1. 05 May, 2017 6 commits
    • Magnus Hagander's avatar
      Build pgoutput.dll in MSVC build · 28d1c8cc
      Magnus Hagander authored
      Without this, logical replication obviously does not work on Windows
      
      MauMau, with clean.bet additions from me per note from Michael Paquier
      28d1c8cc
    • Heikki Linnakangas's avatar
      Make SCRAM salts and nonces longer. · 0557a5dc
      Heikki Linnakangas authored
      The salt is stored base64-encoded. With the old 10 bytes raw length, it was
      always padded to 16 bytes after encoding. We might as well use 12 raw bytes
      for the salt, and it's still encoded into 16 bytes.
      
      Similarly for the random nonces, use a raw length that's divisible by 3, so
      that there's no padding after base64 encoding. Make the nonces longer while
      we're at it. 10 bytes was probably enough to prevent replay attacks, but
      there's no reason to be skimpy here.
      
      Per suggestion from Álvaro Hernández Tortosa.
      
      Discussion: https://www.postgresql.org/message-id/df8c6e27-4d8e-5281-96e5-131a4e638fc8@8kdata.com
      0557a5dc
    • Heikki Linnakangas's avatar
      Misc cleanup of SCRAM code. · e6e9c4da
      Heikki Linnakangas authored
      * Remove is_scram_verifier() function. It was unused.
      * Fix sanitize_char() function, used in error messages on protocol
        violations, to print bytes >= 0x7F correctly.
      * Change spelling of scram_MockSalt() function to be more consistent with
        the surroundings.
      * Change a few more references to "server proof" to "server signature" that
        I missed in commit d981074c.
      e6e9c4da
    • Heikki Linnakangas's avatar
      Don't use SCRAM-specific "e=invalid-proof" on invalid password. · 344a1130
      Heikki Linnakangas authored
      Instead, send the same FATAL message as with other password-based
      authentication mechanisms. This gives a more user-friendly message:
      
      psql: FATAL:  password authentication failed for user "test"
      
      instead of:
      
      psql: error received from server in SASL exchange: invalid-proof
      
      Even before this patch, the server sent that FATAL message, after the
      SCRAM-specific "e=invalid-proof" message. But libpq would stop at the
      SCRAM error message, and not process the ErrorResponse that would come
      after that. We could've taught libpq to check for an ErrorResponse after
      failed authentication, but it's simpler to modify the server to send only
      the ErrorResponse. The SCRAM specification allows for aborting the
      authentication at any point, using an application-defined error mechanism,
      like PostgreSQL's ErrorResponse. Using the e=invalid-proof message is
      optional.
      
      Reported by Jeff Janes.
      
      Discussion: https://www.postgresql.org/message-id/CAMkU%3D1w3jQ53M1OeNfN8Cxd9O%2BA_9VONJivTbYoYRRdRsLT6vA@mail.gmail.com
      344a1130
    • Stephen Frost's avatar
      Change the way pg_dump retrieves partitioning info · 44c52881
      Stephen Frost authored
      This gets rid of the code that issued separate queries to retrieve the
      partitioning parent-child relationship, parent partition key, and child
      partition bound information.  With this patch, the information is
      retrieved instead using the queries issued from getTables() and
      getInherits(), which is both more efficient than the previous approach
      and doesn't require any new code.
      
      Since the partitioning parent-child relationship is now retrieved with
      the same old code that handles inheritance, partition attributes receive
      a proper flagInhAttrs() treatment (that it didn't receive before), which
      is needed so that the inherited NOT NULL constraints are not emitted if
      we already emitted it for the parent.
      
      Also, fix a bug in pg_dump's --binary-upgrade code, which caused pg_dump
      to emit invalid command to attach a partition to its parent.
      
      Author: Amit Langote, with some additional changes by me.
      44c52881
    • Bruce Momjian's avatar
      doc: update PG 10 release notes · 5469e44f
      Bruce Momjian authored
      Mention vacuum verbose includes oldest xmin, BRIN index usage
      estimation, and multi-column statistics.
      
      Reported-by: Masahiko Sawada, Alvaro Herrera
      5469e44f
  2. 04 May, 2017 5 commits
    • Bruce Momjian's avatar
      doc: PG 10 release note updates for psql, GiST, and markup · 4f45beba
      Bruce Momjian authored
      Reported-by: Andrew Borodin, Fabien COELHO, Dagfinn Ilmari Mannsaker
      4f45beba
    • Alvaro Herrera's avatar
      Credit Claudio as main author of feature · c22b59ed
      Alvaro Herrera authored
      c22b59ed
    • Tom Lane's avatar
      Fix pfree-of-already-freed-tuple when rescanning a GiST index-only scan. · 3f074845
      Tom Lane authored
      GiST's getNextNearest() function attempts to pfree the previously-returned
      tuple if any (that is, scan->xs_hitup in HEAD, or scan->xs_itup in older
      branches).  However, if we are rescanning a plan node after ending a
      previous scan early, those tuple pointers could be pointing to garbage,
      because they would be pointing into the scan's pageDataCxt or queueCxt
      which has been reset.  In a debug build this reliably results in a crash,
      although I think it might sometimes accidentally fail to fail in
      production builds.
      
      To fix, clear the pointer field anyplace we reset a context it might
      be pointing into.  This may be overkill --- I think probably only the
      queueCxt case is involved in this bug, so that resetting in gistrescan()
      would be sufficient --- but dangling pointers are generally bad news,
      so let's avoid them.
      
      Another plausible answer might be to just not bother with the pfree in
      getNextNearest().  The reconstructed tuples would go away anyway in the
      context resets, and I'm far from convinced that freeing them a bit earlier
      really saves anything meaningful.  I'll stick with the original logic in
      this patch, but if we find more problems in the same area we should
      consider that approach.
      
      Per bug #14641 from Denis Smirnov.  Back-patch to 9.5 where this
      logic was introduced.
      
      Discussion: https://postgr.es/m/20170504072034.24366.57688@wrigleys.postgresql.org
      3f074845
    • Heikki Linnakangas's avatar
      Fix PQencryptPasswordConn to work with older server versions. · 20bf7b2b
      Heikki Linnakangas authored
      password_encryption was a boolean before version 10, so cope with "on" and
      "off".
      
      Also, change the behavior with "plain", to treat it the same as "md5".
      We're discussing removing the password_encryption='plain' option from the
      server altogether, which will make this the only reasonable choice, but
      even if we kept it, it seems best to never send the password in cleartext.
      20bf7b2b
    • Peter Eisentraut's avatar
      Fix cursor_to_xml in tableforest false mode · 0de791ed
      Peter Eisentraut authored
      It only produced <row> elements but no wrapping <table> element.
      
      By contrast, cursor_to_xmlschema produced a schema that is now correct
      but did not previously match the XML data produced by cursor_to_xml.
      
      In passing, also fix a minor misunderstanding about moving cursors in
      the tests related to this.
      
      Reported-by: filip@jirsak.org
      Based-on-patch-by: default avatarThomas Munro <thomas.munro@enterprisedb.com>
      0de791ed
  3. 03 May, 2017 6 commits
    • Tom Lane's avatar
      Remove useless and rather expensive stanza in matview regression test. · 4dd41043
      Tom Lane authored
      This removes a test case added by commit b69ec7cc, which was intended
      to exercise a corner case involving the rule used at that time that
      materialized views were unpopulated iff they had physical size zero.
      We got rid of that rule very shortly later, in commit 1d6c72a5, but
      kept the test case.  However, because the case now asks what VACUUM
      will do to a zero-sized physical file, it would be pretty surprising
      if the answer were ever anything but "nothing" ... and if things were
      indeed that broken, surely we'd find it out from other tests.  Since
      the test involves a table that's fairly large by regression-test
      standards (100K rows), it's quite slow to run.  Dropping it should
      save some buildfarm cycles, so let's do that.
      
      Discussion: https://postgr.es/m/32386.1493831320@sss.pgh.pa.us
      4dd41043
    • Alvaro Herrera's avatar
      Add pg_dump tests for CREATE STATISTICS · a93077ef
      Alvaro Herrera authored
      CREATE STATISTICS pg_dump support code was not covered at all by
      previous tests.
      
      Discussion: https://postgr.es/m/20170503172746.rwftidszir67sgk7@alvherre.pgsql
      a93077ef
    • Alvaro Herrera's avatar
      pg_dump/t/002: append terminating semicolon to SQL commands · 698923d6
      Alvaro Herrera authored
      It's easy to overlook the need for one, and its lack is annoying for the
      next developer wanting to create a new test.  Rather than expect every
      individual command to add the semicolon, just append one automatically.
      
      Discussion: http://postgr.es/m/20170503172746.rwftidszir67sgk7@alvherre.pgsql
      698923d6
    • Heikki Linnakangas's avatar
      Add PQencryptPasswordConn function to libpq, use it in psql and createuser. · 8f8b9be5
      Heikki Linnakangas authored
      The new function supports creating SCRAM verifiers, in addition to md5
      hashes. The algorithm is chosen based on password_encryption, by default.
      
      This fixes the issue reported by Jeff Janes, that there was previously
      no way to create a SCRAM verifier with "\password".
      
      Michael Paquier and me
      
      Discussion: https://www.postgresql.org/message-id/CAMkU%3D1wfBgFPbfAMYZQE78p%3DVhZX7nN86aWkp0QcCp%3D%2BKxZ%3Dbg%40mail.gmail.com
      8f8b9be5
    • Tom Lane's avatar
      Improve performance of timezone loading, especially pg_timezone_names view. · af2c5aa8
      Tom Lane authored
      tzparse() would attempt to load the "posixrules" timezone database file on
      each call.  That might seem like it would only be an issue when selecting a
      POSIX-style zone name rather than a zone defined in the timezone database,
      but it turns out that each zone definition file contains a POSIX-style zone
      string and tzload() will call tzparse() to parse that.  Thus, when scanning
      the whole timezone file tree as we do in the pg_timezone_names view,
      "posixrules" was read repetitively for each zone definition file.  Fix
      that by caching the file on first use within any given process.  (We cache
      other zone definitions for the life of the process, so there seems little
      reason not to cache this one as well.)  This probably won't help much in
      processes that never run pg_timezone_names, but even one additional SET
      of the timezone GUC would come out ahead.
      
      An even worse problem for pg_timezone_names is that pg_open_tzfile()
      has an inefficient way of identifying the canonical case of a zone name:
      it basically re-descends the directory tree to the zone file.  That's not
      awful for an individual "SET timezone" operation, but it's pretty horrid
      when we're inspecting every zone in the database.  And it's pointless too
      because we already know the canonical spelling, having just read it from
      the filesystem.  Fix by teaching pg_open_tzfile() to avoid the directory
      search if it's not asked for the canonical name, and backfilling the
      proper result in pg_tzenumerate_next().
      
      In combination these changes seem to make the pg_timezone_names view
      about 3x faster to read, for me.  Since a scan of pg_timezone_names
      has up to now been one of the slowest queries in the regression tests,
      this should help some little bit for buildfarm cycle times.
      
      Back-patch to all supported branches, not so much because it's likely
      that users will care much about the view's performance as because
      tracking changes in the upstream IANA timezone code is really painful
      if we don't keep all the branches in sync.
      
      Discussion: https://postgr.es/m/27962.1493671706@sss.pgh.pa.us
      af2c5aa8
    • Tom Lane's avatar
      Remove create_singleton_array(), hard-coding the case in its sole caller. · 23c6eb03
      Tom Lane authored
      create_singleton_array() was not really as useful as we perhaps thought
      when we added it.  It had never accreted more than one call site, and is
      only saving a dozen lines of code at that one, which is considerably less
      bulk than the function itself.  Moreover, because of its insistence on
      using the caller's fn_extra cache space, it's arguably a coding hazard.
      text_to_array_internal() does not currently use fn_extra in any other way,
      but if it did it would be subtly broken, since the conflicting fn_extra
      uses could be needed within a single query, in the seldom-tested case that
      the field separator varies during the query.  The same objection seems
      likely to apply to any other potential caller.
      
      The replacement code is a bit uglier, because it hardwires knowledge of
      the storage parameters of type TEXT, but it's not like we haven't got
      dozens or hundreds of other places that do the same.  Uglier seems like
      a good tradeoff for smaller, faster, and safer.
      
      Per discussion with Neha Khatri.
      
      Discussion: https://postgr.es/m/CAFO0U+_fS5SRhzq6uPG+4fbERhoA9N2+nPrtvaC9mmeWivxbsA@mail.gmail.com
      23c6eb03
  4. 02 May, 2017 10 commits
  5. 01 May, 2017 8 commits
    • Tom Lane's avatar
      Improve function header comment for create_singleton_array(). · 54affb41
      Tom Lane authored
      Mentioning the caller is neither future-proof nor an adequate substitute
      for giving an API specification.  Per gripe from Neha Khatri, though
      I changed the patch around some.
      
      Discussion: https://postgr.es/m/CAFO0U+_fS5SRhzq6uPG+4fbERhoA9N2+nPrtvaC9mmeWivxbsA@mail.gmail.com
      54affb41
    • Tom Lane's avatar
      Reduce semijoins with unique inner relations to plain inner joins. · 92a43e48
      Tom Lane authored
      If the inner relation can be proven unique, that is it can have no more
      than one matching row for any row of the outer query, then we might as
      well implement the semijoin as a plain inner join, allowing substantially
      more freedom to the planner.  This is a form of outer join strength
      reduction, but it can't be implemented in reduce_outer_joins() because
      we don't have enough info about the individual relations at that stage.
      Instead do it much like remove_useless_joins(): once we've built base
      relations, we can make another pass over the SpecialJoinInfo list and
      get rid of any entries representing reducible semijoins.
      
      This is essentially a followon to the inner-unique patch (commit 9c7f5229)
      and makes use of the proof machinery that that patch created.  We need only
      minor refactoring of innerrel_is_unique's API to support this usage.
      
      Per performance complaint from Teodor Sigaev.
      
      Discussion: https://postgr.es/m/f994fc98-389f-4a46-d1bc-c42e05cb43ed@sigaev.ru
      92a43e48
    • Tom Lane's avatar
      Fix mis-optimization of semijoins with more than one LHS relation. · 2057a58d
      Tom Lane authored
      The inner-unique patch (commit 9c7f5229) supposed that if we're
      considering a JOIN_UNIQUE_INNER join path, we can always set inner_unique
      for the join, because the inner path produced by create_unique_path should
      be unique relative to the outer relation.  However, that's true only if
      we're considering joining to the whole outer relation --- otherwise we may
      be applying only some of the join quals, and so the inner path might be
      non-unique from the perspective of this join.  Adjust the test to only
      believe that we can set inner_unique if we have the whole semijoin LHS on
      the outer side.
      
      There is more that can be done in this area, but this commit is only
      intended to provide the minimal fix needed to get correct plans.
      
      Per report from Teodor Sigaev.  Thanks to David Rowley for preliminary
      investigation.
      
      Discussion: https://postgr.es/m/f994fc98-389f-4a46-d1bc-c42e05cb43ed@sigaev.ru
      2057a58d
    • Tom Lane's avatar
      Update time zone data files to tzdata release 2017b. · 74a20d0a
      Tom Lane authored
      DST law changes in Chile, Haiti, and Mongolia.  Historical corrections for
      Ecuador, Kazakhstan, Liberia, and Spain.
      
      The IANA crew continue their campaign to replace invented time zone
      abbrevations with numeric GMT offsets.  This update changes numerous zones
      in South America, the Pacific and Indian oceans, and some Asian and Middle
      Eastern zones.  I kept these abbreviations in the tznames/ data files,
      however, so that we will still accept them for input.  (We may want to
      start trimming those files someday, but I think we should wait for the
      upstream dust to settle before deciding what to do.)
      
      In passing, add MESZ (Mitteleuropaeische Sommerzeit) to the tznames lists;
      since we accept MEZ (Mitteleuropaeische Zeit) it seems rather strange not
      to take the other one.  And fix some incorrect, or at least obsolete,
      comments that certain abbreviations are not traceable to the IANA data.
      74a20d0a
    • Robert Haas's avatar
      libpq: Fix inadvertent change in .pgpass lookup behavior. · bdac9836
      Robert Haas authored
      Commit 274bb2b3 caused password file
      lookups to use the hostaddr in preference to the host, but that was
      not intended and the documented behavior is the opposite.
      
      Report and patch by Kyotaro Horiguchi.
      
      Discussion: http://postgr.es/m/20170428.165432.60857995.horiguchi.kyotaro@lab.ntt.co.jp
      bdac9836
    • Andrew Dunstan's avatar
      Allow vcregress.pl to run an arbitrary TAP test set · fed6df48
      Andrew Dunstan authored
      Currently only provision for running the bin checks in a single step is
      provided for. Now these tests can be run individually, as well as tests
      in other locations (e.g. src.test/recover).
      
      Also provide for suppressing unnecessary temp installs by setting the
      NO_TEMP_INSTALL environment variable just as the Makefiles do.
      
      Backpatch to 9.4.
      fed6df48
    • Peter Eisentraut's avatar
      Fix logical replication launcher wake up and reset · 9414e41e
      Peter Eisentraut authored
      After the logical replication launcher was told to wake up at
      commit (for example, by a CREATE SUBSCRIPTION command), the flag to wake
      up was not reset, so it would be woken up at every following commit as
      well.  So fix that by resetting the flag.
      
      Also, we don't need to wake up anything if the transaction was rolled
      back.  Just reset the flag in that case.
      
      Author: Masahiko Sawada <sawada.mshk@gmail.com>
      Reported-by: default avatarFujii Masao <masao.fujii@gmail.com>
      9414e41e
    • Robert Haas's avatar
      Fire per-statement triggers on partitioned tables. · e180c8aa
      Robert Haas authored
      Even though no actual tuples are ever inserted into a partitioned
      table (the actual tuples are in the partitions, not the partitioned
      table itself), we still need to have a ResultRelInfo for the
      partitioned table, or per-statement triggers won't get fired.
      
      Amit Langote, per a report from Rajkumar Raghuwanshi.  Reviewed by me.
      
      Discussion: http://postgr.es/m/CAKcux6%3DwYospCRY2J4XEFuVy0L41S%3Dfic7rmkbsU-GXhhSbmBg%40mail.gmail.com
      e180c8aa
  6. 30 Apr, 2017 3 commits
    • Tom Lane's avatar
      Sync our copy of the timezone library with IANA release tzcode2017b. · e18b2c48
      Tom Lane authored
      zic no longer mishandles some transitions in January 2038 when it
      attempts to work around Qt bug 53071.  This fixes a bug affecting
      Pacific/Tongatapu that was introduced in zic 2016e.  localtime.c
      now contains a workaround, useful when loading a file generated by
      a buggy zic.
      
      There are assorted cosmetic changes as well, notably relocation
      of a bunch of #defines.
      e18b2c48
    • Tom Lane's avatar
      Fix possible null pointer dereference or invalid warning message. · 12d11432
      Tom Lane authored
      Thinko in commit de438971: this warning message references the wrong
      "LogicalRepWorker *" variable.  This would often result in a core dump,
      but if it didn't, the message would show the wrong subscription OID.
      
      In passing, adjust the message text to format a subscription OID
      similarly to how that's done elsewhere in the function; and fix
      grammatical issues in some nearby messages.
      
      Per Coverity testing.
      12d11432
    • Tom Lane's avatar
      Micro-optimize some slower queries in the opr_sanity regression test. · c2384421
      Tom Lane authored
      Convert the binary_coercible() and physically_coercible() functions from
      SQL to plpgsql.  It's not that plpgsql is inherently better at doing
      queries; if you simply convert the previous single SQL query into one
      RETURN expression, it's no faster.  The problem with the existing code
      is that it fools the plancache into deciding that it's worth re-planning
      the query every time, since constant-folding with a concrete value for $2
      allows elimination of at least one sub-SELECT.  In reality that's using the
      planner to do the equivalent of a few runtime boolean tests, causing the
      function to run much slower than it should.  Splitting the AND/OR logic
      into separate plpgsql statements allows each if-expression to acquire a
      static plan.
      
      Also, get rid of some uses of obj_description() in favor of explicitly
      joining to pg_description, allowing the joins to be optimized better.
      (Someday we might improve the SQL-function-inlining logic enough that
      this happens automatically, but today is not that day.)
      
      Together, these changes reduce the runtime of the opr_sanity regression
      test by about a factor of two on one of my slower machines.  They don't
      seem to help as much on a fast machine, but this should at least benefit
      the buildfarm.
      c2384421
  7. 28 Apr, 2017 2 commits