PostgreSQL 11.16 commit log

Stamp 11.16.

commit   : 6ac9161f69829fe327e393bff83d5f390105a70f    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 17:20:11 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 17:20:11 -0400    

Click here for diff

M configure
M configure.in
M doc/bug.template
M src/include/pg_config.h.win32
M src/interfaces/libpq/libpq.rc.in
M src/port/win32ver.rc

Last-minute updates for release notes.

commit   : b5576e1b701c8d690ed1ea8d3c17d5df49de3d7c    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 14:29:53 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 14:29:53 -0400    

Click here for diff

Security: CVE-2022-1552  

M doc/src/sgml/release-11.sgml

Fix core dump in transformValuesClause when there are no columns.

commit   : 539f8c563ce70cecb1d45f026015162ca52c7306    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 14:15:37 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 14:15:37 -0400    

Click here for diff

The parser code that transformed VALUES from row-oriented to  
column-oriented lists failed if there were zero columns.  
You can't write that straightforwardly (though probably you  
should be able to), but the case can be reached by expanding  
a "tab.*" reference to a zero-column table.  
  
Per bug #17477 from Wang Ke.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/parser/analyze.c
M src/test/regress/expected/select.out
M src/test/regress/sql/select.sql

Revert "Disallow infinite endpoints in generate_series() for timestamps."

commit   : c0406fa768edd6b9e4bb543b04c871cd80f03934    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 11:02:37 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 9 May 2022 11:02:37 -0400    

Click here for diff

This reverts commit eafdf9de06e9b60168f5e47cedcfceecdc6d4b5f  
and its back-branch counterparts.  Corey Huinker pointed out that  
we'd discussed this exact change back in 2016 and rejected it,  
on the grounds that there's at least one usage pattern with LIMIT  
where an infinite endpoint can usefully be used.  Perhaps that  
argument needs to be re-litigated, but there's no time left before  
our back-branch releases.  To keep our options open, restore the  
status quo ante; if we do end up deciding to change things, waiting  
one more quarter won't hurt anything.  
  
Rather than just doing a straight revert, I added a new test case  
demonstrating the usage with LIMIT.  That'll at least remind us of  
the issue if we forget again.  
  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/CADkLM=dzw0Pvdqp5yWKxMd+VmNkAMhG=4ku7GnCZxebWnzmz3Q@mail.gmail.com  

M src/backend/utils/adt/timestamp.c
M src/test/regress/expected/timestamp.out
M src/test/regress/expected/timestamptz.out
M src/test/regress/sql/timestamp.sql
M src/test/regress/sql/timestamptz.sql

In REFRESH MATERIALIZED VIEW, set user ID before running user code.

commit   : 34ff15660b4f752e3941d661c3896fd96b1571f9    
  
author   : Noah Misch <[email protected]>    
date     : Mon, 9 May 2022 08:35:08 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Mon, 9 May 2022 08:35:08 -0700    

Click here for diff

It intended to, but did not, achieve this.  Adopt the new standard of  
setting user ID just after locking the relation.  Back-patch to v10 (all  
supported versions).  
  
Reviewed by Simon Riggs.  Reported by Alvaro Herrera.  
  
Security: CVE-2022-1552  

M src/backend/commands/matview.c
M src/test/regress/expected/privileges.out
M src/test/regress/sql/privileges.sql

Make relation-enumerating operations be security-restricted operations.

commit   : 48ca2904c11d4293ec0bed1625259b2e4ef550cc    
  
author   : Noah Misch <[email protected]>    
date     : Mon, 9 May 2022 08:35:08 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Mon, 9 May 2022 08:35:08 -0700    

Click here for diff

When a feature enumerates relations and runs functions associated with  
all found relations, the feature's user shall not need to trust every  
user having permission to create objects.  BRIN-specific functionality  
in autovacuum neglected to account for this, as did pg_amcheck and  
CLUSTER.  An attacker having permission to create non-temp objects in at  
least one schema could execute arbitrary SQL functions under the  
identity of the bootstrap superuser.  CREATE INDEX (not a  
relation-enumerating operation) and REINDEX protected themselves too  
late.  This change extends to the non-enumerating amcheck interface.  
Back-patch to v10 (all supported versions).  
  
Sergey Shinderuk, reviewed (in earlier versions) by Alexander Lakhin.  
Reported by Alexander Lakhin.  
  
Security: CVE-2022-1552  

M contrib/amcheck/expected/check_btree.out
M contrib/amcheck/sql/check_btree.sql
M contrib/amcheck/verify_nbtree.c
M src/backend/access/brin/brin.c
M src/backend/catalog/index.c
M src/backend/commands/cluster.c
M src/backend/commands/indexcmds.c
M src/backend/utils/init/miscinit.c
M src/test/regress/expected/privileges.out
M src/test/regress/sql/privileges.sql

Translation updates

commit   : d8ab73f3ba92b633954870d862234ca20b64753b    
  
author   : Peter Eisentraut <[email protected]>    
date     : Mon, 9 May 2022 12:27:34 +0200    
  
committer: Peter Eisentraut <[email protected]>    
date     : Mon, 9 May 2022 12:27:34 +0200    

Click here for diff

Source-Git-URL: https://git.postgresql.org/git/pgtranslation/messages.git  
Source-Git-Hash: a148941910171cea2b5391c98cdd90c5cd980d93  

M src/backend/po/de.po
M src/backend/po/fr.po
M src/backend/po/ru.po
M src/backend/po/sv.po
M src/bin/initdb/po/ru.po
M src/bin/initdb/po/sv.po
M src/bin/pg_archivecleanup/po/sv.po
M src/bin/pg_basebackup/po/sv.po
M src/bin/pg_config/po/ru.po
M src/bin/pg_config/po/sv.po
M src/bin/pg_controldata/po/sv.po
M src/bin/pg_ctl/po/ru.po
M src/bin/pg_ctl/po/sv.po
M src/bin/pg_dump/po/ru.po
M src/bin/pg_dump/po/sv.po
M src/bin/pg_resetwal/po/sv.po
M src/bin/pg_rewind/po/de.po
M src/bin/pg_rewind/po/fr.po
M src/bin/pg_rewind/po/ru.po
M src/bin/pg_rewind/po/sv.po
M src/bin/pg_test_fsync/po/sv.po
M src/bin/pg_test_timing/po/sv.po
M src/bin/pg_upgrade/po/sv.po
M src/bin/pg_verify_checksums/po/sv.po
M src/bin/pg_waldump/po/ru.po
M src/bin/pg_waldump/po/sv.po
M src/bin/psql/po/ru.po
M src/bin/psql/po/sv.po
M src/bin/scripts/po/ru.po
M src/bin/scripts/po/sv.po
M src/interfaces/ecpg/ecpglib/po/sv.po
M src/interfaces/ecpg/preproc/po/sv.po
M src/interfaces/libpq/po/de.po
M src/interfaces/libpq/po/fr.po
M src/interfaces/libpq/po/ru.po
M src/interfaces/libpq/po/sv.po
M src/pl/plperl/po/ru.po
M src/pl/plperl/po/sv.po
M src/pl/plpgsql/src/po/sv.po
M src/pl/plpython/po/sv.po
M src/pl/tcl/po/sv.po

Disable 031_recovery_conflict.pl until after minor releases.

commit   : 4caa29414d6088d6729775057b6ff96b9fa8a57a    
  
author   : Andres Freund <[email protected]>    
date     : Sun, 8 May 2022 17:59:30 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Sun, 8 May 2022 17:59:30 -0700    

Click here for diff

f40d362a667 disabled part of 031_recovery_conflict.pl due to instability  
that's not trivial to fix in the back branches. That fixed most of the  
issues. But there was one more failure (on lapwing / REL_10_STABLE).  
  
That failure looks like it might be caused by a genuine problem. Disable the  
test until after the set of releases, to avoid packagers etc potentially  
having to fight with a test failure they can't do anything about.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-14  

M src/test/recovery/t/031_recovery_conflict.pl

Release notes for 14.3, 13.7, 12.11, 11.16, 10.21.

commit   : 0f171506a5510c69c52ea3b809a2c53aa2c8bae6    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 8 May 2022 12:36:38 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 8 May 2022 12:36:38 -0400    

Click here for diff

M doc/src/sgml/release-11.sgml

Fix back-patch of "Under has_wal_read_bug, skip .../001_wal.pl."

commit   : 0371d6c6a1f428d166673c2c4fd4b63245781c34    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 7 May 2022 09:12:56 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 7 May 2022 09:12:56 -0700    

Click here for diff

Per buildfarm members tadarida, snapper, and kittiwake.  Back-patch to  
v10 (all supported versions).  

M contrib/bloom/t/001_wal.pl

Under has_wal_read_bug, skip contrib/bloom/t/001_wal.pl.

commit   : 8fa3386431a7bd11fbc37142999b2125e45e4531    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 7 May 2022 00:33:15 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 7 May 2022 00:33:15 -0700    

Click here for diff

Per buildfarm members snapper and kittiwake.  Back-patch to v10 (all  
supported versions).  
  
Discussion: https://postgr.es/m/[email protected]  

M contrib/bloom/t/001_wal.pl

Temporarily skip recovery deadlock test in back branches.

commit   : fb965ab0f64198c7b97fd83e125860a0b4b944d7    
  
author   : Andres Freund <[email protected]>    
date     : Fri, 6 May 2022 09:01:08 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Fri, 6 May 2022 09:01:08 -0700    

Click here for diff

The recovery deadlock test has a timing issue that was fixed in 5136967f1eb in  
HEAD. Unfortunately the same fix doesn't quite work in the back branches: 1)  
adjust_conf() doesn't exist, which is easy enough to work around 2) a restart  
cleares the recovery conflict stats < 15.  
  
These issues can be worked around, but given the upcoming set of minor  
releases, skip the problematic test for now. The buildfarm doesn't show  
failures in other parts of 031_recovery_conflict.pl.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-14  

M src/test/recovery/t/031_recovery_conflict.pl

Backpatch addition of pump_until() more completely.

commit   : 47f47a8d47386805ed458e9d4a39bbc28ff30f7e    
  
author   : Andres Freund <[email protected]>    
date     : Fri, 6 May 2022 08:39:14 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Fri, 6 May 2022 08:39:14 -0700    

Click here for diff

In a2ab9c06ea1 I just backpatched the introduction of pump_until(), without  
changing the existing local definitions (as 6da65a3f9a9). The necessary  
changes seemed more verbose than desirable. However, that leads to warnings,  
as I failed to realize...  
  
Backpatch to all versions containing pump_until() calls before  
f74496dd611 (there's none in 10).  
  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 11-14  

M src/test/recovery/t/013_crash_restart.pl

Update time zone data files to tzdata release 2022a.

commit   : da72ff09b6d433883fdf6de87099301b2205a5f6    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 5 May 2022 14:54:53 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 5 May 2022 14:54:53 -0400    

Click here for diff

DST law changes in Palestine.  Historical corrections for  
Chile and Ukraine.  

M src/timezone/data/tzdata.zi

Revert "Fix timing issue in deadlock recovery conflict test."

commit   : 8b9991cf07c0d98018b506b7aa47580a14db6a95    
  
author   : Andres Freund <[email protected]>    
date     : Wed, 4 May 2022 14:15:36 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Wed, 4 May 2022 14:15:36 -0700    

Click here for diff

This reverts commit 7a1267f9fe74c8ab7bab08e58dfdb965fafc6e11.  

M src/test/recovery/t/031_recovery_conflict.pl

Fix timing issue in deadlock recovery conflict test.

commit   : 7a1267f9fe74c8ab7bab08e58dfdb965fafc6e11    
  
author   : Andres Freund <[email protected]>    
date     : Wed, 4 May 2022 12:50:38 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Wed, 4 May 2022 12:50:38 -0700    

Click here for diff

Per buildfarm members longfin and skink.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-  

M src/test/recovery/t/031_recovery_conflict.pl

Backpatch 031_recovery_conflict.pl.

commit   : 25d5494e284104b626fdf9005117eb53ebd30df1    
  
author   : Andres Freund <[email protected]>    
date     : Mon, 2 May 2022 18:29:35 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Mon, 2 May 2022 18:29:35 -0700    

Click here for diff

The prior commit showed that the introduction of recovery conflict tests was a  
good idea. Without these tests it's hard to know that the fix didn't break  
something...  
  
031_recovery_conflict.pl was introduced in 9f8a050f68d and extended in  
21e184403bf.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-14  

A src/test/recovery/t/031_recovery_conflict.pl

Fix possibility of self-deadlock in ResolveRecoveryConflictWithBufferPin().

commit   : 9cda785b4ea35f1bc6ae61945b31dc1e09b5aec5    
  
author   : Andres Freund <[email protected]>    
date     : Mon, 2 May 2022 18:25:00 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Mon, 2 May 2022 18:25:00 -0700    

Click here for diff

The tests added in 9f8a050f68d failed nearly reliably on FreeBSD in CI, and  
occasionally on the buildfarm. That turns out to be caused not by a bug in the  
test, but by a longstanding bug in recovery conflict handling.  
  
The standby timeout handler, used by ResolveRecoveryConflictWithBufferPin(),  
executed SendRecoveryConflictWithBufferPin() inside a signal handler. A bad  
idea, because the deadlock timeout handler (or a spurious latch set) could  
have interrupted ProcWaitForSignal(). If unlucky that could cause a  
self-deadlock on ProcArrayLock, if the deadlock check is in  
SendRecoveryConflictWithBufferPin()->CancelDBBackends().  
  
To fix, set a flag in StandbyTimeoutHandler(), and check the flag in  
ResolveRecoveryConflictWithBufferPin().  
  
Subsequently the recovery conflict tests will be backpatched.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-  

M src/backend/storage/ipc/standby.c

Backpatch addition of wait_for_log(), pump_until().

commit   : 2adb8debe5aa30caee9810a987f264c4f1515395    
  
author   : Andres Freund <[email protected]>    
date     : Mon, 2 May 2022 18:09:44 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Mon, 2 May 2022 18:09:44 -0700    

Click here for diff

These were originally introduced in a2ab9c06ea1 and a2ab9c06ea1, as they are  
needed by a about-to-be-backpatched test.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-14  

M src/test/perl/PostgreSQL/Test/Utils.pm
M src/test/perl/PostgresNode.pm
M src/test/perl/TestLib.pm

Fix typo in comment.

commit   : 1dd49df7834ceccc61fae2801e246e793e08b5ad    
  
author   : Etsuro Fujita <[email protected]>    
date     : Mon, 2 May 2022 16:45:07 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Mon, 2 May 2022 16:45:07 +0900    

Click here for diff

M src/backend/storage/ipc/latch.c

Inhibit mingw CRT's auto-globbing of command line arguments

commit   : b90ce0dd74994816b0e1fbcf1224d9809c1ee7e6    
  
author   : Andrew Dunstan <[email protected]>    
date     : Mon, 25 Apr 2022 15:02:13 -0400    
  
committer: Andrew Dunstan <[email protected]>    
date     : Mon, 25 Apr 2022 15:02:13 -0400    

Click here for diff

For some reason by default the mingw C Runtime takes it upon itself to  
expand program arguments that look like shell globbing characters. That  
has caused much scratching of heads and mis-attribution of the causes of  
some TAP test failures, so stop doing that.  
  
This removes an inconsistency with Windows binaries built with MSVC,  
which have no such behaviour.  
  
Per suggestion from Noah Misch.  
  
Backpatch to all live branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/common/exec.c

Support new perl module namespace in stable branches

commit   : 8b910d94234bd751398890a478336aee214e530b    
  
author   : Andrew Dunstan <[email protected]>    
date     : Thu, 21 Apr 2022 09:28:47 -0400    
  
committer: Andrew Dunstan <[email protected]>    
date     : Thu, 21 Apr 2022 09:28:47 -0400    

Click here for diff

Commit b3b4d8e68a moved our perl test modules to a better namespace  
structure, but this has made life hard for people wishing to backpatch  
improvements in the TAP tests. Here we alleviate much of that difficulty  
by implementing the new module names on top of the old modules, mostly  
by using a little perl typeglob aliasing magic, so that we don't have a  
dual maintenance burden. This should work both for the case where a new  
test is backpatched and the case where a fix to an existing test that  
uses the new namespace is backpatched.  
  
Reviewed by Michael Paquier  
  
Per complaint from Andres Freund  
  
Discussion: https://postgr.es/m/[email protected]  
  
Applied to branches 10 through 14  

A src/test/perl/PostgreSQL/Test/Cluster.pm
A src/test/perl/PostgreSQL/Test/Utils.pm
M src/test/perl/PostgresNode.pm
M src/test/perl/TestLib.pm

Fix CLUSTER tuplesorts on abbreviated expressions.

commit   : adb2d84fc2d60de45ba936bfbcadb7d56048c30c    
  
author   : Peter Geoghegan <[email protected]>    
date     : Wed, 20 Apr 2022 17:17:35 -0700    
  
committer: Peter Geoghegan <[email protected]>    
date     : Wed, 20 Apr 2022 17:17:35 -0700    

Click here for diff

CLUSTER sort won't use the datum1 SortTuple field when clustering  
against an index whose leading key is an expression.  This makes it  
unsafe to use the abbreviated keys optimization, which was missed by the  
logic that sets up SortSupport state.  Affected tuplesorts output tuples  
in a completely bogus order as a result (the wrong SortSupport based  
comparator was used for the leading attribute).  
  
This issue is similar to the bug fixed on the master branch by recent  
commit cc58eecc5d.  But it's a far older issue, that dates back to the  
introduction of the abbreviated keys optimization by commit 4ea51cdfe8.  
  
Backpatch to all supported versions.  
  
Author: Peter Geoghegan <[email protected]>  
Author: Thomas Munro <[email protected]>  
Discussion: https://postgr.es/m/CA+hUKG+bA+bmwD36_oDxAoLrCwZjVtST2fqe=b4=qZcmU7u89A@mail.gmail.com  
Backpatch: 10-  

M src/backend/utils/sort/tuplesort.c
M src/test/regress/expected/cluster.out
M src/test/regress/sql/cluster.sql

Disallow infinite endpoints in generate_series() for timestamps.

commit   : e7adbd282dbf9bd53f9bafc1fbb866cbe546af52    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 20 Apr 2022 18:08:15 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 20 Apr 2022 18:08:15 -0400    

Click here for diff

Such cases will lead to infinite loops, so they're of no practical  
value.  The numeric variant of generate_series() already threw error  
for this, so borrow its message wording.  
  
Per report from Richard Wesley.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/utils/adt/timestamp.c
M src/test/regress/expected/timestamp.out
M src/test/regress/expected/timestamptz.out
M src/test/regress/sql/timestamp.sql
M src/test/regress/sql/timestamptz.sql

Fix breakage in AlterFunction().

commit   : 9130f8cbb91954f7a40de70c014c01b552df31da    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 19 Apr 2022 23:03:59 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 19 Apr 2022 23:03:59 -0400    

Click here for diff

An ALTER FUNCTION command that tried to update both the function's  
proparallel property and its proconfig list failed to do the former,  
because it stored the new proparallel value into a tuple that was  
no longer the interesting one.  Carelessness in 7aea8e4f2.  
  
(I did not bother with a regression test, because the only likely  
future breakage would be for someone to ignore the comment I added  
and add some other field update after the heap_modify_tuple step.  
A test using existing function properties could not catch that.)  
  
Per report from Bryn Llewellyn.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/commands/functioncmds.c

Fix the check to limit sync workers.

commit   : a90de822e4834f046b6c640e8a0ea40cd4ddde25    
  
author   : Amit Kapila <[email protected]>    
date     : Tue, 19 Apr 2022 09:29:34 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Tue, 19 Apr 2022 09:29:34 +0530    

Click here for diff

We don't allow to invoke more sync workers once we have reached the sync  
worker limit per subscription. But the check to enforce this also doesn't  
allow to launch an apply worker if it gets restarted.  
  
This code was introduced by commit de43897122 but we caught the problem  
only with the test added by recent commit c91f71b9dc which started failing  
occasionally in the buildfarm.  
  
As per buildfarm.  
Diagnosed-by: Amit Kapila, Masahiko Sawada, Tomas Vondra  
Author: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/CAH2L28vddB_NFdRVpuyRBJEBWjz4BSyTB=_ektNRH8NJ1jf95g@mail.gmail.com  
	    https://postgr.es/m/[email protected]  

M src/backend/replication/logical/launcher.c

Avoid invalid array reference in transformAlterTableStmt().

commit   : 20af44693c45768d466a056566361fac0dd185e1    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 18 Apr 2022 12:16:45 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 18 Apr 2022 12:16:45 -0400    

Click here for diff

Don't try to look at the attidentity field of system attributes,  
because they're not there in the TupleDescAttr array.  Sometimes  
this is harmless because we accidentally pick up a zero, but  
otherwise we'll report "no owned sequence found" from an attempt  
to alter a system attribute.  (It seems possible that a SIGSEGV  
could occur, too, though I've not seen it in testing.)  
  
It's not in this function's charter to complain that you can't  
alter a system column, so instead just hard-wire an assumption  
that system attributes aren't identities.  I didn't bother with  
a regression test because the appearance of the bug is very  
erratic.  
  
Per bug #17465 from Roman Zharkov.  Back-patch to all supported  
branches.  (There's not actually a live bug before v12, because  
before that get_attidentity() did the right thing anyway.  
But for consistency I changed the test in the older branches too.)  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/parser/parse_utilcmd.c

Fix race in TAP test 002_archiving.pl when restoring history file

commit   : 4751a13b63de90c68ad0c4fdf746ea61e1a43d5e    
  
author   : Michael Paquier <[email protected]>    
date     : Mon, 18 Apr 2022 11:40:25 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Mon, 18 Apr 2022 11:40:25 +0900    

Click here for diff

This test, introduced in df86e52, uses a second standby to check that  
it is able to remove correctly RECOVERYHISTORY and RECOVERYXLOG at the  
end of recovery.  This standby uses the archives of the primary to  
restore its contents, with some of the archive's contents coming from  
the first standby previously promoted.  In slow environments, it was  
possible that the test did not check what it should, as the history file  
generated by the promotion of the first standby may not be stored yet on  
the archives the second standby feeds on.  So, it could be possible that  
the second standby selects an incorrect timeline, without restoring a  
history file at all.  
  
This commits adds a wait phase to make sure that the history file  
required by the second standby is archived before this cluster is  
created.  This relies on poll_query_until() with pg_stat_file() and an  
absolute path, something not supported in REL_10_STABLE.  
  
While on it, this adds a new test to check that the history file has  
been restored by looking at the logs of the second standby.  This  
ensures that a RECOVERYHISTORY, whose removal needs to be checked,  
is created in the first place.  This should make the test more robust.  
  
This test has been introduced by df86e52, but it came in light as an  
effect of the bug fixed by acf1dd42, where the extra restore_command  
calls made the test much slower.  
  
Reported-by: Andres Freund  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 11  

M src/test/recovery/t/002_archiving.pl

Add a temp-install prerequisite to src/interfaces/ecpg "checktcp".

commit   : d9f4348d470eced8053b5a94a8c99a8543a638b2    
  
author   : Noah Misch <[email protected]>    
date     : Sat, 16 Apr 2022 17:43:54 -0700    
  
committer: Noah Misch <[email protected]>    
date     : Sat, 16 Apr 2022 17:43:54 -0700    

Click here for diff

The target failed, tested $PATH binaries, or tested a stale temporary  
installation.  Commit c66b438db62748000700c9b90b585e756dd54141 missed  
this.  Back-patch to v10 (all supported versions).  

M src/interfaces/ecpg/Makefile

Rethink the delay-checkpoint-end mechanism in the back-branches.

commit   : 6270ee4450404225daad44b53d4a067026f97162    
  
author   : Robert Haas <[email protected]>    
date     : Thu, 14 Apr 2022 11:10:16 -0400    
  
committer: Robert Haas <[email protected]>    
date     : Thu, 14 Apr 2022 11:10:16 -0400    

Click here for diff

The back-patch of commit bbace5697df12398e87ffd9879171c39d27f5b33 had  
the unfortunate effect of changing the layout of PGPROC in the  
back-branches, which could break extensions. This happened because it  
changed the delayChkpt from type bool to type int. So, change it back,  
and add a new bool delayChkptEnd field instead. The new field should  
fall within what used to be padding space within the struct, and so  
hopefully won't cause any extensions to break.  
  
Per report from Markus Wanner and discussion with Tom Lane and others.  
  
Patch originally by me, somewhat revised by Markus Wanner per a  
suggestion from Michael Paquier. A very similar patch was developed  
by Kyotaro Horiguchi, but I failed to see the email in which that was  
posted before writing one of my own.  
  
Discussion: http://postgr.es/m/CA+Tgmoao-kUD9c5nG5sub3F7tbo39+cdr8jKaOVEs_1aBWcJ3Q@mail.gmail.com  
Discussion: http://postgr.es/m/[email protected]  

M src/backend/access/transam/multixact.c
M src/backend/access/transam/twophase.c
M src/backend/access/transam/xact.c
M src/backend/access/transam/xlog.c
M src/backend/access/transam/xloginsert.c
M src/backend/catalog/storage.c
M src/backend/storage/buffer/bufmgr.c
M src/backend/storage/ipc/procarray.c
M src/include/storage/proc.h
M src/include/storage/procarray.h

pageinspect: Fix handling of all-zero pages

commit   : 79fed072ba5f96a8136053d20c8d74e0d59fe0e3    
  
author   : Michael Paquier <[email protected]>    
date     : Thu, 14 Apr 2022 15:09:42 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Thu, 14 Apr 2022 15:09:42 +0900    

Click here for diff

Getting from get_raw_page() an all-zero page is considered as a valid  
case by the buffer manager and it can happen for example when finding a  
corrupted page with zero_damaged_pages enabled (using zero_damaged_pages  
to look at corrupted pages happens), or after a crash when a relation  
file is extended before any WAL for its new data is generated (before a  
vacuum or autovacuum job comes in to do some cleanup).  
  
However, all the functions of pageinspect, as of the index AMs (except  
hash that has its own idea of new pages), heap, the FSM or the page  
header have never worked with all-zero pages, causing various crashes  
when going through the page internals.  
  
This commit changes all the pageinspect functions to be compliant with  
all-zero pages, where the choice is made to return NULL or no rows for  
SRFs when finding a new page.  get_raw_page() still works the same way,  
returning a batch of zeros in the bytea of the page retrieved.  A hard  
error could be used but NULL, while more invasive, is useful when  
scanning relation files in full to get a batch of results for a single  
relation in one query.  Tests are added for all the code paths  
impacted.  
  
Reported-by: Daria Lepikhova  
Author: Michael Paquier  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 10  

M contrib/pageinspect/brinfuncs.c
M contrib/pageinspect/btreefuncs.c
M contrib/pageinspect/expected/brin.out
M contrib/pageinspect/expected/btree.out
M contrib/pageinspect/expected/gin.out
M contrib/pageinspect/expected/hash.out
M contrib/pageinspect/expected/page.out
M contrib/pageinspect/fsmfuncs.c
M contrib/pageinspect/ginfuncs.c
M contrib/pageinspect/rawpage.c
M contrib/pageinspect/sql/brin.sql
M contrib/pageinspect/sql/btree.sql
M contrib/pageinspect/sql/gin.sql
M contrib/pageinspect/sql/hash.sql
M contrib/pageinspect/sql/page.sql

Doc: tweak textsearch.sgml for SEO purposes.

commit   : d53f689f8f750a3dd8e85bb26ee881892e3e2921    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 12 Apr 2022 18:21:04 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 12 Apr 2022 18:21:04 -0400    

Click here for diff

Google seems to like to return textsearch.html for queries about  
GIN and GiST indexes, even though it's not a primary reference  
for either.  It seems likely that that's because those keywords  
appear in the page title.  Since "GIN and GiST Index Types" is  
not a very apposite title for this material anyway, rename the  
section in hopes of stopping that.  
  
Also provide explicit links to the GIN and GiST chapters, to help  
anyone who finds their way to this page regardless.  
  
Per gripe from Jan Piotrowski.  Back-patch to supported branches.  
(Unfortunately Google is likely to continue returning the 9.1  
version of this page, but improving that situation is a matter  
for the www team.)  
  
Discussion: https://postgr.es/m/[email protected]  

M doc/src/sgml/textsearch.sgml

Fix postgres_fdw to check shippability of sort clauses properly.

commit   : b9eb0412ffb839e70e81820b6405db71d3f1966f    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 31 Mar 2022 14:29:24 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 31 Mar 2022 14:29:24 -0400    

Click here for diff

postgres_fdw would push ORDER BY clauses to the remote side without  
verifying that the sort operator is safe to ship.  Moreover, it failed  
to print a suitable USING clause if the sort operator isn't default  
for the sort expression's type.  The net result of this is that the  
remote sort might not have anywhere near the semantics we expect,  
which'd be disastrous for locally-performed merge joins in particular.  
  
We addressed similar issues in the context of ORDER BY within an  
aggregate function call in commit 7012b132d, but failed to notice  
that query-level ORDER BY was broken.  Thus, much of the necessary  
logic already existed, but it requires refactoring to be usable  
in both cases.  
  
Back-patch to all supported branches.  In HEAD only, remove the  
core code's copy of find_em_expr_for_rel, which is no longer used  
and really should never have been pushed into equivclass.c in the  
first place.  
  
Ronan Dunklau, per report from David Rowley;  
reviews by David Rowley, Ranier Vilela, and myself  
  
Discussion: https://postgr.es/m/CAApHDvr4OeC2DBVY--zVP83-K=bYrTD7F8SZDhN4g+pj2f2S-A@mail.gmail.com  

M contrib/postgres_fdw/deparse.c
M contrib/postgres_fdw/expected/postgres_fdw.out
M contrib/postgres_fdw/postgres_fdw.c
M contrib/postgres_fdw/postgres_fdw.h
M contrib/postgres_fdw/sql/postgres_fdw.sql

Add missing newline in one libpq error message.

commit   : 143043191b2fa892c547f6fefc243ec54769f5e8    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 31 Mar 2022 11:24:26 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 31 Mar 2022 11:24:26 -0400    

Click here for diff

Oversight in commit a59c79564.  Back-patch, as that was.  
Noted by Peter Eisentraut.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/interfaces/libpq/fe-secure-openssl.c

doc: Fix typo in ANALYZE documentation

commit   : a5d4a3850fa879cb4c78732ce2f83e446778f885    
  
author   : Daniel Gustafsson <[email protected]>    
date     : Thu, 31 Mar 2022 12:03:33 +0200    
  
committer: Daniel Gustafsson <[email protected]>    
date     : Thu, 31 Mar 2022 12:03:33 +0200    

Click here for diff

Commit 61fa6ca79b3 accidentally wrote constrast instead of contrast.  
  
Backpatch-through: 10  
Discussion: https://postgr.es/m/[email protected]  

M doc/src/sgml/ref/analyze.sgml

Fix typo in comment.

commit   : 166f143869c98492a41288bf8175521cd9ce7c24    
  
author   : Etsuro Fujita <[email protected]>    
date     : Wed, 30 Mar 2022 19:00:07 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Wed, 30 Mar 2022 19:00:07 +0900    

Click here for diff

M src/backend/commands/copy.c

Document autoanalyze limitations for partitioned tables

commit   : 0fc2455edbda035df87bbb1ea2091eb87f94bb99    
  
author   : Tomas Vondra <[email protected]>    
date     : Mon, 28 Mar 2022 14:27:36 +0200    
  
committer: Tomas Vondra <[email protected]>    
date     : Mon, 28 Mar 2022 14:27:36 +0200    

Click here for diff

When dealing with partitioned tables, counters for partitioned tables  
are not updated when modifying child tables. This means autoanalyze may  
not update optimizer statistics for the parent relations, which can  
result in poor plans for some queries.  
  
It's worth documenting this limitation, so that people are aware of it  
and can take steps to mitigate it (e.g. by setting up a script executing  
ANALYZE regularly).  
  
Backpatch to v10. Older branches are affected too, of couse, but we no  
longer maintain those.  
  
Author: Justin Pryzby  
Reviewed-by: Zhihong Yu, Tomas Vondra  
Backpatch-through: 10  
Discussion: https://postgr.es/m/20210913035409.GA10647%40telsasoft.com  

M doc/src/sgml/maintenance.sgml
M doc/src/sgml/ref/analyze.sgml

waldump: fix use-after-free in search_directory().

commit   : 7d935bdf7af71aaa1654366b9fd051581660326a    
  
author   : Andres Freund <[email protected]>    
date     : Wed, 23 Mar 2022 16:38:43 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Wed, 23 Mar 2022 16:38:43 -0700    

Click here for diff

After closedir() dirent->d_name is not valid anymore. As there alerady are a  
few places relying on the limited lifetime of pg_waldump, do so here as well,  
and just pg_strdup() the string.  
  
The bug was introduced in fc49e24fa69a.  
  
Found by UBSan, run locally.  
  
Backpatch: 11-, like fc49e24fa69 itself.  

M src/bin/pg_waldump/pg_waldump.c

pageinspect: Add more sanity checks to prevent out-of-bound reads

commit   : 1a2fdf86aae82e96713a0bfbe7e750d35667d692    
  
author   : Michael Paquier <[email protected]>    
date     : Sun, 27 Mar 2022 17:54:03 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Sun, 27 Mar 2022 17:54:03 +0900    

Click here for diff

A couple of code paths use the special area on the page passed by the  
function caller, expecting to find some data in it.  However, feeding  
an incorrect page can lead to out-of-bound reads when trying to access  
the page special area (like a heap page that has no special area,  
leading PageGetSpecialPointer() to grab a pointer outside the allocated  
page).  
  
The functions used for hash and btree indexes have some protection  
already against that, while some other functions using a relation OID  
as argument would make sure that the access method involved is correct,  
but functions taking in input a raw page without knowing the relation  
the page is attached to would run into problems.  
  
This commit improves the set of checks used in the code paths of BRIN,  
btree (including one check if a leaf page is found with a non-zero  
level), GIN and GiST to verify that the page given in input has a  
special area size that fits with each access method, which is done  
though PageGetSpecialSize(), becore calling PageGetSpecialPointer().  
  
The scope of the checks done is limited to work with pages that one  
would pass after getting a block with get_raw_page(), as it is possible  
to craft byteas that could bypass existing code paths.  Having too many  
checks would also impact the usability of pageinspect, as the existing  
code is very useful to look at the content details in a corrupted page,  
so the focus is really to avoid out-of-bound reads as this is never a  
good thing even with functions whose execution is limited to  
superusers.  
  
The safest approach could be to rework the functions so as these fetch a  
block using a relation OID and a block number, but there are also cases  
where using a raw page is useful.  
  
Tests are added to cover all the code paths that needed such checks, and  
an error message for hash indexes is reworded to fit better with what  
this commit adds.  
  
Reported-By: Alexander Lakhin  
Author: Julien Rouhaud, Michael Paquier  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 10  

M contrib/pageinspect/brinfuncs.c
M contrib/pageinspect/btreefuncs.c
M contrib/pageinspect/expected/brin.out
M contrib/pageinspect/expected/btree.out
M contrib/pageinspect/expected/gin.out
M contrib/pageinspect/expected/hash.out
M contrib/pageinspect/ginfuncs.c
M contrib/pageinspect/hashfuncs.c
M contrib/pageinspect/sql/brin.sql
M contrib/pageinspect/sql/btree.sql
M contrib/pageinspect/sql/gin.sql
M contrib/pageinspect/sql/hash.sql

Suppress compiler warning in relptr_store().

commit   : a2a1aa830a1ccf6991c59a64c6f2b873f3c2c727    
  
author   : Tom Lane <[email protected]>    
date     : Sat, 26 Mar 2022 14:29:29 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sat, 26 Mar 2022 14:29:29 -0400    

Click here for diff

clang 13 with -Wextra warns that "performing pointer subtraction with  
a null pointer has undefined behavior" in the places where freepage.c  
tries to set a relptr variable to constant NULL.  This appears to be  
a compiler bug, but it's unlikely to get fixed instantly.  Fortunately,  
we can work around it by introducing an inline support function, which  
seems like a good change anyway because it removes the macro's existing  
double-evaluation hazard.  
  
Backpatch to v10 where this code was introduced.  
  
Patch by me, based on an idea of Andres Freund's.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/include/utils/relptr.h

Harden TAP tests that intentionally corrupt page checksums.

commit   : 3d263b09058a6ea90ed0f6143fafbb92892c7ba8    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 25 Mar 2022 14:23:26 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 25 Mar 2022 14:23:26 -0400    

Click here for diff

The previous method for doing that was to write zeroes into a  
predetermined set of page locations.  However, there's a roughly  
1-in-64K chance that the existing checksum will match by chance,  
and yesterday several buildfarm animals started to reproducibly  
see that, resulting in test failures because no checksum mismatch  
was reported.  
  
Since the checksum includes the page LSN, test success depends on  
the length of the installation's WAL history, which is affected by  
(at least) the initial catalog contents, the set of locales installed  
on the system, and the length of the pathname of the test directory.  
Sooner or later we were going to hit a chance match, and today is  
that day.  
  
Harden these tests by specifically inverting the checksum field and  
leaving all else alone, thereby guaranteeing that the checksum is  
incorrect.  
  
In passing, fix places that were using seek() to set up for syswrite(),  
a combination that the Perl docs very explicitly warn against.  We've  
probably escaped problems because no regular buffered I/O is done on  
these filehandles; but if it ever breaks, we wouldn't deserve or get  
much sympathy.  
  
Although we've only seen problems in HEAD, now that we recognize the  
environmental dependencies it seems like it might be just a matter  
of time until someone manages to hit this in back-branch testing.  
Hence, back-patch to v11 where we started doing this kind of test.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/bin/pg_basebackup/t/010_pg_basebackup.pl
M src/test/perl/PostgresNode.pm

Fix possible recovery trouble if TRUNCATE overlaps a checkpoint.

commit   : 118f1a332b0094a04264c2aedc428c826ac24b7f    
  
author   : Robert Haas <[email protected]>    
date     : Thu, 24 Mar 2022 14:49:08 -0400    
  
committer: Robert Haas <[email protected]>    
date     : Thu, 24 Mar 2022 14:49:08 -0400    

Click here for diff

If TRUNCATE causes some buffers to be invalidated and thus the  
checkpoint does not flush them, TRUNCATE must also ensure that the  
corresponding files are truncated on disk. Otherwise, a replay  
from the checkpoint might find that the buffers exist but have  
the wrong contents, which may cause replay to fail.  
  
Report by Teja Mupparti. Patch by Kyotaro Horiguchi, per a design  
suggestion from Heikki Linnakangas, with some changes to the  
comments by me. Review of this and a prior patch that approached  
the issue differently by Heikki Linnakangas, Andres Freund, Álvaro  
Herrera, Masahiko Sawada, and Tom Lane.  
  
Discussion: http://postgr.es/m/BYAPR06MB6373BF50B469CA393C614257ABF00@BYAPR06MB6373.namprd06.prod.outlook.com  

M src/backend/access/transam/multixact.c
M src/backend/access/transam/twophase.c
M src/backend/access/transam/xact.c
M src/backend/access/transam/xlog.c
M src/backend/access/transam/xloginsert.c
M src/backend/catalog/storage.c
M src/backend/storage/buffer/bufmgr.c
M src/backend/storage/ipc/procarray.c
M src/backend/storage/lmgr/proc.c
M src/include/storage/proc.h
M src/include/storage/procarray.h

Don't call fwrite() with len == 0 when writing out relcache init file.

commit   : 2121d58091a3d6b53299d774f318cbdfb96076be    
  
author   : Andres Freund <[email protected]>    
date     : Wed, 23 Mar 2022 13:05:25 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Wed, 23 Mar 2022 13:05:25 -0700    

Click here for diff

Noticed via -fsanitize=undefined.  
  
Backpatch to all branches, for the same reasons as 46ab07ffda9.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-  

M src/backend/utils/cache/relcache.c

configure: check for dlsym instead of dlopen.

commit   : a77dddb42e0916f8c0962b758668d49e8fd81cc8    
  
author   : Andres Freund <[email protected]>    
date     : Wed, 23 Mar 2022 12:43:14 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Wed, 23 Mar 2022 12:43:14 -0700    

Click here for diff

When building with sanitizers the sanitizer library provides dlopen, but not  
dlsym(), making configure think that -ldl isn't needed. Just checking for  
dlsym() ought to suffice, hard to see dlsym() being provided without dlopen()  
also being provided.  
  
Backpatch to all branches, for the same reasons as 46ab07ffda9.  
  
Reviewed-By: Tom Lane <[email protected]>  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 10-  

M configure
M configure.in

pg_upgrade: Upgrade an Assert to a real 'if' test

commit   : efe44fb2f685032ab73ec99cd39712a1ad458c3c    
  
author   : Alvaro Herrera <[email protected]>    
date     : Wed, 23 Mar 2022 19:23:51 +0100    
  
committer: Alvaro Herrera <[email protected]>    
date     : Wed, 23 Mar 2022 19:23:51 +0100    

Click here for diff

It seems possible for the condition being tested to be true in  
production, and nobody would never know (except when some data  
eventually becomes corrupt?).  
  
Author: Álvaro Herrera <[email protected]>  
Discussion: https://postgr.es/m//[email protected]  

M src/bin/pg_rewind/parsexlog.c

Fix "missing continuation record" after standby promotion

commit   : 199cd7b59a16cb5b5de54ad7d9c1eea129e03833    
  
author   : Alvaro Herrera <[email protected]>    
date     : Wed, 23 Mar 2022 18:22:10 +0100    
  
committer: Alvaro Herrera <[email protected]>    
date     : Wed, 23 Mar 2022 18:22:10 +0100    

Click here for diff

Invalidate abortedRecPtr and missingContrecPtr after a missing  
continuation record is successfully skipped on a standby. This fixes a  
PANIC caused when a recently promoted standby attempts to write an  
OVERWRITE_RECORD with an LSN of the previously read aborted record.  
  
Backpatch to 10 (all stable versions).  
  
Author: Sami Imseih <[email protected]>  
Reviewed-by: Kyotaro Horiguchi <[email protected]>  
Reviewed-by: Álvaro Herrera <[email protected]>  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/access/transam/xlog.c
M src/test/recovery/t/026_overwrite_contrecord.pl

Add missing dependency of pg_dumpall to WIN32RES.

commit   : cd1951ba0820005efc801bc5a1bcb46e957feda1    
  
author   : Andres Freund <[email protected]>    
date     : Tue, 22 Mar 2022 08:22:02 -0700    
  
committer: Andres Freund <[email protected]>    
date     : Tue, 22 Mar 2022 08:22:02 -0700    

Click here for diff

When cross-building to windows, or building with mingw on windows, the build  
could fail with  
  x86_64-w64-mingw32-gcc: error: win32ver.o: No such file or director  
because pg_dumpall didn't depend on WIN32RES, but it's recipe references  
it. The build nevertheless succeeded most of the time, due to  
pg_dump/pg_restore having the required dependency, causing win32ver.o to be  
built.  
  
Reported-By: Thomas Munro <[email protected]>  
Discussion: https://postgr.es/m/CA+hUKGJeekpUPWW6yCVdf9=oBAcCp86RrBivo4Y4cwazAzGPng@mail.gmail.com  
Backpatch: 10-, omission present on all live branches  

M src/bin/pg_dump/Makefile

Fix failures in SSL tests caused by out-of-tree keys and certificates

commit   : 635abe6cd4d59d73085ecdf79066af73d047edf2    
  
author   : Michael Paquier <[email protected]>    
date     : Tue, 22 Mar 2022 13:21:54 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Tue, 22 Mar 2022 13:21:54 +0900    

Click here for diff

This issue is environment-sensitive, where the SSL tests could fail in  
various way by feeding on defaults provided by sslcert, sslkey,  
sslrootkey, sslrootcert, sslcrl and sslcrldir coming from a local setup,  
as of ~/.postgresql/ by default.  Horiguchi-san has reported two  
failures, but more advanced testing from me (aka inclusion of garbage  
SSL configuration in ~/.postgresql/ for all the configuration  
parameters) has showed dozens of failures that can be triggered in the  
whole test suite.  
  
History has showed that we are not good when it comes to address such  
issues, fixing them locally like in dd87799, and such problems keep  
appearing.  This commit strengthens the entire test suite to put an end  
to this set of problems by embedding invalid default values in all the  
connection strings used in the tests.  The invalid values are prefixed  
in each connection string, relying on the follow-up values passed in the  
connection string to enforce any invalid value previously set.  Note  
that two tests related to CRLs are required to fail with certain pre-set  
configurations, but we can rely on enforcing an empty value instead  
after the invalid set of values.  
  
Reported-by: Kyotaro Horiguchi  
Reviewed-by: Andrew Dunstan, Daniel Gustafsson, Kyotaro Horiguchi  
Discussion: https://postgr.es/m/[email protected]  
backpatch-through: 10  

M src/test/ssl/t/001_ssltests.pl
M src/test/ssl/t/002_scram.pl

Fix assorted missing logic for GroupingFunc nodes.

commit   : 5de244196a5b56640189582aa41ac74592d1dd09    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 21 Mar 2022 17:44:29 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 21 Mar 2022 17:44:29 -0400    

Click here for diff

The planner needs to treat GroupingFunc like Aggref for many purposes,  
in particular with respect to processing of the argument expressions,  
which are not to be evaluated at runtime.  A few places hadn't gotten  
that memo, notably including subselect.c's processing of outer-level  
aggregates.  This resulted in assertion failures or wrong plans for  
cases in which a GROUPING() construct references an outer aggregation  
level.  
  
Also fix missing special cases for GroupingFunc in cost_qual_eval  
(resulting in wrong cost estimates for GROUPING(), although it's  
not clear that that would affect plan shapes in practice) and in  
ruleutils.c (resulting in excess parentheses in pretty-print mode).  
  
Per bug #17088 from Yaoguang Chen.  Back-patch to all supported  
branches.  
  
Richard Guo, Tom Lane  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/nodes/nodeFuncs.c
M src/backend/optimizer/path/costsize.c
M src/backend/optimizer/plan/subselect.c
M src/backend/utils/adt/ruleutils.c
M src/test/regress/expected/groupingsets.out
M src/test/regress/sql/groupingsets.sql

Fix risk of deadlock failure while dropping a partitioned index.

commit   : b8ae17fd9fdfae825a5a3d4fe78fc2af09d015bd    
  
author   : Tom Lane <[email protected]>    
date     : Mon, 21 Mar 2022 12:22:13 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Mon, 21 Mar 2022 12:22:13 -0400    

Click here for diff

DROP INDEX needs to lock the index's table before the index itself,  
else it will deadlock against ordinary queries that acquire the  
relation locks in that order.  This is correctly mechanized for  
plain indexes by RangeVarCallbackForDropRelation; but in the case of  
a partitioned index, we neglected to lock the child tables in advance  
of locking the child indexes.  We can fix that by traversing the  
inheritance tree and acquiring the needed locks in RemoveRelations,  
after we have acquired our locks on the parent partitioned table and  
index.  
  
While at it, do some refactoring to eliminate confusion between  
the actual and expected relkind in RangeVarCallbackForDropRelation.  
We can save a couple of syscache lookups too, by having that function  
pass back info that RemoveRelations will need.  
  
Back-patch to v11 where partitioned indexes were added.  
  
Jimmy Yih, Gaurab Dey, Tom Lane  
  
Discussion: https://postgr.es/m/BYAPR05MB645402330042E17D91A70C12BD5F9@BYAPR05MB6454.namprd05.prod.outlook.com  

M src/backend/commands/tablecmds.c
A src/test/isolation/expected/partition-drop-index-locking.out
M src/test/isolation/isolation_schedule
A src/test/isolation/specs/partition-drop-index-locking.spec

Doc: fix our example systemd script.

commit   : f693e9964010cce8f1bd0fca3453b09add68593c    
  
author   : Tom Lane <[email protected]>    
date     : Sun, 20 Mar 2022 12:39:40 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Sun, 20 Mar 2022 12:39:40 -0400    

Click here for diff

The example used "TimeoutSec=0", but systemd's documented way to get  
the desired effect is "TimeoutSec=infinity".  
  
Discussion: https://postgr.es/m/[email protected]  

M doc/src/sgml/runtime.sgml

doc: Mention SET TABLESPACE clause for ALTER MATERIALIZED VIEW

commit   : b68929d6e6a394ccc6dda771281d446961e466a1    
  
author   : Michael Paquier <[email protected]>    
date     : Sat, 19 Mar 2022 16:37:57 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Sat, 19 Mar 2022 16:37:57 +0900    

Click here for diff

This command flavor is supported, but there was nothing in the  
documentation about it.  
  
Author: Yugo Nagata  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 10  

M doc/src/sgml/ref/alter_materialized_view.sgml

Fix incorrect xmlschema output for types timetz and timestamptz.

commit   : 84f3ecdaae8333d4e4815f34726fd07e46c3e3d4    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 18 Mar 2022 16:01:42 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 18 Mar 2022 16:01:42 -0400    

Click here for diff

The output of table_to_xmlschema() and allied functions includes  
a regex describing valid values for these types ... but the regex  
was itself invalid, as it failed to escape a literal "+" sign.  
  
Report and fix by Renan Soares Lopes.  Back-patch to all  
supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/utils/adt/xml.c
M src/test/regress/expected/xmlmap.out
M src/test/regress/expected/xmlmap_1.out
M src/test/regress/sql/xmlmap.sql

Revert applying column aliases to the output of whole-row Vars.

commit   : 13b54d1e0dde3fff2772e7f776dbd111444511ce    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 17 Mar 2022 18:18:05 -0400    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 17 Mar 2022 18:18:05 -0400    

Click here for diff

In commit bf7ca1587, I had the bright idea that we could make the  
result of a whole-row Var (that is, foo.*) track any column aliases  
that had been applied to the FROM entry the Var refers to.  However,  
that's not terribly logically consistent, because now the output of  
the Var is no longer of the named composite type that the Var claims  
to emit.  bf7ca1587 tried to handle that by changing the output  
tuple values to be labeled with a blessed RECORD type, but that's  
really pretty disastrous: we can wind up storing such tuples onto  
disk, whereupon they're not readable by other sessions.  
  
The only practical fix I can see is to give up on what bf7ca1587  
tried to do, and say that the column names of tuples produced by  
a whole-row Var are always those of the underlying named composite  
type, query aliases or no.  While this introduces some inconsistencies,  
it removes others, so it's not that awful in the abstract.  What *is*  
kind of awful is to make such a behavioral change in a back-patched  
bug fix.  But corrupt data is worse, so back-patched it will be.  
  
(A workaround available to anyone who's unhappy about this is to  
introduce an extra level of sub-SELECT, so that the whole-row Var is  
referring to the sub-SELECT's output and not to a named table type.  
Then the Var is of type RECORD to begin with and there's no issue.)  
  
Per report from Miles Delahunty.  The faulty commit dates to 9.5,  
so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/executor/execExpr.c
M src/backend/executor/execExprInterp.c
M src/backend/executor/execTuples.c
M src/test/regress/expected/rowtypes.out
M src/test/regress/sql/rowtypes.sql

Fix race between DROP TABLESPACE and checkpointing.

commit   : ca522c60a5db8fe12179fd0a6bb4663b0c09c936    
  
author   : Thomas Munro <[email protected]>    
date     : Wed, 16 Mar 2022 17:20:24 +1300    
  
committer: Thomas Munro <[email protected]>    
date     : Wed, 16 Mar 2022 17:20:24 +1300    

Click here for diff

Commands like ALTER TABLE SET TABLESPACE may leave files for the next  
checkpoint to clean up.  If such files are not removed by the time DROP  
TABLESPACE is called, we request a checkpoint so that they are deleted.  
However, there is presently a window before checkpoint start where new  
unlink requests won't be scheduled until the following checkpoint.  This  
means that the checkpoint forced by DROP TABLESPACE might not remove the  
files we expect it to remove, and the following ERROR will be emitted:  
  
	ERROR:  tablespace "mytblspc" is not empty  
  
To fix, add a call to AbsorbSyncRequests() just before advancing the  
unlink cycle counter.  This ensures that any unlink requests forwarded  
prior to checkpoint start (i.e., when ckpt_started is incremented) will  
be processed by the current checkpoint.  Since AbsorbSyncRequests()  
performs memory allocations, it cannot be called within a critical  
section, so we also need to move SyncPreCheckpoint() to before  
CreateCheckPoint()'s critical section.  
  
This is an old bug, so back-patch to all supported versions.  
  
Author: Nathan Bossart <[email protected]>  
Reported-by: Nathan Bossart <[email protected]>  
Reviewed-by: Thomas Munro <[email protected]>  
Reviewed-by: Andres Freund <[email protected]>  
Discussion: https://postgr.es/m/20220215235845.GA2665318%40nathanxps13  

M src/backend/access/transam/xlog.c
M src/backend/storage/smgr/md.c

pageinspect: Fix memory context allocation of page in brin_revmap_data()

commit   : 09c97746d00065ff5c62d157b8f95d1659850059    
  
author   : Michael Paquier <[email protected]>    
date     : Wed, 16 Mar 2022 12:30:02 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Wed, 16 Mar 2022 12:30:02 +0900    

Click here for diff

This caused the function to fail, as the aligned copy of the raw page  
given by the function caller was not saved in the correct memory  
context, which needs to be multi_call_memory_ctx in this case.  
  
Issue introduced by 076f4d9.  
  
Per buildfarm members sifika, mylodon and longfin.  I have reproduced  
that locally with macos.  
  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 10  

M contrib/pageinspect/brinfuncs.c

pageinspect: Fix handling of page sizes and AM types

commit   : 2389ee8dd800b7e95eb6ee8238e67db88c60d996    
  
author   : Michael Paquier <[email protected]>    
date     : Wed, 16 Mar 2022 11:20:57 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Wed, 16 Mar 2022 11:20:57 +0900    

Click here for diff

This commit fixes a set of issues related to the use of the SQL  
functions in this module when the caller is able to pass down raw page  
data as input argument:  
- The page size check was fuzzy in a couple of places, sometimes  
looking after only a sub-range, but what we are looking for is an exact  
match on BLCKSZ.  After considering a few options here, I have settled  
down to do a generalization of get_page_from_raw().  Most of the SQL  
functions already used that, and this is not strictly required if not  
accessing an 8-byte-wide value from a raw page, but this feels safer in  
the long run for alignment-picky environment, particularly if a code  
path begins to access such values.  This also reduces the number of  
strings that need to be translated.  
- The BRIN function brin_page_items() uses a Relation but it did not  
check the access method of the opened index, potentially leading to  
crashes.  All the other functions in need of a Relation already did  
that.  
- Some code paths could fail on elog(), but we should to use ereport()  
for failures that can be triggered by the user.  
  
Tests are added to stress all the cases that are fixed as of this  
commit, with some junk raw pages (\set VERBOSITY ensures that this works  
across all page sizes) and unexpected index types when functions open  
relations.  
  
Author: Michael Paquier, Justin Prysby  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 10  

M contrib/pageinspect/brinfuncs.c
M contrib/pageinspect/btreefuncs.c
M contrib/pageinspect/expected/brin.out
M contrib/pageinspect/expected/btree.out
M contrib/pageinspect/expected/gin.out
M contrib/pageinspect/expected/hash.out
M contrib/pageinspect/expected/page.out
M contrib/pageinspect/fsmfuncs.c
M contrib/pageinspect/hashfuncs.c
M contrib/pageinspect/rawpage.c
M contrib/pageinspect/sql/brin.sql
M contrib/pageinspect/sql/btree.sql
M contrib/pageinspect/sql/gin.sql
M contrib/pageinspect/sql/hash.sql
M contrib/pageinspect/sql/page.sql

Back-patch LLVM 14 API changes.

commit   : 986d24042bb96aba1a486e78c2c0517e4b0ad65b    
  
author   : Thomas Munro <[email protected]>    
date     : Wed, 16 Mar 2022 11:35:00 +1300    
  
committer: Thomas Munro <[email protected]>    
date     : Wed, 16 Mar 2022 11:35:00 +1300    

Click here for diff

Since LLVM 14 has stopped changing and is about to be released,  
back-patch the following changes from the master branch:  
  
  e6a7600202105919bffd62b3dfd941f4a94e082b  
  807fee1a39de6bb8184082012e643951abb9ad1d  
  a56e7b66010f330782243de9e25ac2a6596be0e1  
  
Back-patch to 11, where LLVM JIT support came in.  

M src/backend/jit/llvm/Makefile
M src/backend/jit/llvm/llvmjit_error.cpp
M src/backend/jit/llvm/llvmjit_inline.cpp

doc: Add ALTER/DROP ROUTINE to the event trigger matrix

commit   : 789c83b27bbe618b87d60e40dbddae500eee4f26    
  
author   : Michael Paquier <[email protected]>    
date     : Wed, 9 Mar 2022 14:59:30 +0900    
  
committer: Michael Paquier <[email protected]>    
date     : Wed, 9 Mar 2022 14:59:30 +0900    

Click here for diff

ALTER ROUTINE triggers the events ddl_command_start and ddl_command_end,  
and DROP ROUTINE triggers sql_drop, ddl_command_start and  
ddl_command_end, but this was not mention on the matrix table.  
  
Reported-by: Leslie Lemaire  
Discussion: https://postgr.es/m/[email protected]  
Backpatch-through: 11  

M doc/src/sgml/event-trigger.sgml

Introduce PG_TEST_TIMEOUT_DEFAULT for TAP suite non-elapsing timeouts.

commit   : 49e8a5d3998196105949eeb6dfd3c6e994282e31    
  
author   : Noah Misch <[email protected]>    
date     : Fri, 4 Mar 2022 18:53:13 -0800    
  
committer: Noah Misch <[email protected]>    
date     : Fri, 4 Mar 2022 18:53:13 -0800    

Click here for diff

Slow hosts may avoid load-induced, spurious failures by setting  
environment variable PG_TEST_TIMEOUT_DEFAULT to some number of seconds  
greater than 180.  Developers may see faster failures by setting that  
environment variable to some lesser number of seconds.  In tests, write  
$PostgreSQL::Test::Utils::timeout_default wherever the convention has  
been to write 180.  This change raises the default for some briefer  
timeouts.  Back-patch to v10 (all supported versions).  
  
Discussion: https://postgr.es/m/[email protected]  

M src/bin/pg_dump/t/002_pg_dump.pl
M src/bin/pgbench/t/022_cic.pl
M src/bin/pgbench/t/023_cic_2pc.pl
M src/bin/scripts/t/080_pg_isready.pl
M src/test/perl/PostgresNode.pm
M src/test/perl/TestLib.pm
M src/test/recovery/t/006_logical_decoding.pl
M src/test/recovery/t/010_logical_decoding_timelines.pl
M src/test/recovery/t/013_crash_restart.pl
M src/test/recovery/t/017_shm.pl

Fix bogus casting in BlockIdGetBlockNumber().

commit   : 566e1c04df5238464f0c953d9bf09682092a880f    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 3 Mar 2022 19:03:17 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 3 Mar 2022 19:03:17 -0500    

Click here for diff

This macro cast the result to BlockNumber after shifting, not before,  
which is the wrong thing.  Per the C spec, the uint16 fields would  
promote to int not unsigned int, so that (for 32-bit int) the shift  
potentially shifts a nonzero bit into the sign position.  I doubt  
there are any production systems where this would actually end with  
the wrong answer, but it is undefined behavior per the C spec, and  
clang's -fsanitize=undefined option reputedly warns about it on some  
platforms.  (I can't reproduce that right now, but the code is  
undeniably wrong per spec.)  It's easy to fix by casting to  
BlockNumber (uint32) in the proper places.  
  
It's been wrong for ages, so back-patch to all supported branches.  
  
Report and patch by Zhihong Yu (cosmetic tweaking by me)  
  
Discussion: https://postgr.es/m/CALNJ-vT9r0DSsAOw9OXVJFxLENoVS_68kJ5x0p44atoYH+H4dg@mail.gmail.com  

M src/include/storage/block.h

Clean up assorted failures under clang's -fsanitize=undefined checks.

commit   : f2087e26ebf15fe9ac59d0b485e1a5e4a8493e07    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 3 Mar 2022 18:13:24 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 3 Mar 2022 18:13:24 -0500    

Click here for diff

Most of these are cases where we could call memcpy() or other libc  
functions with a NULL pointer and a zero count, which is forbidden  
by POSIX even though every production version of libc allows it.  
We've fixed such things before in a piecemeal way, but apparently  
never made an effort to try to get them all.  I don't claim that  
this patch does so either, but it gets every failure I observe in  
check-world, using clang 12.0.1 on current RHEL8.  
  
numeric.c has a different issue that the sanitizer doesn't like:  
"ln(-1.0)" will compute log10(0) and then try to assign the  
resulting -Inf to an integer variable.  We don't actually use the  
result in such a case, so there's no live bug.  
  
Back-patch to all supported branches, with the idea that we might  
start running a buildfarm member that tests this case.  This includes  
back-patching c1132aae3 (Check the size in COPY_POINTER_FIELD),  
which previously silenced some of these issues in copyfuncs.c.  
  
Discussion: https://postgr.es/m/CALNJ-vT9r0DSsAOw9OXVJFxLENoVS_68kJ5x0p44atoYH+H4dg@mail.gmail.com  

M contrib/pgcrypto/px.c
M src/backend/access/heap/heapam.c
M src/backend/access/transam/clog.c
M src/backend/access/transam/xact.c
M src/backend/nodes/copyfuncs.c
M src/backend/storage/ipc/shm_mq.c
M src/backend/utils/adt/numeric.c
M src/backend/utils/time/snapmgr.c
M src/backend/utils/time/tqual.c
M src/fe_utils/print.c

Allow root-owned SSL private keys in libpq, not only the backend.

commit   : 5bb3d91ea9269dfe8a7f429fe68e1148384f1cbf    
  
author   : Tom Lane <[email protected]>    
date     : Wed, 2 Mar 2022 11:57:02 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Wed, 2 Mar 2022 11:57:02 -0500    

Click here for diff

This change makes libpq apply the same private-key-file ownership  
and permissions checks that we have used in the backend since commit  
9a83564c5.  Namely, that the private key can be owned by either the  
current user or root (with different file permissions allowed in the  
two cases).  This allows system-wide management of key files, which  
is just as sensible on the client side as the server, particularly  
when the client is itself some application daemon.  
  
Sync the comments about this between libpq and the backend, too.  
  
Back-patch of a59c79564 and 50f03473e into all supported branches.  
  
David Steele  
  
Discussion: https://postgr.es/m/[email protected]  

M doc/src/sgml/libpq.sgml
M src/backend/libpq/be-secure-common.c
M src/interfaces/libpq/fe-secure-openssl.c

Disallow execution of SPI functions during plperl function compilation.

commit   : 31befa6be620122afd95c6a64bc313efe6e1ceea    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 25 Feb 2022 17:40:21 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 25 Feb 2022 17:40:21 -0500    

Click here for diff

Perl can be convinced to execute user-defined code during compilation  
of a plperl function (or at least a plperlu function).  That's not  
such a big problem as long as the activity is confined within the  
Perl interpreter, and it's not clear we could do anything about that  
anyway.  However, if such code tries to use plperl's SPI functions,  
we have a bigger problem.  In the first place, those functions are  
likely to crash because current_call_data->prodesc isn't set up yet.  
In the second place, because it isn't set up, we lack critical info  
such as whether the function is supposed to be read-only.  And in  
the third place, this path allows code execution during function  
validation, which is strongly discouraged because of the potential  
for security exploits.  Hence, reject execution of the SPI functions  
until compilation is finished.  
  
While here, add check_spi_usage_allowed() calls to various functions  
that hadn't gotten the memo about checking that.  I think that perhaps  
plperl_sv_to_literal may have been intentionally omitted on the grounds  
that it was safe at the time; but if so, the addition of transforms  
functionality changed that.  The others are more recently added and  
seem to be flat-out oversights.  
  
Per report from Mark Murawski.  Back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/pl/plperl/plperl.c

pg_waldump: Fix error message for WAL files smaller than XLOG_BLCKSZ.

commit   : 51c34165614bde5d44a356ba5f1f4f79d8893103    
  
author   : Andres Freund <[email protected]>    
date     : Fri, 25 Feb 2022 10:40:32 -0800    
  
committer: Andres Freund <[email protected]>    
date     : Fri, 25 Feb 2022 10:40:32 -0800    

Click here for diff

When opening a WAL file smaller than XLOG_BLCKSZ (e.g. 0 bytes long) while  
determining the wal_segment_size, pg_waldump checked errno, despite errno not  
being set by the short read. Resulting in a bogus error message.  
  
Author: Kyotaro Horiguchi <[email protected]>  
Discussion: https://postgr.es/m/[email protected]  
Backpatch: 11-, the bug was introducedin fc49e24fa  

M src/bin/pg_waldump/pg_waldump.c

Fix temporary object cleanup failing due to toast access without snapshot.

commit   : 3faa21bb761f52974cfc59dd9d3993f89d81f44e    
  
author   : Andres Freund <[email protected]>    
date     : Sat, 19 Feb 2022 12:27:20 -0800    
  
committer: Andres Freund <[email protected]>    
date     : Sat, 19 Feb 2022 12:27:20 -0800    

Click here for diff

When cleaning up temporary objects during process exit the cleanup could fail  
with:  
  FATAL: cannot fetch toast data without an active snapshot  
  
The bug is caused by RemoveTempRelationsCallback() not setting up a  
snapshot. If an object with toasted catalog data needs to be cleaned up,  
init_toast_snapshot() could fail with the above error.  
  
Most of the time however the the problem is masked due to cached catalog  
snapshots being returned by GetOldestSnapshot(). But dropping an object can  
cause catalog invalidations to be emitted. If no further catalog accesses are  
necessary between the invalidation processing and the next toast datum  
deletion, the bug becomes visible.  
  
It's easy to miss this bug because it typically happens after clients  
disconnect and the FATAL error just ends up in the log.  
  
Luckily temporary table cleanup at the next use of the same temporary schema  
or during DISCARD ALL does not have the same problem.  
  
Fix the bug by pushing a snapshot in RemoveTempRelationsCallback(). Also add  
isolation tests for temporary object cleanup, including objects with toasted  
catalog data.  
  
A future HEAD only commit will add more assertions.  
  
Reported-By: Miles Delahunty  
Author: Andres Freund  
Discussion: https://postgr.es/m/CAOFAq3BU5Mf2TTvu8D9n_ZOoFAeQswuzk7yziAb7xuw_qyw5gw@mail.gmail.com  
Backpatch: 10-  

M src/backend/catalog/namespace.c
A src/test/isolation/expected/temp-schema-cleanup.out
M src/test/isolation/isolation_schedule
A src/test/isolation/specs/temp-schema-cleanup.spec

Remove most msys special processing in TAP tests

commit   : f1f82301d6c5db8afef3729da0582b2dafca1103    
  
author   : Andrew Dunstan <[email protected]>    
date     : Sun, 20 Feb 2022 11:50:54 -0500    
  
committer: Andrew Dunstan <[email protected]>    
date     : Sun, 20 Feb 2022 11:50:54 -0500    

Click here for diff

Following migration of Windows buildfarm members running TAP tests to  
use of ucrt64 perl for those tests, special processing for msys perl is  
no longer necessary and so is removed.  
  
Backpatch to release 10  
  
Discussion: https://postgr.es/m/[email protected]  

M src/bin/pg_ctl/t/001_start_stop.pl
M src/bin/pg_rewind/t/RewindTest.pm
M src/test/perl/PostgresNode.pm
M src/test/perl/TestLib.pm
M src/test/recovery/t/cp_history_files

Remove PostgreSQL::Test::Utils::perl2host completely

commit   : b4a6ceed52eef851083a8681d85fc92c33be75b1    
  
author   : Andrew Dunstan <[email protected]>    
date     : Sun, 20 Feb 2022 08:55:06 -0500    
  
committer: Andrew Dunstan <[email protected]>    
date     : Sun, 20 Feb 2022 08:55:06 -0500    

Click here for diff

Commit f1ac4a74de disabled this processing, and as nothing has broken (as  
expected) here we proceed to remove the routine and adjust all the call  
sites.  
  
Backpatch to release 10  
  
Discussion: https://postgr.es/m/[email protected]  
Discussion: https://postgr.es/m/[email protected]  

M src/test/perl/PostgresNode.pm
M src/test/perl/TestLib.pm
M src/test/recovery/t/014_unlogged_reinit.pl
M src/test/recovery/t/017_shm.pl
M src/test/recovery/t/025_stuck_on_old_timeline.pl

Doc: Update documentation for modifying postgres_fdw foreign tables.

commit   : 48bf71a1293e774cd4c77e9e4647c321d75d983e    
  
author   : Etsuro Fujita <[email protected]>    
date     : Wed, 16 Feb 2022 15:15:07 +0900    
  
committer: Etsuro Fujita <[email protected]>    
date     : Wed, 16 Feb 2022 15:15:07 +0900    

Click here for diff

Document that they can be modified using COPY as well.  
  
Back-patch to v11 where commit 3d956d956 added support for COPY in  
postgres_fdw.  

M doc/src/sgml/postgres-fdw.sgml

Improve subscriber's error message for wrong publication relkind.

commit   : efae4401c4305ad5bcb05f803dc2576a4b346c8d    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 15 Feb 2022 12:21:28 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 15 Feb 2022 12:21:28 -0500    

Click here for diff

Pre-v13 versions only support logical replication from plain tables,  
while v13 and later also allow partitioned tables to be published.  
If you tried to subscribe an older server to such a publication,  
you got "table XXX not found on publisher", which is pretty  
unhelpful/confusing.  Arrange to deliver a more on-point error  
message.  As commit c314c147c did in v13, remove the relkind check  
from the query WHERE clause altogether, so that "not there"  
is distinguishable from "wrong relkind".  
  
Per report from Radoslav Nedyalkov.  Patch v10-v12.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/replication/logical/tablesync.c

WAL log unchanged toasted replica identity key attributes.

commit   : 1cd5802ac69a1831b1a1c3b7c69dd99ae80f0b5b    
  
author   : Amit Kapila <[email protected]>    
date     : Mon, 14 Feb 2022 08:37:23 +0530    
  
committer: Amit Kapila <[email protected]>    
date     : Mon, 14 Feb 2022 08:37:23 +0530    

Click here for diff

Currently, during UPDATE, the unchanged replica identity key attributes  
are not logged separately because they are getting logged as part of the  
new tuple. But if they are stored externally then the untoasted values are  
not getting logged as part of the new tuple and logical replication won't  
be able to replicate such UPDATEs. So we need to log such attributes as  
part of the old_key_tuple during UPDATE.  
  
Reported-by: Haiying Tang  
Author: Dilip Kumar and Amit Kapila  
Reviewed-by: Alvaro Herrera, Haiying Tang, Andres Freund  
Backpatch-through: 10  
Discussion: https://postgr.es/m/OS0PR01MB611342D0A92D4F4BF26C0F47FB229@OS0PR01MB6113.jpnprd01.prod.outlook.com  

M contrib/test_decoding/expected/toast.out
M doc/src/sgml/ref/alter_table.sgml
M src/backend/access/heap/heapam.c

Fix memory leak in IndexScan node with reordering

commit   : 0d554775bd040e8edff66a57289b3bd56f64c2f2    
  
author   : Alexander Korotkov <[email protected]>    
date     : Mon, 14 Feb 2022 03:26:55 +0300    
  
committer: Alexander Korotkov <[email protected]>    
date     : Mon, 14 Feb 2022 03:26:55 +0300    

Click here for diff

Fix ExecReScanIndexScan() to free the referenced tuples while emptying the  
priority queue.  Backpatch to all supported versions.  
  
Discussion: https://postgr.es/m/CAHqSB9gECMENBQmpbv5rvmT3HTaORmMK3Ukg73DsX5H7EJV7jw%40mail.gmail.com  
Author: Aliaksandr Kalenik  
Reviewed-by: Tom Lane, Alexander Korotkov  
Backpatch-through: 10  

M src/backend/executor/nodeIndexscan.c
M src/test/regress/expected/create_index.out
M src/test/regress/sql/create_index.sql

Don't use_physical_tlist for an IOS with non-returnable columns.

commit   : 14ee565f399b69b56eaed29c5e2f5a33ab45710f    
  
author   : Tom Lane <[email protected]>    
date     : Fri, 11 Feb 2022 15:23:52 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Fri, 11 Feb 2022 15:23:52 -0500    

Click here for diff

createplan.c tries to save a runtime projection step by specifying  
a scan plan node's output as being exactly the table's columns, or  
index's columns in the case of an index-only scan, if there is not a  
reason to do otherwise.  This logic did not previously pay attention  
to whether an index's columns are returnable.  That worked, sort of  
accidentally, until commit 9a3ddeb51 taught setrefs.c to reject plans  
that try to read a non-returnable column.  I have no desire to loosen  
setrefs.c's new check, so instead adjust use_physical_tlist() to not  
try to optimize this way when there are non-returnable column(s).  
  
Per report from Ryan Kelly.  Like the previous patch, back-patch  
to all supported branches.  
  
Discussion: https://postgr.es/m/CAHUie24ddN+pDNw7fkhNrjrwAX=fXXfGZZEHhRuofV_N_ftaSg@mail.gmail.com  

M src/backend/optimizer/plan/createplan.c
M src/test/regress/expected/gist.out
M src/test/regress/sql/gist.sql

Make pg_ctl stop/restart/promote recheck postmaster aliveness.

commit   : 69cc15c316b8a0421cd5a8baa2a3041b22fa979c    
  
author   : Tom Lane <[email protected]>    
date     : Thu, 10 Feb 2022 16:49:39 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Thu, 10 Feb 2022 16:49:39 -0500    

Click here for diff

"pg_ctl stop/restart" checked that the postmaster PID is valid just  
once, as a side-effect of sending the stop signal, and then would  
wait-till-timeout for the postmaster.pid file to go away.  This  
neglects the case wherein the postmaster dies uncleanly after we  
signal it.  Similarly, once "pg_ctl promote" has sent the signal,  
it'd wait for the corresponding on-disk state change to occur  
even if the postmaster dies.  
  
I'm not sure how we've managed not to notice this problem, but it  
seems to explain slow execution of the 017_shm.pl test script on AIX  
since commit 4fdbf9af5, which added a speculative "pg_ctl stop" with  
the idea of making real sure that the postmaster isn't there.  In the  
test steps that kill-9 and then restart the postmaster, it's possible  
to get past the initial signal attempt before kill() stops working  
for the doomed postmaster.  If that happens, pg_ctl waited till  
PGCTLTIMEOUT before giving up ... and the buildfarm's AIX members  
have that set very high.  
  
To fix, include a "kill(pid, 0)" test (similar to what  
postmaster_is_alive uses) in these wait loops, so that we'll  
give up immediately if the postmaster PID disappears.  
  
While here, I chose to refactor those loops out of where they were.  
do_stop() and do_restart() can perfectly well share one copy of the  
wait-for-stop loop, and it seems desirable to put a similar function  
beside that for wait-for-promote.  
  
Back-patch to all supported versions, since pg_ctl's wait logic  
is substantially identical in all, and we're seeing the slow test  
behavior in all branches.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/bin/pg_ctl/pg_ctl.c

Use gendef instead of pexports for building windows .def files

commit   : e2d104e190051307f3cf77363755049259e15d34    
  
author   : Andrew Dunstan <[email protected]>    
date     : Thu, 10 Feb 2022 13:44:05 -0500    
  
committer: Andrew Dunstan <[email protected]>    
date     : Thu, 10 Feb 2022 13:44:05 -0500    

Click here for diff

Modern msys systems lack pexports but have gendef instead, so use that.  
  
Discussion: https://postgr.es/m/[email protected]  
  
Backpatch to release 9.4 to enable building with perl on older branches.  
Before that pexports is not used for plperl.  

M src/pl/plperl/GNUmakefile
M src/pl/plpython/Makefile
M src/pl/tcl/Makefile

Use Test::Builder::todo_start(), replacing $::TODO.

commit   : 2373429975ac28307583f49416f8943e7c04c8ff    
  
author   : Noah Misch <[email protected]>    
date     : Wed, 9 Feb 2022 18:16:59 -0800    
  
committer: Noah Misch <[email protected]>    
date     : Wed, 9 Feb 2022 18:16:59 -0800    

Click here for diff

Some pre-2017 Test::More versions need perfect $Test::Builder::Level  
maintenance to find the variable.  Buildfarm member snapper reported an  
overall failure that the file intended to hide via the TODO construct.  
That trouble was reachable in v11 and v10.  For later branches, this  
serves as defense in depth.  Back-patch to v10 (all supported versions).  
  
Discussion: https://postgr.es/m/[email protected]  

M src/bin/pgbench/t/023_cic_2pc.pl

Fix back-patch of "Avoid race in RelationBuildDesc() ..."

commit   : 3cc89d9c3834c33f4ad3cf5d3083fd192f05c72c    
  
author   : Noah Misch <[email protected]>    
date     : Wed, 9 Feb 2022 18:16:56 -0800    
  
committer: Noah Misch <[email protected]>    
date     : Wed, 9 Feb 2022 18:16:56 -0800    

Click here for diff

The back-patch of commit fdd965d074d46765c295223b119ca437dbcac973 broke  
CLOBBER_CACHE_ALWAYS for v9.6 through v13.  It updated the  
InvalidateSystemCaches() call for CLOBBER_CACHE_RECURSIVELY, neglecting  
the one for CLOBBER_CACHE_ALWAYS.  Back-patch to v13, v12, v11, and v10.  
  
Reviewed by Tomas Vondra.  Reported by Tomas Vondra.  
  
Discussion: https://postgr.es/m/[email protected]  

M src/backend/utils/cache/inval.c

Remove ppport.h's broken re-implementation of eval_pv().

commit   : 3a6e3a89022f39e0250b23635bcf5985940e6524    
  
author   : Tom Lane <[email protected]>    
date     : Tue, 8 Feb 2022 19:25:56 -0500    
  
committer: Tom Lane <[email protected]>    
date     : Tue, 8 Feb 2022 19:25:56 -0500    

Click here for diff

Recent versions of Devel::PPPort try to redefine eval_pv() to  
dodge a bug in pre-5.31 Perl versions.  Unfortunately the redefinition  
fails on compilers that don't support statements nested within  
expressions.  However, we aren't actually interested in this bug fix,  
since we always call eval_pv() with croak_on_error = FALSE.  
So, until there's an upstream fix for this breakage, just comment  
out the macro to revert to the older behavior.  
  
Per report from Wei Sun, as well as previous buildfarm failure  
on pademelon (which I'd unfortunately not looked at carefully  
enough to understand the cause).  Back-patch to all supported  
versions, since we're using the same ppport.h in all.  
  
Discussion: https://postgr.es/m/[email protected]  
Report: https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=pademelon&dt=2022-02-02%2001%3A22%3A58  

M src/pl/plperl/ppport.h