1. 03 Apr, 2014 4 commits
    • Tom Lane's avatar
      Code review for commit d26888bc. · 741364bf
      Tom Lane authored
      Mostly, copy-edit the comments; but also fix it to not reject domains over
      arrays.
      741364bf
    • Tom Lane's avatar
      Fix documentation about joining pg_locks to other views. · 42c6236f
      Tom Lane authored
      The advice to join to pg_prepared_xacts via the transaction column was not
      updated when the transaction column was replaced by virtualtransaction.
      Since it's not quite obvious how to do that join, give an explicit example.
      For consistency also give an example for the adjacent case of joining to
      pg_stat_activity.  And link-ify the view references too, just because we
      can.  Per bug #9840 from Alexey Bashtanov.
      
      Michael Paquier and Tom Lane
      42c6236f
    • Tom Lane's avatar
      Avoid promising that "ADD COLUMN ... DEFAULT NULL" is free. · 879808e5
      Tom Lane authored
      The system realizes that DEFAULT NULL is dummy in simple cases, but not if
      a cast function (such as a length coercion) needs to be applied.  It's
      dubious that suppressing that function call would be appropriate, anyway.
      For the moment, let's just adjust the docs to say that you should omit the
      DEFAULT clause if you don't want a rewrite to happen.  Per gripe from Amit
      Langote.
      879808e5
    • Heikki Linnakangas's avatar
      Avoid palloc in critical section in GiST WAL-logging. · 04e298b8
      Heikki Linnakangas authored
      Memory allocation can fail if you run out of memory, and inside a critical
      section that will lead to a PANIC. Use conservatively-sized arrays in stack
      instead.
      
      There was previously no explicit limit on the number of pages a GiST split
      can produce, it was only limited by the number of LWLocks that can be held
      simultaneously (100 at the moment). This patch adds an explicit limit of 75
      pages. That should be plenty, a typical split shouldn't produce more than
      2-3 page halves.
      
      The bug has been there forever, but only backpatch down to 9.1. The code
      was changed significantly in 9.1, and it doesn't seem worth the risk or
      trouble to adapt this for 9.0 and 8.4.
      04e298b8
  2. 02 Apr, 2014 3 commits
    • Tom Lane's avatar
      Fix assorted issues in client host name lookup. · fc752505
      Tom Lane authored
      The code for matching clients to pg_hba.conf lines that specify host names
      (instead of IP address ranges) failed to complain if reverse DNS lookup
      failed; instead it silently didn't match, so that you might end up getting
      a surprising "no pg_hba.conf entry for ..." error, as seen in bug #9518
      from Mike Blackwell.  Since we don't want to make this a fatal error in
      situations where pg_hba.conf contains a mixture of host names and IP
      addresses (clients matching one of the numeric entries should not have to
      have rDNS data), remember the lookup failure and mention it as DETAIL if
      we get to "no pg_hba.conf entry".  Apply the same approach to forward-DNS
      lookup failures, too, rather than treating them as immediate hard errors.
      
      Along the way, fix a couple of bugs that prevented us from detecting an
      rDNS lookup error reliably, and make sure that we make only one rDNS lookup
      attempt; formerly, if the lookup attempt failed, the code would try again
      for each host name entry in pg_hba.conf.  Since more or less the whole
      point of this design is to ensure there's only one lookup attempt not one
      per entry, the latter point represents a performance bug that seems
      sufficient justification for back-patching.
      
      Also, adjust src/port/getaddrinfo.c so that it plays as well as it can
      with this code.  Which is not all that well, since it does not have actual
      support for rDNS lookup, but at least it should return the expected (and
      required by spec) error codes so that the main code correctly perceives the
      lack of functionality as a lookup failure.  It's unlikely that PG is still
      being used in production on any machines that require our getaddrinfo.c,
      so I'm not excited about working harder than this.
      
      To keep the code in the various branches similar, this includes
      back-patching commits c424d0d1 and
      1997f34d into 9.2 and earlier.
      
      Back-patch to 9.1 where the facility for hostnames in pg_hba.conf was
      introduced.
      fc752505
    • Tom Lane's avatar
      De-anonymize the union in JsonbValue. · f33a71a7
      Tom Lane authored
      Needed for strict C89 compliance.
      f33a71a7
    • Tom Lane's avatar
      Fix bugs in manipulation of PgBackendStatus.st_clienthostname. · 682c5bbe
      Tom Lane authored
      Initialization of this field was not being done according to the
      st_changecount protocol (it has to be done within the changecount increment
      range, not outside).  And the test to see if the value should be reported
      as null was wrong.  Noted while perusing uses of Port.remote_hostname.
      
      This was wrong from the introduction of this code (commit 4a25bc14),
      so back-patch to 9.1.
      682c5bbe
  3. 01 Apr, 2014 6 commits
  4. 31 Mar, 2014 6 commits
    • Robert Haas's avatar
      Mark FastPathStrongRelationLocks volatile. · 4bc15a8b
      Robert Haas authored
      Otherwise, the compiler might decide to move modifications to data
      within this structure outside the enclosing SpinLockAcquire /
      SpinLockRelease pair, leading to shared memory corruption.
      
      This may or may not explain a recent lmgr-related buildfarm failure
      on prairiedog, but it needs to be fixed either way.
      4bc15a8b
    • Robert Haas's avatar
      test_decoding: Update .gitignore · 0f95b723
      Robert Haas authored
      Commit 7317d8d9 changed the set of
      things that need to be ignored, but neglected to update .gitignore.
      0f95b723
    • Robert Haas's avatar
      Count buffers dirtied due to hints in pgBufferUsage.shared_blks_dirtied. · 066254ce
      Robert Haas authored
      Previously, such buffers weren't counted, with the possible result that
      EXPLAIN (BUFFERS) and pg_stat_statements would understate the true
      number of blocks dirtied by an SQL statement.
      
      Back-patch to 9.2, where this counter was introduced.
      
      Amit Kapila
      066254ce
    • Robert Haas's avatar
      Fix thinko in logical decoding code. · 3f0e4be4
      Robert Haas authored
      Andres Freund
      3f0e4be4
    • Heikki Linnakangas's avatar
      Rewrite the way GIN posting lists are packed on a page, to reduce WAL volume. · 14d02f0b
      Heikki Linnakangas authored
      Inserting (in retail) into the new 9.4 format GIN posting tree created much
      larger WAL records than in 9.3. The previous strategy to WAL logging was
      basically to log the whole page on each change, with the exception of
      completely unmodified segments up to the first modified one. That was not
      too bad when appending to the end of the page, as only the last segment had
      to be WAL-logged, but per Fujii Masao's testing, even that produced 2x the
      WAL volume that 9.3 did.
      
      The new strategy is to keep track of changes to the posting lists in a more
      fine-grained fashion, and also make the repacking" code smarter to avoid
      decoding and re-encoding segments unnecessarily.
      14d02f0b
    • Heikki Linnakangas's avatar
      Rename GinLogicValue to GinTernaryValue. · 0cfa34c2
      Heikki Linnakangas authored
      It's more descriptive. Also, get rid of the enum, and use #defines instead,
      per Greg Stark's suggestion.
      0cfa34c2
  5. 30 Mar, 2014 1 commit
    • Andrew Dunstan's avatar
      Use separate output dirs for test_decoding's two runs. · 7317d8d9
      Andrew Dunstan authored
      contrib/test_decoding's "make check" runs two sets of tests. Unless we
      specify separate output directories for each set the isolation tests
      will overwrite the output from the  normal regression set. Doing this
      will help the buildfarm collect complete logs.
      7317d8d9
  6. 29 Mar, 2014 6 commits
    • Bruce Momjian's avatar
      psql: display "Replica Identity" only for FULL and NOTHING · 9d661164
      Bruce Momjian authored
      INDEX is already displayed on the index, and we now exclude pg_catalog.
      DEFAULT is not displayed.
      9d661164
    • Tom Lane's avatar
      Fix dumping of a materialized view that depends on a table's primary key. · 62215de2
      Tom Lane authored
      It is possible for a view or materialized view to depend on a table's
      primary key, if the view query relies on functional dependency to
      abbreviate a GROUP BY list.  This is problematic for pg_dump since we
      ordinarily want to dump view definitions in the pre-data section but
      indexes in post-data.  pg_dump knows how to deal with this situation for
      regular views, by breaking the view's ON SELECT rule apart from the view
      proper.  But it had not been taught what to do about materialized views,
      and in fact mistakenly dumped them as regular views in such cases, as
      seen in bug #9616 from Jesse Denardo.
      
      If we had CREATE OR REPLACE MATERIALIZED VIEW, we could fix this in a
      manner analogous to what's done for regular views; but we don't yet,
      and we'd not back-patch such a thing into 9.3 anyway.  As a hopefully-
      temporary workaround, break the circularity by postponing the matview
      into post-data altogether when this case occurs.
      62215de2
    • Noah Misch's avatar
      Revert "Secure Unix-domain sockets of "make check" temporary clusters." · 8f5578d0
      Noah Misch authored
      About half of the buildfarm members use too-long directory names,
      strongly suggesting that this approach is a dead end.
      8f5578d0
    • Noah Misch's avatar
      Secure Unix-domain sockets of "make check" temporary clusters. · 31c6e54e
      Noah Misch authored
      Any OS user able to access the socket can connect as the bootstrap
      superuser and in turn execute arbitrary code as the OS user running the
      test.  Protect against that by placing the socket in the temporary data
      directory, which has mode 0700 thanks to initdb.  Back-patch to 8.4 (all
      supported versions).  The hazard remains wherever the temporary cluster
      accepts TCP connections, notably on Windows.
      
      Attempts to run "make check" from a directory with a long name will now
      fail.  An alternative not sharing that problem was to place the socket
      in a subdirectory of /tmp, but that is only secure if /tmp is sticky.
      The PG_REGRESS_SOCK_DIR environment variable is available as a
      workaround when testing from long directory paths.
      
      As a convenient side effect, this lets testing proceed smoothly in
      builds that override DEFAULT_PGSOCKET_DIR.  Popular non-default values
      like /var/run/postgresql are often unwritable to the build user.
      
      Security: CVE-2014-0067
      31c6e54e
    • Noah Misch's avatar
      Document platform-specificity of unix_socket_permissions. · fbd32b0c
      Noah Misch authored
      Back-patch to 8.4 (all supported versions).
      fbd32b0c
    • Noah Misch's avatar
  7. 28 Mar, 2014 4 commits
    • Tom Lane's avatar
      Improve regression test for pg_filenode_relation(). · 9613a1d9
      Tom Lane authored
      Make it print the details in case there's a failure.
      
      Andres Freund, slightly modified by me
      9613a1d9
    • Bruce Momjian's avatar
      Adjust getpwuid() fix commit to display errno string on failure · e1827012
      Bruce Momjian authored
      This adjusts patch 613c6d26.
      e1827012
    • Tom Lane's avatar
      Fix EquivalenceClass processing for nested append relations. · a87c7291
      Tom Lane authored
      The original coding of EquivalenceClasses didn't foresee that appendrel
      child relations might themselves be appendrels; but this is possible for
      example when a UNION ALL subquery scans a table with inheritance children.
      The oversight led to failure to optimize ordering-related issues very well
      for the grandchild tables.  After some false starts involving explicitly
      flattening the appendrel representation, we found that this could be fixed
      easily by removing a few implicit assumptions about appendrel parent rels
      not being children themselves.
      
      Kyotaro Horiguchi and Tom Lane, reviewed by Noah Misch
      a87c7291
    • Tom Lane's avatar
      Un-break peer authentication. · b777be0d
      Tom Lane authored
      Commit 613c6d26 sloppily replaced a
      lookup of the UID obtained from getpeereid() with a lookup of the
      server's own user name, thus totally destroying peer authentication.
      Revert.  Per report from Christoph Berg.
      
      In passing, make sure get_user_name() zeroes *errstr on success on
      Windows as well as non-Windows.  I don't think any callers actually
      depend on this ATM, but we should be consistent across platforms.
      b777be0d
  8. 27 Mar, 2014 4 commits
  9. 26 Mar, 2014 6 commits
    • Andrew Dunstan's avatar
      Fix uninitialized variables in json's populate_record_worker(). · 7e4d1600
      Andrew Dunstan authored
      Peter Geoghegan.
      7e4d1600
    • Tom Lane's avatar
      Fix refcounting bug in PLy_modify_tuple(). · 2d5e0f07
      Tom Lane authored
      We must increment the refcount on "plntup" as soon as we have the
      reference, not sometime later.  Otherwise, if an error is thrown in
      between, the Py_XDECREF(plntup) call in the PG_CATCH block removes a
      refcount we didn't add, allowing the object to be freed even though
      it's still part of the plpython function's parsetree.
      
      This appears to be the cause of crashes seen on buildfarm member
      prairiedog.  It's a bit surprising that we've not seen it fail repeatably
      before, considering that the regression tests have been exercising the
      faulty code path since 2009.
      
      The real-world impact is probably minimal, since it's unlikely anyone would
      be provoking the "TD["new"] is not a dictionary" error in production, and
      that's the only case that is actually wrong.  Still, it's a bug affecting
      the regression tests, so patch all supported branches.
      
      In passing, remove dead variable "plstr", and demote "platt" to a local
      variable inside the PG_TRY block, since we don't need to clean it up
      in the PG_CATCH path.
      2d5e0f07
    • Heikki Linnakangas's avatar
      Pass more than the first XLogRecData entry to rm_desc, with WAL_DEBUG. · c2a67248
      Heikki Linnakangas authored
      If you compile with WAL_DEBUG and enable it with wal_debug=on, we used to
      only pass the first XLogRecData entry to the rm_desc routine. I think the
      original assumprion was that the first XLogRecData entry contains all the
      necessary information for the rm_desc routine, but that's a pretty shaky
      assumption. At least standby_redo didn't get the memo.
      
      To fix, piece together all the data in a temporary buffer, and pass that to
      the rm_desc routine.
      
      It's been like this forever, but the patch didn't apply cleanly to
      back-branches. Probably wouldn't be hard to fix the conflicts, but it's
      not worth the trouble.
      c2a67248
    • Bruce Momjian's avatar
      psql: update "replica identity" display for \d+ · b69c4e65
      Bruce Momjian authored
      Display "replica identity" only for \d plus mode, exclude system schema
      objects, and display all possible values, not just non-default,
      non-index ones.
      b69c4e65
    • Bruce Momjian's avatar
      ba08155b
    • Andrew Dunstan's avatar
      Cleanup around json_to_record/json_to_recordset · f9c6d72c
      Andrew Dunstan authored
      Set function parameter names and defaults. Add jsonb versions (which the
      code already provided for so the actual new code is trivial). Add jsonb
      regression tests and docs.
      
      Bump catalog version (which I apparently forgot to do when jsonb was
      committed).
      f9c6d72c