1. 30 May, 2012 6 commits
    • Tom Lane's avatar
      Expand the allowed range of timezone offsets to +/-15:59:59 from Greenwich. · cd0ff9c0
      Tom Lane authored
      We used to only allow offsets less than +/-13 hours, then it was +/14,
      then it was +/-15.  That's still not good enough though, as per today's bug
      report from Patric Bechtel.  This time I actually looked through the Olson
      timezone database to find the largest offsets used anywhere.  The winners
      are Asia/Manila, at -15:56:00 until 1844, and America/Metlakatla, at
      +15:13:42 until 1867.  So we'd better allow offsets less than +/-16 hours.
      
      Given the history, we are way overdue to have some greppable #define
      symbols controlling this, so make some ... and also remove an obsolete
      comment that didn't get fixed the last time.
      
      Back-patch to all supported branches.
      cd0ff9c0
    • Robert Haas's avatar
      Fix two more bugs in fast-path relation locking. · 07ab1383
      Robert Haas authored
      First, the previous code failed to account for the fact that, during Hot
      Standby operation, the startup process takes AccessExclusiveLocks on
      relations without setting MyDatabaseId.  This resulted in fast path
      strong lock counts failing to be incremented with the startup process
      took locks, which in turn allowed conflicting lock requests to succeed
      when they should not have.  Report by Erik Rijkers, diagnosis by Heikki
      Linnakangas.
      
      Second, LockReleaseAll() failed to honor the allLocks and lockmethodid
      restrictions with respect to fast-path locks.  It's not clear to me
      whether this produces any user-visible breakage at the moment, but it's
      certainly wrong.  Rearrange order of operations in LockReleaseAll to fix.
      Noted by Tom Lane.
      07ab1383
    • Tom Lane's avatar
      Fix incorrect password transformation in contrib/pgcrypto's DES crypt(). · 932ded2e
      Tom Lane authored
      Overly tight coding caused the password transformation loop to stop
      examining input once it had processed a byte equal to 0x80.  Thus, if the
      given password string contained such a byte (which is possible though not
      highly likely in UTF8, and perhaps also in other non-ASCII encodings), all
      subsequent characters would not contribute to the hash, making the password
      much weaker than it appears on the surface.
      
      This would only affect cases where applications used DES crypt() to encode
      passwords before storing them in the database.  If a weak password has been
      created in this fashion, the hash will stop matching after this update has
      been applied, so it will be easy to tell if any passwords were unexpectedly
      weak.  Changing to a different password would be a good idea in such a case.
      (Since DES has been considered inadequately secure for some time, changing
      to a different encryption algorithm can also be recommended.)
      
      This code, and the bug, are shared with at least PHP, FreeBSD, and OpenBSD.
      Since the other projects have already published their fixes, there is no
      point in trying to keep this commit private.
      
      This bug has been assigned CVE-2012-2143, and credit for its discovery goes
      to Rubin Xu and Joseph Bonneau.
      932ded2e
    • Heikki Linnakangas's avatar
      Change the way parent pages are tracked during buffered GiST build. · d1996ed5
      Heikki Linnakangas authored
      We used to mimic the way a stack is constructed when descending the tree
      during normal GiST inserts, but that was quite complicated during a buffered
      build. It was also wrong: in GiST, the left-to-right relationships on
      different levels might not match each other, so that when you know the
      parent of a child page, you won't necessarily find the parent of the page to
      the right of the child page by following the rightlinks at the parent level.
      This sometimes led to "could not re-find parent" errors while building a
      GiST index.
      
      We now use a simple hash table to track the parent of every internal page.
      Whenever a page is split, and downlinks are moved from one page to another,
      we update the hash table accordingly. This is also better for performance
      than the old method, as we never need to move right to re-find the parent
      page, which could take a significant amount of time for buffers that were
      created much earlier in the index build.
      d1996ed5
    • Heikki Linnakangas's avatar
      Delete the temporary file used in buffered GiST build, after the build. · be02b168
      Heikki Linnakangas authored
      There were two bugs here: We forgot to call gistFreeBuildBuffers() function
      at the end of build, and we passed interXact == true to BufFileCreateTemp,
      so the file wasn't automatically cleaned up at end-of-transaction either.
      be02b168
    • Tom Lane's avatar
      Rewrite --section option to decouple it from --schema-only/--data-only. · 4317e024
      Tom Lane authored
      The initial implementation of pg_dump's --section option supposed that the
      existing --schema-only and --data-only options could be made equivalent to
      --section settings.  This is wrong, though, due to dubious but long since
      set-in-stone decisions about where to dump SEQUENCE SET items, as seen in
      bug report from Martin Pitt.  (And I'm not totally convinced there weren't
      other bugs, either.)  Undo that coupling and instead drive --section
      filtering off current-section state tracked as we scan through the TOC
      list to call _tocEntryRequired().
      
      To make sure those decisions don't shift around and hopefully save a few
      cycles, run _tocEntryRequired() only once per TOC entry and save the result
      in a new TOC field.  This required minor rejiggering of ACL handling but
      also allows a far cleaner implementation of inhibit_data_for_failed_table.
      
      Also, to ensure that pg_dump and pg_restore have the same behavior with
      respect to the --section switches, add _tocEntryRequired() filtering to
      WriteToc() and WriteDataChunks(), rather than trying to implement section
      filtering in an entirely orthogonal way in dumpDumpableObject().  This
      required adjusting the handling of the special ENCODING and STDSTRINGS
      items, but they were pretty weird before anyway.
      
      Minor other code review for the patch, too.
      4317e024
  2. 29 May, 2012 3 commits
    • Heikki Linnakangas's avatar
      Fix integer overflow bug in GiST buffering build calculations. · 4bc6fb57
      Heikki Linnakangas authored
      The result of (maintenance_work_mem * 1024) / BLCKSZ doesn't fit in a signed
      32-bit integer, if maintenance_work_mem >= 2GB. Use double instead. And
      while we're at it, write the calculations in an easier to understand form,
      with the intermediary steps written out and commented.
      4bc6fb57
    • Tom Lane's avatar
      Teach AbortOutOfAnyTransaction to clean up partially-started transactions. · 2755abf3
      Tom Lane authored
      AbortOutOfAnyTransaction failed to do anything if the state it saw on
      entry corresponded to failing partway through StartTransaction.  I fixed
      AbortCurrentTransaction to cope with that case way back in commit
      60b2444c, but evidently overlooked that
      AbortOutOfAnyTransaction should do likewise.
      
      Back-patch to all supported branches.  It's not clear that this omission
      has any more-than-cosmetic consequences, but it's also not clear that it
      doesn't, so back-patching seems the least risky choice.
      2755abf3
    • Tom Lane's avatar
      Eliminate some more O(N^2) behaviors in pg_dump/pg_restore. · c89bdf76
      Tom Lane authored
      This patch fixes three places (which AFAICT is all of them) where runtime
      was O(N^2) in the number of TOC entries, by using an index array to replace
      linear searches of the TOC list.  This performance issue is a bit less bad
      than those recently fixed, because it depends on the number of items dumped
      not the number in the source database, so the problem can be dodged by
      doing partial dumps.
      
      The previous coding already had an instance of one of the two index arrays
      needed, but it was only calculated in parallel-restore cases; now we need
      it all the time.  I also chose to move the arrays into the ArchiveHandle
      data structure, to make this code a bit more ready for the day that we
      try to sling multiple ArchiveHandles around in pg_dump or pg_restore.
      
      Since we still need some server-side work before pg_dump can really cope
      nicely with tens of thousands of tables, there's probably little point in
      back-patching.
      c89bdf76
  3. 28 May, 2012 1 commit
    • Peter Eisentraut's avatar
      libpq: URI parsing fixes · 2d612abd
      Peter Eisentraut authored
      Drop special handling of host component with slashes to mean
      Unix-domain socket.  Specify it as separate parameter or using
      percent-encoding now.
      
      Allow omitting username, password, and port even if the corresponding
      designators are present in URI.
      
      Handle percent-encoding in query parameter keywords.
      
      Alex Shulgin
      
      some documentation improvements by myself
      2d612abd
  4. 27 May, 2012 9 commits
  5. 26 May, 2012 1 commit
    • Tom Lane's avatar
      Prevent synchronized scanning when systable_beginscan chooses a heapscan. · 532fe28d
      Tom Lane authored
      The only interesting-for-performance case wherein we force heapscan here
      is when we're rebuilding the relcache init file, and the only such case
      that is likely to be examining a catalog big enough to be syncscanned is
      RelationBuildTupleDesc.  But the early-exit optimization in that code gets
      broken if we start the scan at a random place within the catalog, so that
      allowing syncscan is actually a big deoptimization if pg_attribute is large
      (at least for the normal case where the rows for core system catalogs have
      never been changed since initdb).  Hence, prevent syncscan here.  Per my
      testing pursuant to complaints from Jeff Frost and Greg Sabino Mullane,
      though neither of them seem to have actually hit this specific problem.
      
      Back-patch to 8.3, where syncscan was introduced.
      532fe28d
  6. 25 May, 2012 5 commits
  7. 24 May, 2012 6 commits
  8. 23 May, 2012 5 commits
  9. 22 May, 2012 4 commits