), which for some error
      conditions coming from zlib are wrong, resulting in confusing reports
      such as
        pg_restore: [compress_io] could not read from input file: Success
      which makes no sense.  To correctly extract the error message we need to
      use gzerror(), so let's do that.
      
      This isn't as comprehensive or as neat as I would like, but at least it
      should improve things in many common cases.  The zlib abstraction in
      compress_io does not seem to be applied consistently enough; we could
      perhaps improve that, but it seems master-only material, not a bug fix
      for back-patching.
      
      This problem goes back all the way, but I decided to apply back to 9.4
      only, because older branches don't contain commit 14ea8936 which this
      change depends on.
      
      Authors: Vladimir Kunschikov, Álvaro Herrera
      Discussion: https://postgr.es/m/1498120508308.9826@infotecs.ru
      4d57e838
    • Tom Lane's avatar
      Add pgtcl back to the list of externally-maintained client interfaces. · 80215156
      Tom Lane authored
      FlightAware is still maintaining this, and indeed is seemingly being
      more active with it than the pgtclng fork is.  List both, for the
      time being anyway.
      
      In the back branches, also back-port commit e20f679f and other
      recent updates to the client-interfaces list.  I think these are
      probably of current interest to users of back branches.  I did
      not touch the list of externally maintained PLs in the back
      branches, though.  Those are much more likely to be server version
      sensitive, and I don't know which of these PLs work all the way back.
      
      Discussion: https://postgr.es/m/20170730162612.1449.58796@wrigleys.postgresql.org
      80215156
    • Tom Lane's avatar
      Remove broken and useless entry-count printing in HASH_DEBUG code. · 9d4e5669
      Tom Lane authored
      init_htab(), with #define HASH_DEBUG, prints a bunch of hashtable
      parameters.  It used to also print nentries, but commit 44ca4022 changed
      that to "hash_get_num_entries(hctl)", which is wrong (the parameter should
      be "hashp").
      
      Rather than correct the coding, though, let's just remove that field from
      the printout.  The table must be empty, since we just finished building
      it, so expensively calculating the number of entries is rather pointless.
      Moreover hash_get_num_entries makes assumptions (about not needing locks)
      which we could do without in debugging code.
      
      Noted by Choi Doo-Won in bug #14764.  Back-patch to 9.6 where the
      faulty code was introduced.
      
      Discussion: https://postgr.es/m/20170802032353.8424.12274@wrigleys.postgresql.org
      9d4e5669
    • Peter Eisentraut's avatar
      Get a snapshot before COPY in table sync · cf652018
      Peter Eisentraut authored
      This fixes a crash if the local table has a function index and the
      function makes non-immutable calls.
      Reported-by: default avatarScott Milliken <scott@deltaex.com>
      Author: Masahiko Sawada <sawada.mshk@gmail.com>
      cf652018
    • Tom Lane's avatar
      Remove duplicate setting of SSL_OP_SINGLE_DH_USE option. · f352f91c
      Tom Lane authored
      Commit c0a15e07 moved the setting of OpenSSL's SSL_OP_SINGLE_DH_USE option
      into a new subroutine initialize_dh(), but forgot to remove it from where
      it was.  SSL_CTX_set_options() is a trivial function, amounting indeed to
      just "ctx->options |= op", hence there's no reason to contort the code or
      break separation of concerns to avoid calling it twice.  So separating the
      DH setup from disabling of old protocol versions is a good change, but we
      need to finish the job.
      
      Noted while poking into the question of SSL session tickets.
      f352f91c
    • Peter Eisentraut's avatar
      Fix OBJECT_TYPE/OBJECT_DOMAIN confusion · 41cefbb6
      Peter Eisentraut authored
      This doesn't have a significant impact except that now SECURITY LABEL ON
      DOMAIN rejects types that are not domains.
      Reported-by: default avatar高增琦 <pgf00a@gmail.com>
      41cefbb6
    • Tom Lane's avatar
      Revert test case added by commit 1e165d05. · 32ca22b0
      Tom Lane authored
      The buildfarm is still showing at least three distinct behaviors for
      a bad locale name in CREATE COLLATION.  Although this test was helpful
      for getting the error reporting code into some usable shape, it doesn't
      seem worth carrying multiple expected-files in order to support the
      test in perpetuity.  So pull it back out.
      
      Discussion: https://postgr.es/m/CAKKotZS-wcDcofXDCH=sidiuajE+nqHn2CGjLLX78anyDmi3gQ@mail.gmail.com
      32ca22b0
  4. 01 Aug, 2017 7 commits
    • Tom Lane's avatar
      Second try at getting useful errors out of newlocale/_create_locale. · 514f6132
      Tom Lane authored
      The early buildfarm returns for commit 1e165d05 are pretty awful:
      not only does Windows not return a useful error, but it looks like
      a lot of Unix-ish platforms don't either.  Given the number of
      different errnos seen so far, guess that what's really going on is
      that some newlocale() implementations fail to set errno at all.
      Hence, let's try zeroing errno just before newlocale() and then
      if it's still zero report as though it's ENOENT.  That should cover
      the Windows case too.
      
      It's clear that we'll have to drop the regression test case, unless
      we want to maintain a separate expected-file for platforms without
      HAVE_LOCALE_T.  But I'll leave it there awhile longer to see if this
      actually improves matters or not.
      
      Discussion: https://postgr.es/m/CAKKotZS-wcDcofXDCH=sidiuajE+nqHn2CGjLLX78anyDmi3gQ@mail.gmail.com
      514f6132
    • Tom Lane's avatar
      Suppress less info in regression tests using DROP CASCADE. · 8e753726
      Tom Lane authored
      DROP CASCADE doesn't currently promise to visit dependent objects in
      a fixed order, so when the regression tests use it, we typically need
      to suppress the details of which objects get dropped in order to have
      predictable test output.  Traditionally we've done that by setting
      client_min_messages higher than NOTICE, but there's a better way:
      we can "\set VERBOSITY terse" in psql.  That suppresses the DETAIL
      message with the object list, but we still get the basic notice telling
      how many objects were dropped.  So at least the test case can verify
      that the expected number of objects were dropped.
      
      The VERBOSITY method was already in use in a few places, but run
      around and use it wherever it makes sense.
      
      Discussion: https://postgr.es/m/10766.1501608885@sss.pgh.pa.us
      8e753726
    • Tom Lane's avatar
      Try to deliver a sane message for _create_locale() failure on Windows. · 1e165d05
      Tom Lane authored
      We were just printing errno, which is certainly not gonna work on
      Windows.  Now, it's not entirely clear from Microsoft's documentation
      whether _create_locale() adheres to standard Windows error reporting
      conventions, but let's assume it does and try to map the GetLastError
      result to an errno.  If this turns out not to work, probably the best
      thing to do will be to assume the error is always ENOENT on Windows.
      
      This is a longstanding bug, but given the lack of previous field
      complaints, I'm not excited about back-patching it.
      
      Per report from Murtuza Zabuawala.
      
      Discussion: https://postgr.es/m/CAKKotZS-wcDcofXDCH=sidiuajE+nqHn2CGjLLX78anyDmi3gQ@mail.gmail.com
      1e165d05
    • Peter Eisentraut's avatar
      doc: Fix typo · c1bb7870
      Peter Eisentraut authored
      Author: Fabien COELHO <coelho@cri.ensmp.fr>
      c1bb7870
    • Tom Lane's avatar
      Allow creation of C/POSIX collations without depending on libc behavior. · f9725657
      Tom Lane authored
      Most of our collations code has special handling for the locale names
      "C" and "POSIX", allowing those collations to be used whether or not
      the system libraries think those locale names are valid, or indeed
      whether said libraries even have any locale support.  But we missed
      handling things that way in CREATE COLLATION.  This meant you couldn't
      clone the C/POSIX collations, nor explicitly define a new collation
      using those locale names, unless the libraries allow it.  That's pretty
      pointless, as well as being a violation of pg_newlocale_from_collation's
      API specification.
      
      The practical effect of this change is quite limited: it allows creating
      such collations even on platforms that don't HAVE_LOCALE_T, and it allows
      making "POSIX" collation objects on Windows, which before this would only
      let you make "C" collation objects.  Hence, even though this is a bug fix
      IMO, it doesn't seem worth the trouble to back-patch.
      
      In passing, suppress the DROP CASCADE detail messages at the end of the
      collation regression test.  I'm surprised we've never been bit by
      message ordering issues there.
      
      Per report from Murtuza Zabuawala.
      
      Discussion: https://postgr.es/m/CAKKotZS-wcDcofXDCH=sidiuajE+nqHn2CGjLLX78anyDmi3gQ@mail.gmail.com
      f9725657
    • Tom Lane's avatar
      Further improve consistency of configure's program searching. · b21c569c
      Tom Lane authored
      Peter Eisentraut noted that commit 40b9f192 had broken a configure
      behavior that some people might rely on: AC_CHECK_PROGS(FOO,...) will
      allow the search to be overridden by specifying a value for FOO on
      configure's command line or in its environment, but AC_PATH_PROGS(FOO,...)
      accepts such an override only if it's an absolute path.  We had worked
      around that behavior for some, but not all, of the pre-existing uses
      of AC_PATH_PROGS by just skipping the macro altogether when FOO is
      already set.  Let's standardize on that workaround for all uses of
      AC_PATH_PROGS, new and pre-existing, by wrapping AC_PATH_PROGS in a
      new macro PGAC_PATH_PROGS.  While at it, fix a deficiency of the old
      workaround code by making sure we report the setting to configure's log.
      
      Eventually I'd like to improve PGAC_PATH_PROGS so that it converts
      non-absolute override inputs to absolute form, eg "PYTHON=python3"
      becomes, say, PYTHON = /usr/bin/python3.  But that will take some
      nontrivial coding so it doesn't seem like a thing to do in late beta.
      
      Discussion: https://postgr.es/m/90a92a7d-938e-507a-3bd7-ecd2b4004689@2ndquadrant.com
      b21c569c
    • Dean Rasheed's avatar
      Comment fix for partition_rbound_cmp(). · 4de62168
      Dean Rasheed authored
      This was an oversight in d363d42b.
      
      Beena Emerson
      4de62168
  5. 31 Jul, 2017 12 commits
    • Tatsuo Ishii's avatar
      Fix comment. · e662ef0f
      Tatsuo Ishii authored
      XLByteToSeg and XLByteToPrevSeg calculate only a segment number.  The
      definition of these macros were modified by commit
      dfda6eba but the comment remain
      unchanged.
      
      Patch by Yugo Nagata. Back patched to 9.3 and beyond.
      e662ef0f
    • Peter Eisentraut's avatar
      Fix typo · 0b02e3f1
      Peter Eisentraut authored
      Author: Masahiko Sawada <sawada.mshk@gmail.com>
      0b02e3f1
    • Peter Eisentraut's avatar
      Fix typo · f40254a7
      Peter Eisentraut authored
      Author: Etsuro Fujita <fujita.etsuro@lab.ntt.co.jp>
      f40254a7
    • Heikki Linnakangas's avatar
    • Heikki Linnakangas's avatar
      Always use 2048 bit DH parameters for OpenSSL ephemeral DH ciphers. · c0a15e07
      Heikki Linnakangas authored
      1024 bits is considered weak these days, but OpenSSL always passes 1024 as
      the key length to the tmp_dh callback. All the code to handle other key
      lengths is, in fact, dead.
      
      To remedy those issues:
      
      * Only include hard-coded 2048-bit parameters.
      * Set the parameters directly with SSL_CTX_set_tmp_dh(), without the
        callback
      * The name of the file containing the DH parameters is now a GUC. This
        replaces the old hardcoded "dh1024.pem" filename. (The files for other
        key lengths, dh512.pem, dh2048.pem, etc. were never actually used.)
      
      This is not a new problem, but it doesn't seem worth the risk and churn to
      backport. If you care enough about the strength of the DH parameters on
      old versions, you can create custom DH parameters, with as many bits as you
      wish, and put them in the "dh1024.pem" file.
      
      Per report by Nicolas Guini and Damian Quiroga. Reviewed by Michael Paquier.
      
      Discussion: https://www.postgresql.org/message-id/CAMxBoUyjOOautVozN6ofzym828aNrDjuCcOTcCquxjwS-L2hGQ@mail.gmail.com
      c0a15e07
    • Tom Lane's avatar
      Doc: specify that the minimum supported version of Perl is 5.8.3. · dea6ba93
      Tom Lane authored
      Previously the docs just said "5.8 or later".  Experimentation shows
      that while you can build on Unix from a git checkout with 5.8.0,
      compiling recent PL/Perl requires at least 5.8.1, and you won't be
      able to run the TAP tests with less than 5.8.3 because that's when
      they added "prove".  (I do not have any information on just what the
      MSVC build scripts require.)
      
      Since all these versions are quite ancient, let's not split hairs
      in the docs, but just say that 5.8.3 is the minimum requirement.
      
      Discussion: https://postgr.es/m/16894.1501392088@sss.pgh.pa.us
      dea6ba93
    • Tom Lane's avatar
      Record full paths of programs sought by "configure". · 40b9f192
      Tom Lane authored
      Previously we had a mix of uses of AC_CHECK_PROG[S] and AC_PATH_PROG[S].
      The only difference between those macros is that the latter emits the
      full path to the program it finds, eg "/usr/bin/prove", whereas the
      former emits just "prove".  Let's standardize on always emitting the
      full path; this is better for documentation of the build, and it might
      prevent some types of failures if later build steps are done with
      a different PATH setting.
      
      I did not touch the AC_CHECK_PROG[S] calls in ax_pthread.m4 and
      ax_prog_perl_modules.m4.  There seems no need to make those diverge from
      upstream, since we do not record the programs sought by the former, while
      the latter's call to AC_CHECK_PROG(PERL,...) will never be reached.
      
      Discussion: https://postgr.es/m/25937.1501433410@sss.pgh.pa.us
      40b9f192
    • Tom Lane's avatar
      Tighten coding for non-composite case in plperl's return_next. · b4cc35fb
      Tom Lane authored
      Coverity complained about this code's practice of using scalar variables
      as single-element arrays.  While that's really just nitpicking, it probably
      is more readable to declare them as arrays, so let's do that.  A more
      important point is that the code was just blithely assuming that the
      result tupledesc has exactly one column; if it doesn't, we'd likely get
      a crash of some sort in tuplestore_putvalues.  Since the tupledesc is
      manufactured outside of plperl, that seems like an uncomfortably long
      chain of assumptions.  We can nail it down at little cost with a sanity
      check earlier in the function.
      b4cc35fb
    • Stephen Frost's avatar
      Fix function comment for dumpACL() · d2a51e3e
      Stephen Frost authored
      The comment for dumpACL() got neglected when initacls and initracls were
      added and the discussion of what 'racls' is wasn't very clear either.
      
      Per complaint from Tom.
      d2a51e3e
    • Tatsuo Ishii's avatar
      Add missing comment in postgresql.conf. · 393d47ed
      Tatsuo Ishii authored
      current_source requires to restart server to reflect the new
      value. Per Yugo Nagata and Masahiko Sawada.
      
      Back patched to 9.2 and beyond.
      393d47ed
    • Tatsuo Ishii's avatar
      Add missing comment in postgresql.conf. · 8b015dd7
      Tatsuo Ishii authored
      dynamic_shared_memory_type requires to restart server to reflect
      the new value. Per Yugo Nagata and Masahiko Sawada.
      
      Back pached to 9.4 and beyond.
      8b015dd7
    • Tatsuo Ishii's avatar
      Add missing comment in postgresql.conf. · 9fe63092
      Tatsuo Ishii authored
      max_logical_replication_workers requires to restart server to reflect
      the new value. Per Yugo Nagata. Minor editing by me.
      9fe63092
  6. 30 Jul, 2017 1 commit