PostgreSQL 11.18 (upcoming) commit log

doc: Fix PQsslAttribute docs for compression

commit   : f84e2ed246d20c5bd772f1d1c1fba85faf5a144e    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Fri, 30 Sep 2022 12:03:48 +0200    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Fri, 30 Sep 2022 12:03:48 +0200    

Click here for diff

The compression parameter to PQsslAttribute has never returned the  
compression method used, it has always returned "on" or "off since  
it was added in commit 91fa7b4719ac. Backpatch through v10.  
  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://postgr.es/m/B9EC60EC-F665-47E8-A221-398C76E382C9@yesql.se  
Backpatch-through: v10  

M doc/src/sgml/libpq.sgml

doc: clarify internal behavior of RECURSIVE CTE queries

commit   : 86f2ee2e2731cda414b9c29b6ace82e2a8de536d    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:14:38 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:14:38 -0400    

Click here for diff

Reported-by: Tom Lane  
  
Discussion: https://postgr.es/m/3976627.1662651004@sss.pgh.pa.us  
  
Backpatch-through: 10  

M doc/src/sgml/queries.sgml

revert "warn of SECURITY DEFINER schemas for non-sql_body funcs"

commit   : e723c3bd6ea3b4502366c28f9c28d3bfb8fc2124    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:05:20 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 28 Sep 2022 13:05:20 -0400    

Click here for diff

doc revert of commit 1703726488.  Change was applied to irrelevant  
branches, and was not detailed enough to be helpful in relevant  
branches.  
  
Reported-by: Peter Eisentraut, Noah Misch  
  
Discussion: https://postgr.es/m/a2dc9de4-24fc-3222-87d3-0def8057d7d8@enterprisedb.com  
  
Backpatch-through: 10  

M doc/src/sgml/ref/create_function.sgml

Change some errdetail() to errdetail_internal()

commit   : 1f2f50bc1b488003f0832343758030ef1a661a9b    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 28 Sep 2022 17:14:53 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Wed, 28 Sep 2022 17:14:53 +0200    

Click here for diff

This prevents marking the argument string for translation for gettext,  
and it also prevents the given string (which is already translated) from  
being translated at runtime.  
  
Also, mark the strings used as arguments to check_rolespec_name for  
translation.  
  
Backpatch all the way back as appropriate.  None of this is caught by  
any tests (necessarily so), so I verified it manually.  

M src/backend/catalog/dependency.c
M src/backend/commands/user.c
M src/backend/utils/adt/acl.c

Add missing source files to pg_waldump/nls.mk

commit   : c9a9eae569c407a66b84475da1970d72ce04551a    
  
author   : Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 25 Sep 2022 17:48:03 +0200    
  
committer: Alvaro Herrera <alvherre@alvh.no-ip.org>    
date     : Sun, 25 Sep 2022 17:48:03 +0200    

Click here for diff

M src/bin/pg_waldump/nls.mk

docs: Fix snapshot name in SET TRANSACTION docs.

commit   : ec6c263db90338d25cf1775efed609b3307b865b    
  
author   : Fujii Masao <fujii@postgresql.org>    
date     : Thu, 22 Sep 2022 12:54:26 +0900    
  
committer: Fujii Masao <fujii@postgresql.org>    
date     : Thu, 22 Sep 2022 12:54:26 +0900    

Click here for diff

Commit 6c2003f8a1 changed the snapshot names mentioned in  
SET TRANSACTION docs, however, there was one place that  
the commit missed updating the name.  
  
Back-patch to all supported versions.  
  
Author: Japin Li  
Reviewed-by: Fujii Masao  
Discussion: https://postgr.es/m/MEYP282MB1669BD4280044501165F8B07B64F9@MEYP282MB1669.AUSP282.PROD.OUTLOOK.COM  

M doc/src/sgml/ref/set_transaction.sgml

Suppress more variable-set-but-not-used warnings from clang 15.

commit   : bb8dbc9f25127a818c1d84ac8689029d20a8cf57    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 21 Sep 2022 13:52:38 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 21 Sep 2022 13:52:38 -0400    

Click here for diff

Mop up assorted set-but-not-used warnings in the back branches.  
This includes back-patching relevant fixes from commit 152c9f7b8  
the rest of the way, but there are also several cases that did not  
appear in HEAD.  Some of those we'd fixed in a retail way but not  
back-patched, and others I think just got rewritten out of existence  
during nearby refactoring.  
  
While here, also back-patch b1980f6d0 (PL/Tcl: Fix compiler warnings  
with Tcl 8.6) into 9.2, so that that branch compiles warning-free  
with modern Tcl.  
  
Per project policy, this is a candidate for back-patching into  
out-of-support branches: it suppresses annoying compiler warnings  
but changes no behavior.  Hence, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/514615.1663615243@sss.pgh.pa.us  

M src/backend/optimizer/util/var.c
M src/backend/utils/adt/varlena.c
M src/backend/utils/cache/relcache.c

Disable -Wdeprecated-non-prototype in the back branches.

commit   : 9afdf395042a10e6e39fa2f990817ce8726fcf59    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 18:59:53 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 18:59:53 -0400    

Click here for diff

There doesn't seem to be any good ABI-preserving way to silence  
clang 15's -Wdeprecated-non-prototype warnings about our tree-walk  
APIs.  While we've fixed it properly in HEAD, the only way to not  
see hundreds of these in the back branches is to disable the  
warnings.  We're not going to do anything about them, so we might  
as well disable them.  
  
I noticed that we also get some of these warnings about fmgr.c's  
support for V0 function call convention, in branches before v10  
where we removed that.  That's another area we aren't going to  
change, so turning off the warning seems fine for that too.  
  
Per project policy, this is a candidate for back-patching into  
out-of-support branches: it suppresses annoying compiler warnings  
but changes no behavior.  Hence, back-patch all the way to 9.2.  
  
Discussion: https://postgr.es/m/CA+hUKGKpHPDTv67Y+s6yiC8KH5OXeDg6a-twWo_xznKTcG0kSA@mail.gmail.com  

M configure
M configure.in

Suppress variable-set-but-not-used warnings from clang 15.

commit   : 6ae8aee0b67b92529b694b1d515b0acb03fb8eb5    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 12:04:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 20 Sep 2022 12:04:37 -0400    

Click here for diff

clang 15+ will issue a set-but-not-used warning when the only  
use of a variable is in autoincrements (e.g., "foo++;").  
That's perfectly sensible, but it detects a few more cases that  
we'd not noticed before.  Silence the warnings with our usual  
methods, such as PG_USED_FOR_ASSERTS_ONLY, or in one case by  
actually removing a useless variable.  
  
One thing that we can't nicely get rid of is that with %pure-parser,  
Bison emits "yynerrs" as a local variable that falls foul of this  
warning.  To silence those, I inserted "(void) yynerrs;" in the  
top-level productions of affected grammars.  
  
Per recently-established project policy, this is a candidate  
for back-patching into out-of-support branches: it suppresses  
annoying compiler warnings but changes no behavior.  Hence,  
back-patch to 9.5, which is as far as these patches go without  
issues.  (A preliminary check shows that the prior branches  
need some other set-but-not-used cleanups too, so I'll leave  
them for another day.)  
  
Discussion: https://postgr.es/m/514615.1663615243@sss.pgh.pa.us  

M src/backend/access/gist/gistxlog.c
M src/backend/access/transam/xlog.c
M src/backend/parser/gram.y
M src/backend/utils/adt/array_typanalyze.c
M src/bin/pgbench/exprparse.y

Future-proof the recursion inside ExecShutdownNode().

commit   : cb7d636e0fb2058e93b444f31a28883a113d489d    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 19 Sep 2022 12:16:02 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 19 Sep 2022 12:16:02 -0400    

Click here for diff

The API contract for planstate_tree_walker() callbacks is that they  
take a PlanState pointer and a context pointer.  Somebody figured  
they could save a couple lines of code by ignoring that, and passing  
ExecShutdownNode itself as the walker even though it has but one  
argument.  Somewhat remarkably, we've gotten away with that so far.  
However, it seems clear that the upcoming C2x standard means to  
forbid such cases, and compilers that actively break such code  
likely won't be far behind.  So spend the extra few lines of code  
to do it honestly with a separate walker function.  
  
In HEAD, we might as well go further and remove ExecShutdownNode's  
useless return value.  I left that as-is in back branches though,  
to forestall complaints about ABI breakage.  
  
Back-patch, with the thought that this might become of practical  
importance before our stable branches are all out of service.  
It doesn't seem to be fixing any live bug on any currently known  
platform, however.  
  
Discussion: https://postgr.es/m/208054.1663534665@sss.pgh.pa.us  

M src/backend/executor/execProcnode.c

Make check_usermap() parameter names consistent.

commit   : f01fd89b1537cbc5f6572ae6c3d45243bcd7dd14    
  
author   : Peter Geoghegan <pg@bowt.ie>    
date     : Sat, 17 Sep 2022 16:54:08 -0700    
  
committer: Peter Geoghegan <pg@bowt.ie>    
date     : Sat, 17 Sep 2022 16:54:08 -0700    

Click here for diff

The function has a bool argument named "case_insensitive", but that was  
spelled "case_sensitive" in the declaration.  Make them consistent now  
to avoid confusion in the future.  
  
Author: Peter Geoghegan <pg@bowt.ie>  
Reviewed-By: Michael Paquiër <michael@paquier.xyz>  
Discussion: https://postgr.es/m/CAH2-WznJt9CMM9KJTMjJh_zbL5hD9oX44qdJ4aqZtjFi-zA3Tg@mail.gmail.com  
Backpatch: 10-  

M src/include/libpq/hba.h

Improve plpgsql's ability to handle arguments declared as RECORD.

commit   : 7391ab28a63f4b40cec03dc83eb7383a4eac8fda    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 16 Sep 2022 13:23:01 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 16 Sep 2022 13:23:01 -0400    

Click here for diff

Treat arguments declared as RECORD as if that were a polymorphic type  
(which it is, sort of), in that we substitute the actual argument type  
while forming the function cache lookup key.  This allows the specific  
composite type to be known in some cases where it was not before,  
at the cost of making a separate function cache entry for each named  
composite type that's passed to the function during a session.  The  
particular symptom discussed in bug #17610 could be solved in other  
more-efficient ways, but only at the cost of considerable development  
work, and there are other cases where we'd still fail without this.  
  
Per bug #17610 from Martin Jurča.  Back-patch to v11 where we first  
allowed plpgsql functions to be declared as taking type RECORD.  
  
Discussion: https://postgr.es/m/17610-fb1eef75bf6c2364@postgresql.org  

M src/pl/plpgsql/src/expected/plpgsql_record.out
M src/pl/plpgsql/src/pl_comp.c
M src/pl/plpgsql/src/sql/plpgsql_record.sql

In back branches, fix conditions for pullup of FROM-less subqueries.

commit   : 19bb5e46b95fa8543a9e685788ff6c514eda07fc    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 15 Sep 2022 15:21:35 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 15 Sep 2022 15:21:35 -0400    

Click here for diff

In branches before commit 4be058fe9, we have to prevent flattening  
of subqueries with empty jointrees if the subqueries' output  
columns might need to be wrapped in PlaceHolderVars.  That's  
because the empty jointree would result in empty phrels for the  
PlaceHolderVars, meaning we'd be unable to figure out where to  
evaluate them.  However, we've failed to keep is_simple_subquery's  
check for this hazard in sync with what pull_up_simple_subquery  
actually does.  The former is checking "lowest_outer_join != NULL",  
whereas the conditions pull_up_simple_subquery actually uses are  
  
	if (lowest_nulling_outer_join != NULL)  
	if (containing_appendrel != NULL)  
	if (parse->groupingSets)  
  
So the outer-join test is overly conservative, while we missed out  
checking for appendrels and groupingSets.  The appendrel omission  
is harmless, because in that case we also check is_safe_append_member  
which will also reject such subqueries.  The groupingSets omission  
is a bug though, leading to assertion failures or planner errors  
such as "variable not found in subplan target lists".  
  
is_simple_subquery has access to none of the three variables used  
in the correct tests, but its callers do, so I chose to have them  
pass down a bool corresponding to the OR of these conditions.  
(The need for duplicative conditions would be a maintenance  
hazard in actively-developed code, but I'm not too concerned  
about it in branches that have only ~ 1 year to live.)  
  
Per bug #17614 from Wei Wei.  Patch v10 and v11 only, since we have a  
better answer to this in v12 and later (indeed, the faulty check in  
is_simple_subquery is gone entirely).  
  
Discussion: https://postgr.es/m/17614-8ec20c85bdecaa2a@postgresql.org  

M src/backend/optimizer/prep/prepjointree.c
M src/test/regress/expected/groupingsets.out
M src/test/regress/sql/groupingsets.sql

postgres_fdw: Avoid 'variable not found in subplan target list' error.

commit   : 07d81d1e5b7516c5784ec598d362a848b5c9ee55    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 14 Sep 2022 18:45:07 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Wed, 14 Sep 2022 18:45:07 +0900    

Click here for diff

The tlist of the EvalPlanQual outer plan for a ForeignScan node is  
adjusted to produce a tuple whose descriptor matches the scan tuple slot  
for the ForeignScan node.  But in the case where the outer plan contains  
an extra Sort node, if the new tlist contained columns required only for  
evaluating PlaceHolderVars or columns required only for evaluating local  
conditions, this would cause setrefs.c to fail with the error.  
  
The cause of this is that when creating the outer plan by injecting the  
Sort node into an alternative local join plan that could emit such extra  
columns as well, we fail to arrange for the outer plan to propagate them  
up through the Sort node, causing setrefs.c to fail to match up them in  
the new tlist to what is available from the outer plan.  Repair.  
  
Per report from Alexander Pyhalov.  
  
Richard Guo and Etsuro Fujita, reviewed by Alexander Pyhalov and Tom Lane.  
Backpatch to all supported versions.  
  
Discussion: http://postgr.es/m/cfb17bf6dfdf876467bd5ef533852d18%40postgrespro.ru  

M contrib/postgres_fdw/expected/postgres_fdw.out
M contrib/postgres_fdw/postgres_fdw.c
M contrib/postgres_fdw/sql/postgres_fdw.sql

Fix incorrect value for "strategy" with deflateParams() in walmethods.c

commit   : f01cc02259df914db78e624babb2bc08fa9a9509    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Wed, 14 Sep 2022 14:52:35 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Wed, 14 Sep 2022 14:52:35 +0900    

Click here for diff

The zlib documentation mentions the values supported for the compression  
strategy, but this code has been using a hardcoded value of 0 rather  
than Z_DEFAULT_STRATEGY.  This commit adjusts the code to use  
Z_DEFAULT_STRATEGY.  
  
Backpatch down to where this code has been added to ease the backport of  
any future patch touching this area.  
  
Reported-by: Tom Lane  
Discussion: https://postgr.es/m/1400032.1662217889@sss.pgh.pa.us  
Backpatch-through: 10  

M src/bin/pg_basebackup/walmethods.c

Expand palloc/pg_malloc API for more type safety

commit   : e962235fe1f6ae79eff9b600bd37f945becec36e    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 14 Sep 2022 06:04:24 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Wed, 14 Sep 2022 06:04:24 +0200    

Click here for diff

This adds additional variants of palloc, pg_malloc, etc. that  
encapsulate common usage patterns and provide more type safety.  
  
Specifically, this adds palloc_object(), palloc_array(), and  
repalloc_array(), which take the type name of the object to be  
allocated as its first argument and cast the return as a pointer to  
that type.  There are also palloc0_object() and palloc0_array()  
variants for initializing with zero, and pg_malloc_*() variants of all  
of the above.  
  
Inspired by the talloc library.  
  
This is backpatched from master so that future backpatchable code can  
make use of these APIs.  This patch by itself does not contain any  
users of these APIs.  
  
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>  
Discussion: https://www.postgresql.org/message-id/flat/bb755632-2a43-d523-36f8-a1e7a389a907@enterprisedb.com  

M src/include/common/fe_memutils.h
M src/include/utils/palloc.h

commit   : 7b523c543ab8cd7950bbc2cac98d06125139df96    
  
author   : Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 12 Sep 2022 22:17:17 +0200    
  
committer: Daniel Gustafsson <dgustafsson@postgresql.org>    
date     : Mon, 12 Sep 2022 22:17:17 +0200    

Click here for diff

The FreeBSD site was changed with a redirect, which in turn seems to  
lead to a 404. Replace with the working link.  
  
Author: James Coleman <jtc331@gmail.com>  
Discussion: https://postgr.es/m/CAAaqYe_JZRj+KPn=hACtwsg1iLRYs=jYvxG1NW4AnDeUL1GD-Q@mail.gmail.com  

M doc/src/sgml/docguide.sgml

Fix possible omission of variable storage markers in ECPG.

commit   : fe4e151d4a7c4da728a71167148afdb4bcb4d4dd    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 15:34:04 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 15:34:04 -0400    

Click here for diff

The ECPG preprocessor converted code such as  
  
static varchar str1[10], str2[20], str3[30];  
  
into  
  
static  struct varchar_1  { int len; char arr[ 10 ]; }  str1 ;  
        struct varchar_2  { int len; char arr[ 20 ]; }  str2 ;  
        struct varchar_3  { int len; char arr[ 30 ]; }  str3 ;  
  
thus losing the storage attribute for the later variables.  
Repeat the declaration for each such variable.  
  
(Note that this occurred only for variables declared "varchar"  
or "bytea", which may help explain how it escaped detection  
for so long.)  
  
Andrey Sokolov  
  
Discussion: https://postgr.es/m/942241662288242@mail.yandex.ru  

M src/interfaces/ecpg/preproc/ecpg.trailer
M src/interfaces/ecpg/preproc/type.h
M src/interfaces/ecpg/test/expected/preproc-variable.c
M src/interfaces/ecpg/test/expected/preproc-variable.stderr
M src/interfaces/ecpg/test/expected/preproc-variable.stdout
M src/interfaces/ecpg/test/preproc/variable.pgc

Reject bogus output from uuid_create(3).

commit   : 4d3f54bd7a0da755e4c469026ee51891a2ed53b7    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 12:41:36 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 9 Sep 2022 12:41:36 -0400    

Click here for diff

When using the BSD UUID functions, contrib/uuid-ossp expects  
uuid_create() to produce a version-1 UUID.  FreeBSD still does so,  
but in recent NetBSD releases that function produces a version-4  
(random) UUID instead.  That's not acceptable for our purposes:  
if the user wanted v4 she would have asked for v4, not v1.  
Hence, check the version digit and complain if it's not '1'.  
  
Also drop the documentation's claim that the NetBSD implementation  
is usable.  It might be, depending on which OS version you're using,  
but we're not going to get into that kind of detail.  
  
(Maybe someday we should ditch all these external libraries  
and just write our own UUID code, but today is not that day.)  
  
Nazir Bilal Yavuz, with cosmetic adjustments and docs by me.  
Backpatch to all supported versions.  
  
Discussion: https://postgr.es/m/3848059.1661038772@sss.pgh.pa.us  
Discussion: https://postgr.es/m/17358-89806e7420797025@postgresql.org  

M contrib/uuid-ossp/uuid-ossp.c
M doc/src/sgml/installation.sgml
M doc/src/sgml/uuid-ossp.sgml

commit   : 9bcf6fb281de1a30cd6ced443451d5ab9ac4447f    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 6 Sep 2022 16:38:18 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 6 Sep 2022 16:38:18 -0400    

Click here for diff

Some more things I didn't think about in commits 3f7323cbb et al:  
  
MULTIEXPR_SUBLINK subplans might have been converted to initplans  
instead of regular subplans, in which case they won't show up in  
the modified targetlist.  Fortunately, this would only happen if  
they have no input parameters, which means that the problem we  
originally needed to fix can't happen with them.  Therefore, there's  
no need to clone their output parameters, and thus it doesn't hurt  
that we'll fail to see them in the first pass over the targetlist.  
Nonetheless, this complicates matters greatly, because now we have  
to distinguish output Params of initplans (which shouldn't get  
renumbered) from those of regular subplans (which should).  
This also breaks the simplistic scheme I used of assuming that the  
subplans found in the targetlist have consecutive subLinkIds.  
We really can't avoid the need to know the subplans' subLinkIds in  
this code.  To fix that, add subLinkId as the last field of SubPlan.  
We can get away with that change in back branches because SubPlan  
nodes will never be stored in the catalogs, and there's no ABI  
break for external code that might be looking at the existing  
fields of SubPlan.  
  
Secondly, rewriteTargetListIU might have rolled up multiple  
FieldStores or SubscriptingRefs into one targetlist entry,  
breaking the assumption that there's at most one Param to fix  
per targetlist entry.  (That assumption is OK I think in the  
ruleutils.c code I stole the logic from in 18f51083c, because  
that only deals with pre-rewrite query trees.  But it's  
definitely not OK here.)  Abandon that shortcut and just do a  
full tree walk on the targetlist to ensure we find all the  
Params we have to change.  
  
Per bug #17606 from Andre Lin.  As before, only v10-v13 need the  
patch.  
  
Discussion: https://postgr.es/m/17606-e5c8ad18d31db96a@postgresql.org  

M src/backend/nodes/copyfuncs.c
M src/backend/nodes/equalfuncs.c
M src/backend/nodes/outfuncs.c
M src/backend/nodes/readfuncs.c
M src/backend/optimizer/plan/subselect.c
M src/include/nodes/primnodes.h
M src/test/regress/expected/inherit.out
M src/test/regress/sql/inherit.sql

Backpatch nbtree page deletion hardening.

commit   : a228cca46d7da9783e1b49ae6f1b6cc2fe338bcc    
  
author   : Peter Geoghegan <pg@bowt.ie>    
date     : Mon, 5 Sep 2022 11:20:01 -0700    
  
committer: Peter Geoghegan <pg@bowt.ie>    
date     : Mon, 5 Sep 2022 11:20:01 -0700    

Click here for diff

Postgres 14 commit 5b861baa taught nbtree VACUUM to tolerate buggy  
opclasses.  VACUUM's inability to locate a to-be-deleted page's downlink  
in the parent page was logged instead of throwing an error.  VACUUM  
could just press on with vacuuming the index, and vacuuming the table as  
a whole.  
  
There are now anecdotal reports of this error causing problems that were  
much more disruptive than the underlying index corruption ever could be.  
Anything that makes VACUUM unable to make forward progress against one  
table/index ultimately risks making the system enter xidStopLimit mode.  
There is no good reason to take any chances here, so backpatch the  
hardening commit.  
  
Author: Peter Geoghegan <pg@bowt.ie>  
Discussion: https://postgr.es/m/CAH2-Wzm9HR6Pow=t-iQa57zT8qmX6_M4h14F-pTtb=xFDW5FBA@mail.gmail.com  
Backpatch: 10-13 (all supported versions that lacked the hardening)  

M src/backend/access/nbtree/nbtpage.c

Doc: clarify partitioned table limitations

commit   : 1630cad74092bf7af277762a22cc2605bd0bd5b6    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Mon, 5 Sep 2022 18:45:43 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Mon, 5 Sep 2022 18:45:43 +1200    

Click here for diff

Improve documentation regarding the limitations of unique and primary key  
constraints on partitioned tables.  The existing documentation didn't make  
it clear that the constraint columns had to be present in the partition  
key as bare columns.  The reader could be led to believe that it was ok to  
include the constraint columns as part of a function call's parameters or  
as part of an expression.  Additionally, the documentation didn't mention  
anything about the fact that we disallow unique and primary key  
constraints if the partition keys contain *any* function calls or  
expressions, regardless of if the constraint columns appear as columns  
elsewhere in the partition key.  
  
The confusion here was highlighted by a report on the general mailing list  
by James Vanns.  
  
Discussion: https://postgr.es/m/CAH7vdhNF0EdYZz3GLpgE3RSJLwWLhEk7A_fiKS9dPBT3Dz_3eA@mail.gmail.com  
Discussion: https://postgr.es/m/CAApHDvoU-u9iTqKjteYRFfi+UNEk7dbSAcyxEQD==vZt9B1KnA@mail.gmail.com  
Reviewed-by: Erik Rijkers  
Backpatch-through: 11  

M doc/src/sgml/ddl.sgml

doc: simplify docs about analyze and inheritance/partitions

commit   : 4dc98b4147e3212d7cfae4bd7e521c16a2bf7117    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 23:32:18 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 23:32:18 -0400    

Click here for diff

Discussion: https://postgr.es/m/YxAqYijOsLzgLQgy@momjian.us  
  
Backpatch-through: 10  

M doc/src/sgml/ref/analyze.sgml

doc: clarify recursion internal behavior

commit   : 1525711588c87b80965594ff2249773d8d1ee5c9    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 21:57:41 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 2 Sep 2022 21:57:41 -0400    

Click here for diff

Reported-by: Drew DeVault  
  
Discussion: https://postgr.es/m/20211018091720.31299-1-sir@cmpwn.com  
  
Backpatch-through: 10  

M doc/src/sgml/queries.sgml

commit   : 56dc4424472c2fa27f8822efe09d18c6935fe2a3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 2 Sep 2022 14:54:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Fri, 2 Sep 2022 14:54:40 -0400    

Click here for diff

Commits 3f7323cbb et al missed the possibility that the Params  
they are looking for could be buried under implicit coercions,  
as well as other stuff that processIndirection() could add to  
the original targetlist entry.  Copy the code in ruleutils.c  
that deals with such cases.  (I thought about refactoring so  
that there's just one copy; but seeing that we only need this  
in old back branches, it seems not worth the trouble.)  
  
Per off-list report from Andre Lin.  As before, only v10-v13  
need the patch.  
  
Discussion: https://postgr.es/m/17596-c5357f61427a81dc@postgresql.org  

M src/backend/optimizer/plan/subselect.c
M src/test/regress/expected/inherit.out
M src/test/regress/sql/inherit.sql

Fix some possibly latent bugs in slab.c

commit   : 1b11543967986ea9cd9eb687213af967220ebf1b    
  
author   : David Rowley <drowley@postgresql.org>    
date     : Thu, 1 Sep 2022 19:24:19 +1200    
  
committer: David Rowley <drowley@postgresql.org>    
date     : Thu, 1 Sep 2022 19:24:19 +1200    

Click here for diff

Primarily, this fixes an incorrect calculation in SlabCheck which was  
looking in the wrong byte for the sentinel check.  The reason that we've  
never noticed this before in the form of a failing sentinel check is  
because the pre-check to this always fails because all current core users  
of slab contexts have a chunk size which is already MAXALIGNed, therefore  
there's never any space for the sentinel byte.  It is possible that an  
extension needs to use a slab context and if they do with a chunk size  
that's not MAXALIGNed, then they'll likely get errors about overwritten  
sentinel bytes.  
  
Additionally, this patch changes various calculations which are being done  
based on the sizeof(SlabBlock).  Currently, sizeof(SlabBlock) is a  
multiple of 8, therefore sizeof(SlabBlock) is the same as  
MAXALIGN(sizeof(SlabBlock)), however, if we were to ever have to add any  
fields to that struct as part of a bug fix, then SlabAlloc could end up  
returning a non-MAXALIGNed pointer.  To be safe, let's ensure we always  
MAXALIGN sizeof(SlabBlock) before using it in any calculations.  
  
This patch has already been applied to master in d5ee4db0e.  
  
Diagnosed-by: Tomas Vondra, Tom Lane  
Author: Tomas Vondra, David Rowley  
Discussion: https://postgr.es/m/CAA4eK1%2B1JyW5TiL%3DyV-3Uq1CrfnTyn0Xrk5uArt31Z%3D8rgPhXQ%40mail.gmail.com  
Backpatch-through: 10  

M src/backend/utils/mmgr/slab.c

doc: in create statistics docs, mention analyze for parent info

commit   : 35221314923ea3303504f8bad440e8efbd687968    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 23:11:46 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 23:11:46 -0400    

Click here for diff

Discussion: https://postgr.es/m/Yv1Bw8J+1pYfHiRl@momjian.us  
  
Backpatch-through: 10  

M doc/src/sgml/ref/create_statistics.sgml

doc: mention "bloom" as a possible index access method

commit   : f4435ac72021a6c7371416b7eb7c3327958f3142    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:35:09 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:35:09 -0400    

Click here for diff

Also remove USING erroneously added recently.  
  
Reported-by: Jeff Janes  
  
Discussion: https://postgr.es/m/CAMkU=1zhCpC7hottyMWM5Pimr9vRLprSwzLg+7PgajWhKZqRzw@mail.gmail.com  
  
Backpatch-through: 10  

M doc/src/sgml/indices.sgml
M doc/src/sgml/ref/create_index.sgml

doc: use FILTER in aggregate example

commit   : d333a1a16240b629854f3b19f47b967695c2708e    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:19:05 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 22:19:05 -0400    

Click here for diff

Reported-by: michal.palenik@freemap.sk  
  
Discussion: https://postgr.es/m/163499710897.684.7420075366995883688@wrigleys.postgresql.org  
  
Backpatch-through: 10  

M doc/src/sgml/query.sgml

doc: split out the NATURAL/CROSS JOIN in SELECT syntax

commit   : 58d9107079b0450f1408f99fc6485893fa20f8f3    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:46:14 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:46:14 -0400    

Click here for diff

This allows the syntax to be more accurate about what clauses are  
supported.  Also switch an example query to use the ANSI join syntax.  
  
Reported-by: Joel Jacobson  
  
Discussion: https://postgr.es/m/67b71d3e-0c22-44df-a223-351f14418319@www.fastmail.com  
  
Backpatch-through: 11  

M doc/src/sgml/ref/select.sgml

Port regress-python3-mangle.mk to Solaris "sed", redux.

commit   : cc0e506a64104c8a4ac7ee0515781c0caeacddad    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 21:33:45 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 21:33:45 -0400    

Click here for diff

Per experimentation and buildfarm failures, Solaris' "sed"  
has got some kind of problem with regexes that use both '*'  
and '[[:alpha:]]'.  We can work around that by replacing  
'[[:alpha:]]' with '[a-zA-Z]', which is plenty good enough  
for our purposes, especially since this is only needed in  
long-stable branches.  
  
I chose to flat-out remove the second pattern of this sort,  
's/except \([a-zA-Z][a-zA-Z.]*\), *\([a-zA-Z][a-zA-Z]*\):/except \1 as \2:/g'  
because we haven't needed it since 8.4.  
  
Follow-on to c3556f6fa, which probably missed catching this  
because the problematic pattern was already gone when that  
patch was written.  
  
Patch v10-v12 only, as the problem manifests only there.  
We have a line of dead code in v13-v14, which isn't worth  
changing, and the whole mess is gone as of v15.  
  
Discussion: https://postgr.es/m/165561.1661984701@sss.pgh.pa.us  

M src/pl/plpython/regress-python3-mangle.mk

doc: warn of SECURITY DEFINER schemas for non-sql_body functions

commit   : a3471ab93ac21358c80d8a87b31f7eb372d7a476    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:10:37 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 21:10:37 -0400    

Click here for diff

Non-sql_body functions are evaluated at runtime.  
  
Reported-by: Erki Eessaar  
  
Discussion: https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.com  
  
Backpatch-through: 10  

M doc/src/sgml/ref/create_function.sgml

doc: mention that SET TIME ZONE often needs to be quoted

commit   : 16417ba58e9256903fa120881aa299db0101fac5    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 20:27:27 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 20:27:27 -0400    

Click here for diff

Also mention that time zone abbreviations are not supported.  
  
Reported-by: philippe.godfrin@nov.com  
  
Discussion: https://postgr.es/m/163888728952.1269.5167822676466793158@wrigleys.postgresql.org  
  
Backpatch-through: 10  

M doc/src/sgml/ref/set.sgml

doc: document the maximum char/varchar length value

commit   : e0d0c87a4c717ff9e47d7b7e5a25071e46090eba    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:43:06 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:43:06 -0400    

Click here for diff

Reported-by: Japin Li  
  
Discussion: https://postgr.es/m/MEYP282MB1669B13E98AE531617CB1386B6979@MEYP282MB1669.AUSP282.PROD.OUTLOOK.COM  
  
Backpatch-through: 10  

M doc/src/sgml/datatype.sgml

doc: show direction is optional in FETCH/MOVE's FROM/IN syntax

commit   : 258c1af3a3f8d64bbb5c3d8a7528849fd08165d7    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:28:41 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 19:28:41 -0400    

Click here for diff

It used to show direction was required for FROM/IN.  
  
Reported-by: Rob <rirans@comcast.net>  
  
Discussion: https://postgr.es/m/20211015165248.isqjceyilelhnu3k@localhost  
  
Author: Rob <rirans@comcast.net>  
  
Backpatch-through: 10  

M doc/src/sgml/ref/fetch.sgml
M doc/src/sgml/ref/move.sgml

doc: simplify WITH clause syntax in CREATE DATABASE

commit   : cdb836cc2d04b6eee4f14e2f1292c58571faaa40    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 17:08:44 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Wed, 31 Aug 2022 17:08:44 -0400    

Click here for diff

Reported-by: Rob <rirans@comcast.net>  
  
Discussion: https://postgr.es/m/20211016171149.yaouvlw5kvux6dvk@localhost  
  
Author: Rob <rirans@comcast.net>  
  
Backpatch-through: 10  

M doc/src/sgml/ref/create_database.sgml

Prevent long-term memory leakage in autovacuum launcher.

commit   : cb9232d166a858e85e883212d59f6fda14ddd313    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 16:23:20 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 16:23:20 -0400    

Click here for diff

get_database_list() failed to restore the caller's memory context,  
instead leaving current context set to TopMemoryContext which is  
how CommitTransactionCommand() leaves it.  The callers both think  
they are using short-lived contexts, for the express purpose of  
not having to worry about cleaning up individual allocations.  
The net effect therefore is that supposedly short-lived allocations  
could accumulate indefinitely in the launcher's TopMemoryContext.  
  
Although this has been broken for a long time, it seems we didn't  
have any obvious memory leak here until v15's rearrangement of the  
stats logic.  I (tgl) am not entirely convinced that there's no  
other leak at all, though, and we're surely at risk of adding one  
in future back-patched fixes.  So back-patch to all supported  
branches, even though this may be only a latent bug in pre-v15.  
  
Reid Thompson  
  
Discussion: https://postgr.es/m/972a4e12b68b0f96db514777a150ceef7dcd2e0f.camel@crunchydata.com  

M src/backend/postmaster/autovacuum.c

In the Snowball dictionary, don't try to stem excessively-long words.

commit   : f5aa855cd8a63cd695c5f9ff097c7bc445872cdf    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 10:42:05 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 31 Aug 2022 10:42:05 -0400    

Click here for diff

If the input word exceeds 1000 bytes, don't pass it to the stemmer;  
just return it as-is after case folding.  Such an input is surely  
not a word in any human language, so whatever the stemmer might  
do to it would be pretty dubious in the first place.  Adding this  
restriction protects us against a known recursion-to-stack-overflow  
problem in the Turkish stemmer, and it seems like good insurance  
against any other safety or performance issues that may exist in  
the Snowball stemmers.  (I note, for example, that they contain no  
CHECK_FOR_INTERRUPTS calls, so we really don't want them running  
for a long time.)  The threshold of 1000 bytes is arbitrary.  
  
An alternative definition could have been to treat such words as  
stopwords, but that seems like a bigger break from the old behavior.  
  
Per report from Egor Chindyaskin and Alexander Lakhin.  
Thanks to Olly Betts for the recommendation to fix it this way.  
  
Discussion: https://postgr.es/m/1661334672.728714027@f473.i.mail.ru  

M src/backend/snowball/dict_snowball.c

On NetBSD, force dynamic symbol resolution at postmaster start.

commit   : 6fd58ca7703a491e585411e4fb0880c69e640cad    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 30 Aug 2022 17:28:32 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 30 Aug 2022 17:28:32 -0400    

Click here for diff

The default of lazy symbol resolution means that when the postmaster  
first reaches the select() call in ServerLoop, it'll need to resolve  
the link to that libc entry point.  NetBSD's dynamic loader takes  
an internal lock while doing that, and if a signal interrupts the  
operation then there is a risk of self-deadlock should the signal  
handler do anything that requires that lock, as several of the  
postmaster signal handlers do.  The window for this is pretty narrow,  
and timing considerations make it unlikely that a signal would arrive  
right then anyway.  But it's semi-repeatable on slow single-CPU  
machines, and in principle the race could happen with any hardware.  
  
The least messy solution to this is to force binding of dynamic  
symbols at postmaster start, using the "-z now" linker option.  
While we're at it, also use "-z relro" so as to provide a small  
security gain.  
  
It's not entirely clear whether any other platforms share this  
issue, but for now we'll assume it's NetBSD-specific.  (We might  
later try to use "-z now" on more platforms for performance  
reasons, but that would not likely be something to back-patch.)  
  
Report and patch by me; the idea to fix it this way is from  
Andres Freund.  
  
Discussion: https://postgr.es/m/3384826.1661802235@sss.pgh.pa.us  

M src/template/netbsd

Prevent WAL corruption after a standby promotion.

commit   : 002fba80ebde19f9035c4fbd7abf3111b8d75326    
  
author   : Robert Haas <rhaas@postgresql.org>    
date     : Mon, 29 Aug 2022 10:47:12 -0400    
  
committer: Robert Haas <rhaas@postgresql.org>    
date     : Mon, 29 Aug 2022 10:47:12 -0400    

Click here for diff

When a PostgreSQL instance performing archive recovery but not using  
standby mode is promoted, and the last WAL segment that it attempted  
to read ended in a partial record, the previous code would create  
invalid WAL on the new timeline. The WAL from the previously timeline  
would be copied to the new timeline up until the end of the last valid  
record, but instead of beginning to write WAL at immediately  
afterwards, the promoted server would write an overwrite contrecord at  
the beginning of the next segment. The end of the previous segment  
would be left as all-zeroes, resulting in failures if anything tried  
to read WAL from that file.  
  
The root of the issue is that ReadRecord() decides whether to set  
abortedRecPtr and missingContrecPtr based on the value of StandbyMode,  
but ReadRecord() switches to a new timeline based on the value of  
ArchiveRecoveryRequested. We shouldn't try to write an overwrite  
contrecord if we're switching to a new timeline, so change the test in  
ReadRecod() to check ArchiveRecoveryRequested instead.  
  
Code fix by Dilip Kumar. Comments by me incorporating suggested  
language from Álvaro Herrera. Further review from Kyotaro Horiguchi  
and Sami Imseih.  
  
Discussion: http://postgr.es/m/CAFiTN-t7umki=PK8dT1tcPV=mOUe2vNhHML6b3T7W7qqvvajjg@mail.gmail.com  
Discussion: http://postgr.es/m/FB0DEA0B-E14E-43A0-811F-C1AE93D00FF3%40amazon.com  

M src/backend/access/transam/xlog.c

Doc: fix example of recursive query.

commit   : 9a2c6b26e10dc81f2a175dd1537169473a54fc4b    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 28 Aug 2022 10:44:52 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 28 Aug 2022 10:44:52 -0400    

Click here for diff

Compute total number of sub-parts correctly, per jason@banfelder.net  
  
Simon Riggs  
  
Discussion: https://postgr.es/m/166161184718.1235920.6304070286124217754@wrigleys.postgresql.org  

M doc/src/sgml/queries.sgml

commit   : d9ebc582fbc64e30e2e2b4543147d21e42b7e15f    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 27 Aug 2022 12:11:20 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 27 Aug 2022 12:11:20 -0400    

Click here for diff

Prior to v14, if we have a MULTIEXPR SubPlan (that is, use of the syntax  
UPDATE ... SET (c1, ...) = (SELECT ...)) in an UPDATE with an inherited  
or partitioned target table, inheritance_planner() will clone the  
targetlist and therefore also the MULTIEXPR SubPlan and the Param nodes  
referencing it for each child target table.  Up to now, we've allowed  
all the clones to share the underlying subplan as well as the output  
parameter IDs -- that is, the runtime ParamExecData slots.  That  
technique is borrowed from the far older code that supports initplans,  
and it works okay in that case because the cloned SubPlan nodes are  
essentially identical.  So it doesn't matter which one of the clones  
the shared ParamExecData.execPlan field might point to.  
  
However, this fails to hold for MULTIEXPR SubPlans, because they can  
have nonempty "args" lists (values to be passed into the subplan), and  
those lists could get mutated to different states in the various clones.  
In the submitted reproducer, as well as the test case added here, one  
clone contains Vars with varno OUTER_VAR where another has INNER_VAR,  
because the child tables are respectively on the outer or inner side of  
the join.  Sharing the execPlan pointer can result in trying to evaluate  
an args list that doesn't match the local execution state, with mayhem  
ensuing.  The result often is to trigger consistency checks in the  
executor, but I believe this could end in a crash or incorrect updates.  
  
To fix, assign new Param IDs to each of the cloned SubPlans, so that  
they don't share ParamExecData slots at runtime.  It still seems fine  
for the clones to share the underlying subplan, and extra ParamExecData  
slots are cheap enough that this fix shouldn't cost much.  
  
This has been busted since we invented MULTIEXPR SubPlans in 9.5.  
Probably the lack of previous reports is because query plans in which  
the different clones of a MULTIEXPR mutate to effectively-different  
states are pretty rare.  There's no issue in v14 and later, because  
without inheritance_planner() there's never a reason to clone  
MULTIEXPR SubPlans.  
  
Per bug #17596 from Andre Lin.  Patch v10-v13 only.  
  
Discussion: https://postgr.es/m/17596-c5357f61427a81dc@postgresql.org  

M src/backend/executor/nodeSubplan.c
M src/backend/optimizer/plan/planner.c
M src/backend/optimizer/plan/subselect.c
M src/include/optimizer/subselect.h
M src/test/regress/expected/inherit.out
M src/test/regress/sql/inherit.sql

Fix typo in comment.

commit   : 1d40200a98557fb36cb620f604b00116ccf4d64a    
  
author   : Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 26 Aug 2022 16:55:07 +0900    
  
committer: Etsuro Fujita <efujita@postgresql.org>    
date     : Fri, 26 Aug 2022 16:55:07 +0900    

Click here for diff

M src/backend/commands/copy.c

Defend against stack overrun in a few more places.

commit   : 310d734efb3bb541953893a800bab4ed1b968908    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 24 Aug 2022 13:01:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 24 Aug 2022 13:01:40 -0400    

Click here for diff

SplitToVariants() in the ispell code, lseg_inside_poly() in geo_ops.c,  
and regex_selectivity_sub() in selectivity estimation could recurse  
until stack overflow; fix by adding check_stack_depth() calls.  
So could next() in the regex compiler, but that case is better fixed by  
converting its tail recursion to a loop.  (We probably get better code  
that way too, since next() can now be inlined into its sole caller.)  
  
There remains a reachable stack overrun in the Turkish stemmer, but  
we'll need some advice from the Snowball people about how to fix that.  
  
Per report from Egor Chindyaskin and Alexander Lakhin.  These mistakes  
are old, so back-patch to all supported branches.  
  
Richard Guo and Tom Lane  
  
Discussion: https://postgr.es/m/1661334672.728714027@f473.i.mail.ru  

M src/backend/regex/regc_lex.c
M src/backend/tsearch/spell.c
M src/backend/utils/adt/geo_ops.c
M src/backend/utils/adt/selfuncs.c

Doc: document possible need to raise kernel's somaxconn limit.

commit   : 04056e9268be5584ac55c0009687ee38022fb007    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:55:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:55:37 -0400    

Click here for diff

On fast machines, it's possible for applications such as pgbench  
to issue connection requests so quickly that the postmaster's  
listen queue overflows in the kernel, resulting in unexpected  
failures (with not-very-helpful error messages).  Most modern OSes  
allow the queue size to be increased, so document how to do that.  
  
Per report from Kevin McKibbin.  
  
Discussion: https://postgr.es/m/CADc_NKg2d+oZY9mg4DdQdoUcGzN2kOYXBu-3--RW_hEe0tUV=g@mail.gmail.com  

M doc/src/sgml/runtime.sgml

Doc: prefer sysctl to /proc/sys in docs and comments.

commit   : d0371f190a1f58f233febeee347ea18790786e84    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:41:37 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Tue, 23 Aug 2022 09:41:37 -0400    

Click here for diff

sysctl is more portable than Linux's /proc/sys file tree, and  
often easier to use too.  That's why most of our docs refer to  
sysctl when talking about how to adjust kernel parameters.  
Bring the few stragglers into line.  
  
Discussion: https://postgr.es/m/361175.1661187463@sss.pgh.pa.us  

M doc/src/sgml/runtime.sgml
M src/backend/postmaster/postmaster.c

Add CHECK_FOR_INTERRUPTS while decoding changes.

commit   : 51e9469a41ad04838285a40dc6aacdb45b9749b9    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Tue, 23 Aug 2022 08:42:51 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Tue, 23 Aug 2022 08:42:51 +0530    

Click here for diff

While decoding changes in a loop, if we skip all the changes there is no  
CFI making the loop uninterruptible.  
  
Reported-by: Whale Song and Andrey Borodin  
Bug: 17580  
Author: Masahiko Sawada  
Reviwed-by: Amit Kapila  
Backpatch-through: 10  
Discussion: https://postgr.es/m/17580-849c1d5b6d7eb422@postgresql.org  
Discussion: https://postgr.es/m/B319ECD6-9A28-4CDF-A8F4-3591E0BF2369@yandex-team.ru  

M src/backend/replication/logical/reorderbuffer.c

Fix subtly-incorrect matching of parent and child partitioned indexes.

commit   : 116f20f926564cd4645f8d2f49fd0dfd0ad1f897    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 18 Aug 2022 12:11:47 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Thu, 18 Aug 2022 12:11:47 -0400    

Click here for diff

When creating a partitioned index, DefineIndex tries to identify  
any existing indexes on the partitions that match the partitioned  
index, so that it can absorb those as child indexes instead of  
building new ones.  Part of the matching is to compare IndexInfo  
structs --- but that wasn't done quite right.  We're comparing  
the IndexInfo built within DefineIndex itself to one made from  
existing catalog contents by BuildIndexInfo.  Notably, while  
BuildIndexInfo will run index expressions and predicates through  
expression preprocessing, that has not happened to DefineIndex's  
struct.  The result is failure to match and subsequent creation  
of duplicate indexes.  
  
The easiest and most bulletproof fix is to build a new IndexInfo  
using BuildIndexInfo, thereby guaranteeing that the processing done  
is identical.  
  
While here, let's also extract the opfamily and collation data  
from the new partitioned index, removing ad-hoc logic that  
duplicated knowledge about how those are constructed.  
  
Per report from Christophe Pettus.  Back-patch to v11 where  
we invented partitioned indexes.  
  
Richard Guo and Tom Lane  
  
Discussion: https://postgr.es/m/8864BFAA-81FD-4BF9-8E06-7DEB8D4164ED@thebuild.com  

M src/backend/commands/indexcmds.c
M src/test/regress/expected/indexing.out
M src/test/regress/sql/indexing.sql

doc: fix wrong tag used in create sequence manual.

commit   : 9d4c9c35bae45b11e983509fbfab6aed4ee2787f    
  
author   : Tatsuo Ishii <ishii@postgresql.org>    
date     : Tue, 16 Aug 2022 09:29:20 +0900    
  
committer: Tatsuo Ishii <ishii@postgresql.org>    
date     : Tue, 16 Aug 2022 09:29:20 +0900    

Click here for diff

In ref/create_sequence.sgml <literal> tag was used for nextval function name.  
This should have been <function> tag.  
  
Author: Noboru Saito  
Discussion: https://postgr.es/m/CAAM3qnJTDFFfRf5JHJ4AYrNcqXgMmj0pbH0%2Bvm%3DYva%2BpJyGymA%40mail.gmail.com  
Backpatch-through: 10  

M doc/src/sgml/ref/create_sequence.sgml

Add missing bad-PGconn guards in libpq entry points.

commit   : ee4a17e200b72286c3a02cf6c572836652df2541    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 15 Aug 2022 15:40:07 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 15 Aug 2022 15:40:07 -0400    

Click here for diff

There's a convention that externally-visible libpq functions should  
check for a NULL PGconn pointer, and fail gracefully instead of  
crashing.  PQflush() and PQisnonblocking() didn't get that memo  
though.  Also add a similar check to PQdefaultSSLKeyPassHook_OpenSSL;  
while it's not clear that ordinary usage could reach that with a  
null conn pointer, it's cheap enough to check, so let's be consistent.  
  
Daniele Varrazzo and Tom Lane  
  
Discussion: https://postgr.es/m/CA+mi_8Zm_mVVyW1iNFgyMd9Oh0Nv8-F+7Y3-BqwMgTMHuo_h2Q@mail.gmail.com  

M src/interfaces/libpq/fe-exec.c

Fix outdated --help message for postgres -f

commit   : 6e086bb1dbeb65598a2775df2611c67e8c58bf27    
  
author   : Michael Paquier <michael@paquier.xyz>    
date     : Mon, 15 Aug 2022 13:37:44 +0900    
  
committer: Michael Paquier <michael@paquier.xyz>    
date     : Mon, 15 Aug 2022 13:37:44 +0900    

Click here for diff

This option switch supports a total of 8 values, as told by  
set_plan_disabling_options() and the documentation, but this was not  
reflected in the output generated by --help.  
  
Author: Junwang Zhao  
Discussion: https://postgr.es/m/CAEG8a3+pT3cWzyjzKs184L1XMNm8NDnoJLiSjAYSO7XqpRh_vA@mail.gmail.com  
Backpatch-through: 10  

M src/backend/main/main.c

Preserve memory context of VarStringSortSupport buffers.

commit   : 84f9691a19fe781b29e5fa5acf1a9e7a87ed63ce    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sun, 14 Aug 2022 12:05:27 -0400    

Click here for diff

When enlarging the work buffers of a VarStringSortSupport object,  
varstrfastcmp_locale was careful to keep them in the ssup_cxt  
memory context; but varstr_abbrev_convert just used palloc().  
The latter creates a hazard that the buffers could be freed out  
from under the VarStringSortSupport object, resulting in stomping  
on whatever gets allocated in that memory later.  
  
In practice, because we only use this code for ICU collations  
(cf. 3df9c374e), the problem is confined to use of ICU collations.  
I believe it may have been unreachable before the introduction  
of incremental sort, too, as traditional sorting usually just  
uses one context for the duration of the sort.  
  
We could fix this by making the broken stanzas in varstr_abbrev_convert  
match the non-broken ones in varstrfastcmp_locale.  However, it seems  
like a better idea to dodge the issue altogether by replacing the  
pfree-and-allocate-anew coding with repalloc, which automatically  
preserves the chunk's memory context.  This fix does add a few cycles  
because repalloc will copy the chunk's content, which the existing  
coding assumes is useless.  However, we don't expect that these buffer  
enlargement operations are performance-critical.  Besides that, it's  
far from obvious that copying the buffer contents isn't required, since  
these stanzas make no effort to mark the buffers invalid by resetting  
last_returned, cache_blob, etc.  That seems to be safe upon examination,  
but it's fragile and could easily get broken in future, which wouldn't  
get revealed in testing with short-to-moderate-size strings.  
  
Per bug #17584 from James Inform.  Whether or not the issue is  
reachable in the older branches, this code has been broken on its  
own terms from its introduction, so patch all the way back.  
  
Discussion: https://postgr.es/m/17584-95c79b4a7d771f44@postgresql.org  

M src/backend/utils/adt/varlena.c

Catch stack overflow when recursing in transformFromClauseItem().

commit   : b744e13b021712d4aae3c239e8aedefc463c755f    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Sat, 13 Aug 2022 15:21:28 -0400    

Click here for diff

Most parts of the parser can expect that the stack overflow check  
in transformExprRecurse() will trigger before things get desperate.  
However, transformFromClauseItem() can recurse directly to self  
without having analyzed any expressions, so it's possible to drive  
it to a stack-overrun crash.  Add a check to prevent that.  
  
Per bug #17583 from Egor Chindyaskin.  Back-patch to all supported  
branches.  
  
Richard Guo  
  
Discussion: https://postgr.es/m/17583-33be55b9f981f75c@postgresql.org  

M src/backend/parser/parse_clause.c

Add missing fields to _outConstraint()

commit   : db9ec28d6416ef97dc9d8bd2aa959661dc29ff5c    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 10:32:38 +0200    

Click here for diff

As of 897795240cfaaed724af2f53ed2c50c9862f951f, check constraints can  
be declared invalid.  But that patch didn't update _outConstraint() to  
also show the relevant struct fields (which were only applicable to  
foreign keys before that).  This currently only affects debugging  
output, so no impact in practice.  

M src/backend/nodes/outfuncs.c

pg_upgrade: Fix some minor code issues

commit   : e5c2feac0e09c043df8c2359688d10abe586cd52    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Sat, 13 Aug 2022 00:00:41 +0200    

Click here for diff

96ef3b8ff1cf1950e897fd2f766d4bd9ef0d5d56 accidentally copied a not  
applicable comment from the float8_pass_by_value code to the  
data_checksums code.  Remove that.  
  
87d3b35a1ca31a9d947a8f919a6006679216dff0 changed pg_upgrade to  
checking the checksum version rather than just the Boolean presence of  
checksums, but didn't change the field type in its ControlData struct  
from bool.  So this would not work correctly if there ever is a  
checksum version larger than 1.  

M src/bin/pg_upgrade/controldata.c
M src/bin/pg_upgrade/pg_upgrade.h

doc: add missing role attributes to user management section

commit   : aca0ccdbb22042569bc5bcfa4a1796aa2df4bc93    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:43:23 -0400    

Click here for diff

Reported-by: Shinya Kato  
  
Discussion: https://postgr.es/m/1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com  
  
Author: Shinya Kato  
  
Backpatch-through: 10  

M doc/src/sgml/user-manag.sgml

doc: add section about heap-only tuples (HOT)

commit   : 99c1f24f5b5b0c1586e5dd143101023852ff5606    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:05:12 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 15:05:12 -0400    

Click here for diff

Reported-by: Jonathan S. Katz  
  
Discussion: https://postgr.es/m/c59ffbd5-96ac-a5a5-a401-14f627ca1405@postgresql.org  
  
Backpatch-through: 11  

M doc/src/sgml/acronyms.sgml
M doc/src/sgml/catalogs.sgml
M doc/src/sgml/config.sgml
M doc/src/sgml/indexam.sgml
M doc/src/sgml/indices.sgml
M doc/src/sgml/monitoring.sgml
M doc/src/sgml/ref/create_table.sgml
M doc/src/sgml/storage.sgml

doc: warn about security issues around log files

commit   : 41fde30196b61914be8ba0ab53a0e661d6a284d2    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 12:02:20 -0400    

Click here for diff

Reported-by: Simon Riggs  
  
Discussion: https://postgr.es/m/CANP8+jJESuuXYq9Djvf-+tx2vY2OFLmfEuu+UvwHNJ1RT7iJCQ@mail.gmail.com  
  
Author: Simon Riggs  
  
Backpatch-through: 10  

M doc/src/sgml/config.sgml
M doc/src/sgml/maintenance.sgml

doc: clarify configuration file for Windows builds

commit   : 06632121266f0654fbb0c4891475c34cd8c731e2    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:35:22 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:35:22 -0400    

Click here for diff

The use of file 'config.pl' was not clearly explained.  
  
Reported-by: liambowen@gmail.com  
  
Discussion: https://postgr.es/m/164246013804.31952.4958087335645367498@wrigleys.postgresql.org  
  
Backpatch-through: 10  

M doc/src/sgml/install-windows.sgml

doc: document the CREATE INDEX "USING" clause

commit   : fd868582e2df970326d810d5085db4844f290c1d    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 11:26:03 -0400    

Click here for diff

Somehow this was in the syntax but had no description.  
  
Reported-by: robertcorrington@gmail.com  
  
Discussion: https://postgr.es/m/164228771825.31954.2719791849363756957@wrigleys.postgresql.org  
  
Backpatch-through: 10  

M doc/src/sgml/ref/create_index.sgml

doc: clarify CREATE TABLE AS ... IF NOT EXISTS

commit   : 05b2a4bda20f41303c2330c306b183e5024648ee    
  
author   : Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    
  
committer: Bruce Momjian <bruce@momjian.us>    
date     : Fri, 12 Aug 2022 10:59:00 -0400    

Click here for diff

Mention that the table is not modified if it already exists.  
  
Reported-by: frank_limpert@yahoo.com  
  
Discussion: https://postgr.es/m/164441177106.9677.5991676148704507229@wrigleys.postgresql.org  
  
Backpatch-through: 10  

M doc/src/sgml/ref/create_table_as.sgml

Fix _outConstraint() for "identity" constraints

commit   : bc11a7e2f350da9ae349087a2a79d14c8927e9fa    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Fri, 12 Aug 2022 08:17:30 +0200    

Click here for diff

The set of fields printed by _outConstraint() in the CONSTR_IDENTITY  
case didn't match the set of fields actually used in that case.  (The  
code was probably uncarefully copied from the CONSTR_DEFAULT case.)  
Fix that by using the right set of fields.  Since there is no read  
support for this node type, this is really just for debugging output  
right now, so it doesn't affect anything important.  

M src/backend/nodes/outfuncs.c

Back-Patch "Add wait_for_subscription_sync for TAP tests."

commit   : 63903546e5d6b46890de093b700ef1f0d5f9770e    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Fri, 12 Aug 2022 10:30:04 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Fri, 12 Aug 2022 10:30:04 +0530    

Click here for diff

This was originally done in commit 0c20dd33db for 16 only, to eliminate  
duplicate code and as an infrastructure that makes it easier to write  
future tests. However, it has been suggested that it would be good to  
back-patch this testing infrastructure to aid future tests in  
back-branches.  
  
Backpatch to all supported versions.  
  
Author: Masahiko Sawada  
Reviewed by: Amit Kapila, Shi yu  
Discussion: https://postgr.es/m/CAD21AoC-fvAkaKHa4t1urupwL8xbAcWRePeETvshvy80f6WV1A@mail.gmail.com  
Discussion: https://postgr.es/m/E1oJBIf-0006sw-SA@gemulon.postgresql.org  

M src/test/perl/PostgresNode.pm
M src/test/subscription/t/001_rep_changes.pl
M src/test/subscription/t/002_types.pl
M src/test/subscription/t/004_sync.pl
M src/test/subscription/t/005_encoding.pl
M src/test/subscription/t/006_rewrite.pl
M src/test/subscription/t/008_diff_schema.pl
M src/test/subscription/t/010_truncate.pl
M src/test/subscription/t/100_bugs.pl

Fix catalog lookup with the wrong snapshot during logical decoding.

commit   : e721123b7a0ca1a33d5315d81b32751936a0aa6c    
  
author   : Amit Kapila <akapila@postgresql.org>    
date     : Thu, 11 Aug 2022 08:55:31 +0530    
  
committer: Amit Kapila <akapila@postgresql.org>    
date     : Thu, 11 Aug 2022 08:55:31 +0530    

Click here for diff

Previously, we relied on HEAP2_NEW_CID records and XACT_INVALIDATION  
records to know if the transaction has modified the catalog, and that  
information is not serialized to snapshot. Therefore, after the restart,  
if the logical decoding decodes only the commit record of the transaction  
that has actually modified a catalog, we will miss adding its XID to the  
snapshot. Thus, we will end up looking at catalogs with the wrong  
snapshot.  
  
To fix this problem, this changes the snapshot builder so that it  
remembers the last-running-xacts list of the decoded RUNNING_XACTS record  
after restoring the previously serialized snapshot. Then, we mark the  
transaction as containing catalog changes if it's in the list of initial  
running transactions and its commit record has XACT_XINFO_HAS_INVALS. To  
avoid ABI breakage, we store the array of the initial running transactions  
in the static variables InitialRunningXacts and NInitialRunningXacts,  
instead of storing those in SnapBuild or ReorderBuffer.  
  
This approach has a false positive; we could end up adding the transaction  
that didn't change catalog to the snapshot since we cannot distinguish  
whether the transaction has catalog changes only by checking the COMMIT  
record. It doesn't have the information on which (sub) transaction has  
catalog changes, and XACT_XINFO_HAS_INVALS doesn't necessarily indicate  
that the transaction has catalog change. But that won't be a problem since  
we use snapshot built during decoding only to read system catalogs.  
  
On the master branch, we took a more future-proof approach by writing  
catalog modifying transactions to the serialized snapshot which avoids the  
above false positive. But we cannot backpatch it because of a change in  
the SnapBuild.  
  
Reported-by: Mike Oh  
Author: Masahiko Sawada  
Reviewed-by: Amit Kapila, Shi yu, Takamichi Osumi, Kyotaro Horiguchi, Bertrand Drouvot, Ahsan Hadi  
Backpatch-through: 10  
Discussion: https://postgr.es/m/81D0D8B0-E7C4-4999-B616-1E5004DBDCD2%40amazon.com  

M contrib/test_decoding/Makefile
A contrib/test_decoding/expected/catalog_change_snapshot.out
A contrib/test_decoding/specs/catalog_change_snapshot.spec
M src/backend/replication/logical/decode.c
M src/backend/replication/logical/snapbuild.c
M src/include/replication/snapbuild.h

Fix handling of R/W expanded datums that are passed to SQL functions.

commit   : 442dbd6698282faafc0b83363cecf818cf88a9b6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Wed, 10 Aug 2022 13:37:25 -0400    

Click here for diff

fmgr_sql must make expanded-datum arguments read-only, because  
it's possible that the function body will pass the argument to  
more than one callee function.  If one of those functions takes  
the datum's R/W property as license to scribble on it, then later  
callees will see an unexpected value, leading to wrong answers.  
  
From a performance standpoint, it'd be nice to skip this in the  
common case that the argument value is passed to only one callee.  
However, detecting that seems fairly hard, and certainly not  
something that I care to attempt in a back-patched bug fix.  
  
Per report from Adam Mackler.  This has been broken since we  
invented expanded datums, so back-patch to all supported branches.  
  
Discussion: https://postgr.es/m/WScDU5qfoZ7PB2gXwNqwGGgDPmWzz08VdydcPFLhOwUKZcdWbblbo-0Lku-qhuEiZoXJ82jpiQU4hOjOcrevYEDeoAvz6nR0IU4IHhXnaCA=@mackler.email  
Discussion: https://postgr.es/m/187436.1660143060@sss.pgh.pa.us  

M src/backend/executor/functions.c
M src/test/regress/expected/create_function_3.out
M src/test/regress/sql/create_function_3.sql