1. 20 Nov, 2017 4 commits
  2. 19 Nov, 2017 1 commit
  3. 18 Nov, 2017 6 commits
    • Tom Lane's avatar
      Fix compiler warning in rangetypes_spgist.c. · 52f63bd9
      Tom Lane authored
      On gcc 7.2.0, comparing pointer to (Datum) 0 produces a warning.
      Treat it as a simple pointer to avoid that; this is more consistent
      with comparable code elsewhere, anyway.
      
      Tomas Vondra
      
      Discussion: https://postgr.es/m/99410021-61ef-9a9a-9bc8-f733ece637ee@2ndquadrant.com
      52f63bd9
    • Tom Lane's avatar
      Merge near-duplicate code in RI triggers. · 4797f9b5
      Tom Lane authored
      Merge ri_restrict_del and ri_restrict_upd into one function ri_restrict.
      Create a function ri_setnull that is the common implementation of
      RI_FKey_setnull_del and RI_FKey_setnull_upd.  Likewise create a function
      ri_setdefault that is the common implementation of RI_FKey_setdefault_del
      and RI_FKey_setdefault_upd.  All of these pairs of functions were identical
      except for needing to check for no-actual-key-change in the UPDATE cases;
      the one extra if-test is a small price to pay for saving so much code.
      
      Aside from removing about 400 lines of essentially duplicate code, this
      allows us to recognize that we were uselessly caching two identical plans
      whenever there were pairs of triggers using these duplicated functions
      (which is likely very common).
      
      Ildar Musin, reviewed by Ildus Kurbangaliev
      
      Discussion: https://postgr.es/m/ca7064a7-6adc-6f22-ca47-8615ba9425a5@postgrespro.ru
      4797f9b5
    • Peter Eisentraut's avatar
      Consistently catch errors from Python _New() functions · d0aa965c
      Peter Eisentraut authored
      Python Py*_New() functions can fail and return NULL in out-of-memory
      conditions.  The previous code handled that inconsistently or not at
      all.  This change organizes that better.  If we are in a function that
      is called from Python, we just check for failure and return NULL
      ourselves, which will cause any exception information to be passed up.
      If we are called from PostgreSQL, we consistently create an "out of
      memory" error.
      Reviewed-by: default avatarTom Lane <tgl@sss.pgh.pa.us>
      d0aa965c
    • Tom Lane's avatar
      Improve to_date/to_number/to_timestamp behavior with multibyte characters. · 976a1a48
      Tom Lane authored
      The documentation says that these functions skip one input character
      per literal (non-pattern) format character.  Actually, though, they
      skipped one input *byte* per literal *byte*, which could be hugely
      confusing if either data or format contained multibyte characters.
      
      To fix, adjust the FormatNode representation and parse_format() so
      that multibyte format characters are stored as one FormatNode not
      several, and adjust the data-skipping bits to advance by pg_mblen()
      not necessarily one byte.  There's no user-visible behavior change
      on the to_char() side, although the internal representation changes.
      
      Commit e87d4965 had already fixed most places where we skip characters
      on the basis of non-literal format patterns to advance by characters
      not bytes, but this gets one more place, the SKIP_THth macro.  I think
      everything in formatting.c gets that right now.
      
      It'd be nice to have some regression test cases covering this behavior;
      but of course there's no way to do so in an encoding-agnostic way, and
      many of the interesting aspects would also require unportable locale
      selections.  So I've not bothered here.
      
      Discussion: https://postgr.es/m/28186.1510957703@sss.pgh.pa.us
      976a1a48
    • Tom Lane's avatar
      Fix quoted-substring handling in format parsing for to_char/to_number/etc. · 63ca8631
      Tom Lane authored
      This code evidently intended to treat backslash as an escape character
      within double-quoted substrings, but it was sufficiently confused that
      cases like ..."foo\\"... did not work right: the second backslash
      managed to quote the double-quote after it, despite being quoted itself.
      Rewrite to get that right, while preserving the existing behavior
      outside double-quoted substrings, which is that backslash isn't special
      except in the combination \".
      
      Comparing to Oracle, it seems that their version of to_char() for
      timestamps allows literal alphanumerics only within double quotes, while
      non-alphanumerics are allowed outside quotes; backslashes aren't special
      anywhere; there is no way at all to emit a literal double quote.
      (Bizarrely, their to_char() for numbers is different; it doesn't allow
      literal text at all AFAICT.)  The fact that they don't treat backslash
      as special justifies our existing behavior for backslash outside double
      quotes.  I considered making backslash inside double quotes act the same
      way (ie, special only if before "), which in a green field would be a
      more consistent behavior.  But that would likely break more existing SQL
      code than what this patch does.
      
      Add some test cases illustrating this behavior.  (Only the last new
      case actually changes behavior in this commit.)
      
      Little of this behavior was documented, either, so fix that.
      
      Discussion: https://postgr.es/m/3626.1510949486@sss.pgh.pa.us
      63ca8631
    • Peter Eisentraut's avatar
      Support channel binding 'tls-unique' in SCRAM · 9288d62b
      Peter Eisentraut authored
      This is the basic feature set using OpenSSL to support the feature.  In
      order to allow the frontend and the backend to fetch the sent and
      expected TLS Finished messages, a PG-like API is added to be able to
      make the interface pluggable for other SSL implementations.
      
      This commit also adds a infrastructure to facilitate the addition of
      future channel binding types as well as libpq parameters to control the
      SASL mechanism names and channel binding names.  Those will be added by
      upcoming commits.
      
      Some tests are added to the SSL test suite to test SCRAM authentication
      with channel binding.
      
      Author: Michael Paquier <michael@paquier.xyz>
      Reviewed-by: default avatarPeter Eisentraut <peter.eisentraut@2ndquadrant.com>
      9288d62b
  4. 17 Nov, 2017 7 commits
  5. 16 Nov, 2017 12 commits
    • Tom Lane's avatar
      Clean up warnings in MinGW builds. · 09a77744
      Tom Lane authored
      Experimentation with modern MinGW (specifically the 5.0.2 version packaged
      for Fedora 26) shows that its version of sys/stat.h *does* provide S_IRGRP
      and friends, contrary to the expectation of win32_port.h.  This results in
      an astonishing number of compiler warnings, and perhaps in incorrect code
      --- I'm not sure if the nonzero values supplied by MinGW's header actually
      do anything.  Hence, adjust win32_port.h to only define these macros if
      <sys/stat.h> doesn't.
      
      This might be worth back-patching, but given the lack of complaints so
      far, I'm not too excited about it.
      09a77744
    • Tom Lane's avatar
      Make PL/Python handle domain-type conversions correctly. · 687f096e
      Tom Lane authored
      Fix PL/Python so that it can handle domains over composite, and so that
      it enforces domain constraints correctly in other cases that were not
      always done properly before.  Notably, it didn't do arrays of domains
      right (oversight in commit c12d570f), and it failed to enforce domain
      constraints when returning a composite type containing a domain field,
      and if a transform function is being used for a domain's base type then
      it failed to enforce domain constraints on the result.  Also, in many
      places it missed checking domain constraints on null values, because
      the plpy_typeio code simply wasn't called for Py_None.
      
      Rather than try to band-aid these problems, I made a significant
      refactoring of the plpy_typeio logic.  The existing design of recursing
      for array and composite members is extended to also treat domains as
      containers requiring recursion, and the APIs for the module are cleaned
      up and simplified.
      
      The patch also modifies plpy_typeio to rely on the typcache more than
      it did before (which was pretty much not at all).  This reduces the
      need for repetitive lookups, and lets us get rid of an ad-hoc scheme
      for detecting changes in composite types.  I added a couple of small
      features to typcache to help with that.
      
      Although some of this is fixing bugs that long predate v11, I don't
      think we should risk a back-patch: it's a significant amount of code
      churn, and there've been no complaints from the field about the bugs.
      
      Tom Lane, reviewed by Anthony Bykov
      
      Discussion: https://postgr.es/m/24449.1509393613@sss.pgh.pa.us
      687f096e
    • Robert Haas's avatar
      Remove redundant line from Makefile. · 575cead9
      Robert Haas authored
      Masahiko Sawada, reviewed by Michael Paquier
      
      Discussion: http://postgr.es/m/CAD21AoDFes_Mgye-1K89rmTgeU3RxYF3zgTjzCJVq2KzzcpC4A@mail.gmail.com
      575cead9
    • Robert Haas's avatar
      Fix broken cleanup interlock for GIN pending list. · 3b2787e1
      Robert Haas authored
      The pending list must (for correctness) always be cleaned up by vacuum, and
      should (for the avoidance of surprising behavior) always be cleaned up
      by an explicit call to gin_clean_pending_list, but cleanup is optional
      when inserting.  The old logic got this backward: cleanup was forced
      if (stats == NULL), but that's going to be *false* when vacuuming and
      *true* for inserts.
      
      Masahiko Sawada, reviewed by me.
      
      Discussion: http://postgr.es/m/CAD21AoBLUSyiYKnTYtSAbC+F=XDjiaBrOUEGK+zUXdQ8owfPKw@mail.gmail.com
      3b2787e1
    • Robert Haas's avatar
      Fix typo in comment. · 6b2cd278
      Robert Haas authored
      Etsuro Fujita
      
      Discussion: http://postgr.es/m/5A0D7C3D.80803@lab.ntt.co.jp
      6b2cd278
    • Robert Haas's avatar
      Update postgresql.conf.sample to match pg_settings classificaitons. · 79f2d637
      Robert Haas authored
      A handful of settings, most notably shared_preload_libraries, were
      just plain the wrong place compared to their assigned config_group
      value in guc.c (and thus pg_settings).  In other cases the names of
      the sections in postgresql.conf.sample were mildly different from
      the corresponding entries in config_group_names[].  Make it all
      consistent.
      
      Adrián Escoms, reviewed by me.
      
      Discussion: http://postgr.es/m/CACksPC2veEmFRYqwYepWYO9U7aFhAx6sYq+WqjTyHw7uV=E=pw@mail.gmail.com
      79f2d637
    • Robert Haas's avatar
      Pass InitPlan values to workers via Gather (Merge). · e89a71fb
      Robert Haas authored
      If a PARAM_EXEC parameter is used below a Gather (Merge) but the InitPlan
      that computes it is attached to or above the Gather (Merge), force the
      value to be computed before starting parallelism and pass it down to all
      workers.  This allows us to use parallelism in cases where it previously
      would have had to be rejected as unsafe.  We do - in this case - lose the
      optimization that the value is only computed if it's actually used.  An
      alternative strategy would be to have the first worker that needs the value
      compute it, but one downside of that approach is that we'd then need to
      select a parallel-safe path to compute the parameter value; it couldn't for
      example contain a Gather (Merge) node.  At some point in the future, we
      might want to consider both approaches.
      
      Independent of that consideration, there is a great deal more work that
      could be done to make more kinds of PARAM_EXEC parameters parallel-safe.
      This infrastructure could be used to allow a Gather (Merge) on the inner
      side of a nested loop (although that's not a very appealing plan) and
      cases where the InitPlan is attached below the Gather (Merge) could be
      addressed as well using various techniques.  But this is a good start.
      
      Amit Kapila, reviewed and revised by me.  Reviewing and testing from
      Kuntal Ghosh, Haribabu Kommi, and Tushar Ahuja.
      
      Discussion: http://postgr.es/m/CAA4eK1LV0Y1AUV4cUCdC+sYOx0Z0-8NAJ2Pd9=UKsbQ5Sr7+JQ@mail.gmail.com
      e89a71fb
    • Tom Lane's avatar
      Define _WINSOCK_DEPRECATED_NO_WARNINGS in all MSVC builds. · ff2d4356
      Tom Lane authored
      Commit 0fb54de9 thought that this was only needed in VS2015 and later,
      but buildfarm member woodlouse shows that at least VS2013 whines as
      well.  Let's just define it regardless of MSVC version; it should be
      harmless enough in older releases.
      
      Also, in the wake of ed9b3606, it seems better to put it in win32_port.h
      where <winsock2.h> is included.
      
      Since this is only suppressing a pedantic compiler warning, I don't
      feel a need for a back-patch.
      
      Discussion: https://postgr.es/m/20124.1510850225@sss.pgh.pa.us
      ff2d4356
    • Andrew Dunstan's avatar
      Back out the session_start and session_end hooks feature. · 98d54bb7
      Andrew Dunstan authored
      It's become apparent during testing that there are problems with at
      least the testing regime. I don't think we should have it without a
      working test regime, and the difficulties might indicate implementation
      problems anyway, so I'm backing out the whole thing until that's sorted
      out.
      
      This reverts commits 74594842 9989f92a cd8ce3a2
      98d54bb7
    • Tom Lane's avatar
      Fix bogus logic for checking data dirs' versions within pg_upgrade. · 164d6338
      Tom Lane authored
      Commit 9be95ef1 failed to cure all of the redundancy here: we were
      actually calling get_major_server_version() three times for each
      of the old and new data directories.  While that's not enormously
      expensive, it's still sloppy.
      
      A. Akenteva
      
      Discussion: https://postgr.es/m/f9266a85d918a3cf3a386b5148aee666@postgrespro.ru
      164d6338
    • Tom Lane's avatar
      Further refactoring of c.h and nearby files. · ed9b3606
      Tom Lane authored
      This continues the work of commit 91aec93e by getting rid of a lot of
      Windows-specific funny business in "section 0".  Instead of including
      pg_config_os.h in different places depending on platform, let's
      standardize on putting it before the system headers, and in consequence
      reduce win32.h to just what has to appear before the system headers or
      the body of c.h (the latter category seems to include only PGDLLIMPORT
      and PGDLLEXPORT).  The rest of what was in win32.h is moved to a new
      sub-include of port.h, win32_port.h.  Some of what was in port.h seems
      to better belong there too.
      
      It's possible that I missed some declaration ordering dependency that
      needs to be preserved, but hopefully the buildfarm will find that
      out in short order.
      
      Unlike the previous commit, no back-patch, since this is just cleanup
      not a prerequisite for a bug fix.
      
      Discussion: https://postgr.es/m/29650.1510761080@sss.pgh.pa.us
      ed9b3606
    • Peter Eisentraut's avatar
      Refactor routine to test connection to SSL server · 642bafa0
      Peter Eisentraut authored
      Move the sub-routines wrappers to check if a connection to a server is
      fine or not into the test main module. This is useful for other tests
      willing to check connectivity into a server.
      
      Author: Michael Paquier <michael@paquier.xyz>
      642bafa0
  6. 15 Nov, 2017 7 commits
  7. 14 Nov, 2017 3 commits
    • Tom Lane's avatar
      Prevent int128 from requiring more than MAXALIGN alignment. · 75180499
      Tom Lane authored
      Our initial work with int128 neglected alignment considerations, an
      oversight that came back to bite us in bug #14897 from Vincent Lachenal.
      It is unsurprising that int128 might have a 16-byte alignment requirement;
      what's slightly more surprising is that even notoriously lax Intel chips
      sometimes enforce that.
      
      Raising MAXALIGN seems out of the question: the costs in wasted disk and
      memory space would be significant, and there would also be an on-disk
      compatibility break.  Nor does it seem very practical to try to allow some
      data structures to have more-than-MAXALIGN alignment requirement, as we'd
      have to push knowledge of that throughout various code that copies data
      structures around.
      
      The only way out of the box is to make type int128 conform to the system's
      alignment assumptions.  Fortunately, gcc supports that via its
      __attribute__(aligned()) pragma; and since we don't currently support
      int128 on non-gcc-workalike compilers, we shouldn't be losing any platform
      support this way.
      
      Although we could have just done pg_attribute_aligned(MAXIMUM_ALIGNOF) and
      called it a day, I did a little bit of extra work to make the code more
      portable than that: it will also support int128 on compilers without
      __attribute__(aligned()), if the native alignment of their 128-bit-int
      type is no more than that of int64.
      
      Add a regression test case that exercises the one known instance of the
      problem, in parallel aggregation over a bigint column.
      
      This will need to be back-patched, along with the preparatory commit
      91aec93e.  But let's see what the buildfarm makes of it first.
      
      Discussion: https://postgr.es/m/20171110185747.31519.28038@wrigleys.postgresql.org
      75180499
    • Tom Lane's avatar
      Rearrange c.h to create a "compiler characteristics" section. · 91aec93e
      Tom Lane authored
      Generalize section 1 to handle stuff that is principally about the
      compiler (not libraries), such as attributes, and collect stuff there
      that had been dropped into various other parts of c.h.  Also, push
      all the gettext macros into section 8, so that section 0 is really
      just inclusions rather than inclusions and random other stuff.
      
      The primary goal here is to get pg_attribute_aligned() defined before
      section 3, so that we can use it with int128.  But this seems like good
      cleanup anyway.
      
      This patch just moves macro definitions around, and shouldn't result
      in any changes in generated code.  But I'll push it out separately
      to see if the buildfarm agrees.
      
      Discussion: https://postgr.es/m/20171110185747.31519.28038@wrigleys.postgresql.org
      91aec93e
    • Tom Lane's avatar
      Document changes in large-object privilege checking. · 6d776522
      Tom Lane authored
      Commit 5ecc0d73 removed the hard-wired superuser checks in lo_import
      and lo_export in favor of protecting them with SQL permissions, but
      failed to adjust the documentation to match.  Fix that, and add a
      <caution> paragraph pointing out the nontrivial security hazards
      involved with actually granting such permissions.  (It's still better
      than ALLOW_DANGEROUS_LO_FUNCTIONS, though.)
      
      Also, commit ae20b23a caused large object read/write privilege to
      be checked during lo_open() rather than in the actual read or write
      calls.  Document that.
      
      Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com
      6d776522