1. 08 Apr, 2013 4 commits
    • Heikki Linnakangas's avatar
      Fix calculation of how many segments to retain for wal_keep_segments. · 59404131
      Heikki Linnakangas authored
      KeepLogSeg function was broken when we switched to use a 64-bit int for the
      segment number.
      
      Per report from Jeff Janes.
      59404131
    • Simon Riggs's avatar
      Skip extraneous locking in XLogCheckBuffer(). · 5787c673
      Simon Riggs authored
      Heikki reported comment was wrong, so fixed
      code to match the comment: we only need to
      take additional locking precautions when we
      have a shared lock on the buffer.
      5787c673
    • Simon Riggs's avatar
      Avoid tricky race condition recording XLOG_HINT · 47c43331
      Simon Riggs authored
      We copy the buffer before inserting an XLOG_HINT to avoid WAL CRC errors
      caused by concurrent hint writes to buffer while share locked. To make this work
      we refactor RestoreBackupBlock() to allow an XLOG_HINT to avoid the normal
      path for backup blocks, which assumes the underlying buffer is exclusive locked.
      Resulting code completely changes layout of XLOG_HINT WAL records, but
      this isn't even beta code, so this is a low impact change.
      In passing, avoid taking WALInsertLock for full page writes on checksummed
      hints, remove related cruft from XLogInsert() and improve xlog_desc record for
      XLOG_HINT.
      
      Andres Freund
      
      Bug report by Fujii Masao, testing by Jeff Janes and Jaime Casanova,
      review by Jeff Davis and Simon Riggs. Applied with changes from review
      and some comment editing.
      47c43331
    • Simon Riggs's avatar
      README comments on checksums on page holes. · a4b94b85
      Simon Riggs authored
      a4b94b85
  2. 07 Apr, 2013 4 commits
    • Simon Riggs's avatar
      Tune BufferGetLSNAtomic() when checksums !enabled · 1be20351
      Simon Riggs authored
      From performance analysis by Heikki Linnakangas
      1be20351
    • Simon Riggs's avatar
      Fix checksums for CLUSTER, VACUUM FULL etc. · cf8dc9e1
      Simon Riggs authored
      In CLUSTER, VACUUM FULL and ALTER TABLE SET TABLESPACE
      I erroneously set checksum before log_newpage, which
      sets the LSN and invalidates the checksum. So set
      checksum immediately *after* log_newpage.
      
      Bug report Fujii Masao, Fix and patch by Jeff Davis
      cf8dc9e1
    • Tom Lane's avatar
      Get rid of USE_WIDE_UPPER_LOWER dependency in trigram construction. · 7844608e
      Tom Lane authored
      contrib/pg_trgm's make_trigrams() was coded to ignore multibyte character
      boundaries and just make trigrams from bytes if USE_WIDE_UPPER_LOWER wasn't
      defined.  This is a bit odd, since there's no obvious reason why trigram
      compaction rules should depend on the presence of towlower() and friends.
      What's more, there was an Assert() that would fail if that code path was
      fed any multibyte characters.
      
      We need to do something about this since the pending regex-indexing patch
      has an assumption that you get just one "trgm" from any three characters.
      The best solution seems to be to remove the USE_WIDE_UPPER_LOWER
      dependency, which shouldn't really have been there in the first place.
      The second loop in make_trigrams() is now just a fast path and not a
      potentially incompatible algorithm.
      
      If there is anybody still using Postgres on machines without wcstombs() or
      towlower(), and they have non-ASCII data indexed by pg_trgm, they'll need
      to REINDEX those indexes after pg_upgrade to 9.3, else searches may fail
      incorrectly. It seems likely that there are no such installations, though.
      
      In passing, rename cnt_trigram to compact_trigram, which seems to better
      describe its functionality, and improve make_trigrams' test for whether it
      has to use the slow path or not (per a suggestion from Alexander Korotkov).
      7844608e
    • Tom Lane's avatar
      In isolationtester, retry after EINTR return from select(2). · faf4726c
      Tom Lane authored
      Per report from Jaime Casanova.  Very curious that no one else has seen
      this failure ... but the code is clearly wrong as-is.
      faf4726c
  3. 05 Apr, 2013 4 commits
  4. 04 Apr, 2013 6 commits
  5. 03 Apr, 2013 3 commits
    • Tom Lane's avatar
      Avoid updating our PgBackendStatus entry when track_activities is off. · f7b0006f
      Tom Lane authored
      The point of turning off track_activities is to avoid this reporting
      overhead, but a thinko in commit 4f42b546
      caused pgstat_report_activity() to perform half of its updates anyway.
      Fix that, and also make sure that we clear all the now-disabled fields
      when transitioning to the non-reporting state.
      f7b0006f
    • Tom Lane's avatar
      Fix typo in FDW docs. · 0f1345d3
      Tom Lane authored
      Laurenz Albe
      0f1345d3
    • Tom Lane's avatar
      Minor robustness improvements for isolationtester. · 845d335a
      Tom Lane authored
      Notice and complain about PQcancel() failures.  Also, don't dump core if
      an error PGresult doesn't contain severity and message subfields, as it
      might not if it was generated by libpq itself.  (We have a longstanding
      TODO item to improve that, but in the meantime isolationtester had better
      cope.)
      
      I tripped across the latter item while investigating a trouble report on
      buildfarm member spoonbill.  As for the former, there's no evidence that
      PQcancel failure is actually involved in spoonbill's problem, but it still
      seems like a bad idea to ignore an error return code.
      845d335a
  6. 01 Apr, 2013 4 commits
    • Tom Lane's avatar
      Update release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17. · 89b661ba
      Tom Lane authored
      Security: CVE-2013-1899, CVE-2013-1901
      89b661ba
    • Tom Lane's avatar
      Fix insecure parsing of server command-line switches. · 17fe2793
      Tom Lane authored
      An oversight in commit e710b65c allowed
      database names beginning with "-" to be treated as though they were secure
      command-line switches; and this switch processing occurs before client
      authentication, so that even an unprivileged remote attacker could exploit
      the bug, needing only connectivity to the postmaster's port.  Assorted
      exploits for this are possible, some requiring a valid database login,
      some not.  The worst known problem is that the "-r" switch can be invoked
      to redirect the process's stderr output, so that subsequent error messages
      will be appended to any file the server can write.  This can for example be
      used to corrupt the server's configuration files, so that it will fail when
      next restarted.  Complete destruction of database tables is also possible.
      
      Fix by keeping the database name extracted from a startup packet fully
      separate from command-line switches, as had already been done with the
      user name field.
      
      The Postgres project thanks Mitsumasa Kondo for discovering this bug,
      Kyotaro Horiguchi for drafting the fix, and Noah Misch for recognizing
      the full extent of the danger.
      
      Security: CVE-2013-1899
      17fe2793
    • Tom Lane's avatar
      Make REPLICATION privilege checks test current user not authenticated user. · ce9ab889
      Tom Lane authored
      The pg_start_backup() and pg_stop_backup() functions checked the privileges
      of the initially-authenticated user rather than the current user, which is
      wrong.  For example, a user-defined index function could successfully call
      these functions when executed by ANALYZE within autovacuum.  This could
      allow an attacker with valid but low-privilege database access to interfere
      with creation of routine backups.  Reported and fixed by Noah Misch.
      
      Security: CVE-2013-1901
      ce9ab889
    • Peter Eisentraut's avatar
      Revert "ecpg: Don't link compatlib with libpq" · 85079078
      Peter Eisentraut authored
      This reverts commit 3780fc67.
      
      HP-UX didn't like it.  There would probably be a way to fix that, but
      since the net effect of all of this is zero because ecpg ends up using
      libpq anyway, it's not worth bothering further.
      85079078
  7. 31 Mar, 2013 5 commits
    • Tom Lane's avatar
      Update release notes for changes through today. · e48a7bd5
      Tom Lane authored
      e48a7bd5
    • Tom Lane's avatar
      Ignore extra subquery outputs in set_subquery_size_estimates(). · d931ac0e
      Tom Lane authored
      In commit 0f61d4dd, I added code to copy up
      column width estimates for each column of a subquery.  That code supposed
      that the subquery couldn't have any output columns that didn't correspond
      to known columns of the current query level --- which is true when a query
      is parsed from scratch, but the assumption fails when planning a view that
      depends on another view that's been redefined (adding output columns) since
      the upper view was made.  This results in an assertion failure or even a
      crash, as per bug #8025 from lindebg.  Remove the Assert and instead skip
      the column if its resno is out of the expected range.
      d931ac0e
    • Peter Eisentraut's avatar
      Add pkg-config files for libpq and ecpg libraries · 64f89090
      Peter Eisentraut authored
      This will hopefully be easier to use than pg_config for users who are
      already used to the pkg-config interface.  It also works better for
      multi-arch installations.
      
      reviewed by Tom Lane
      64f89090
    • Peter Eisentraut's avatar
      ecpg: Don't link compatlib with libpq · 3780fc67
      Peter Eisentraut authored
      It doesn't actually use libpq.  But we need to keep libpq in the
      CPPFLAGS for building, because compatlib uses ecpglib.h which uses
      libpq-fe.h, but we don't need to refer to libpq for linking.
      
      reviewed by Tom Lane
      3780fc67
    • Bruce Momjian's avatar
      pg_upgrade: don't copy/link files for invalid indexes · 203d8ae2
      Bruce Momjian authored
      Now that pg_dump no longer dumps invalid indexes, per commit
      683abc73, have pg_upgrade also skip
      them.  Previously pg_upgrade threw an error if invalid indexes existed.
      
      Backpatch to 9.2, 9.1, and 9.0 (where pg_upgrade was added to git)
      203d8ae2
  8. 30 Mar, 2013 4 commits
    • Tom Lane's avatar
      Improve code documentation about "magnetic disk" storage manager. · 22f7b961
      Tom Lane authored
      The modern incarnation of md.c is by no means specific to magnetic disk
      technology, but every so often we hear from someone who's misled by the
      label.  Try to clarify that it will work for anything that supports
      standard filesystem operations.  Per suggestion from Andrew Dunstan.
      22f7b961
    • Andrew Dunstan's avatar
      Avoid moving data directory in upgrade testing. · 67eb3e50
      Andrew Dunstan authored
      Windows sometimes gets upset if we rename a large directory and then try
      to use the old name quickly, as seen in occasional buildfarm failures.
      So we avoid that by building the old version in the intended
      destination in the first place instead of renaming it, similar to the
      change made for the same reason in commit b7f8465c.
      67eb3e50
    • Bruce Momjian's avatar
      Remove tab from SGML file. · b0155580
      Bruce Momjian authored
      b0155580
    • Peter Eisentraut's avatar
      ecpg: Parallel make fix · 602070f9
      Peter Eisentraut authored
      In some parallel make situations, the install-headers target could be
      called before the installation directories are created by installdirs,
      causing the installation to fail.  Fix that by making install-headers
      depend on installdirs.
      602070f9
  9. 29 Mar, 2013 5 commits
    • Andrew Dunstan's avatar
      6caf759f
    • Andrew Dunstan's avatar
      Add new JSON processing functions and parser API. · a570c98d
      Andrew Dunstan authored
      The JSON parser is converted into a recursive descent parser, and
      exposed for use by other modules such as extensions. The API provides
      hooks for all the significant parser event such as the beginning and end
      of objects and arrays, and providing functions to handle these hooks
      allows for fairly simple construction of a wide variety of JSON
      processing functions. A set of new basic processing functions and
      operators is also added, which use this API, including operations to
      extract array elements, object fields, get the length of arrays and the
      set of keys of a field, deconstruct an object into a set of key/value
      pairs, and create records from JSON objects and arrays of objects.
      
      Catalog version bumped.
      
      Andrew Dunstan, with some documentation assistance from Merlin Moncure.
      a570c98d
    • Tom Lane's avatar
      Document encode(bytea, 'escape')'s behavior correctly. · 9ad27c21
      Tom Lane authored
      I changed this in commit fd15dba5, but
      missed the fact that the SGML documentation of the function specified
      exactly what it did.  Well, one of the two places where it's specified
      documented that --- probably I looked at the other place and thought
      nothing needed to be done.  Sync the two places where encode() and
      decode() are described.
      9ad27c21
    • Tom Lane's avatar
      Must check indisready not just indisvalid when dumping from 9.2 server. · aa02864f
      Tom Lane authored
      9.2 uses a kluge representation of "indislive"; we have to account for
      that when examining pg_index.  Simplest solution is to check indisready
      for 9.0 and 9.1 as well; that's harmless though unnecessary, so it's
      not worth making a version distinction for.
      
      Fixes oversight in commit 683abc73,
      as noted by Andres Freund.
      aa02864f
    • Tom Lane's avatar
      Draft release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17. · 29505a89
      Tom Lane authored
      Covers commits through today.  Not back-patching into back branches
      yet, since this is just for people to review in advance.
      29505a89
  10. 28 Mar, 2013 1 commit