1. 23 Apr, 2019 2 commits
    • Tom Lane's avatar
      Don't request pretty-printed output from xmlNodeDump(). · c06e3550
      Tom Lane authored
      xml.c passed format = 1 to xmlNodeDump(), resulting in sometimes getting
      extra whitespace (newlines + spaces) in the output.  We don't really want
      that, first because whitespace might be semantically significant in some
      XML uses, and second because it happens only very inconsistently.  Only
      one case in our regression tests is affected.
      
      This potentially affects the results of xpath() and the XMLTABLE construct,
      when emitting nodeset values.
      
      Note that the older code in contrib/xml2 doesn't do this; it seems
      to have been an aboriginal bad decision in commit ea3b212f.
      
      While this definitely seems like a bug to me, the small number of
      complaints to date argues against back-patching a behavioral change.
      Hence, fix in HEAD only, at least for now.
      
      Per report from Jean-Marc Voillequin.
      
      Discussion: https://postgr.es/m/1EC8157EB499BF459A516ADCF135ADCE3A23A9CA@LON-WGMSX712.ad.moodys.net
      c06e3550
    • Michael Paquier's avatar
      Fix detection of passwords hashed with MD5 or SCRAM-SHA-256 · ccae190b
      Michael Paquier authored
      This commit fixes a couple of issues related to the way password
      verifiers hashed with MD5 or SCRAM-SHA-256 are detected, leading to
      being able to store in catalogs passwords which do not follow the
      supported hash formats:
      - A MD5-hashed entry was checked based on if its header uses "md5" and
      if the string length matches what is expected.  Unfortunately the code
      never checked if the hash only used hexadecimal characters, as reported
      by Tom Lane.
      - A SCRAM-hashed entry was checked based on only its header, which
      should be "SCRAM-SHA-256$", but it never checked for any fields
      afterwards, as reported by Jonathan Katz.
      
      Backpatch down to v10, which is where SCRAM has been introduced, and
      where password verifiers in plain format have been removed.
      
      Author: Jonathan Katz
      Reviewed-by: Tom Lane, Michael Paquier
      Discussion: https://postgr.es/m/016deb6b-1f0a-8e9f-1833-a8675b170aa9@postgresql.org
      Backpatch-through: 10
      ccae190b
  2. 22 Apr, 2019 2 commits
  3. 21 Apr, 2019 1 commit
    • Tomas Vondra's avatar
      Fix mvdistinct and dependencies size calculations · d08c44f7
      Tomas Vondra authored
      The formulas used to calculate size while (de)serializing mvndistinct
      and functional dependencies were based on offset() of the structs. But
      that is incorrect, because the structures are not copied directly, we
      we copy the individual fields directly.
      
      At the moment this works fine, because there is no alignment padding
      on any platform we support. But it might break if we ever added some
      fields into any of the structs, for example. It's also confusing.
      
      Fixed by reworking the macros to directly sum sizes of serialized
      fields. The macros are now useful only for serialiation, so there is
      no point in keeping them in the public header file. So make them
      private by moving them to the .c files.
      
      Also adds a couple more asserts to check the serialization, and fixes
      an incorrect allocation of MVDependency instead of (MVDependency *).
      
      Reported-By: Tom Lane
      Discussion: https://postgr.es/m/29785.1555365602@sss.pgh.pa.us
      d08c44f7
  4. 20 Apr, 2019 2 commits
    • Bruce Momjian's avatar
      docs: reorder collation regression test order in paragraph · bfbc150e
      Bruce Momjian authored
      Backpatch-through: 10
      bfbc150e
    • Stephen Frost's avatar
      GSSAPI: Improve documentation and tests · eb882a1b
      Stephen Frost authored
      The GSSAPI encryption patch neglected to update the protocol
      documentation to describe how to set up a GSSAPI encrypted connection
      from a client to the server, so fix that by adding the appropriate
      documentation to protocol.sgml.
      
      The tests added for encryption support were overly long and couldn't be
      run in parallel due to race conditions; this was largely because each
      test was setting up its own KDC to perform the tests.  Instead, merge
      the authentication tests and the encryption tests into the original
      test, where we only create one KDC to run the tests with.  Also, have
      the tests check what the server's opinion is of the connection and if it
      was GSS authenticated or encrypted using the pg_stat_gssapi view.
      
      In passing, fix the libpq label for GSSENC-Mode to be consistent with
      the "PGGSSENCMODE" environment variable.
      
      Missing protocol documentation pointed out by Michael Paquier.
      Issues with the tests pointed out by Tom Lane and Peter Eisentraut.
      
      Refactored tests and added documentation by me.
      
      Reviewed by Robbie Harwood (protocol documentation) and Michael Paquier
      (rework of the tests).
      eb882a1b
  5. 19 Apr, 2019 7 commits
    • Andres Freund's avatar
      Fix slot type issue for fuzzy distance index scan over out-of-core table AM. · b8b94ea1
      Andres Freund authored
      For amcanreorderby scans the nodeIndexscan.c's reorder queue holds
      heap tuples, but the underlying table likely does not. Before this fix
      we'd return different types of slots, depending on whether the tuple
      came from the reorder queue, or from the index + table.
      
      While that could be fixed by signalling that the node doesn't return a
      fixed type of slot, it seems better to instead remove the separate
      slot for the reorder queue, and use ExecForceStoreHeapTuple() to store
      tuples from the queue. It's not particularly common to need
      reordering, after all.
      
      This reverts most of the iss_ReorderQueueSlot related changes to
      nodeIndexscan.c made in 1a0586de, except that now
      ExecForceStoreHeapTuple() is used instead of ExecStoreHeapTuple().
      
      Noticed when testing zheap against the in-core version of tableam.
      
      Author: Andres Freund
      b8b94ea1
    • Andres Freund's avatar
      Fix two memory leaks around force-storing tuples in slots. · 88e6ad30
      Andres Freund authored
      As reported by Tom, when ExecStoreMinimalTuple() had to perform a
      conversion to store the minimal tuple in the slot, it forgot to
      respect the shouldFree flag, and leaked the tuple into the current
      memory context if true.  Fix that by freeing the tuple in that case.
      
      Looking at the relevant code made me (Andres) realize that not having
      the shouldFree parameter to ExecForceStoreHeapTuple() was a bad
      idea. Some callers had to locally implement the necessary logic, and
      in one case it was missing, creating a potential per-group leak in
      non-hashed aggregation.
      
      The choice to not free the tuple in ExecComputeStoredGenerated() is
      not pretty, but not introduced by this commit - I'll start a separate
      discussion about it.
      
      Reported-By: Tom Lane
      Discussion: https://postgr.es/m/366.1555382816@sss.pgh.pa.us
      88e6ad30
    • Tom Lane's avatar
      Fix problems with auto-held portals. · 4d5840ce
      Tom Lane authored
      HoldPinnedPortals() did things in the wrong order: it must not mark
      a portal autoHeld until it's been successfully held.  Otherwise,
      a failure while persisting the portal results in a server crash
      because we think the portal is in a good state when it's not.
      
      Also add a check that portal->status is READY before attempting to
      hold a pinned portal.  We have such a check before the only other
      use of HoldPortal(), so it seems unwise not to check it here.
      
      Lastly, rethink the responsibility for where to call HoldPinnedPortals.
      The comment for it imagined that it was optional for any individual PL
      to call it or not, but that cannot be the case: if some outer level of
      procedure has a pinned portal, failing to persist it when an inner
      procedure commits is going to be trouble.  Let's have SPI do it instead
      of the individual PLs.  That's not a complete solution, since in theory
      a PL might not be using SPI to perform commit/rollback, but such a PL
      is going to have to be aware of lots of related requirements anyway.
      (This change doesn't cause an API break for any external PLs that might
      be calling HoldPinnedPortals per the old regime, because calling it
      twice during a commit or rollback sequence won't hurt.)
      
      Per bug #15703 from Julian Schauder.  Back-patch to v11 where this code
      came in.
      
      Discussion: https://postgr.es/m/15703-c12c5bc0ea34ba26@postgresql.org
      4d5840ce
    • Michael Paquier's avatar
    • Michael Paquier's avatar
      bc540f98
    • Michael Paquier's avatar
      Remove dependency to pageinspect in recovery tests · 5a9323ea
      Michael Paquier authored
      If contrib/pageinspect is not installed, this causes the test checking
      the minimum recovery point to fail.  The point is that the dependency
      with pageinspect is not really necessary as the test does also all
      checks with an offline cluster by scanning directly the on-disk pages,
      which is enough for the purpose of the test.
      
      Per complaint from Tom Lane.
      
      Author: Michael Paquier
      Discussion: https://postgr.es/m/17806.1555566345@sss.pgh.pa.us
      5a9323ea
    • Andres Freund's avatar
      Fix potential use-after-free for BEFORE UPDATE row triggers on non-core AMs. · 75e03eab
      Andres Freund authored
      When such a trigger returns the old row version, it naturally get
      stored in the slot for the trigger result. When a table AMs doesn't
      store HeapTuples internally, ExecBRUpdateTriggers() frees the old row
      version passed to triggers - but before this fix it might still be
      referenced by the slot holding the new tuple.
      
      Noticed when running the out-of-core zheap AM against the in-core
      version of tableam.
      
      Author: Andres Freund
      75e03eab
  6. 18 Apr, 2019 4 commits
  7. 17 Apr, 2019 11 commits
  8. 16 Apr, 2019 4 commits
  9. 15 Apr, 2019 7 commits