1. 01 Mar, 2012 1 commit
    • Alvaro Herrera's avatar
      Remove TOAST table from pg_database · 3433c6ba
      Alvaro Herrera authored
      The only toastable column now is datacl, but we don't really support
      long ACLs anyway.  The TOAST table should have been removed when the
      pg_db_role_setting catalog was introduced in commit
      2eda8dfb, but I forgot to do that.
      
      Per -hackers discussion on March 2011.
      3433c6ba
  2. 29 Feb, 2012 5 commits
    • Tom Lane's avatar
      Simplify references to backslash-doubling in func.sgml. · a5c1a196
      Tom Lane authored
      Several places were still written as though standard_conforming_strings
      didn't exist, much less be the default.  Now that it is on by default,
      we can simplify the text and just insert occasional notes suggesting that
      you might have to think harder if it's turned off.  Per discussion of a
      suggestion from Hannes Frederic Sowa.
      
      Back-patch to 9.1 where standard_conforming_strings was made the default.
      a5c1a196
    • Heikki Linnakangas's avatar
      Correctly detect SSI conflicts of prepared transactions after crash. · d6a72719
      Heikki Linnakangas authored
      A prepared transaction can get new conflicts in and out after preparing, so
      we cannot rely on the in- and out-flags stored in the statefile at prepare-
      time. As a quick fix, make the conservative assumption that after a restart,
      all prepared transactions are considered to have both in- and out-conflicts.
      That can lead to unnecessary rollbacks after a crash, but that shouldn't be
      a big problem in practice; you don't want prepared transactions to hang
      around for a long time anyway.
      
      Dan Ports
      d6a72719
    • Tom Lane's avatar
      Fix MSVC builds for previous patch's addition of a src/port file. · 8cae5810
      Tom Lane authored
      (And why in the world is this OBJS list not being scraped from the
      corresponding Makefile?)
      8cae5810
    • Alvaro Herrera's avatar
      Fix typo in comment · 58e9f974
      Alvaro Herrera authored
      Haifeng Liu
      58e9f974
    • Tom Lane's avatar
      Move CRC tables to libpgport, and provide them in a separate include file. · 5c02a00d
      Tom Lane authored
      This makes it much more convenient to build tools for Postgres that are
      separately compiled and require a matching CRC implementation.
      
      To prevent multiple copies of the CRC polynomial tables being introduced
      into the postgres binaries, they are now included in the static library
      libpgport that is mainly meant for replacement system functions.  That
      seems like a bit of a kludge, but there's no better place.
      
      This cleans up building of the tools pg_controldata and pg_resetxlog,
      which previously had to build their own copies of pg_crc.o.
      
      In the future, external programs that need access to the CRC tables can
      include the tables directly from the new header file pg_crc_tables.h.
      
      Daniel Farina, reviewed by Abhijit Menon-Sen and Tom Lane
      5c02a00d
  3. 28 Feb, 2012 3 commits
    • Tom Lane's avatar
      Fix thinko in new match_join_clauses_to_index() logic. · 0140a11b
      Tom Lane authored
      We don't need to constrain the other side of an indexable join clause to
      not be below an outer join; an example here is
      
      SELECT FROM t1 LEFT JOIN t2 ON t1.a = t2.b LEFT JOIN t3 ON t2.c = t3.d;
      
      We can consider an inner indexscan on t3.d using c = d as indexqual, even
      though t2.c is potentially nulled by a previous outer join.  The comparable
      logic in orindxpath.c has always worked that way, but I was being overly
      cautious here.
      0140a11b
    • Peter Eisentraut's avatar
      Add const qualifiers where they are accidentally cast away · 973e9fb2
      Peter Eisentraut authored
      This only produces warnings under -Wcast-qual, but it's more correct
      and consistent in any case.
      973e9fb2
    • Alvaro Herrera's avatar
      psql: when tab-completing, use quotes on file names that need them · 41e3c94c
      Alvaro Herrera authored
      psql backslash commands that deal with file or directory names require
      quotes around those that have spaces, single quotes, or backslashes.
      However, tab-completing such names does not provide said quotes, and is
      thus almost useless with them.
      
      This patch fixes the problem by having a wrapper function around
      rl_filename_completion_function that dequotes on input and quotes on
      output.  This eases dealing with such names.
      
      Author: Noah Misch
      41e3c94c
  4. 27 Feb, 2012 2 commits
    • Alvaro Herrera's avatar
      ALTER TABLE: skip FK validation when it's safe to do so · cb3a7c2b
      Alvaro Herrera authored
      We already skip rewriting the table in these cases, but we still force a
      whole table scan to validate the data.  This can be skipped, and thus
      we can make the whole ALTER TABLE operation just do some catalog touches
      instead of scanning the table, when these two conditions hold:
      
      (a) Old and new pg_constraint.conpfeqop match exactly.  This is actually
      stronger than needed; we could loosen things by way of operator
      families, but it'd require a lot more effort.
      
      (b) The functions, if any, implementing a cast from the foreign type to
      the primary opcintype are the same.  For this purpose, we can consider a
      binary coercion equivalent to an exact type match.  When the opcintype
      is polymorphic, require that the old and new foreign types match
      exactly.  (Since ri_triggers.c does use the executor, the stronger check
      for polymorphic types is no mere future-proofing.  However, no core type
      exercises its necessity.)
      
      Author: Noah Misch
      
      Committer's note: catalog version bumped due to change of the Constraint
      node.  I can't actually find any way to have such a node in a stored
      rule, but given that we have "out" support for them, better be safe.
      cb3a7c2b
    • Peter Eisentraut's avatar
      Call check_keywords.pl in maintainer-check · 9bf8603c
      Peter Eisentraut authored
      For that purpose, have check_keywords.pl print errors to stderr and
      return a useful exit status.
      9bf8603c
  5. 26 Feb, 2012 3 commits
    • Tom Lane's avatar
      Fix some more bugs in GIN's WAL replay logic. · 1b630751
      Tom Lane authored
      In commit 4016bdef I fixed a bunch of
      ginxlog.c bugs having to do with not handling XLogReadBuffer failures
      correctly.  However, in ginRedoUpdateMetapage and ginRedoDeleteListPages,
      I unaccountably thought that failure to read the metapage would be
      impossible and just put in an elog(PANIC) call.  This is of course wrong:
      failure is exactly what will happen if the index got dropped (or rebuilt)
      between creation of the WAL record and the crash we're trying to recover
      from.  I believe this explains Nicholas Wilson's recent report of these
      errors getting reached.
      
      Also, fix memory leak in forgetIncompleteSplit.  This wasn't of much
      concern when the code was written, but in a long-running standby server
      page split records could be expected to accumulate indefinitely.
      
      Back-patch to 8.4 --- before that, GIN didn't have a metapage.
      1b630751
    • Peter Eisentraut's avatar
      Remove useless cast · b5c077c3
      Peter Eisentraut authored
      b5c077c3
    • Peter Eisentraut's avatar
      Remove useless const qualifier · 66f0cf7d
      Peter Eisentraut authored
      Claiming that the typevar argument to DefineCompositeType() is const
      was a plain lie.  A similar case in DefineVirtualRelation() was
      already changed in passing in commit 1575fbcb.  Also clean up the now
      unnecessary casts that used to cast away the const.
      66f0cf7d
  6. 25 Feb, 2012 3 commits
  7. 24 Feb, 2012 9 commits
    • Tom Lane's avatar
      Merge dissect() into cdissect() to remove a pile of near-duplicate code. · 4dd78bf3
      Tom Lane authored
      The "uncomplicated" case isn't materially less complicated than the full
      case, certainly not enough so to justify duplicating nearly 500 lines
      of code.  The only extra work being done in the full path is zaptreesubs,
      which is very cheap compared to everything else being done here, and
      besides that I'm less than convinced that it's not needed in some cases
      even without backrefs.
      4dd78bf3
    • Tom Lane's avatar
      Avoid repeated creation/freeing of per-subre DFAs during regex search. · 58735947
      Tom Lane authored
      In nested sub-regex trees, lower-level nodes created DFAs and then
      destroyed them again before exiting, which is a bit dumb considering that
      the recursive search is likely to call those nodes again later.  Instead
      cache each created DFA until the end of pg_regexec().  This is basically a
      space for time tradeoff, in that it might increase the maximum memory
      usage.  However, in most regex patterns there are not all that many subre
      nodes, so not that many DFAs --- and in any case, the peak usage occurs
      when reaching the bottom recursion level, and except for alternation cases
      that's going to be the same anyway.
      58735947
    • Tom Lane's avatar
      Remove useless "retry memory" logic within regex engine. · 3cbfe485
      Tom Lane authored
      Apparently some primordial version of Spencer's engine needed cdissect()
      and child functions to be able to continue matching from a previous
      position when re-called.  That is dead code, though, since trivial
      inspection shows that cdissect can never be entered without having
      previously done zapmem which resets the relevant retry counter.  I have
      also verified experimentally that no case in the Tcl regression tests
      reaches cdissect with a nonzero retry value.  Accordingly, remove that
      logic.  This doesn't really save any noticeable number of cycles in itself,
      but it is one step towards making dissect() and cdissect() equivalent,
      which will allow removing hundreds of lines of near-duplicated code.
      
      Since struct subre's "retry" field is no longer particularly related to
      any kind of retry, rename it to "id".  As of this commit it's only used
      for identifying a subre node in debug printouts, so you might think we
      should get rid of the field entirely; but I have a plan for another use.
      3cbfe485
    • Bruce Momjian's avatar
      Mention original ctags option name. · 1fbacbf9
      Bruce Momjian authored
      1fbacbf9
    • Bruce Momjian's avatar
      Update src/tools/make_ctags to avoid Exuberant tags option · 7c19f9d1
      Bruce Momjian authored
      that has been renamed and undocumented since 2003;  instead, use the
      documented option.  Add comments.
      7c19f9d1
    • Peter Eisentraut's avatar
      3aa42c25
    • Peter Eisentraut's avatar
      9cfd800a
    • Tom Lane's avatar
      Fix the general case of quantified regex back-references. · 173e29aa
      Tom Lane authored
      Cases where a back-reference is part of a larger subexpression that
      is quantified have never worked in Spencer's regex engine, because
      he used a compile-time transformation that neglected the need to
      check the back-reference match in iterations before the last one.
      (That was okay for capturing parens, and we still do it if the
      regex has *only* capturing parens ... but it's not okay for backrefs.)
      
      To make this work properly, we have to add an "iteration" node type
      to the regex engine's vocabulary of sub-regex nodes.  Since this is a
      moderately large change with a fair risk of introducing new bugs of its
      own, apply to HEAD only, even though it's a fix for a longstanding bug.
      173e29aa
    • Andrew Dunstan's avatar
      Correctly handle NULLs in JSON output. · 0c9e5d5e
      Andrew Dunstan authored
      Error reported by David Wheeler.
      0c9e5d5e
  8. 23 Feb, 2012 10 commits
    • Tom Lane's avatar
      Last-minute release note updates. · b2ce6070
      Tom Lane authored
      Security: CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
      b2ce6070
    • Tom Lane's avatar
      Convert newlines to spaces in names written in pg_dump comments. · 89e0bac8
      Tom Lane authored
      pg_dump was incautious about sanitizing object names that are emitted
      within SQL comments in its output script.  A name containing a newline
      would at least render the script syntactically incorrect.  Maliciously
      crafted object names could present a SQL injection risk when the script
      is reloaded.
      
      Reported by Heikki Linnakangas, patch by Robert Haas
      
      Security: CVE-2012-0868
      89e0bac8
    • Tom Lane's avatar
      Remove arbitrary limitation on length of common name in SSL certificates. · 077711c2
      Tom Lane authored
      Both libpq and the backend would truncate a common name extracted from a
      certificate at 32 bytes.  Replace that fixed-size buffer with dynamically
      allocated string so that there is no hard limit.  While at it, remove the
      code for extracting peer_dn, which we weren't using for anything; and
      don't bother to store peer_cn longer than we need it in libpq.
      
      This limit was not so terribly unreasonable when the code was written,
      because we weren't using the result for anything critical, just logging it.
      But now that there are options for checking the common name against the
      server host name (in libpq) or using it as the user's name (in the server),
      this could result in undesirable failures.  In the worst case it even seems
      possible to spoof a server name or user name, if the correct name is
      exactly 32 bytes and the attacker can persuade a trusted CA to issue a
      certificate in which that string is a prefix of the certificate's common
      name.  (To exploit this for a server name, he'd also have to send the
      connection astray via phony DNS data or some such.)  The case that this is
      a realistic security threat is a bit thin, but nonetheless we'll treat it
      as one.
      
      Back-patch to 8.4.  Older releases contain the faulty code, but it's not
      a security problem because the common name wasn't used for anything
      interesting.
      
      Reported and patched by Heikki Linnakangas
      
      Security: CVE-2012-0867
      077711c2
    • Tom Lane's avatar
      Require execute permission on the trigger function for CREATE TRIGGER. · 891e6e7b
      Tom Lane authored
      This check was overlooked when we added function execute permissions to the
      system years ago.  For an ordinary trigger function it's not a big deal,
      since trigger functions execute with the permissions of the table owner,
      so they couldn't do anything the user issuing the CREATE TRIGGER couldn't
      have done anyway.  However, if a trigger function is SECURITY DEFINER,
      that is not the case.  The lack of checking would allow another user to
      install it on his own table and then invoke it with, essentially, forged
      input data; which the trigger function is unlikely to realize, so it might
      do something undesirable, for instance insert false entries in an audit log
      table.
      
      Reported by Dinesh Kumar, patch by Robert Haas
      
      Security: CVE-2012-0866
      891e6e7b
    • Tom Lane's avatar
      Allow MinGW builds to use standardly-named OpenSSL libraries. · 74e29162
      Tom Lane authored
      In the Fedora variant of MinGW, the openssl libraries have their normal
      names, not libeay32 and libssleay32.  Adjust configure probes to allow
      that, per bug #6486.
      
      Tomasz Ostrowski
      74e29162
    • Peter Eisentraut's avatar
      Remove inappropriate quotes · c9d70044
      Peter Eisentraut authored
      And adjust wording for consistency.
      c9d70044
    • Peter Eisentraut's avatar
      Fix build without OpenSSL · 8251670c
      Peter Eisentraut authored
      This is a fixup for commit a445cb92.
      8251670c
    • Robert Haas's avatar
      Don't install hstore--1.0.sql any more. · d4fb2f99
      Robert Haas authored
      Since the current version is 1.1, the 1.0 file isn't really needed.  We do
      need the 1.0--1.1 upgrade file, so people on 1.0 can upgrade.
      
      Per recent discussion on pgsql-hackers.
      d4fb2f99
    • Robert Haas's avatar
      Make EXPLAIN (BUFFERS) track blocks dirtied, as well as those written. · 22543674
      Robert Haas authored
      Also expose the new counters through pg_stat_statements.
      
      Patch by me.  Review by Fujii Masao and Greg Smith.
      22543674
    • Robert Haas's avatar
      Fix typo in comment. · f74f9a27
      Robert Haas authored
      Sandro Santilli
      f74f9a27
  9. 22 Feb, 2012 4 commits