Stamp 10.22.
commit : c8b932112db2589bd9bb12d120f09fa29ab1f080
author : Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 16:50:46 -0400
committer: Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 16:50:46 -0400
M configure
M configure.in
M doc/bug.template
M src/include/pg_config.h.win32
M src/interfaces/libpq/libpq.rc.in
M src/port/win32ver.rc
Stabilize output of new regression test.
commit : 2d7d8f4397c5855e9159c05a2afb131c34282a8f
author : Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 12:16:01 -0400
committer: Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 12:16:01 -0400
Per buildfarm, the output order of \dx+ isn't consistent across
locales. Apply NO_LOCALE to force C locale. There might be a
more localized way, but I'm not seeing it offhand, and anyway
there is nothing in this test module that particularly cares
about locales.
Security: CVE-2022-2625
M src/test/modules/test_extensions/Makefile
Last-minute updates for release notes.
commit : cd1aef2972ed0b4aafc18c58495cc7e62eebc4c8
author : Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 11:28:47 -0400
committer: Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 11:28:47 -0400
Security: CVE-2022-2625
M doc/src/sgml/release-10.sgml
In extensions, don't replace objects not belonging to the extension.
commit : 5919bb5a5989cda232ac3d1f8b9d90f337be2077
author : Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 11:12:31 -0400
committer: Tom Lane <[email protected]>
date : Mon, 8 Aug 2022 11:12:31 -0400
Previously, if an extension script did CREATE OR REPLACE and there was
an existing object not belonging to the extension, it would overwrite
the object and adopt it into the extension. This is problematic, first
because the overwrite is probably unintentional, and second because we
didn't change the object's ownership. Thus a hostile user could create
an object in advance of an expected CREATE EXTENSION command, and would
then have ownership rights on an extension object, which could be
modified for trojan-horse-type attacks.
Hence, forbid CREATE OR REPLACE of an existing object unless it already
belongs to the extension. (Note that we've always forbidden replacing
an object that belongs to some other extension; only the behavior for
previously-free-standing objects changes here.)
For the same reason, also fail CREATE IF NOT EXISTS when there is
an existing object that doesn't belong to the extension.
Our thanks to Sven Klemm for reporting this problem.
Security: CVE-2022-2625
M doc/src/sgml/extend.sgml
M src/backend/catalog/pg_collation.c
M src/backend/catalog/pg_depend.c
M src/backend/catalog/pg_operator.c
M src/backend/catalog/pg_type.c
M src/backend/commands/createas.c
M src/backend/commands/foreigncmds.c
M src/backend/commands/schemacmds.c
M src/backend/commands/sequence.c
M src/backend/commands/statscmds.c
M src/backend/commands/view.c
M src/backend/parser/parse_utilcmd.c
M src/include/catalog/dependency.h
M src/test/modules/test_extensions/Makefile
M src/test/modules/test_extensions/expected/test_extensions.out
M src/test/modules/test_extensions/sql/test_extensions.sql
A src/test/modules/test_extensions/test_ext_cine–1.0–1.1.sql
A src/test/modules/test_extensions/test_ext_cine–1.0.sql
A src/test/modules/test_extensions/test_ext_cine.control
A src/test/modules/test_extensions/test_ext_cor–1.0.sql
A src/test/modules/test_extensions/test_ext_cor.control
Translation updates
commit : 415af1a4d88a83c93d6277bb8593d468909a0752
author : Alvaro Herrera <[email protected]>
date : Mon, 8 Aug 2022 12:39:52 +0200
committer: Alvaro Herrera <[email protected]>
date : Mon, 8 Aug 2022 12:39:52 +0200
Source-Git-URL: ssh://[email protected]/pgtranslation/messages.git
Source-Git-Hash: ba202c5db861f49538ae65603908aeecdd9b8b39
M src/backend/po/de.po
M src/backend/po/es.po
M src/backend/po/fr.po
M src/backend/po/ja.po
M src/backend/po/sv.po
M src/bin/initdb/po/es.po
M src/bin/initdb/po/ja.po
M src/bin/pg_archivecleanup/po/es.po
M src/bin/pg_archivecleanup/po/ja.po
M src/bin/pg_basebackup/po/es.po
M src/bin/pg_basebackup/po/ja.po
M src/bin/pg_config/po/es.po
M src/bin/pg_config/po/ja.po
M src/bin/pg_controldata/po/es.po
M src/bin/pg_controldata/po/ja.po
M src/bin/pg_ctl/po/es.po
M src/bin/pg_ctl/po/ja.po
M src/bin/pg_dump/po/es.po
M src/bin/pg_dump/po/ja.po
M src/bin/pg_resetwal/po/es.po
M src/bin/pg_resetwal/po/ja.po
M src/bin/pg_rewind/po/es.po
M src/bin/pg_rewind/po/ja.po
M src/bin/pg_test_fsync/po/es.po
M src/bin/pg_test_fsync/po/ja.po
M src/bin/pg_test_timing/po/es.po
M src/bin/pg_test_timing/po/ja.po
M src/bin/pg_upgrade/po/es.po
M src/bin/pg_upgrade/po/ja.po
M src/bin/pg_waldump/po/es.po
M src/bin/pg_waldump/po/ja.po
M src/bin/psql/po/es.po
M src/bin/psql/po/ja.po
M src/bin/psql/po/sv.po
M src/bin/scripts/po/es.po
M src/bin/scripts/po/ja.po
M src/interfaces/ecpg/ecpglib/po/es.po
M src/interfaces/ecpg/ecpglib/po/ja.po
M src/interfaces/ecpg/preproc/po/es.po
M src/interfaces/ecpg/preproc/po/ja.po
M src/interfaces/libpq/po/es.po
M src/interfaces/libpq/po/ja.po
M src/pl/plperl/po/es.po
M src/pl/plperl/po/ja.po
M src/pl/plperl/po/ro.po
M src/pl/plpgsql/src/po/es.po
M src/pl/plpgsql/src/po/ja.po
M src/pl/plpython/po/es.po
M src/pl/plpython/po/ja.po
M src/pl/tcl/po/es.po
M src/pl/tcl/po/ja.po
Release notes for 14.5, 13.8, 12.12, 11.17, 10.22.
commit : 139088aba5afe3c353697dc14861b6822e4f4356
author : Tom Lane <[email protected]>
date : Sun, 7 Aug 2022 15:46:27 -0400
committer: Tom Lane <[email protected]>
date : Sun, 7 Aug 2022 15:46:27 -0400
M doc/src/sgml/release-10.sgml
Remove unportable use of timezone in recent test
commit : 8e5874964be84e8e0eaf94ae6a045ae18f6dfc15
author : Alvaro Herrera <[email protected]>
date : Sun, 7 Aug 2022 10:19:40 +0200
committer: Alvaro Herrera <[email protected]>
date : Sun, 7 Aug 2022 10:19:40 +0200
Per buildfarm member snapper
Discussion: https://postgr.es/m/[email protected]
M src/test/modules/brin/t/02_wal_consistency.pl
Improve recently-added test reliability
commit : ad0e08394746ed4e3219ed4958b372b969d115f9
author : Alvaro Herrera <[email protected]>
date : Sat, 6 Aug 2022 15:52:10 +0200
committer: Alvaro Herrera <[email protected]>
date : Sat, 6 Aug 2022 15:52:10 +0200
Commit 59be1c942a47 already tried to make
src/test/recovery/t/033_replay_tsp_drops more reliable, but it wasn't
enough. Try to improve on that by making this use of a replication slot
to be more like others. Also, don't drop the slot.
Make a few other stylistic changes while at it. It's still quite slow,
which is another thing that we need to fix in this script.
Backpatch to all supported branches.
Discussion: https://postgr.es/m/[email protected]
M src/test/recovery/t/033_replay_tsp_drops.pl
Backpatch addition of .git-blame-ignore-revs
commit : 743a7a10fb0c1e547fdfb562beeb866f241d1ae1
author : Alvaro Herrera <[email protected]>
date : Fri, 5 Aug 2022 19:36:24 +0200
committer: Alvaro Herrera <[email protected]>
date : Fri, 5 Aug 2022 19:36:24 +0200
This makes it more convenient for git config to contain the
blame.ignoreRevsFile setting; otherwise current git versions complain if
the file is not present.
I constructed the file for each branch by scraping the file in branch
master for commits that appear in that branch. Because a few additional
pgindent commits have been added to the list in master since the list
was first created, this also propagates those to branches 14 and 15
where the file already existed. Also, some entries appear to have been
made using author-date rather than committer-date in the format string,
so some timestamps are changed. Also remove bogus whitespace in the
suggested `git log` format string.
Backpatch to all supported branches.
Discussion: https://postgr.es/m/[email protected]
A .git-blame-ignore-revs
BRIN: mask BRIN_EVACUATE_PAGE for WAL consistency checking
commit : e797c7a6f76bc21e77b59bb508ed8b3617ff9461
author : Alvaro Herrera <[email protected]>
date : Fri, 5 Aug 2022 18:00:17 +0200
committer: Alvaro Herrera <[email protected]>
date : Fri, 5 Aug 2022 18:00:17 +0200
That bit is unlogged and therefore it's wrong to consider it in WAL page
comparison.
Add a test that tickles the case, as branch testing technology allows.
This has been a problem ever since wal consistency checking was
introduced (commit a507b86900f6 for pg10), so backpatch to all supported
branches.
Author: 王海洋 (Haiyang Wang) <[email protected]>
Reviewed-by: Kyotaro Horiguchi <[email protected]>
Discussion: https://postgr.es/m/CACciXAD2UvLMOhc4jX9VvOKt7DtYLr3OYRBhvOZ-jRxtzc_7Jg@mail.gmail.com
Discussion: https://postgr.es/m/CACciXADOfErX9Bx0nzE_SkdfXr6Bbpo5R=v_B6MUTEYW4ya+cg@mail.gmail.com
M src/backend/access/brin/brin_pageops.c
M src/backend/access/brin/brin_xlog.c
A src/test/modules/brin/t/02_wal_consistency.pl
Add HINT for restartpoint race with KeepFileRestoredFromArchive().
commit : 2ffcb7dce80610f4b48a7ffd518a253a6584d883
author : Noah Misch <[email protected]>
date : Fri, 5 Aug 2022 08:30:58 -0700
committer: Noah Misch <[email protected]>
date : Fri, 5 Aug 2022 08:30:58 -0700
The five commits ending at cc2c7d65fc27e877c9f407587b0b92d46cd6dd16
closed this race condition for v15+. For v14 through v10, add a HINT to
discourage studying the cosmetic problem.
Reviewed by Kyotaro Horiguchi and David Steele.
Discussion: https://postgr.es/m/[email protected]
M src/backend/access/transam/xlog.c
M src/backend/storage/file/fd.c
Add CHECK_FOR_INTERRUPTS in ExecInsert's speculative insertion loop.
commit : 138213684ad44449449274522ab8fcf119cf848b
author : Tom Lane <[email protected]>
date : Thu, 4 Aug 2022 14:10:06 -0400
committer: Tom Lane <[email protected]>
date : Thu, 4 Aug 2022 14:10:06 -0400
Ordinarily the functions called in this loop ought to have plenty
of CFIs themselves; but we've now seen a case where no such CFI is
reached, making the loop uninterruptible. Even though that's from
a recently-introduced bug, it seems prudent to install a CFI at
the loop level in all branches.
Per discussion of bug #17558 from Andrew Kesper (an actual fix for
that bug will follow).
Discussion: https://postgr.es/m/[email protected]
M src/backend/executor/nodeModifyTable.c
Reduce test runtime of src/test/modules/snapshot_too_old.
commit : 9820032daa3311a6ffbc19d89d6ff5138d09cf71
author : Tom Lane <[email protected]>
date : Wed, 3 Aug 2022 11:14:55 -0400
committer: Tom Lane <[email protected]>
date : Wed, 3 Aug 2022 11:14:55 -0400
The sto_using_cursor and sto_using_select tests were coded to exercise
every permutation of their test steps, but AFAICS there is no value in
exercising more than one. This matters because each permutation costs
about six seconds, thanks to the "pg_sleep(6)". Perhaps we could
reduce that, but the useless permutations seem worth getting rid of
in any case. (Note that sto_using_hash_index got it right already.)
While here, clean up some other sloppiness such as an unused table.
This doesn't make too much difference in interactive testing, since the
wasted time is typically masked by parallelization with other tests.
However, the buildfarm runs this as a serial step, which means we can
expect to shave ~40 seconds from every buildfarm run. That makes it
worth back-patching.
Discussion: https://postgr.es/m/[email protected]
M src/test/modules/snapshot_too_old/expected/sto_using_cursor.out
M src/test/modules/snapshot_too_old/expected/sto_using_select.out
M src/test/modules/snapshot_too_old/specs/sto_using_cursor.spec
M src/test/modules/snapshot_too_old/specs/sto_using_select.spec
Be more wary about 32-bit integer overflow in pg_stat_statements.
commit : dd414bf4e047e55028db28172e8184fcd2ee1201
author : Tom Lane <[email protected]>
date : Tue, 2 Aug 2022 18:05:34 -0400
committer: Tom Lane <[email protected]>
date : Tue, 2 Aug 2022 18:05:34 -0400
We've heard a couple of reports of people having trouble with
multi-gigabyte-sized query-texts files. It occurred to me that on
32-bit platforms, there could be an issue with integer overflow
of calculations associated with the total query text size.
Address that with several changes:
1. Limit pg_stat_statements.max to INT_MAX / 2 not INT_MAX.
The hashtable code will bound it to that anyway unless "long"
is 64 bits. We still need overflow guards on its use, but
this helps.
2. Add a check to prevent extending the query-texts file to
more than MaxAllocHugeSize. If it got that big, qtext_load_file
would certainly fail, so there's not much point in allowing it.
Without this, we'd need to consider whether extent, query_offset,
and related variables shouldn't be off_t not size_t.
3. Adjust the comparisons in need_gc_qtexts() to be done in 64-bit
arithmetic on all platforms. It appears possible that under duress
those multiplications could overflow 32 bits, yielding a false
conclusion that we need to garbage-collect the texts file, which
could lead to repeatedly garbage-collecting after every hash table
insertion.
Per report from Bruno da Silva. I'm not convinced that these
issues fully explain his problem; there may be some other bug that's
contributing to the query-texts file becoming so large in the first
place. But it did get that big, so #2 is a reasonable defense,
and #3 could explain the reported performance difficulties.
(See also commit 8bbe4cbd9, which addressed some related bugs.
The second Discussion: link is the thread that led up to that.)
This issue is old, and is primarily a problem for old platforms,
so back-patch.
Discussion: https://postgr.es/m/CAB+Nuk93fL1Q9eLOCotvLP07g7RAv4vbdrkm0cVQohDVMpAb9A@mail.gmail.com
Discussion: https://postgr.es/m/[email protected]
M contrib/pg_stat_statements/pg_stat_statements.c
Check maximum number of columns in function RTEs, too.
commit : d54fc7e676514bf04cf711469ca65c1d64801ae6
author : Tom Lane <[email protected]>
date : Mon, 1 Aug 2022 12:22:35 -0400
committer: Tom Lane <[email protected]>
date : Mon, 1 Aug 2022 12:22:35 -0400
I thought commit fd96d14d9 had plugged all the holes of this sort,
but no, function RTEs could produce oversize tuples too, either
via long coldeflists or just from multiple functions in one RTE.
(I'm pretty sure the other variants of base RTEs aren't a problem,
because they ultimately refer to either a table or a sub-SELECT,
whose widths are enforced elsewhere. But we explicitly allow join
RTEs to be overwidth, as long as you don't try to form their
tuple result.)
Per further discussion of bug #17561. As before, patch all branches.
Discussion: https://postgr.es/m/[email protected]
M src/backend/parser/parse_relation.c
Fix new recovery test for log_error_verbosity=verbose case
commit : c308003d22251370e0b908e4380f2208d441955a
author : Andrew Dunstan <[email protected]>
date : Fri, 29 Jul 2022 17:43:34 -0400
committer: Andrew Dunstan <[email protected]>
date : Fri, 29 Jul 2022 17:43:34 -0400
The new test is from commit 9e4f914b5e.
With this setting messages have SQL error numbers included, so that
needs to be provided for in the pattern looked for.
Backpatch to all live branches like the original.
M src/test/recovery/t/033_replay_tsp_drops.pl
In transformRowExpr(), check for too many columns in the row.
commit : e6a48014df39dcddbbcadb9479c3bcba9d049f44
author : Tom Lane <[email protected]>
date : Fri, 29 Jul 2022 13:30:50 -0400
committer: Tom Lane <[email protected]>
date : Fri, 29 Jul 2022 13:30:50 -0400
A RowExpr with more than MaxTupleAttributeNumber columns would fail at
execution anyway, since we cannot form a tuple datum with more than that
many columns. While heap_form_tuple() has a check for too many columns,
it emerges that there are some intermediate bits of code that don't
check and can be driven to failure with sufficiently many columns.
Checking this at parse time seems like the most appropriate place to
install a defense, since we already check SELECT list length there.
While at it, make the SELECT-list-length error use the same errcode
(TOO_MANY_COLUMNS) as heap_form_tuple does, rather than the generic
PROGRAM_LIMIT_EXCEEDED.
Per bug #17561 from Egor Chindyaskin. The given test case crashes
in all supported branches (and probably a lot further back),
so patch all.
Discussion: https://postgr.es/m/[email protected]
M src/backend/parser/parse_expr.c
M src/backend/parser/parse_node.c
Fix test instability
commit : 6ffaf75a80018d8cea018635f0740b35eb3bd104
author : Alvaro Herrera <[email protected]>
date : Fri, 29 Jul 2022 12:50:47 +0200
committer: Alvaro Herrera <[email protected]>
date : Fri, 29 Jul 2022 12:50:47 +0200
On FreeBSD, the new test fails due to a WAL file being removed before
the standby has had the chance to copy it. Fix by adding a replication
slot to prevent the removal until after the standby has connected.
Author: Kyotaro Horiguchi <[email protected]>
Reported-by: Matthias van de Meent <[email protected]>
Discussion: https://postgr.es/m/CAEze2Wj5nau_qpjbwihvmXLfkAWOZ5TKdbnqOc6nKSiRJEoPyQ@mail.gmail.com
M src/test/recovery/t/033_replay_tsp_drops.pl
Fix replay of create database records on standby
commit : 084318c33a1f8aeebe492812bd1b2ed0dbafe645
author : Alvaro Herrera <[email protected]>
date : Thu, 28 Jul 2022 08:26:05 +0200
committer: Alvaro Herrera <[email protected]>
date : Thu, 28 Jul 2022 08:26:05 +0200
Crash recovery on standby may encounter missing directories
when replaying database-creation WAL records. Prior to this
patch, the standby would fail to recover in such a case;
however, the directories could be legitimately missing.
Consider the following sequence of commands:
CREATE DATABASE
DROP DATABASE
DROP TABLESPACE
If, after replaying the last WAL record and removing the
tablespace directory, the standby crashes and has to replay the
create database record again, crash recovery must be able to continue.
A fix for this problem was already attempted in 49d9cfc68bf4, but it
was reverted because of design issues. This new version is based
on Robert Haas' proposal: any missing tablespaces are created
during recovery before reaching consistency. Tablespaces
are created as real directories, and should be deleted
by later replay. CheckRecoveryConsistency ensures
they have disappeared.
The problems detected by this new code are reported as PANIC,
except when allow_in_place_tablespaces is set to ON, in which
case they are WARNING. Apart from making tests possible, this
gives users an escape hatch in case things don't go as planned.
Author: Kyotaro Horiguchi <[email protected]>
Author: Asim R Praveen <[email protected]>
Author: Paul Guo <[email protected]>
Reviewed-by: Anastasia Lubennikova <[email protected]> (older versions)
Reviewed-by: Fujii Masao <[email protected]> (older versions)
Reviewed-by: Michaël Paquier <[email protected]>
Diagnosed-by: Paul Guo <[email protected]>
Discussion: https://postgr.es/m/CAEET0ZGx9AvioViLf7nbR_8tH9-=27DN5xWJ2P9-ROH16e4JUA@mail.gmail.com
M src/backend/access/transam/xlog.c
M src/backend/commands/dbcommands.c
M src/backend/commands/tablespace.c
A src/test/recovery/t/033_replay_tsp_drops.pl
Allow "in place" tablespaces.
commit : 7bdbbb87340f4cb9f262320a28be8f87d4c38308
author : Alvaro Herrera <[email protected]>
date : Wed, 27 Jul 2022 07:55:12 +0200
committer: Alvaro Herrera <[email protected]>
date : Wed, 27 Jul 2022 07:55:12 +0200
This is a backpatch to branches 10-14 of the following commits:
7170f2159fb2 Allow "in place" tablespaces.
c6f2f01611d4 Fix pg_basebackup with in-place tablespaces.
f6f0db4d6240 Fix pg_tablespace_location() with in-place tablespaces
7a7cd84893e0 doc: Remove mention to in-place tablespaces for pg_tablespace_location()
5344723755bd Remove unnecessary Windows-specific basebackup code.
In-place tablespaces were introduced as a testing helper mechanism, but
they are going to be used for a bugfix in WAL replay to be backpatched
to all stable branches.
I (Álvaro) had to adjust some code to account for lack of
get_dirent_type() in branches prior to 14.
Author: Thomas Munro <[email protected]>
Author: Michaël Paquier <[email protected]>
Author: Álvaro Herrera <[email protected]>
Discussion: https://postgr.es/m/[email protected]
M doc/src/sgml/config.sgml
M src/backend/access/transam/xlog.c
M src/backend/commands/tablespace.c
M src/backend/utils/adt/misc.c
M src/backend/utils/misc/guc.c
M src/include/commands/tablespace.h
Force immediate commit after CREATE DATABASE etc in extended protocol.
commit : 964f42aa297b26af000982bfd24033011faf2eaf
author : Tom Lane <[email protected]>
date : Tue, 26 Jul 2022 13:07:03 -0400
committer: Tom Lane <[email protected]>
date : Tue, 26 Jul 2022 13:07:03 -0400
We have a few commands that "can't run in a transaction block",
meaning that if they complete their processing but then we fail
to COMMIT, we'll be left with inconsistent on-disk state.
However, the existing defenses for this are only watertight for
simple query protocol. In extended protocol, we didn't commit
until receiving a Sync message. Since the client is allowed to
issue another command instead of Sync, we're in trouble if that
command fails or is an explicit ROLLBACK. In any case, sitting
in an inconsistent state while waiting for a client message
that might not come seems pretty risky.
This case wasn't reachable via libpq before we introduced pipeline
mode, but it's always been an intended aspect of extended query
protocol, and likely there are other clients that could reach it
before.
To fix, set a flag in PreventInTransactionBlock that tells
exec_execute_message to force an immediate commit. This seems
to be the approach that does least damage to existing working
cases while still preventing the undesirable outcomes.
While here, add some documentation to protocol.sgml that explicitly
says how to use pipelining. That's latent in the existing docs if
you know what to look for, but it's better to spell it out; and it
provides a place to document this new behavior.
Per bug #17434 from Yugo Nagata. It's been wrong for ages,
so back-patch to all supported branches.
Discussion: https://postgr.es/m/[email protected]
M doc/src/sgml/protocol.sgml
M src/backend/access/transam/xact.c
M src/backend/tcop/postgres.c
M src/include/access/xact.h
doc: clarify that auth. names are lower case and case-sensitive
commit : 7fa2bdeda62e310c87713e8e48d2caaf452b401e
author : Bruce Momjian <[email protected]>
date : Thu, 21 Jul 2022 13:58:20 -0400
committer: Bruce Momjian <[email protected]>
date : Thu, 21 Jul 2022 13:58:20 -0400
This is true even for acronyms that are usually upper case, like LDAP.
Reported-by: Alvaro Herrera
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 10
M doc/src/sgml/client-auth.sgml
Fix ruleutils issues with dropped cols in functions-returning-composite.
commit : 6bceacfe87ffb842e8a9bb5e005f324685be9fb7
author : Tom Lane <[email protected]>
date : Thu, 21 Jul 2022 13:56:02 -0400
committer: Tom Lane <[email protected]>
date : Thu, 21 Jul 2022 13:56:02 -0400
Due to lack of concern for the case in the dependency code, it's
possible to drop a column of a composite type even though stored
queries have references to the dropped column via functions-in-FROM
that return the composite type. There are "soft" references,
namely FROM-clause aliases for such columns, and "hard" references,
that is actual Vars referring to them. The right fix for hard
references is to add dependencies preventing the drop; something
we've known for many years and not done (and this commit still doesn't
address it). A "soft" reference shouldn't prevent a drop though.
We've been around on this before (cf. 9b35ddce9, 2c4debbd0), but
nobody had noticed that the current behavior can result in dump/reload
failures, because ruleutils.c can print more column aliases than the
underlying composite type now has. So we need to rejigger the
column-alias-handling code to treat such columns as dropped and not
print aliases for them.
Rather than writing new code for this, I used expandRTE() which already
knows how to figure out which function result columns are dropped.
I'd initially thought maybe we could use expandRTE() in all cases, but
that fails for EXPLAIN's purposes, because the planner strips a lot of
RTE infrastructure that expandRTE() needs. So this patch just uses it
for unplanned function RTEs and otherwise does things the old way.
If there is a hard reference (Var), then removing the column alias
causes us to fail to print the Var, since there's no longer a name
to print. Failing seems less desirable than printing a made-up
name, so I made it print "?dropped?column?" instead.
Per report from Timo Stolz. Back-patch to all supported branches.
Discussion: https://postgr.es/m/[email protected]
M src/backend/parser/parse_relation.c
M src/backend/utils/adt/ruleutils.c
M src/test/regress/expected/create_view.out
M src/test/regress/sql/create_view.sql
Fix assertion failure and segmentation fault in backup code.
commit : 2497d2b770916f802353f3bf5e03d42c4c98d3cf
author : Fujii Masao <[email protected]>
date : Tue, 12 Jul 2022 11:53:29 +0900
committer: Fujii Masao <[email protected]>
date : Tue, 12 Jul 2022 11:53:29 +0900
When a non-exclusive backup is canceled, do_pg_abort_backup() is called
and resets some variables set by pg_backup_start (pg_start_backup in v14
or before). But previously it forgot to reset the session state indicating
whether a non-exclusive backup is in progress or not in this session.
This issue could cause an assertion failure when the session running
BASE_BACKUP is terminated after it executed pg_backup_start and
pg_backup_stop (pg_stop_backup in v14 or before). Also it could cause
a segmentation fault when pg_backup_stop is called after BASE_BACKUP
in the same session is canceled.
This commit fixes the issue by making do_pg_abort_backup reset
that session state.
Back-patch to all supported branches.
Author: Fujii Masao
Reviewed-by: Kyotaro Horiguchi, Masahiko Sawada, Michael Paquier, Robert Haas
Discussion: https://postgr.es/m/[email protected]
M src/backend/access/transam/xlog.c
Prevent BASE_BACKUP in the middle of another backup in the same session.
commit : dd831afc44bf77dd1fd8095d684153bbf5544e1c
author : Fujii Masao <[email protected]>
date : Tue, 12 Jul 2022 09:31:57 +0900
committer: Fujii Masao <[email protected]>
date : Tue, 12 Jul 2022 09:31:57 +0900
Multiple non-exclusive backups are able to be run conrrently in different
sessions. But, in the same session, only one non-exclusive backup can be
run at the same moment. If pg_backup_start (pg_start_backup in v14 or before)
is called in the middle of another non-exclusive backup in the same session,
an error is thrown.
However, previously, in logical replication walsender mode, even if that
walsender session had already called pg_backup_start and started
a non-exclusive backup, it could execute BASE_BACKUP command and
start another non-exclusive backup. Which caused subsequent pg_backup_stop
to throw an error because BASE_BACKUP unexpectedly reset the session state
marked by pg_backup_start.
This commit prevents BASE_BACKUP command in the middle of another
non-exclusive backup in the same session.
Back-patch to all supported branches.
Author: Fujii Masao
Reviewed-by: Kyotaro Horiguchi, Masahiko Sawada, Michael Paquier, Robert Haas
Discussion: https://postgr.es/m/[email protected]
M src/backend/replication/basebackup.c
postgres_fdw: set search_path to 'pg_catalog' while deparsing constants.
commit : 26c9e1bd88467f59b2550bf8e5fa8f7357bf77f2
author : Tom Lane <[email protected]>
date : Sun, 17 Jul 2022 17:27:51 -0400
committer: Tom Lane <[email protected]>
date : Sun, 17 Jul 2022 17:27:51 -0400
The motivation for this is to ensure successful transmission of the
values of constants of regconfig and other reg* types. The remote
will be reading them with search_path = 'pg_catalog', so schema
qualification is necessary when referencing objects in other schemas.
Per bug #17483 from Emmanuel Quincerot. Back-patch to all supported
versions. (There's some other stuff to do here, but it's less
back-patchable.)
Discussion: https://postgr.es/m/[email protected]
M contrib/postgres_fdw/expected/postgres_fdw.out
M contrib/postgres_fdw/postgres_fdw.c
M contrib/postgres_fdw/sql/postgres_fdw.sql
Make dsm_impl_posix_resize more future-proof.
commit : d3b0884c0708d5156ef4de5e4895927bdb62a9c3
author : Thomas Munro <[email protected]>
date : Sat, 16 Jul 2022 10:59:52 +1200
committer: Thomas Munro <[email protected]>
date : Sat, 16 Jul 2022 10:59:52 +1200
Commit 4518c798 blocks signals for a short region of code, but it
assumed that whatever called it had the signal mask set to UnBlockSig on
entry. That may be true today (or may even not be, in extensions in the
wild), but it would be better not to make that assumption. We should
save-and-restore the caller's signal mask.
The PG_SETMASK() portability macro couldn't be used for that, which is
why it wasn't done before. But... considering that commit a65e0864
established back in 9.6 that supported POSIX systems have sigprocmask(),
and that this is POSIX-only code, there is no reason not to use standard
sigprocmask() directly to achieve that.
Back-patch to all supported releases, like 4518c798 and 80845b7c.
Reviewed-by: Alvaro Herrera <[email protected]>
Reviewed-by: Tom Lane <[email protected]>
Discussion: https://postgr.es/m/CA%2BhUKGKx6Biq7_UuV0kn9DW%2B8QWcpJC1qwhizdtD9tN-fn0H0g%40mail.gmail.com
M src/backend/storage/ipc/dsm_impl.c
pg_upgrade doc: mention that replication slots must be recreated
commit : b0ea3e46c63160f4292b4dfe356dd28c7cde4545
author : Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 16:34:30 -0400
committer: Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 16:34:30 -0400
Reported-by: Nikhil Shetty
Discussion: https://postgr.es/m/CAFpL5Vxastip0Jei-K-=7cKXTg=5sahSe5g=om=x68NOX8+PUA@mail.gmail.com
Backpatch-through: 10
M doc/src/sgml/ref/pgupgrade.sgml
doc: clarify the behavior of identically-named savepoints
commit : 3ba46b35327469d040b7cea703d76bf33104f434
author : Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 15:44:22 -0400
committer: Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 15:44:22 -0400
Original patch by David G. Johnston.
Reported-by: David G. Johnston
Discussion: https://postgr.es/m/CAKFQuwYQCxSSuSL18skCWG8QHFswOJ3hjovHsOZUE346i4OpVQ@mail.gmail.com
Backpatch-through: 10
M doc/src/sgml/ref/release_savepoint.sgml
M doc/src/sgml/ref/savepoint.sgml
doc: clarify that "excluded" ON CONFLICT is a single row
commit : 5790aa46af8e6f8c6b090a931fc18b42002e4f54
author : Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 15:33:27 -0400
committer: Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 15:33:27 -0400
Original patch by David G. Johnston.
Reported-by: David G. Johnston
Discussion: https://postgr.es/m/CAKFQuwa4J0+WuO7kW1PLbjoEvzPN+Q_j+P2bXxNnCLaszY7ZdQ@mail.gmail.com
Backpatch-through: 10
M doc/src/sgml/ref/insert.sgml
doc: mention that INSERT can block because of unique indexes
commit : 68044facf2e6069d432bfdf3fbdc20a06e7f75a0
author : Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 15:17:19 -0400
committer: Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 15:17:19 -0400
Initial patch by David G. Johnston.
Reported-by: David G. Johnston
Discussion: https://postgr.es/m/CAKFQuwZpbdzceO41VE-xt1Xh8rWRRfgopTAK1wL9EhCo0Am-Sw@mail.gmail.com
Backpatch-through: 10
M doc/src/sgml/ref/insert.sgml
doc: mention the pg_locks lock names in parentheses
commit : 88580b63ebe4597b6b3ef6ad23c7370af2e9cadc
author : Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 12:08:54 -0400
committer: Bruce Momjian <[email protected]>
date : Thu, 14 Jul 2022 12:08:54 -0400
Reported-by: Troy Frericks
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 10
M doc/src/sgml/mvcc.sgml
Don't clobber postmaster sigmask in dsm_impl_resize.
commit : e26024bea9e9fe7bb10a00baea631d629c5bd61c
author : Thomas Munro <[email protected]>
date : Fri, 15 Jul 2022 01:23:29 +1200
committer: Thomas Munro <[email protected]>
date : Fri, 15 Jul 2022 01:23:29 +1200
Commit 4518c798 intended to block signals in regular backends that
allocate DSM segments, but dsm_impl_resize() is also reached by
dsm_postmaster_startup(). It's not OK to clobber the postmaster's
signal mask, so only manipulate the signal mask when under the
postmaster.
Back-patch to all releases, like 4518c798.
Discussion: https://postgr.es/m/CA%2BhUKGKNpK%3D2OMeea_AZwpLg7Bm4%3DgYWk7eDjZ5F6YbozfOf8w%40mail.gmail.com
M src/backend/storage/ipc/dsm_impl.c
Block signals while allocating DSM memory.
commit : 53cfe403c9d254e1a8b84f92ab5579bc59162621
author : Thomas Munro <[email protected]>
date : Wed, 13 Jul 2022 16:16:07 +1200
committer: Thomas Munro <[email protected]>
date : Wed, 13 Jul 2022 16:16:07 +1200
On Linux, we call posix_fallocate() on shm_open()'d memory to avoid
later potential SIGBUS (see commit 899bd785).
Based on field reports of systems stuck in an EINTR retry loop there,
there, we made it possible to break out of that loop via slightly odd
coding where the CHECK_FOR_INTERRUPTS() call was somewhat removed from
the loop (see commit 422952ee).
On further reflection, that was not a great choice for at least two
reasons:
1. If interrupts were held, the CHECK_FOR_INTERRUPTS() would do nothing
and the EINTR error would be surfaced to the user.
2. If EINTR was reported but neither QueryCancelPending nor
ProcDiePending was set, then we'd dutifully retry, but with a bit more
understanding of how posix_fallocate() works, it's now clear that you
can get into a loop that never terminates. posix_fallocate() is not a
function that can do some of the job and tell you about progress if it's
interrupted, it has to undo what it's done so far and report EINTR, and
if signals keep arriving faster than it can complete (cf recovery
conflict signals), you're stuck.
Therefore, for now, we'll simply block most signals to guarantee
progress. SIGQUIT is not blocked (see InitPostmasterChild()), because
its expected handler doesn't return, and unblockable signals like
SIGCONT are not expected to arrive at a high rate. For good measure,
we'll include the ftruncate() call in the blocked region, and add a
retry loop.
Back-patch to all supported releases.
Reported-by: Alvaro Herrera <[email protected]>
Reported-by: Nicola Contu <[email protected]>
Reviewed-by: Alvaro Herrera <[email protected]>
Reviewed-by: Andres Freund <[email protected]>
Discussion: https://postgr.es/m/20220701154105.jjfutmngoedgiad3%40alvherre.pgsql
M src/backend/storage/ipc/dsm_impl.c
Fix \watch's interaction with libedit on ^C.
commit : 7c5953b7b5dc2b1c5546c5b8b8b29785d46f4e8e
author : Thomas Munro <[email protected]>
date : Sun, 10 Jul 2022 16:30:03 +1200
committer: Thomas Munro <[email protected]>
date : Sun, 10 Jul 2022 16:30:03 +1200
When you hit ^C, the terminal driver in Unix-like systems echoes "^C" as
well as sending an interrupt signal (depending on stty settings). At
least libedit (but maybe also libreadline) is then confused about the
current cursor location, and corrupts the display if you try to scroll
back. Fix, by moving to a new line before the next prompt is displayed.
Back-patch to all supported released.
Author: Pavel Stehule <[email protected]>
Reported-by: Tom Lane <[email protected]>
Discussion: https://postgr.es/m/3278793.1626198638%40sss.pgh.pa.us
M src/bin/psql/command.c
Fix alias matching in transformLockingClause().
commit : 8ace122d438a405cbac6352296d802e3fc904295
author : Dean Rasheed <[email protected]>
date : Thu, 7 Jul 2022 13:07:51 +0100
committer: Dean Rasheed <[email protected]>
date : Thu, 7 Jul 2022 13:07:51 +0100
When locking a specific named relation for a FOR [KEY] UPDATE/SHARE
clause, transformLockingClause() finds the relation to lock by
scanning the rangetable for an RTE with a matching eref->aliasname.
However, it failed to account for the visibility rules of a join RTE.
If a join RTE doesn't have a user-supplied alias, it will have a
generated eref->aliasname of "unnamed_join" that is not visible as a
relation name in the parse namespace. Such an RTE needs to be skipped,
otherwise it might be found in preference to a regular base relation
with a user-supplied alias of "unnamed_join", preventing it from being
locked.
In addition, if a join RTE doesn't have a user-supplied alias, but
does have a join_using_alias, then the RTE needs to be matched using
that alias rather than the generated eref->aliasname, otherwise a
misleading "relation not found" error will be reported rather than a
"join cannot be locked" error.
Backpatch all the way, except for the second part which only goes back
to 14, where JOIN USING aliases were added.
Dean Rasheed, reviewed by Tom Lane.
Discussion: https://postgr.es/m/CAEZATCUY_KOBnqxbTSPf=7fz9HWPnZ5Xgb9SwYzZ8rFXe7nb=w@mail.gmail.com
M src/backend/parser/analyze.c
M src/test/regress/expected/join.out
M src/test/regress/sql/join.sql
Fix previous commit's ecpg_clocale for ppc Darwin.
commit : f5e4d64bb3384a218bd8c89be6e041c59f1db270
author : Noah Misch <[email protected]>
date : Sat, 2 Jul 2022 21:03:19 -0700
committer: Noah Misch <[email protected]>
date : Sat, 2 Jul 2022 21:03:19 -0700
Per buildfarm member prairiedog, this platform rejects uninitialized
global variables in shared libraries. Back-patch to v10, like the
addition of the variable.
Reviewed by Tom Lane.
Discussion: https://postgr.es/m/[email protected]
M src/interfaces/ecpg/ecpglib/connect.c
ecpglib: call newlocale() once per process.
commit : 12b2a2369debca1fa0c61a7db2a50152668e64dc
author : Noah Misch <[email protected]>
date : Sat, 2 Jul 2022 13:00:30 -0700
committer: Noah Misch <[email protected]>
date : Sat, 2 Jul 2022 13:00:30 -0700
ecpglib has been calling it once per SQL query and once per EXEC SQL GET
DESCRIPTOR. Instead, if newlocale() has not succeeded before, call it
while establishing a connection. This mitigates three problems:
- If newlocale() failed in EXEC SQL GET DESCRIPTOR, the command silently
proceeded without the intended locale change.
- On AIX, each newlocale()+freelocale() cycle leaked memory.
- newlocale() CPU usage may have been nontrivial.
Fail the connection attempt if newlocale() fails. Rearrange
ecpg_do_prologue() to validate the connection before its uselocale().
The sort of program that may regress is one running in an environment
where newlocale() fails. If that program establishes connections
without running SQL statements, it will stop working in response to this
change. I'm betting against the importance of such an ECPG use case.
Most SQL execution (any using ECPGdo()) has long required newlocale()
success, so there's little a connection could do without newlocale().
Back-patch to v10 (all supported versions).
Reviewed by Tom Lane. Reported by Guillaume Lelarge.
Discussion: https://postgr.es/m/[email protected]
M src/interfaces/ecpg/ecpglib/connect.c
M src/interfaces/ecpg/ecpglib/descriptor.c
M src/interfaces/ecpg/ecpglib/execute.c
M src/interfaces/ecpg/ecpglib/extern.h
Harden dsm_impl.c against unexpected EEXIST.
commit : 22b9afaf5cc0cba56ec32289eb3b5407db936fe1
author : Thomas Munro <[email protected]>
date : Fri, 1 Jul 2022 12:05:52 +1200
committer: Thomas Munro <[email protected]>
date : Fri, 1 Jul 2022 12:05:52 +1200
Previously, we trusted the OS not to report EEXIST unless we'd passed in
IPC_CREAT | IPC_EXCL or O_CREAT | O_EXCL, as appropriate. Solaris's
shm_open() can in fact do that, causing us to crash because we didn't
ereport and then we blithely assumed the mapping was successful.
Let's treat EEXIST just like any other error, unless we're actually
trying to create a new segment. This applies to shm_open(), where this
behavior has been seen, and also to the equivalent operations for our
sysv and mmap modes just on principle.
Based on the underlying reason for the error, namely contention on a
lock file managed by Solaris librt for each distinct name, this problem
is only likely to happen on 15 and later, because the new shared memory
stats system produces shm_open() calls for the same path from
potentially large numbers of backends concurrently during
authentication. Earlier releases only shared memory segments between a
small number of parallel workers under one Gather node. You could
probably hit it if you tried hard enough though, and we should have been
more defensive in the first place. Therefore, back-patch to all
supported releases.
Per build farm animal margay. This isn't the end of the story, though,
it just changes random crashes into random "File exists" errors; more
work needed for a green build farm.
Reviewed-by: Robert Haas <[email protected]>
Discussion: https://postgr.es/m/CA%2BhUKGKqKrCV5xKWfh9rnm%3Do%3DDwZLTLtnsj_XpUi9g5%3DV%2B9oyg%40mail.gmail.com
M src/backend/storage/ipc/dsm_impl.c
Fix visibility check when XID is committed in CLOG but not in procarray.
commit : 4822b462726188fa6aa79c41bdb30ae54e84c596
author : Heikki Linnakangas <[email protected]>
date : Mon, 27 Jun 2022 08:21:08 +0300
committer: Heikki Linnakangas <[email protected]>
date : Mon, 27 Jun 2022 08:21:08 +0300
TransactionIdIsInProgress had a fast path to return 'false' if the
single-item CLOG cache said that the transaction was known to be
committed. However, that was wrong, because a transaction is first
marked as committed in the CLOG but doesn't become visible to others
until it has removed its XID from the proc array. That could lead to an
error:
ERROR: t_xmin is uncommitted in tuple to be updated
or for an UPDATE to go ahead without blocking, before the previous
UPDATE on the same row was made visible.
The window is usually very short, but synchronous replication makes it
much wider, because the wait for synchronous replica happens in that
window.
Another thing that makes it hard to hit is that it's hard to get such
a commit-in-progress transaction into the single item CLOG cache.
Normally, if you call TransactionIdIsInProgress on such a transaction,
it determines that the XID is in progress without checking the CLOG
and without populating the cache. One way to prime the cache is to
explicitly call pg_xact_status() on the XID. Another way is to use a
lot of subtransactions, so that the subxid cache in the proc array is
overflown, making TransactionIdIsInProgress rely on pg_subtrans and
CLOG checks.
This has been broken ever since it was introduced in 2008, but the race
condition is very hard to hit, especially without synchronous
replication. There were a couple of reports of the error starting from
summer 2021, but no one was able to find the root cause then.
TransactionIdIsKnownCompleted() is now unused. In 'master', remove it,
but I left it in place in backbranches in case it's used by extensions.
Also change pg_xact_status() to check TransactionIdIsInProgress().
Previously, it only checked the CLOG, and returned "committed" before
the transaction was actually made visible to other queries. Note that
this also means that you cannot use pg_xact_status() to reproduce the
bug anymore, even if the code wasn't fixed.
Report and analysis by Konstantin Knizhnik. Patch by Simon Riggs, with
the pg_xact_status() change added by me.
Author: Simon Riggs
Reviewed-by: Andres Freund
Discussion: https://www.postgresql.org/message-id/flat/4da7913d-398c-e2ad-d777-f752cf7f0bbb%40garret.ru
M src/backend/access/transam/transam.c
M src/backend/storage/ipc/procarray.c
M src/backend/utils/adt/txid.c
Fix PostgreSQL::Test aliasing for Perl v5.10.1.
commit : ca590a4e958f508a769aced1cb234db7e24a4d4a
author : Noah Misch <[email protected]>
date : Sat, 25 Jun 2022 14:15:56 -0700
committer: Noah Misch <[email protected]>
date : Sat, 25 Jun 2022 14:15:56 -0700
This Perl segfaults if a declaration of the to-be-aliased package
precedes the aliasing itself. Per buildfarm members lapwing and wrasse.
Like commit 20911775de4ab7ac3ecc68bd714cb3ed0fd68b6a, back-patch to v10
(all supported versions).
Discussion: https://postgr.es/m/[email protected]
M src/test/perl/PostgreSQL/Test/Cluster.pm
M src/test/perl/PostgreSQL/Test/Utils.pm
CREATE INDEX: use the original userid for more ACL checks.
commit : 88b39e61486a8925a3861d50c306a51eaa1af8d6
author : Noah Misch <[email protected]>
date : Sat, 25 Jun 2022 09:07:41 -0700
committer: Noah Misch <[email protected]>
date : Sat, 25 Jun 2022 09:07:41 -0700
Commit a117cebd638dd02e5c2e791c25e43745f233111b used the original userid
for ACL checks located directly in DefineIndex(), but it still adopted
the table owner userid for more ACL checks than intended. That broke
dump/reload of indexes that refer to an operator class, collation, or
exclusion operator in a schema other than "public" or "pg_catalog".
Back-patch to v10 (all supported versions), like the earlier commit.
Nathan Bossart and Noah Misch
Discussion: https://postgr.es/m/[email protected]
M contrib/citext/Makefile
A contrib/citext/expected/create_index_acl.out
A contrib/citext/sql/create_index_acl.sql
M src/backend/commands/indexcmds.c
For PostgreSQL::Test compatibility, alias entire package symbol tables.
commit : 38790408b02083e00d0f01c28ac6a25d82c328cc
author : Noah Misch <[email protected]>
date : Sat, 25 Jun 2022 09:07:44 -0700
committer: Noah Misch <[email protected]>
date : Sat, 25 Jun 2022 09:07:44 -0700
Remove the need to edit back-branch-specific code sites when
back-patching the addition of a PostgreSQL::Test::Utils symbol. Replace
per-symbol, incomplete alias lists. Give old and new package names the
same EXPORT and EXPORT_OK semantics. Back-patch to v10 (all supported
versions).
Reviewed by Andrew Dunstan.
Discussion: https://postgr.es/m/[email protected]
M src/test/perl/PostgreSQL/Test/Cluster.pm
M src/test/perl/PostgreSQL/Test/Utils.pm
M src/test/perl/PostgresNode.pm
M src/test/perl/TestLib.pm
Fix memory leak due to LogicalRepRelMapEntry.attrmap.
commit : d873b5a5a34069a316df77285b231b792aee1349
author : Amit Kapila <[email protected]>
date : Thu, 23 Jun 2022 08:26:56 +0530
committer: Amit Kapila <[email protected]>
date : Thu, 23 Jun 2022 08:26:56 +0530
When rebuilding the relation mapping on subscribers, we were not releasing
the attribute mapping's memory which was no longer required.
The attribute mapping used in logical tuple conversion was refactored in
PG13 (by commit e1551f96e6) but we forgot to update the related code that
frees the attribute map.
Author: Hou Zhijie
Reviewed-by: Amit Langote, Amit Kapila, Shi yu
Backpatch-through: 10, where it was introduced
Discussion: https://postgr.es/m/OSZPR01MB6310F46CD425A967E4AEF736FDA49@OSZPR01MB6310.jpnprd01.prod.outlook.com
M src/backend/replication/logical/relation.c
doc: improve wording of plpgsql RAISE format text
commit : 9c3e3d6bc07e2e0c651db23c1ce03a070854df75
author : Bruce Momjian <[email protected]>
date : Wed, 22 Jun 2022 16:59:53 -0400
committer: Bruce Momjian <[email protected]>
date : Wed, 22 Jun 2022 16:59:53 -0400
Reported-by: [email protected]
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 10
M doc/src/sgml/plpgsql.sgml
doc: clarify wording about phantom reads
commit : 4e594a42657e4a62ed34a03ea3aa2411e39efab8
author : Bruce Momjian <[email protected]>
date : Wed, 22 Jun 2022 14:33:26 -0400
committer: Bruce Momjian <[email protected]>
date : Wed, 22 Jun 2022 14:33:26 -0400
Reported-by: [email protected]
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 10
M doc/src/sgml/high-availability.sgml
M doc/src/sgml/mvcc.sgml
Avoid ecpglib core dump with out-of-order operations.
commit : 86258f083aad4e0900e912598790ffb0570bec17
author : Tom Lane <[email protected]>
date : Tue, 14 Jun 2022 18:16:46 -0400
committer: Tom Lane <[email protected]>
date : Tue, 14 Jun 2022 18:16:46 -0400
If an application executed operations like EXEC SQL PREPARE
without having first established a database connection, it could
get a core dump instead of the expected clean failure. This
occurred because we did "pthread_getspecific(actual_connection_key)"
without ever having initialized the TSD key actual_connection_key.
The results of that are probably platform-specific, but at least
on Linux it often leads to a crash.
To fix, add calls to ecpg_pthreads_init() in the code paths that
might use actual_connection_key uninitialized. It's harmless
(and hopefully inexpensive) to do that more than once.
Per bug #17514 from Okano Naoki. The problem's ancient, so
back-patch to all supported branches.
Discussion: https://postgr.es/m/[email protected]
M src/interfaces/ecpg/ecpglib/connect.c
Doc: clarify the default collation behavior of domains.
commit : e0047269a8c92e5af30eaa2c587e60ff21ec64fb
author : Tom Lane <[email protected]>
date : Tue, 14 Jun 2022 17:47:09 -0400
committer: Tom Lane <[email protected]>
date : Tue, 14 Jun 2022 17:47:09 -0400
The previous wording was "the underlying data type's default collation
is used", which is wrong or at least misleading. The domain inherits
the base type's collation behavior, which if "default" actually can
mean that we use some non-default collation obtained from elsewhere.
Per complaint from Jian He.
Discussion: https://postgr.es/m/CACJufxHMR8_4WooDPjjvEdaxB2hQ5a49qthci8fpKP0MKemVRQ@mail.gmail.com
M doc/src/sgml/ref/create_domain.sgml
Revert "Fix psql's single transaction mode on client-side errors with -c/-f switches".
commit : db713aa7fcbe2ad2a5dae7f76c309f70ec424ad7
author : Tom Lane <[email protected]>
date : Fri, 10 Jun 2022 16:34:25 -0400
committer: Tom Lane <[email protected]>
date : Fri, 10 Jun 2022 16:34:25 -0400
This reverts commits a04ccf6df et al. in the back branches only.
There was some disagreement already over whether to back-patch
157f8739a, on the grounds that it is the sort of behavioral
change that we don't like to back-patch. Furthermore, it now
looks like the logic needs some more work, which we don't have
time for before the upcoming 14.4 release. Revert for now, and
perhaps reconsider later.
Discussion: https://postgr.es/m/[email protected]
M doc/src/sgml/ref/psql-ref.sgml
M src/bin/psql/startup.c
Fix whitespace
commit : 59fb360c4883f849dfe8701670efc3dc122b1472
author : Peter Eisentraut <[email protected]>
date : Wed, 8 Jun 2022 13:23:17 +0200
committer: Peter Eisentraut <[email protected]>
date : Wed, 8 Jun 2022 13:23:17 +0200
M src/test/perl/PostgreSQL/Test/Cluster.pm
Fix off-by-one loop termination condition in pg_stat_get_subscription().
commit : fb646cbd5a9e83441744160f89d6ba01f2f0bf8b
author : Tom Lane <[email protected]>
date : Tue, 7 Jun 2022 15:34:30 -0400
committer: Tom Lane <[email protected]>
date : Tue, 7 Jun 2022 15:34:30 -0400
pg_stat_get_subscription scanned one more LogicalRepWorker array entry
than is really allocated. In the worst case this could lead to SIGSEGV,
if the LogicalRepCtx data structure is near the end of shared memory.
That seems quite unlikely though (thanks to the ordering of calls in
CreateSharedMemoryAndSemaphores) and we've heard no field reports of it.
A more likely misbehavior is one row of garbage data in the function's
result, but even that is not real likely because of the check that the
pid field matches some live backend.
Report and fix by Kuntal Ghosh. This bug is old, so back-patch
to all supported branches.
Discussion: https://postgr.es/m/CAGz5QCJykEDzW6jQK6Yz7Qh_PMtD=95de_7QoocbVR2Qy8hWZA@mail.gmail.com
M src/backend/replication/logical/launcher.c
Don't fail on libpq-generated error reports in ecpg_raise_backend().
commit : 89254606b61e36b82930c509326d46b72e003545
author : Tom Lane <[email protected]>
date : Mon, 6 Jun 2022 11:20:21 -0400
committer: Tom Lane <[email protected]>
date : Mon, 6 Jun 2022 11:20:21 -0400
An error PGresult generated by libpq itself, such as a report of
connection loss, won't have broken-down error fields.
ecpg_raise_backend() blithely assumed that PG_DIAG_MESSAGE_PRIMARY
would always be present, and would end up passing a NULL string
pointer to snprintf when it isn't. That would typically crash
before 3779ac62d, and it would fail to provide a useful error report
in any case. Best practice is to substitute PQerrorMessage(conn)
in such cases, so do that.
Per bug #17421 from Masayuki Hirose. Back-patch to all supported
branches.
Discussion: https://postgr.es/m/[email protected]
M src/interfaces/ecpg/ecpglib/error.c
Fix psql's single transaction mode on client-side errors with -c/-f switches
commit : c3df4d53ca4a7981a416cc404147e2151aa257c5
author : Michael Paquier <[email protected]>
date : Mon, 6 Jun 2022 11:07:39 +0900
committer: Michael Paquier <[email protected]>
date : Mon, 6 Jun 2022 11:07:39 +0900
psql --single-transaction is able to handle multiple -c and -f switches
in a single transaction since d5563d7d, but this had the surprising
behavior of forcing a transaction COMMIT even if psql failed with an
error in the client (for example incorrect path given to \copy), which
would generate an error, but still commit any changes that were already
applied in the backend. This commit makes the behavior more consistent,
by enforcing a transaction ROLLBACK if any commands fail, both
client-side and backend-side, so as no changes are applied if one error
happens in any of them.
Some tests are added on HEAD to provide some coverage about all that.
Backend-side errors are unreliable as IPC::Run can complain on SIGPIPE
if psql quits before reading a query result, but that should work
properly in the case where any errors come from psql itself, which is
what the original report is about.
Reported-by: Christoph Berg
Author: Kyotaro Horiguchi, Michael Paquier
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 10
M doc/src/sgml/ref/psql-ref.sgml
M src/bin/psql/startup.c
Doc: fix incorrect bit-reversal in example of macaddr formatting.
commit : 5033dbda9d53f1ede95ef9209911238eb3c51abf
author : Tom Lane <[email protected]>
date : Fri, 3 Jun 2022 11:51:37 -0400
committer: Tom Lane <[email protected]>
date : Fri, 3 Jun 2022 11:51:37 -0400
Will Mortensen (minor additional copy-editing by me)
Discussion: https://postgr.es/m/CAMpnoC5Y6jiZHSA82FG+e_AqkwMg-i94EYqs1C_9kXXFc3_3Yw@mail.gmail.com
M doc/src/sgml/datatype.sgml
Ignore heap rewrites for materialized views in logical replication.
commit : 37fd181d6dea9675181344ea9364ef6b66919aec
author : Amit Kapila <[email protected]>
date : Fri, 3 Jun 2022 08:15:00 +0530
committer: Amit Kapila <[email protected]>
date : Fri, 3 Jun 2022 08:15:00 +0530
If you have a publication that specifies FOR ALL TABLES clause, a REFRESH
MATERIALIZED VIEW can break your setup with the following message
ERROR: logical replication target relation "public.pg_temp_NNN" does not exist
Commit 1a499c2520 introduces a heuristic to skip table writes that look
like they are from a heap rewrite for a FOR ALL TABLES publication.
However, it forgot to exclude materialized views (heap rewrites occur when
you execute REFRESH MATERIALIZED VIEW). Since materialized views are not
supported in logical decoding, it is appropriate to filter them too.
As explained in the commit 1a499c2520, a more robust solution was included
in version 11 (commit 325f2ec555), hence only version 10 is affected.
Reported-by: Euler Taveira
Author: Euler Taveira
Reviewed-by: Amit Kapila
Discussion: https://postgr.es/m/[email protected]
M src/backend/replication/pgoutput/pgoutput.c
M src/test/subscription/t/006_rewrite.pl
Silence compiler warnings from some older compilers.
commit : c051180147760fbb56b38bad311b427e57ac8cab
author : Tom Lane <[email protected]>
date : Wed, 1 Jun 2022 17:21:45 -0400
committer: Tom Lane <[email protected]>
date : Wed, 1 Jun 2022 17:21:45 -0400
Since a117cebd6, some older gcc versions issue "variable may be used
uninitialized in this function" complaints for brin_summarize_range.
Silence that using the same coding pattern as in bt_index_check_internal;
arguably, a117cebd6 had too narrow a view of which compilers might give
trouble.
Nathan Bossart and Tom Lane. Back-patch as the previous commit was.
Discussion: https://postgr.es/m/20220601163537.GA2331988@nathanxps13
M contrib/amcheck/verify_nbtree.c
M src/backend/access/brin/brin.c
Fix pl/perl test case so it will still work under Perl 5.36.
commit : d5e1d5ed90d98335978a16e5210ff2209d9729b0
author : Tom Lane <[email protected]>
date : Wed, 1 Jun 2022 16:15:47 -0400
committer: Tom Lane <[email protected]>
date : Wed, 1 Jun 2022 16:15:47 -0400
Perl 5.36 has reclassified the warning condition that this test
case used, so that the expected error fails to appear. Tweak
the test so it instead exercises a case that's handled the same
way in all Perl versions of interest.
This appears to meet our standards for back-patching into
out-of-support branches: it changes no user-visible behavior
but enables testing of old branches with newer tools.
Hence, back-patch as far as 9.2.
Dagfinn Ilmari Mannsåker, per report from Jitka Plesníková.
Discussion: https://postgr.es/m/[email protected]
M src/pl/plperl/expected/plperl.out
M src/pl/plperl/sql/plperl.sql
Ensure ParseTzFile() closes the input file after failing.
commit : 2114910cae6ae3c623cd9b02ef79270cd5b0134e
author : Tom Lane <[email protected]>
date : Tue, 31 May 2022 14:47:44 -0400
committer: Tom Lane <[email protected]>
date : Tue, 31 May 2022 14:47:44 -0400
We hadn't noticed this because (a) few people feed invalid
timezone abbreviation files to the server, and (b) in typical
scenarios guc.c would throw ereport(ERROR) and then transaction
abort handling would silently clean up the leaked file reference.
However, it was possible to observe file leakage warnings if one
breaks an already-active abbreviation file, because guc.c does
not throw ERROR when loading supposedly-validated settings during
session start or SIGHUP processing.
Report and fix by Kyotaro Horiguchi (cosmetic adjustments by me)
Discussion: https://postgr.es/m/[email protected]
M src/backend/utils/misc/tzparser.c
Doc: fix mention of pg_dump's minimum supported server version.
commit : 9f3af6d18d92d6d3083ca438cfecb83c6d0ed01b
author : Tom Lane <[email protected]>
date : Tue, 31 May 2022 12:14:02 -0400
committer: Tom Lane <[email protected]>
date : Tue, 31 May 2022 12:14:02 -0400
runtime.sgml contains a passing reference to the minimum server
version that pg_dump[all] can dump from. That was 7.0 for many
years, but when 64f3524e2 raised it to 8.0, we missed updating this
bit. Then when 30e7c175b raised it to 9.2, we missed it again.
Given that track record, I'm not too hopeful that we'll remember
to fix this in future changes ... but for now, make the docs match
reality in each branch.
Noted by Daniel Westermann.
Discussion: https://postgr.es/m/GV0P278MB041917EB3E2FE8704B5AE2C6D2DC9@GV0P278MB0419.CHEP278.PROD.OUTLOOK.COM
M doc/src/sgml/runtime.sgml
doc: Reword description of roles able to view track_activities's info
commit : 2640579bfcb67072c97e16aef55186c0d0a73fe7
author : Michael Paquier <[email protected]>
date : Mon, 30 May 2022 10:51:41 +0900
committer: Michael Paquier <[email protected]>
date : Mon, 30 May 2022 10:51:41 +0900
The information generated when track_activities is accessible to
superusers, roles with the privileges of pg_read_all_stats, as well as
roles one has the privileges of. The original text did not outline the
last point, while the change done in ac1ae47 was unclear about the
second point.
Per discussion with Nathan Bossart.
Discussion: https://postgr.es/m/20220521185743.GA886636@nathanxps13
Backpatch-through: 10
M doc/src/sgml/config.sgml
Handle NULL for short descriptions of custom GUC variables
commit : 1b40ceea24e61b246a09f9ab42f8e82594a418df
author : Michael Paquier <[email protected]>
date : Sat, 28 May 2022 12:13:02 +0900
committer: Michael Paquier <[email protected]>
date : Sat, 28 May 2022 12:13:02 +0900
If a short description is specified as NULL in one of the various
DefineCustomXXXVariable() functions available to external modules to
define a custom parameter, SHOW ALL would crash. This change teaches
SHOW ALL to properly handle NULL short descriptions, as well as any code
paths that manipulate it, to gain in flexibility. Note that
help_config.c was already able to do that, when describing a set of GUCs
for postgres --describe-config.
Author: Steve Chavez
Reviewed by: Nathan Bossart, Andres Freund, Michael Paquier, Tom Lane
Discussion: https://postgr.es/m/CAGRrpzY6hO-Kmykna_XvsTv8P2DshGiU6G3j8yGao4mk0CqjHA%40mail.gmail.com
Backpatch-through: 10
M src/backend/utils/misc/guc.c
Remove misguided SSL key file ownership check in libpq.
commit : ef54a65762f02eaeb8b2b30414ace55b203bce01
author : Tom Lane <[email protected]>
date : Thu, 26 May 2022 14:14:05 -0400
committer: Tom Lane <[email protected]>
date : Thu, 26 May 2022 14:14:05 -0400
Commits a59c79564 et al. tried to sync libpq's SSL key file
permissions checks with what we've used for years in the backend.
We did not intend to create any new failure cases, but it turns out
we did: restricting the key file's ownership breaks cases where the
client is allowed to read a key file despite not having the identical
UID. In particular a client running as root used to be able to read
someone else's key file; and having seen that I suspect that there are
other, less-dubious use cases that this restriction breaks on some
platforms.
We don't really need an ownership check, since if we can read the key
file despite its having restricted permissions, it must have the right
ownership --- under normal conditions anyway, and the point of this
patch is that any additional corner cases where that works should be
deemed allowable, as they have been historically. Hence, just drop
the ownership check, and rearrange the permissions check to get rid
of its faulty assumption that geteuid() can't be zero. (Note that the
comparable backend-side code doesn't have to cater for geteuid() == 0,
since the server rejects that very early on.)
This does have the end result that the permissions safety check used
for a root user's private key file is weaker than that used for
anyone else's. While odd, root really ought to know what she's doing
with file permissions, so I think this is acceptable.
Per report from Yogendra Suralkar. Like the previous patch,
back-patch to all supported branches.
Discussion: https://postgr.es/m/MW3PR15MB3931DF96896DC36D21AFD47CA3D39@MW3PR15MB3931.namprd15.prod.outlook.com
M src/backend/libpq/be-secure-openssl.c
M src/interfaces/libpq/fe-secure-openssl.c
In CREATE FOREIGN TABLE syntax synopsis, fix partitioning stuff.
commit : d605eba0904b7c0cfe8c3d994df56fb9eaeb7989
author : Robert Haas <[email protected]>
date : Thu, 26 May 2022 12:55:06 -0400
committer: Robert Haas <[email protected]>
date : Thu, 26 May 2022 12:55:06 -0400
Foreign tables can be partitioned, but previous documentation commits
left the syntax synopsis both incomplete and incorrect.
Justin Pryzby and Amit Langote
Discussion: http://postgr.es/m/[email protected]
M doc/src/sgml/ref/create_foreign_table.sgml
Show 'AS "?column?"' explicitly when it's important.
commit : 7686403b43ca6ad8ae8e5c76273ec4826e2f2dce
author : Tom Lane <[email protected]>
date : Sat, 21 May 2022 14:45:58 -0400
committer: Tom Lane <[email protected]>
date : Sat, 21 May 2022 14:45:58 -0400
ruleutils.c was coded to suppress the AS label for a SELECT output
expression if the column name is "?column?", which is the parser's
fallback if it can't think of something better. This is fine, and
avoids ugly clutter, so long as (1) nothing further up in the parse
tree relies on that column name or (2) the same fallback would be
assigned when the rule or view definition is reloaded. Unfortunately
(2) is far from certain, both because ruleutils.c might print the
expression in a different form from how it was originally written
and because FigureColname's rules might change in future releases.
So we shouldn't rely on that.
Detecting exactly whether there is any outer-level use of a SELECT
column name would be rather expensive. This patch takes the simpler
approach of just passing down a flag indicating whether there *could*
be any outer use; for example, the output column names of a SubLink
are not referenceable, and we also do not care about the names exposed
by the right-hand side of a setop. This is sufficient to suppress
unwanted clutter in all but one case in the regression tests. That
seems like reasonable evidence that it won't be too much in users'
faces, while still fixing the cases we need to fix.
Per bug #17486 from Nicolas Lutic. This issue is ancient, so
back-patch to all supported branches.
Discussion: https://postgr.es/m/[email protected]
M src/backend/utils/adt/ruleutils.c
M src/test/regress/expected/matview.out
doc: Mention pg_read_all_stats in description of track_activities
commit : fc428feafbbd6ffd645f05d59af9c66d0d98bee5
author : Michael Paquier <[email protected]>
date : Sat, 21 May 2022 19:06:19 +0900
committer: Michael Paquier <[email protected]>
date : Sat, 21 May 2022 19:06:19 +0900
The description of track_activities mentioned that it is visible to
superusers and that the information related to the current session can
be seen, without telling about pg_read_all_stats. Roles that are
granted the privileges of pg_read_all_stats can also see this
information, so mention it in the docs.
Author: Ian Barwick
Reviewed-by: Nathan Bossart
Discussion: https://postgr.es/m/CAB8KJ=jhPyYFu-A5r-ZGP+Ax715mUKsMxAGcEQ9Cx_mBAmrPow@mail.gmail.com
Backpatch-through: 10
M doc/src/sgml/config.sgml
Fix mis-merge of result file
commit : 8c47622bb36972a95cf3789217bf33b2d18a00ce
author : Alvaro Herrera <[email protected]>
date : Fri, 20 May 2022 19:05:55 +0200
committer: Alvaro Herrera <[email protected]>
date : Fri, 20 May 2022 19:05:55 +0200
Failed to "git add" this file in this branch.
M src/test/regress/expected/event_trigger.out
Fix DDL deparse of CREATE OPERATOR CLASS
commit : 70f70d7d3f584dbc964348f82a3737ee66f4de01
author : Alvaro Herrera <[email protected]>
date : Fri, 20 May 2022 18:52:55 +0200
committer: Alvaro Herrera <[email protected]>
date : Fri, 20 May 2022 18:52:55 +0200
When an implicit operator family is created, it wasn't getting reported.
Make it do so.
This has always been missing. Backpatch to 10.
Author: Masahiko Sawada <[email protected]>
Reported-by: Leslie LEMAIRE <[email protected]>
Reviewed-by: Amit Kapila <[email protected]>
Reviewed-by: Michael Paquiër <[email protected]>
Discussion: https://postgr.es/m/[email protected]
M src/backend/commands/opclasscmds.c
M src/backend/tcop/utility.c
M src/test/modules/test_ddl_deparse/expected/opfamily.out
M src/test/regress/expected/event_trigger.out
M src/test/regress/sql/event_trigger.sql
Backpatch regression tests added by 2d689babe3cb
commit : fa51cc86c684e95070228e6829e2753900c6bc79
author : Alvaro Herrera <[email protected]>
date : Fri, 20 May 2022 17:52:16 +0200
committer: Alvaro Herrera <[email protected]>
date : Fri, 20 May 2022 17:52:16 +0200
A new plpgsql test function was added in 14 and up to cover for a bugfix
that was not backpatchable. We can add it to older versions as a way to
cover other bits of DDL event triggers, with an exception clause to
avoid the problematic corner case.
Originally authored by Michaël Paquier.
Backpatch: 10 through 13.
Discussion: https://postgr.es/m/[email protected]
M src/test/regress/expected/event_trigger.out
M src/test/regress/sql/event_trigger.sql
Doc: clarify location of libpq's default service file on Windows.
commit : b57e30c774bc75db67d936a019288d57f6869b1f
author : Tom Lane <[email protected]>
date : Thu, 19 May 2022 18:36:07 -0400
committer: Tom Lane <[email protected]>
date : Thu, 19 May 2022 18:36:07 -0400
The documentation didn't specify the name of the per-user service file
on Windows, and extrapolating from the pattern used for other config
files gave the wrong answer. The fact that it isn't consistent with the
others sure seems like a bug, but it's far too late to change that now;
we'd just penalize people who worked it out in the past. So, simply
document the true state of affairs.
In passing, fix some gratuitous differences between the discussions
of the service file and the password file.
Julien Rouhaud, per question from Dominique Devienne.
Backpatch to all supported branches. I (tgl) also chose to back-patch
the part of commit ba356a397 that touched libpq.sgml's description of
the service file --- in hindsight, I'm not sure why I didn't do so at
the time, as it includes some fairly essential information.
Discussion: https://postgr.es/m/CAFCRh-_mdLrh8eYVzhRzu4c8bAFEBn=rwoHOmFJcQOTsCy5nig@mail.gmail.com
M doc/src/sgml/libpq.sgml
Update xml_1.out and xml_2.out
commit : 29d11151875fb7b4c76ac7b03444dcd7b4a8597f
author : Alvaro Herrera <[email protected]>
date : Wed, 18 May 2022 23:19:53 +0200
committer: Alvaro Herrera <[email protected]>
date : Wed, 18 May 2022 23:19:53 +0200
Commit 0fbf01120023 should have updated them but didn't.
M src/test/regress/expected/xml_1.out
M src/test/regress/expected/xml_2.out
Check column list length in XMLTABLE/JSON_TABLE alias
commit : 16cb7db34f3c0a3b6e2973f6efbc6f2afa58c66a
author : Alvaro Herrera <[email protected]>
date : Wed, 18 May 2022 20:28:31 +0200
committer: Alvaro Herrera <[email protected]>
date : Wed, 18 May 2022 20:28:31 +0200
We weren't checking the length of the column list in the alias clause of
an XMLTABLE or JSON_TABLE function (a "tablefunc" RTE), and it was
possible to make the server crash by passing an overly long one. Fix it
by throwing an error in that case, like the other places that deal with
alias lists.
In passing, modify the equivalent test used for join RTEs to look like
the other ones, which was different for no apparent reason.
This bug came in when XMLTABLE was born in version 10; backpatch to all
stable versions.
Reported-by: Wang Ke <[email protected]>
Discussion: https://postgr.es/m/[email protected]
M src/backend/parser/parse_clause.c
M src/backend/parser/parse_relation.c
M src/test/regress/expected/int2.out
M src/test/regress/expected/join.out
M src/test/regress/expected/with.out
M src/test/regress/expected/xml.out
M src/test/regress/sql/int2.sql
M src/test/regress/sql/join.sql
M src/test/regress/sql/with.sql
M src/test/regress/sql/xml.sql
Fix control file update done in restartpoints still running after promotion
commit : 60e956eb825c5e0eb72c17556f8e60993100f8c5
author : Michael Paquier <[email protected]>
date : Mon, 16 May 2022 11:26:41 +0900
committer: Michael Paquier <[email protected]>
date : Mon, 16 May 2022 11:26:41 +0900
If a cluster is promoted (aka the control file shows a state different
than DB_IN_ARCHIVE_RECOVERY) while CreateRestartPoint() is still
processing, this function could miss an update of the control file for
"checkPoint" and "checkPointCopy" but still do the recycling and/or
removal of the past WAL segments, assuming that the to-be-updated LSN
values should be used as reference points for the cleanup. This causes
a follow-up restart attempting crash recovery to fail with a PANIC on a
missing checkpoint record if the end-of-recovery checkpoint triggered by
the promotion did not complete while the cluster abruptly stopped or
crashed before the completion of this checkpoint. The PANIC would be
caused by the redo LSN referred in the control file as located in a
segment already gone, recycled by the previous restartpoint with
"checkPoint" out-of-sync in the control file.
This commit fixes the update of the control file during restartpoints so
as "checkPoint" and "checkPointCopy" are updated even if the cluster has
been promoted while a restartpoint is running, to be on par with the set
of WAL segments actually recycled in the end of CreateRestartPoint().
7863ee4 has fixed this problem already on master, but the release timing
of the latest point versions did not let me enough time to study and fix
that on all the stable branches.
Reported-by: Fujii Masao, Rui Zhao
Author: Kyotaro Horiguchi
Reviewed-by: Nathan Bossart, Michael Paquier
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 10
M src/backend/access/transam/xlog.c
Make pull_var_clause() handle GroupingFuncs exactly like Aggrefs.
commit : b53442f6fe0f82cc7c2d1e7b15d52da79e6db295
author : Tom Lane <[email protected]>
date : Thu, 12 May 2022 11:31:46 -0400
committer: Tom Lane <[email protected]>
date : Thu, 12 May 2022 11:31:46 -0400
This follows in the footsteps of commit 2591ee8ec by removing one more
ill-advised shortcut from planning of GroupingFuncs. It's true that
we don't intend to execute the argument expression(s) at runtime, but
we still have to process any Vars appearing within them, or we risk
failure at setrefs.c time (or more fundamentally, in EXPLAIN trying
to print such an expression). Vars in upper plan nodes have to have
referents in the next plan level, whether we ever execute 'em or not.
Per bug #17479 from Michael J. Sullivan. Back-patch to all supported
branches.
Richard Guo
Discussion: https://postgr.es/m/[email protected]
M src/backend/optimizer/util/var.c
M src/test/regress/expected/groupingsets.out
M src/test/regress/sql/groupingsets.sql
Fix the logical replication timeout during large transactions.
commit : a4015ec0375da35e999e86696571ff354a8f706b
author : Amit Kapila <[email protected]>
date : Wed, 11 May 2022 10:01:35 +0530
committer: Amit Kapila <[email protected]>
date : Wed, 11 May 2022 10:01:35 +0530
The problem is that we don't send keep-alive messages for a long time
while processing large transactions during logical replication where we
don't send any data of such transactions. This can happen when the table
modified in the transaction is not published or because all the changes
got filtered. We do try to send the keep_alive if necessary at the end of
the transaction (via WalSndWriteData()) but by that time the
subscriber-side can timeout and exit.
To fix this we try to send the keepalive message if required after
processing certain threshold of changes.
Reported-by: Fabrice Chapuis
Author: Wang wei and Amit Kapila
Reviewed By: Masahiko Sawada, Euler Taveira, Hou Zhijie, Hayato Kuroda
Backpatch-through: 10
Discussion: https://postgr.es/m/CAA5-nLARN7-3SLU_QUxfy510pmrYK6JJb=bk3hcgemAM_pAv+w@mail.gmail.com
M src/backend/replication/logical/logical.c
M src/backend/replication/pgoutput/pgoutput.c
M src/backend/replication/walsender.c
M src/include/replication/logical.h
Improve setup of environment values for commands in MSVC's vcregress.pl
commit : 5951ad124845e1a81d6259e36e75989afff7eabd
author : Michael Paquier <[email protected]>
date : Wed, 11 May 2022 10:22:44 +0900
committer: Michael Paquier <[email protected]>
date : Wed, 11 May 2022 10:22:44 +0900
The current setup assumes that commands for lz4, zstd and gzip always
exist by default if not enforced by a user's environment. However,
vcpkg, as one example, installs libraries but no binaries, so this
default setup to assume that a command should always be present would
cause failures. This commit improves the detection of such external
commands as follows:
* If a ENV value is available, trust the environment/user and use it.
* If a ENV value is not available, check its execution by looking in the
current PATH, by launching a simple "$command --version" (that should be
portable enough).
** On execution failure, ignore ENV{command}.
** On execution success, set ENV{command} = "$command".
Note that this new rule applies to gzip, lz4 and zstd but not tar that
we assume will always exist. Those commands are set up in the
environment only when using bincheck and taptest. The CI includes all
those commands and I have checked that their setup is correct there. I
have also tested this change in a MSVC environment where we have none of
those commands.
While on it, remove the references to lz4 from the documentation and
vcregress.pl in ~v13. --with-lz4 has been added in v14~ so there is no
point to have this information in these older branches.
Reported-by: Andrew Dunstan
Reviewed-by: Andrew Dunstan
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 10
M doc/src/sgml/install-windows.sgml
M src/tools/msvc/vcregress.pl
configure: don't probe for libldap_r if libldap is 2.5 or newer.
commit : c61f36d9960664a044269f4dcb1a6ad42470a078
author : Tom Lane <[email protected]>
date : Tue, 10 May 2022 18:42:02 -0400
committer: Tom Lane <[email protected]>
date : Tue, 10 May 2022 18:42:02 -0400
In OpenLDAP 2.5 and later, libldap itself is always thread-safe and
there's never a libldap_r. Our existing coding dealt with that
by assuming it wouldn't find libldap_r if libldap is thread-safe.
But that rule fails to cope if there are multiple OpenLDAP versions
visible, as is likely to be the case on macOS in particular. We'd
end up using shiny new libldap in the backend and a hoary libldap_r
in libpq.
Instead, once we've found libldap, check if it's >= 2.5 (by
probing for a function introduced then) and don't bother looking
for libldap_r if so. While one can imagine library setups that
this'd still give the wrong answer for, they seem unlikely to
occur in practice.
Per report from Peter Eisentraut. Back-patch to all supported branches.
Discussion: https://postgr.es/m/[email protected]
M configure
M configure.in