1. 29 Mar, 2016 5 commits
    • Tom Lane's avatar
      Fix portability issues in 86c43f4e. · 656ee848
      Tom Lane authored
      INT64_MIN/MAX should be spelled PG_INT64_MIN/MAX, per well established
      convention in our sources.  Less obviously, a symbol named DOUBLE causes
      problems on Windows builds, so rename that to DOUBLE_CONST; and rename
      INTEGER to INTEGER_CONST for consistency.
      
      Also, get rid of incorrect/obsolete hand-munging of yycolumn, and fix
      the grammar for float constants to handle expected cases such as ".1".
      
      First two items by Michael Paquier, second two by me.
      656ee848
    • Robert Haas's avatar
      Don't require a user mapping for FDWs to work. · 5d4171d1
      Robert Haas authored
      Commit fbe5a3fb accidentally changed
      this behavior; put things back the way they were, and add some
      regression tests.
      
      Report by Andres Freund; patch by Ashutosh Bapat, with a bit of
      kibitzing by me.
      5d4171d1
    • Robert Haas's avatar
      On all Windows platforms, not just Cygwin, use _timezone and _tzname. · 868628e4
      Robert Haas authored
      Up until now, we've been using timezone and tzname, but Visual Studio
      2015 (for which we wish to add support) no longer declares those
      symbols.  All versions since Visual Studio 2003 apparently support the
      underscore-equipped names, and we don't support anything older than
      Visual Studio 2005, so this should work OK everywhere.  But let's see
      what the buildfarm thinks.
      
      Michael Paquier, reviewed by Petr Jelinek
      868628e4
    • Robert Haas's avatar
      Fix typo in comment. · bd0f206f
      Robert Haas authored
      Thomas Munro
      bd0f206f
    • Robert Haas's avatar
      pgbench: Support double constants and functions. · 86c43f4e
      Robert Haas authored
      The new functions are pi(), random(), random_exponential(),
      random_gaussian(), and sqrt().  I was worried that this would be
      slower than before, but, if anything, it actually turns out to be
      slightly faster, because we now express the built-in pgbench scripts
      using fewer lines; each \setrandom can be merged into a subsequent
      \set.
      
      Fabien Coelho
      86c43f4e
  2. 28 Mar, 2016 16 commits
    • Alvaro Herrera's avatar
      PostgresNode: initialize $timed_out if passed · 9bd61311
      Alvaro Herrera authored
      Corrects an oversight in 2c83f435 where the $timed_out reference var
      isn't initialized; using it would require the caller to initialize it
      beforehand, which is cumbersome.
      
      Author: Craig Ringer
      9bd61311
    • Alvaro Herrera's avatar
      Mention BRIN as able to do multi-column indexes · 80b986cf
      Alvaro Herrera authored
      Documentation mentioned B-tree, GiST and GIN as able to do multicolumn
      indexes; I failed to add BRIN to the list.
      
      Author: Petr Jediný
      Reviewed-By: Fujii Masao, Emre Hasegeli
      80b986cf
    • Tom Lane's avatar
      Sync tzload() and tzparse() APIs with IANA release tzcode2016c. · 1f4e9da6
      Tom Lane authored
      This brings us a bit closer to matching upstream, but since it affects
      files outside src/timezone/, we might choose not to back-patch it.
      Hence keep it separate from the main update patch.
      1f4e9da6
    • Tom Lane's avatar
      Fix MSVC build for changes in zic. · f5f15ea6
      Tom Lane authored
      zic now only needs zic.c, but I didn't realize knowledge about it was
      hardwired into Mkvcbuild.pm.  Per buildfarm.
      f5f15ea6
    • Tom Lane's avatar
      Sync our copy of the timezone library with IANA release tzcode2016c. · 1c1a7cbd
      Tom Lane authored
      We hadn't done this in about six years, which proves to have been a mistake
      because there's been a lot of code churn upstream, making the merge rather
      painful.  But putting it off any further isn't going to lessen the pain,
      and there are at least two incompatible changes that we need to absorb
      before someone starts complaining that --with-system-tzdata doesn't work
      at all on their platform, or we get blindsided by a tzdata release that
      our out-of-date zic can't compile.  Last week's "time zone abbreviation
      differs from POSIX standard" mess was a wake-up call in that regard.
      
      This is a sufficiently large patch that I'm afraid to back-patch it
      immediately, though the foregoing considerations imply that we probably
      should do so eventually.  For the moment, just put it in HEAD so that
      it can get some testing.  Maybe we can wait till the end of the 9.6
      beta cycle before deeming it okay.
      1c1a7cbd
    • Tom Lane's avatar
      Document errhidecontext() where it ought to be documented. · e5a4dea8
      Tom Lane authored
      Seems to have been missed when this function was added.  Noted while
      looking at David Steele's proposal to add another similar function.
      e5a4dea8
    • Alvaro Herrera's avatar
      Update expected file from quoting change · 4b746f0d
      Alvaro Herrera authored
      I neglected to update this in 59a2111b.
      
      Per buildfarm
      4b746f0d
    • Alvaro Herrera's avatar
      pg_rewind: Improve internationalization · cad3edef
      Alvaro Herrera authored
      This is mostly cosmetic since two of the three changes are debug
      messages, and the third one is just a progress indicator.
      
      Author: Michaël Paquier
      cad3edef
    • Alvaro Herrera's avatar
      Fix minor leak in pg_dump for ACCESS METHOD. · 37732a25
      Alvaro Herrera authored
      Bug reported by Coverity.
      
      Author: Michaël Paquier
      37732a25
    • Alvaro Herrera's avatar
      Improve internationalization of messages involving type names · 59a2111b
      Alvaro Herrera authored
      Change the slightly different variations of the message
        function FOO must return type BAR
      to a single wording, removing the variability in type name so that they
      all create a single translation entry; since the type name is not to be
      translated, there's no point in it being part of the message anyway.
      
      Also, change them all to use the same quoting convention, namely that
      the function name is not to be quoted but the type name is.  (I'm not
      quite sure why this is so, but it's the clear majority.)
      
      Some similar messages such as "encoding conversion function FOO must ..."
      are also changed.
      59a2111b
    • Teodor Sigaev's avatar
      psql tab-complete for CREATE/DROP ACCESS METHOD · 559e7a0a
      Teodor Sigaev authored
      Alexander Korotkov
      559e7a0a
    • Teodor Sigaev's avatar
      Fix comment in pg_dump. · dabd255d
      Teodor Sigaev authored
      It was missed in 473b9328,
      CREATE ACCESS METHOD
      
      Alexander Korotkov
      dabd255d
    • Tom Lane's avatar
      Last-minute updates for release notes. · 4c46f833
      Tom Lane authored
      Security: CVE-2016-2193, CVE-2016-3065
      4c46f833
    • Alvaro Herrera's avatar
      Add missing checks to some of pageinspect's BRIN functions · 3e133847
      Alvaro Herrera authored
      brin_page_type() and brin_metapage_info() did not enforce being called
      by superuser, like other pageinspect functions that take bytea do.
      Since they don't verify the passed page thoroughly, it is possible to
      use them to read the server memory with a carefully crafted bytea value,
      up to a file kilobytes from where the input bytea is located.
      
      Have them throw errors if called by a non-superuser.
      
      Report and initial patch: Andreas Seltenreich
      
      Security: CVE-2016-3065
      3e133847
    • Stephen Frost's avatar
      Reset plan->row_security_env and planUserId · 86ebf30f
      Stephen Frost authored
      In the plancache, we check if the environment we planned the query under
      has changed in a way which requires us to re-plan, such as when the user
      for whom the plan was prepared changes and RLS is being used (and,
      therefore, there may be different policies to apply).
      
      Unfortunately, while those values were set and checked, they were not
      being reset when the query was re-planned and therefore, in cases where
      we change role, re-plan, and then change role again, we weren't
      re-planning again.  This leads to potentially incorrect policies being
      applied in cases where role-specific policies are used and a given query
      is planned under one role and then executed under other roles, which
      could happen under security definer functions or when a common user and
      query is planned initially and then re-used across multiple SET ROLEs.
      
      Further, extensions which made use of CopyCachedPlan() may suffer from
      similar issues as the RLS-related fields were not properly copied as
      part of the plan and therefore RevalidateCachedQuery() would copy in the
      current settings without invalidating the query.
      
      Fix by using the same approach used for 'search_path', where we set the
      correct values in CompleteCachedPlan(), check them early on in
      RevalidateCachedQuery() and then properly reset them if re-planning.
      Also, copy through the values during CopyCachedPlan().
      
      Pointed out by Ashutosh Bapat.  Reviewed by Michael Paquier.
      
      Back-patch to 9.5 where RLS was introduced.
      
      Security: CVE-2016-2193
      86ebf30f
    • Tom Lane's avatar
      Code and docs review for commit 3187d6de. · d12e5bb7
      Tom Lane authored
      Fix up check for high-bit-set characters, which provoked "comparison is
      always true due to limited range of data type" warnings on some compilers,
      and was unlike the way we do it elsewhere anyway.  Fix omission of "$"
      from the set of valid identifier continuation characters.  Get rid of
      sanitize_text(), which was utterly inconsistent with any other error report
      anywhere in the system, and wasn't even well designed on its own terms
      (double-quoting the result string without escaping contained double quotes
      doesn't seem very well thought out).  Fix up error messages, which didn't
      follow the message style guidelines very well, and were overly specific in
      situations where the actual mistake might not be what they said.  Improve
      documentation.
      
      (I started out just intending to fix the compiler warning, but the more
      I looked at the patch the less I liked it.)
      d12e5bb7
  3. 27 Mar, 2016 8 commits
    • Tom Lane's avatar
      499a5057
    • Tom Lane's avatar
      Guard against zero vardata.rel->tuples in estimate_hash_bucketsize(). · d65b665d
      Tom Lane authored
      If the referenced rel was proven empty, we'd compute 0/0 here, which
      results in the function returning NaN.  That's a bit more serious
      than the other zero-divide case.  Still, it only seems to be possible
      in HEAD, so no back-patch.
      
      Per report from Piotr Stefaniak.  I looked through the rest of selfuncs.c
      and found no other likely trouble spots.
      d65b665d
    • Tom Lane's avatar
      Clamp adjusted ndistinct to positive integer in estimate_hash_bucketsize(). · fa09f893
      Tom Lane authored
      This avoids a possible divide-by-zero in the following calculation,
      and rounding the number to an integer seems like saner behavior anyway.
      Assuming IEEE math, the division would yield +Infinity which would get
      replaced by 1.0 at the bottom of the function, so nothing really
      interesting would ensue; but avoiding divide-by-zero seems like a
      good idea on general principles.
      
      Per report from Piotr Stefaniak.  No back-patch since this seems
      mostly cosmetic.
      fa09f893
    • Andres Freund's avatar
      pg_rewind: fsync target data directory. · 408f0438
      Andres Freund authored
      Previously pg_rewind did not fsync any files. That's problematic, given
      that the target directory is modified. If the database was started
      afterwards, 2ce439f3 luckily already caused the data directory to be
      synced to disk at postmaster startup; reducing the scope of the problem.
      
      To fix, use initdb -S, at the end of the pg_rewind run. It doesn't seem
      worthwhile to duplicate the code into pg_rewind, and initdb -S is
      already used that way by pg_upgrade.
      
      Reported-By: Andres Freund
      Author: Michael Paquier, somewhat edited by me
      Discussion: 20160310034352.iuqgvpmg5qmnxtkz@alap3.anarazel.de
          CAB7nPqSytVG1o4S3S2pA1O=692ekurJ+fckW2PywEG3sNw54Ow@mail.gmail.com
      Backpatch: 9.5, where pg_rewind was introduced
      408f0438
    • Andres Freund's avatar
      Fix LWLockReportWaitEnd() parameter list to be (void). · 9f7c527a
      Andres Freund authored
      Previously it was an "old style" function declaration.
      9f7c527a
    • Andres Freund's avatar
      pg_rewind: Close backup_label file descriptor. · a6c84594
      Andres Freund authored
      This was a relatively harmless leak, as createBackupLabel() is only
      called once per pg_rewind invocation.
      
      Author: Michael Paquier
      Reported-By: Michael Paquier
      Discussion: CAB7nPqRnOw30gOXe2_SPLjh37bgm4V+txbYAPwoXb97nGQ297w@mail.gmail.com
      Backpatch: 9.5, where pg_rewind was introduced
      a6c84594
    • Andres Freund's avatar
      Don't use !! but != 0/NULL to force boolean evaluation. · 1a7a4367
      Andres Freund authored
      I introduced several uses of !! to force bit arithmetic to be boolean,
      but per discussion the project prefers != 0/NULL.
      
      Discussion: CA+TgmoZP5KakLGP6B4vUjgMBUW0woq_dJYi0paOz-My0Hwt_vQ@mail.gmail.com
      1a7a4367
    • Andres Freund's avatar
      Change various Gin*Is* macros to return 0/1. · af4472bc
      Andres Freund authored
      Returning the direct result of bit arithmetic, in a macro intended to be
      used in a boolean manner, can be problematic if the return value is
      stored in a variable of type 'bool'. If bool is implemented using C99's
      _Bool, that can lead to comparison failures if the variable is then
      compared again with the expression (see ginStepRight() for an example
      that fails), as _Bool forces the result to be 0/1. That happens in some
      configurations of newer MSVC compilers.  It's also problematic when
      storing the result of such an expression in a narrower type.
      
      Several gin macros have been declared in that style since gin's initial
      commit in 8a3631f8.
      
      There's a lot more macros like this, but this is the only one causing
      regression test failures; and I don't want to commit and backpatch a
      larger patch with lots of conflicts just before the next set of minor
      releases.
      
      Discussion: 20150811154237.GD17575@awork2.anarazel.de
      Backpatch: All supported branches
      af4472bc
  4. 26 Mar, 2016 3 commits
    • Tom Lane's avatar
      First-draft release notes for 9.5.2. · 29b6123e
      Tom Lane authored
      As usual, the release notes for other branches will be made by cutting
      these down, but put them up for community review first.
      29b6123e
    • Tom Lane's avatar
      Modernize zic's test for valid timezone abbreviations. · 221619ad
      Tom Lane authored
      We really need to sync all of our IANA-derived timezone code with upstream,
      but that's going to be a large patch and I certainly don't care to shove
      such a thing into stable branches immediately before a release.  As a
      stopgap, copy just the tzcode2016c logic that checks validity of timezone
      abbreviations.  This prevents getting multiple "time zone abbreviation
      differs from POSIX standard" bleats with tzdata 2014b and later.
      221619ad
    • Tom Lane's avatar
      Avoid a couple of zero-divide scenarios in the planner. · 76281aa9
      Tom Lane authored
      cost_subplan() supposed that the given subplan must have plan_rows > 0,
      which as far as I can tell was true until recent refactoring of the
      code in createplan.c; but now that code allows the Result for a provably
      empty subquery to have plan_rows = 0.  Rather than undo that change,
      put in a clamp to prevent zero divide.
      
      get_cheapest_fractional_path() likewise supposed that best_path->rows > 0.
      This assumption has been wrong for longer.  It's actually harmless given
      IEEE float math, because a positive value divided by zero gives +Infinity
      and compare_fractional_path_costs() will do the right thing with that.
      Still, best not to assume that.
      
      final_cost_nestloop() also seems to have some risks in this area, so
      borrow the clamping logic already present in the mergejoin cost functions.
      
      Lastly, remove unnecessary clamp_row_est() in planner.c's calls to
      get_number_of_groups().  The only thing that function does with path_rows
      is pass it to estimate_num_groups() which already has an internal clamp,
      so we don't need the extra call; and if we did, the callers are arguably
      the wrong place for it anyway.
      
      First two items reported by Piotr Stefaniak, the others are products
      of my nosing around for similar problems.  No back-patch since there's
      no evidence that problems arise in the back branches.
      76281aa9
  5. 25 Mar, 2016 8 commits
    • Tom Lane's avatar
      Update time zone data files to tzdata release 2016c. · 676265eb
      Tom Lane authored
      DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia (Altai,
      Astrakhan, Kirov, Sakhalin, Ulyanovsk regions).  Historical corrections
      for Lithuania, Moldova, Russia (Kaliningrad, Samara, Volgograd).
      
      As of 2015b, the keepers of the IANA timezone database started to use
      numeric time zone abbreviations (e.g., "+04") instead of inventing
      abbreviations not found in the wild like "ASTT".  This causes our rather
      old copy of zic to whine "warning: time zone abbreviation differs from
      POSIX standard" several times during "make install".  This warning is
      harmless according to the IANA folk, and I don't see any problems with
      these abbreviations in some simple tests; but it seems like now would be
      a good time to update our copy of the tzcode stuff.  I'll look into that
      soon.
      676265eb
    • Tom Lane's avatar
      Fix PL/Tcl for vpath builds. · 9f73a2f6
      Tom Lane authored
      Commit cd37bb78 works for in-tree builds, but not so much for
      VPATH.  Per buildfarm.
      9f73a2f6
    • Tom Lane's avatar
      Improve PL/Tcl errorCode facility by providing decoded name for SQLSTATE. · cd37bb78
      Tom Lane authored
      We don't really want to encourage people to write numeric SQLSTATEs in
      programs; that's unreadable and error-prone.  Copy plpgsql's infrastructure
      for converting between SQLSTATEs and exception names shown in Appendix A,
      and modify examples in tests and documentation to do it that way.
      cd37bb78
    • Tom Lane's avatar
      In PL/Tcl, make database errors return additional info in the errorCode. · fb8d2a7f
      Tom Lane authored
      Tcl has a convention for returning additional info about an error in a
      global variable named errorCode.  Up to now PL/Tcl has ignored that,
      but this patch causes database errors caught by PL/Tcl to fill in
      errorCode with useful information from the ErrorData struct.
      
      Jim Nasby, reviewed by Pavel Stehule and myself
      fb8d2a7f
    • Tom Lane's avatar
      Fix DROP OPERATOR to reset oprcom/oprnegate links to the dropped operator. · c94959d4
      Tom Lane authored
      This avoids leaving dangling links in pg_operator; which while fairly
      harmless are also unsightly.
      
      While we're at it, simplify OperatorUpd, which went through
      heap_modify_tuple for no very good reason considering it had already made
      a tuple copy it could just scribble on.
      
      Roma Sokolov, reviewed by Tomas Vondra, additional hacking by Robert Haas
      and myself.
      c94959d4
    • Tom Lane's avatar
      Don't split up SRFs when choosing to postpone SELECT output expressions. · d543170f
      Tom Lane authored
      In commit 9118d03a we taught the planner to postpone evaluation of
      set-returning functions in a SELECT's targetlist until after any sort done
      to satisfy ORDER BY.  However, if we postpone some SRFs this way while
      others do not get postponed (because they're sort or group key columns)
      we will break the traditional behavior by which all SRFs in the tlist run
      in-step during ExecTargetList(), so that you get the least common multiple
      of their periods not the product.  Fix make_sort_input_target() so it will
      not split up SRF evaluation in such cases.
      
      There is still a hazard of similar odd behavior if there's a SRF in a
      grouping column and another one that isn't, but that was true before
      and we're just trying to preserve bug-compatibility with the traditional
      behavior.  This whole area is overdue to be rethought and reimplemented,
      but we'll try to avoid changing behavior until then.
      
      Per report from Regina Obe.
      d543170f
    • Tom Lane's avatar
      Link libpq after libpgfeutils to satisfy Windows linker. · 7caaeaf3
      Tom Lane authored
      Some of the non-MSVC Windows buildfarm members seem to need this to avoid
      getting "undefined symbol" errors on libpgfeutils' references to libpq.
      I could understand that if libpq were a static library, but surely it is
      not?  Oh well, at least the extra reference is no more harmful than it is
      for libpgcommon or libpgport.
      7caaeaf3
    • Tom Lane's avatar
      Move psql's psqlscan.l into src/fe_utils. · c1156411
      Tom Lane authored
      This completes (at least for now) the project of getting rid of ad-hoc
      linkages among the src/bin/ subdirectories.  Everything they share is now
      in src/fe_utils/ and is included from a static library at link time.
      
      A side benefit is that we can restore the FLEX_NO_BACKUP check for
      psqlscanslash.l.  We might need to think of another way to do that check
      if we ever need to build two lexers with that property in the same source
      directory, but there's no foreseeable reason to need that.
      c1156411